last executing test programs:

1m7.721553229s ago: executing program 3 (id=555):
syz_mount_image$msdos(&(0x7f0000000080), &(0x7f0000001200)='./file0\x00', 0x1000000, &(0x7f00000001c0)={[{@nodots}, {@fat=@discard}, {@nodots}, {@fat=@flush}, {@nodots}, {@fat=@discard}, {@nodots}, {@nodots}, {}]}, 0x1, 0x11f1, &(0x7f0000001240)="$eJzs3U1rY1UYB/CnmYzNpNPO+DY6s/GgG91cHBeu3BRpQSagzEyEGVd3aKohMQm9WSQiWHDnyg/i0p0gfgE/SXGjm66MtElfsS/S2Dd+v00f+r/PveeewIUbziEbH/34dWu1yFbzfpRmZqLci0ibKVKU4kaMrcd73y//9cOTZ88fLdZqS49TWl58+vDDlNLCW79+8e1Pb//Wn/v854VfZqM06bj3+/2Nv59+1SxSs0idbj/l6UW3289ftBtppVm0spQ+aze2zt/sFI21A/lqu9vrDVPeWZmv9tYaRZHyzjC1GsPU76bvIiL/Mm92UpZlab4aVM7QW9/5iEc346UYjUajW1GNubgd87EQd+JuvByvxKvxWrwe9+KNeDPubx+1e4L1Mw8fAAAAAAAAAAAAAAAAAAAAiM3t3fyjE/f/z/37/n8AAAAAAAAAAAAAAAAAAABgCk67//+I3/8HAAAAAAAAAAAAAAAAAAAApsD+fwAAAAAAAAAAAAAAAAAAALh4T549f7RYqy09TqkS8cf6oD6oj/+O8+VPakvvp23lva4/B4P6jd384ThP46w8yWejOsk/OJDv9Ffi3XfG+Vb28ae1Q/mDWDmfKQAAAIBrL0u77u79d+/9PsuOysfVvu8HDr2/l+NBOSJuH7xe+f+9Hf6jYvhNK2+3G2vHFVHad/DspPPErukVdyaXPI9rTa+YOfVE3YyIyzHmK1pUJlN9WcZzHYrzfhJxEfY95AEAAAAAAAAAALhCjl0GOJosvD3jcsKIWxd9mwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/7ADxwIAAAAAwvyt0+jYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGCpAAAA///tjHSh")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000240)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0)
rename(&(0x7f0000000180)='./file1\x00', &(0x7f00000001c0)='./file2\x00')
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000340)="9b400ca600f8fd5a6b17a79144d7630275e299c92f18a1342f538b16d179fe0b7b09b79594fd7974ab049ca811451af4586af5c9d4b0204c7276f13945c63dbde75e2353cb9bed717fc208a692cdd3ca9c", 0x51)
lstat(&(0x7f0000000400)='./file1\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0})
syz_mount_image$fuse(&(0x7f0000000140), &(0x7f0000000240)='./file1\x00', 0x2000000, &(0x7f0000000540)={{}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x1800}}, {@default_permissions}], [{@smackfsdef={'smackfsdef', 0x3d, '\xf0'}}, {@subj_role}, {@fsname={'fsname', 0x3d, '!,(,,}'}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@smackfsroot={'smackfsroot', 0x3d, '9p\x00'}}, {@uid_gt}]}}, 0x1, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x10)
creat(&(0x7f0000000080)='./file0\x00', 0xa)
write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x52)
mount$9p_fd(0x0, 0x0, 0x0, 0xa00000, 0x0)
pipe2(0x0, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x12, r4, 0x0)
r5 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r5, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r5, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8004}, 0x0)

1m5.899607335s ago: executing program 3 (id=564):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000180081064e81f782db44b904021d080006007c09e8fe55a10a0015400100142603600e120800060000000401a8001600040001", 0x37}], 0x1}, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0xfe45)

1m5.090754227s ago: executing program 3 (id=569):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x101002, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000740)=0xe)
ioctl$TIOCSTI(r0, 0x5412, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x400448ca, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
r4 = socket(0x22, 0x2, 0x24)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={0x0, &(0x7f0000000f40)=""/4083, 0x0, 0xff32, 0x1, 0x1}, 0x28)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r6, 0x34, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r7=>0x0}}, 0x10)
close(r4)
setsockopt$SO_BINDTODEVICE_wg(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000080)='wg1\x00', 0x4)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000300)=ANY=[@ANYRESHEX=r7, @ANYBLOB="0100000014000100fe88000000000000"], 0x80}, 0x1, 0x0, 0x0, 0x20000000}, 0x40040)
sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x34, 0x10, 0x801, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x0, 0xc1}, [@IFLA_BROADCAST={0xa, 0x2, @broadcast}, @IFLA_GROUP={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x4604}, 0x0)

1m3.766546648s ago: executing program 3 (id=573):
openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000006180), 0x0, 0x0)
socket$inet_sctp(0x2, 0x0, 0x84)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000003b810000850000007d000000850000005000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000100)='sys_exit\x00', r0}, 0x10)
shmctl$IPC_SET(0x0, 0x1, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x80a02, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, &(0x7f0000000040), 0x4)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$PIO_UNIMAP(r2, 0x4b67, &(0x7f0000000080)={0x7, &(0x7f0000000440)=[{0x5, 0xd0}, {0x0, 0x8fb6}, {0x4, 0x2}, {0xfffd, 0xf842}, {0x80, 0x1}, {0xc2, 0x5}, {0x2, 0x100}]})
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r3 = memfd_create(&(0x7f0000000780)='\xa3\x9fn\xb4dR\x04i5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x85\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xf7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\"q\x1b0)\xccm\xacz\xc1\xadd\x9b6a\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xd4\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\nh<\x99\xaa\xe1\xf3\xb8Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e\x10D\x7f!\xca\x0ev<\x97\x1a2_\x82\xfa\x15h$\x01\xdd\xe5\xceC\x19\xb3\x01\x85\a\xe4qv&\x9c\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xb2\xf5\x1e5.\xc1\xa1\x05\x92\x82d\x0e\xf5PMjIt\xc5u~Tw\xbeNg\xb5\xeeP\x9c\xce\xfaS\xa7\xec0\xf4\xd2\xc2+@\x12=\xaa\b\xd2&\x19k6\xc7\xa6+\x04V\xc3\xe1\xd3\fZZ\x1cJo\xa5(& \r\xf1\xa4\xb8\xc23\x16\xc3\xaejA/', 0x0)
write$binfmt_elf32(r3, &(0x7f0000000f00)=ANY=[@ANYBLOB="7f454c466000002ed8e4f97765ce27b90300060000000000000000b738000000000035f4c38422a3bc82200005"], 0x66)
execveat(r3, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
r4 = syz_genetlink_get_family_id$nfc(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NFC_CMD_GET_TARGET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x14, r4, 0x315, 0x70bd2c, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0xc8c1}, 0x4000094)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x102, 0x700000})
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$phonet(0x23, 0x2, 0x1)
syz_open_procfs(0x0, &(0x7f0000000280)='net/vlan/config\x00')

1m2.401497891s ago: executing program 3 (id=576):
syz_mount_image$jfs(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x1c802, &(0x7f0000002740)=ANY=[@ANYBLOB="71756f74612c646973636172642c646973636172642c696f636861727365743d6b6f69382d72752c646973636172642c00f4193eb3ba2a0d5fd0cd7374288ff89ec513a53e007345decb720900f8312da2463eb0edf52fad1a00ebd41c14b3ce75d0cffefd379624b16f7260c835713b263352e03b5cb8fa0c042bd1225ed4ded2b62e12fea4d7e61b738e40781e58d5fff112364ac140f419e5dafecd283b3fab6b142ddbc893b35a81fe9265591ef35fa2928e095fee4c10b22e4212378de59bca0307cc644b9620b63f0000007bbbd422d87856b71348b8f45398b9660b6b3e8ee8a8c32f3234cb46e2cd827ec25c1ca4d046bc004f8df7b1ee690a5e50510700d80c7fa65fa724d0e1b4369f1b64fe249a0312010000004ac983de925f52d735b03fea941b1e948ad8d19cfda5b799325fd69d14fcf6cdde7700a63150eb3699e5314e0827750e244150ec19f3f3f1d8be542c084b5e40bfaa8ad206d2a33b0ddbd7f8e07dc7d17174a4549ffaf5976949cb6d658c42ec7cd9fe8ad82852cefb04646edb3a41eb514eb6a772b3ee9f21e25822b54ec33e592d5c040946721101d53aff21f90351c95aa0f73f1853d6afcbf9448b220e988466066fa5c09e6198fc4520d199b93bdedee87c4043815aa05668a06f8da96680ccc1a139ade90f5c79af46208f9762f54e7c29088d9de69bd2d51c6b9c42209ddc3880051303b855853407d959a5777dce25201c5ea1faa084c36e3e349915ebec53435eb2910c59394ee84ba3baf9c440ae5833c23f46b0eaac543ce0c80ba0603213e53ea59755070b18bc10b9224aa082d967206115b492d825751fcc00000000000000e63d51c5bffa4f712c2d7fafb9cf506c06e1ddad4fc19038407786fedb9afdfb11a5f182676dd84c919f71d5eee2f3b740b68ee7f6518eb9d8baa26f1c3871f863b134ee942eb3af92d19e70d8268839cd7b4637f0627299f99b1873ca165e410f8bd421e1a4859fd9bd6bb34d25c07e1a52b9668a530b10b8585d797124a6975a71aedbe557a17b06bbfe547aa553c3d08b8921a4b0d938c03687bd48a9a387b4c066c056f457fba5738775b900a1e82a89aae1494b05c4bb0fc8ed1a93688bf850a4f7b0942eda1f16ecf043efa6b8c1f9e0fba31f4a58ed0031180fb1b8a00e4a86826b030000002dd1272a3d1609bebb749daef202e0412a73d545b86ca7a6bf569ed35d0000ca23b0de742f6008fdf20928370d88f8c04bc3b97b9a9e0062e8fc5fd2337d85a66bd20730f3153db2459fb34c134c06c19364e9645e83040dd16ee08f18f0ba69ac9ca3e25e15442b07000000d30d38a64613b535fa808a9b3bae00bc371271d45db200a5cbf433e2f6dd03b7c7fcc040781e5151c9badb787e7e1e2f39d60998919aa8dbd156f31a5b7fa5f9e5ec01e8c799edc322703c7fc4a81ab9bc02dd96714ee9d7e75d28d040ff3566404fd6db547a4b553197c1f316d20ea54f9459cd81351a510d101e90eabe6dc6c6ac3ffa189c073a5fb3fc382df620bf5af9e638819c77a051e6875866a849f6f578c068c0e4c7cfbc15033997efa853c96297b3201dd30ea40dc94d010a0c33da9f63a10b8f813dc789b80be3bb3f00ee58b30d5c03a6ddbf418ac1b3d4a13839e4b273c4f914bed13f8806295495d41609478798396aeec06e8d342efd8ac6b422f6c23a011b1400000000000000bc2a02094e19a1ee8bb3c3c0c088ae8efaf68c85001faf7cf5426fb7c5c367ed93eb25c48a293549d15b91b59f1b574b3f6171f8e56a402ec56bdf51d90312b3ca5398f4050000007504be21456ec953bf06f12fff20c31e7c8b55fee5c49aa939830b09995ff149258118f9aae29206f9731288b56b10de51525665fdb4e289b1c177de97af3085f82045fbd012f1dde94ffecd90b7b63d8197d9c24a6fe5915ac7d7240847f6d0bf9099ee117c83e363f2ad36a4a9f4faa5734afe9770c38c565cae87a408d0acbb2db7db9174acab60a344814ee643fa82ba41706d2360269ed276e13dd83abbc258f07b0d58ab0b65200b18b7f9f871bcb43fec5a2e3789ecd0c1069d2da80b93c86dff8933e70c2108346003ddf6b60379eee63b66e7341cdd8f87ed9f11894c9ae040976321d87405b492f419ebfa77eb367ca6e360b8f8451102f54893d7d1695c24bcc184b1e7d19940a2b6931ade8638dd2b85a86dc511dbb97f50520f91fbf7201fc9621d0aee9735d07ca024076e8581db332b1c5f135fe6b2e9d2c18c9d5d5a524d3d5b2657e4b28f1a09696bd5b076a1471c8b2ab2ca3ba57843af1d03590f4e8985e1c463c781bb03ad7ec816ea70bbe06411aae001e0ca72ee7e828ad14bb7a092d883ad000554bf7f00000000000075cc01f8a2e1802192f09e77bc488b3bd3f08a9ce88ba2e2bcc23cf5d7372b339ce1f5003db0ad70fa6e93aa908a2ced81f5514e23e2f94ff03c1c02f5a9195f4735563efd0a1fc7dafcfb3dae043fe0c172ec3a12747d7abf4382bf7453c13df994641017a0f461add956ef8f834b762af30408af6a61f317fd3c7b0816236a768601b7c6606ba52ff126eb13d33c915c5da99d118db488da3f3d7783a608282a93fcbe0910f0389c3ef91de7c84e23daa6554c42b2b3e9f70a9f790f29011a0b5101b23bfeba6e52877ed8a188958e39375dd203d434bef4dc82cc8a21fc40c6e6e6a2475f70bf1503beb9555036e63bdc937f8a4d61b21d06a9d3239d1df6f2e9ef16dee590b15ac028c6d873bb2965374b733d8e11ba763ab157ed91dd871b098c0543dcbba4cf67db8c83c84369dc67735fa4faa0fdcf34b1c6a862ccae9fe4fa28746504643b57f02623a2ef34ea90f2e7f7dd771f8f75217c799d978a3533fcfab6c6f5391b626d61b400f08172fc675e2a062d06c31b85452804f7b125c291f60a02a5d62271e96fe70d64bae36e28b42e197259169ebee8f64355544fbad8b83c1c8fad02cd1a2e56a6f6e82ec7719a48a1bea803546b8af7a89faf7cef94d8ada45fc0a98a79ba90c95262f0110725c6bf7c81237534dcd6a8a113bd8ac48b7db5526ab762cec103674742476cd6b92b8c7abcfb1f8e08f0a05c1b209187049f3206bd545e8c20f8db6d8a7cdd0c9ecbb9011b611a013cd581521dfcb028d59d5c69d286fb93e4c498b3aaff7e0cdcf1f41fec65ebdbe4c2bf453140251cdd94c32b87c4634d6500000000000000000000000000000000816e6c33f92dca3e03c40000005e538c77b2b14f63d253705363846bc4e9cd3284ff329330812d2211ae34106e0306376a2b1cfe60a09becae2b05ec9adcac47612af85f598a880fa97891a7a290b6e730800542aea761aeb463f5ff5bdf5099ae8ad4afe99db9e9c4e703cb900e9ae272742fe2ff81d1a4f15668392cdafd2e1757706f47f9f84e532f25e2737cb6f6e89378f8d79ab8507b109c7f1f3653a5bc9d54ccc633de6263526eac10519274"], 0x1, 0x5f55, &(0x7f000000efc0)="$eJzs3cuOHFcZB/CvL9NzCXGsCEXGYuE4EBJCfLch3OKwYAFIICGvsTWZRAYHkG0QiSw8kReIBZdHgE02LPIi4RUQD4AlD6tIEArVzDl2TU2Pexx7urrn/H7SuOrr0zV9yv+pqe6pywkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIL733R+f7kXE5V+nBw5HfCYGEf2I5bo+FvXMxfz8YUQcic3meC4iBosR9fKb/zwTcS4iPjoUcW/j1mr98Jk99uP8qZvXP/n+d/7xuz/dOfLTN3/yQbv9R589++Hvb0cc/uFrH35y+8msOwAAAJSiqqqqlz7mH02f7/tddwoAmIq8/6+S/LharVarn2j9x/5s9UddaN1UjXe7WUTEenOZ+j2Dw/EAMGfW4+Ouu0CH5F+0YUQ81XUngJnW67oD7It7G7dWeynfXnN/cGyrPf+dclv+673713fsNp2kfY7JtH6+7sQgnt2lP8tT6sMsyfn32/lf3mofpeftd/7Tslv+o61Ln4qT8x+082/Zlv+fI2Ju8++Pzb9UOf/ho+S/Ppjj7V/+AAAAAAAcfPnv/4c7Pv67+PirsicPO/57bEp9AAAAAAAAAIAn7XHH/7vP+H8AAAAws+rP6rW/HHrw2G73Yqsfv9SLeLr1fKAw6WKZla77AQAAAAAAAAAAAAAlGW6dw3upF7EQEU+vrFRVVX81tetH9bjLz7vS1x9K1vUveQAA2PLRoda1/L2IpYi4lO71t7CyslJVS8sr1Uq1vJjfz44Wl6rlxufaPK0fWxzt4Q3xcFTV32ypsVzTpM/Lk9rb369+rVE12EPHpqPDwAEgIrb2RvfskQ6Yqnomun6Xw3yw/R88tn/2ouufUwAAAGD/VVVV9dLtvI+mY/79rjsFAEzDUt7/t48LqNVqtVqtPnh1UzXe7WYREevNZer3DIbjB4A5sx4fd90FOiT/og0j4kjXnQBmWq/rDrAv7m3cWu2lfHvN/UEa3z2fC7It//Xe5nJ5+XHTSdrnmEzr5+tODOLZXfrz3JT6MEty/v12/pe32kfpefud/7Tsln+9noc76E/Xcv6Ddv4tByf//tj8S5XzHz5S/gP5AwAAAADADMt//z9c/PFfdz0AAAAAAAAAYH7d27i1mq97zcf/Pz/meb3mnOs/D4ycf2/P+bv+9yDJ+ffb+bdOyBk05u++8SD/f2/cWv3g5r8+l6czn//CYFS/9kKvPxim05yqhbfialyLtTi14/nDbe2nd7QvbGs/M6H97I72Ud2+nNtPxGr8Iq7Fm/fbFyecGLU0ob2a0J7zH9j+i5TzHza+6vxXUnuvNa3dfb+/Y7tvTse9zsW//ffFnVvX9N2Jwf11a6rX73gH/dn8P3lqFL+6sXb9xG+u3Lx5/XSkybZHz0SaPGE5/4X0lfN/6YWt9vx7v7m93n1/9Mj5z4o7Mdw1/xca8/X6vjzlvnUh5z9KXzn/vAcav/3Pc/67b/+vdNAfAAAAAAAAAAAAAAAAeJiqqjYvEb0YERfS9T/uhA8ARfjDD9JMlYRarVar1eoDWzdV473eLGJp+zIXIuK3474ZADDL/hcR/+y6E3RG/gXL9/urp1/oujPAVN14972fXbl2be36ja57AgAAAAAAAAB8Wnn8z2ON8Z83zwNqjRu9bfzXN+LY3I7/2R8NNsc6Tyv0fDx8/O/j8fDxv4cTXm9hQvtoQvvihPalCe1jL/RoyPk/nzLO+R9NK1bS+K8vddCfruX8j6exnnP+X2o9r5l/9dd5zr+/Lf+TN9/55ckb77736tV3rry99vbaz0+funDu7PlzZ8+fP/nW1Wtrp7b+7bDH+yvnn8e+dh5oWXL+OXP5lyXn/8VUy78sOf8XUy3/suT88/s9+Zcl558/+8i/LDn/l1Mt/7Lk/L+cavmXJef/SqrlX5ac/1dSLf+y5PxfTbX8y5LzP5Fq+Zcl538y1fIvS84/H+GSf1ly/vnMBvmXJed/JtXyL0vO/2yq5V+WnP+5VMu/LDn/86mWf1ly/hdSLf+y5Py/mmr5lyXn/7VUy78sOf/XUi3/suT8v55q+Zcl5/+NVMu/LDn/b6Za/mXJ+X8r1fIvS87/26mWf1ly/q+nWv5leXD/fzNTnvnP3yNmoBtmzIyb6fo3EwAAAAAAAAAAAADQNo3TibteRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP7PDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1Eaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwd3cxcpX3GcDPftlrQ4IbCCHECWtjiAOLd9df4BCDSUJKSZtSEtKmJTWOvTZO/FXvOgGEylJoSxSkIrUX9KJpEqVRpLYCRZGaSjRCaqT2rlwl4iZqJS4sFSoHJZVSBbY6M+/77szs7Mz6Y+3z8fsh/PfOnJl558yZ2X3WemYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBWGz42/ecDWZbl/zf+WJdll+d/X5Ptyb+c23mpVwgAAACcr7caf/7DFemEPcu4UMs2//aB//j+/Pz8fPaFN0+//Zfz8+mMsSwbWp1ljfOif//lL+ZbtwmeykYHBlu+Huxz80N9zh/uc/5In/NX9Tl/dZ/zR/ucv2gHLLKm+fuYxpVtavx1XXOXZldlI43zNnW51FMDqwcH4+9yGgYal5kfOZgdzo5k09nkossMNP7Lspc25Ld1TxZva7DlttZnWXbmZ4/vj2sYCPt4U9Z2Yw2tj90bd2Vjb/7s8f3fmX39vd1m392waKVZtnljvs6ns2zh11XZQLY67ZO4zsGWda7vss6htnUONC6X/71znWeWuc54v0fDOl/psc714bRHrs+ybC5bcptOT2WD2dqOW037e7R5ROTXkT+U78qGz+o42bCM4yS/zGvXtx8nncdk3P8bwj4ZXmINrQ/HG0+uWrTfz/U4ye91EY7V/Lrvy290dLT1V6ttx2q+zeM3LH0MdH3suhwD6VhuOQY29jsGBlcNNY6BwYU1b2w7BqYWXWYwG2jc1ukbeh8DE7NHT0zMPPrYLYeP7js0fWj62NTkzu3bdmzftmPHxMHDR6Ynm3+e3S4tkbXZYDoGN4bXmngMfrBj29ZDcv6bF+55MFqQ50F+3z9zY76gywezJY7xfJunN5//8yB93295Hgy3PA+6vqZ2eR4ML+N5kG9zZvPyvmcOt/zfbQ0r9Vq4ruUYuJTfD/PbfPBDS78Wrg/reuams/1+OLToGIh3ayA89/JT0s97o7eF/bL4uLg2P+OyVdmpmemTWx7ZNzt7cioL46K4suWx6jxe1rbcp2zR8TJ41sfLnr//1Y3Xdjl9XdhXozf3fqzybbaP936sGq/u7ftzVdbcn22nbs3CuMAu9v7s9t0s358pS/TYn/k2T99y/j8LplzS8vo30u/1b2hkuPn6N5T2xkjb69/ih2aosbIsO3PL8l7/RsL/F/v176qCvP7l++rBLb2PgXybZybO9hgY7vn6d32YA2E9HwqJYbQl97/dOH+ueZi2PJZ9j5vh4ZFw3AzHW2w/brYtukx+bfltb548t+Nm8/Xtj1Xbzy0VPG7yffVXk72Pm3ybl6fO/7VjTfxry2vHqn7HwMjQqny9I+kgaL7eza+Jx8CWbH92PDuSHUiXyR/l/LbGty7vGFgV/r/Yrx3XFOQYyPfV81t7HwP5Nj/admF/dtocTknbtPzs1Pn7haUy/7XDC9fXudsudObP1/nxH38qndYtQ+TbvL79bHNG7/10czjlsi77qfP5s9QxfSC7OPvpmrDOIzt6/24q3+aqncs8nvZkWfbq1KuN33eF3+9+79SPv9/2e99uv1N+derVeyfu/8nZrB8AgHP3duPPuVXNnzVb/sV6Of/+DwAAAJRCzP2DYSbyPwAAAFRGzP1DYSbyPwAAAFRGzP3DYSY1yf8P37brhbeeyNK7Ac4H8fy4G+67o7ld7HjPha/H5hfkp3/02yMvfPWJ5d32YJZlv7r3fV23f/iOuK6mE3GdH24/fZFrrlvW7T/0wMJ2re+fcGZX8/rj/VnuYRC7yi9NbG1c79ijU4358r1ZY94/98xTzetvfh23P72tuf3fhDct2XNwoO3ym8N6NoU5Ft5T5r49C/shn/FyL6z/wL9e+dmF24uXG9j4zsbdfP6Pm9cb3yPquSub28f7vdT6/+Vr330h3/6RG7qv/4nB7us/Ha73tTB/ubu5fes+/2rL+v80rD/eXrzclm/9sOv6X3xPc/sXw3HxjTA713/XX7z/rW6PV7ydPbc3Lxdvf/J/tzcuF68vXn/n+kefmGrbH53X//KbzevZ/eWfD7VuH0+PtxM9dHv78T0QHt+2HnmWZd/9s6xtP2cfaV7unzvWH6/vxO3d139zxzpPDFzXuPzC/VnXdr++/ndbu97fuJ49/7iu7f48d3fYf29O/Ci/3tP3h+MxnP9/rzSvr/O9TF+8u/31Jm7/jXXN5228vomO9T/Xsf656/J913/997zZXP+Ld65uW/+eT4Tj6Z7m7Lf+Q397Rdvlv/md5uNx8ivjx47PnDp8oGWvtj6PV4+uWXvZ5e945xXhtbTz673HZx+ePjk2OTaZZWMlfMvAlV7/t8L8n+aYu/C30PSTnzePu2c/2fy+9cFfNL9+Lpz+UHg84/fHr//1SNvx2vm4z93ZnOe7/pvCOpbrPV/7r+uWteHpz7906p/+5PXOnwvi/Tnx7tHG/Xt+w9WN8wZebp7f+XrVz3++u/15/dPhycb8Qdiv8+GdmTde3by9zuuP703y7Kebz9/4k1y8fNbxfiLrhtrvx/mu/6fh55gfXtP++hePjx880fFuzuuygXwJc+H1IZtrnh+3ivv72TNXd729+D482dx7z2aZS5p5dGbiyOFjpx6ZmJ2emZ2YefSxvUePnzo2u7fx3qV7v9jv8gvP77WN5/eB6Z3bs8az/XhzrLBLvf4TD+w/cOvkjQemD+47dXD2gRPTJw/tn5nZP31g5sZ9Bw9Of6Xf5Q8f2D21dde2W7eOHzp8YPdtu3Zt2zV++NjxfBnNRfWxc/JL48dO7m1cZGb39l1TO3Zsnxw/evzA9O5bJyfHT/W7fON703h+6S+Pn5w+sm/28NHp8ZnDj03vntq1c+fWvu/+ePTEwZmxiZOnjk2cGp4+OdG8L2OzjZPz7339Lk89zBwPr3cdBsJP55+7eWd6f9zct59c8qqam7T/eJq9Ed4LKn5/6/d1zP0jYSY1yf8AAABQBzH3hzf+XzhD/gcAAIDKiLl/dZiJ/A8AAACVEXN/M/mPpo9/r0v+v1D9/yf1/xv0//X/M/3/RP9f/z/T/9f/70P/X/+/zOvX/0/9/xn9f5ZStP5/yP3Zmizz7/8AAABQUTH3rw0zkf8BAACgMmLuvyzMRP4HAACAyoi5//Iwk5rkf5//r/+v/9+r/x+31f/P9P+L0P/f9N/6/4vo/+v/Z/r/5+xS9+fLvv4C9v/X6P9TNEXr/8fc/44wk5rkfwAAAKiDmPvfGWYi/wMAAEBlxNx/RZiJ/A8AAACVEXP/ujCTmuR//X/9f/1/n/+v/1+a/r/P/+9C/1//P9P/P2eXuj9f9vUXsP/v8/8pnKL1/2Pu/7Uwk5rkfwAAAKiDmPvfFWYi/wMAAEBlxNx/ZZiJ/A8AAACVEXP/VWEmNcn/9ez/v5Zlmf5/pv+v/9+xTv1//f+VoP+v/9+L/r/+f5nXr/+v/09/Rev/x9z/7jCTmuR/AAAAqIOY+68OM5H/AQAAoDJi7n9PmIn8DwAAAJURc/81YSY1yf/17P/7/H/9/yb9//Z16v/r/68E/X/9/170/5fR/x9e+Kv+f7HWr/+v/09/Rev/x9z/3jCTmuR/AAAAqIOY+68NM5H/AQAAoDJi7n9fmIn8DwAAAJURc//6MJOa5H/9f/1//X/9f/1//f+VVK7+/+CS5+j/N+n/t7tw/f+5hQX4/P/SrF//X/+f/orW/4+5//1hJjXJ/wAAAFAHMfd/IMxE/gcAAIDKiLn/ujAT+R8AAAAqI+b+sTCTmuR//X/9f/1//X/9f/3/lVSu/v/S9P+b9P/bXZTP/2+h/1+s9ev/6//TX9H6/zH3bwgzqUn+BwAAgDqIuX9jmIn8DwAAAJURc//1YSbyPwAAAFRGzP2bwkxqkv/1//X/9f/1//X/9f9Xkv6//n8v+v/6/2Vev/6//j/9Fa3/H3P/DWEmNcn/AAAAUAcx998YZiL/AwAAQGXE3P/BMBP5HwAAACoj5v7NYSY1yf/6//r/+v8l7v8P6f9n+v+Fp/+v/9+L/r/+f5nXr/+v/09/Rev/x9z/oTCTmuR/AAAAqIOY+28KM5H/AQAAoDJi7r85zET+BwAAgMqIuX88zKQm+V//X/9f/7/E/X+f/9+2fv3/YtL/1//vRf9f/7/M69f/1/+nv6L1/2PuvyXMpCb5HwAAAOog5v4tYSbyPwAAAFRGzP0TYSbyPwAAAFRGzP2TYSY1yf/6//r/+v/6//r/+v8rSf9f/78X/X/9/zKvX/9f/5/+itb/j7l/KsykJvkfAAAA6iDm/q1hJvI/AAAAVEbM/dvCTOR/AAAAqIyY+7eHmdQk/5ek/78lFaD0//X/9f/1//X/S0X/X/+/F/1//f8yr1//X/+fdoNdTita/z/m/h1hJjXJ/wAAAFAHMffvDDOR/wEAAKAyYu6/NcxE/gcAAIDKiLn/tjCTmuT/kvT/ff6//r/+fwv9f/3/MtH/1//vRf9f/7/M69f/1/+nv6L1/2Pu3xVmUpP8DwAAAHUQc/+Hw0zkfwAAAKiMmPtvDzOR/wEAAKBUun0OYRRz/0fCTGqS//X/q97/n1+t/6//r//fe/36/ytL/1//vxf9f/3/Mq9f/1//n/6K1v+PuX93mElN8j8AAADUQcz9d4SZyP8AAABQGTH33xlmIv8DAABAZcTcvyfMpCb5X/+/6v1/n/+v/6//32/9+v8rS/9f/78X/f9y9v/Djy36/wXq/+fHkP4/RVS0/n/M/XeFmdQk/wMAAEAdxNz/0TAT+R8AAAAqI+b+j4WZyP8AAABQGTH3fzzMpCb5X/9f/1//X/9f/1//fyXp/69Y/7/xUljk/v+aZdyM/n85+/+R/n9x+v8+/5+iKlr/P+b+u8NMapL/AQAAoA5i7v9EmIn8DwAAAJURc/+vh5nI/wAAAFAZMfffE2ZSk/yv/6//r/+v/6//r/+/kvT/ff5/L/r/+v9lXr/+v/4//RWt/x9z/2+EmdQk/wMAAEAdxNx/b5iJ/A8AAACVEXP/J8NM5H8AAAAomVVLnhNz/2+GmdQk/5ev/z9Wyv7/YLp+/X/9f/1//X/9/wtJ/1//P9P/P2eXuj9f9vXr/+v/01/R+v8x9/9WmElN8j8AAADUQcz9nwozkf8BAACgMmLu/+0wE/kfAAAAKiPm/vvCTGqS/y90/7/z8r34/H/9/0z/X/9f/1///zzp/+v/Z/r/5+xS9+fLvn79f/1/+ita/z/m/t8JM6lJ/gcAAIA6iLn//jAT+R8AAAAK6uGzvkTM/Z8OM5H/AQAAoDJi7v9MmElN8n/5Pv9f/1//X/9f/1//v0z0//X/e9H/1/8v8/r1//X/6a9o/f+Y+x8IM6lJ/gcAAIA6iLn/s2Em8j8AAABURsz9vxtmIv8DAABAZcTc/3thJj3y/9KVhPLR/9f/1//X/9f/1/9fSfr/i/v/+WuY/n+T/r/+f5nXr/+v/09/Rev/x9z/uTAT//4PAAAAlRFz/++Hmcj/AAAAUBkx9/9BmIn8DwAAAJURc/+DYSY1yf/6//r/+v/6//r/+v8rSf/f5//3ov+v/1/m9ev/6//TX9H6/zH3fz7MpCb5HwAAAOog5v4/DDOR/wEAAKAyYu7fG2Yi/wMAAEBlxNz/UJhJTfK//r/+v/6//r/+v/7/StL/1//vRf9f/7/M69f/1/+nv6L1/2Pu3xdmsqf9ZgAAAIDyirn/C2EmNfn3fwAAAKiDmPv3h5nI/wAAAFAZMfcfCDOpSf7X/9f/1//X/9f/1/9fSfr/+v+96P/r/5d5/fr/+v/0V7T+f8z902EmNcn/AAAAUAcx9x8MM5H/AQAAoDJi7j8UZiL/AwAAQGXE3P9wmElN8r/+v/6//n9t+/+vfK9jnfr/+v8rQf9f/78X/X/9/zKvX/9f/5/+itb/j7n/cJhJTfI/AAAA1EHM/V8MM5H/AQAAoDJi7v9SmIn8DwAAAJURc/+RMJOa5H/9f/1//f/a9v+X9/n/axZuV/9f//9c6P/r//ei/6//X+b16//r/9Nf0fr/MfcfDTOpSf4HAACAOoi5/1iYifwPAAAAlRFz//EwE/kfAAAAKiPm/hNhJjXJ//r/Z9X/XzWwRDdQ/7/7+vX/K9D/b6H/r/9/LvT/9f970f/X/y/z+vX/9f/pr2j9/5j7/yjMpCb5HwAAAOog5v6TYSbyPwAAAFRGzP0zYSbyPwAAAFRGzP2zYSY1yf/6/z7/X/9f/1//X/9/Jen/6//3ov+v/1/m9ev/6//TX9H6/zH3nwozqUn+B4D/Z+8+c/U6qz4OP6/zOiRCwBTCEGACDIExIDEGeknooUPovYXeQofQe++99x4IvUpB8VlrhWPsvW2f8/jc+17X9SELTpB8RzEf/kp+2gAAHeTuv1/cYv8DAADANHL33z9usf8BAABgGrn7HxC3NNn/+n/9v/5f/6//1//vk/5f/79E/6//3/L79f/6f9aN1v/n7n9g3NJk/wMAAEAHufsfFLfY/wAAADCN3P0PjlvsfwAAAJhG7v6HxC1N9r/+X/+v/9f/6//1//uk/9f/L9H/6/+3/H79v/6fdaP1/7n7Hxq3NNn/AAAA0EHu/ofFLfY/AAAATCN3/8PjFvsfAAAAppG7/9q4pcn+1//r//X/G+z//1//r//fDv2//n+J/l//v+X36//1/6wbrf/P3X9d3NJk/wMAAEAHufsfEbfY/wAAADCN3P2PjFvsfwAAAJhG7v5HxS1N9r/+X/+v/99g/+/7//r/DdH/6/+X6P/1/1t+v/5f/8+60fr/3P2Pjlua7H8AAADoIHf/Y+IW+x8AAACmkbv/sXGL/Q8AAADTyN3/uLilyf7X/+v/9f/6f/2//n+f9P/6/yX6f/3/lt+v/9f/s27v/f+9rz9zL7T/z91/fdzSZP8DAABAB7n7Hx+32P8AAAAwjdz9T4hb7H8AAACYRu7+J8YtTfa//l//f0f/f9v/6f/1//r/O36u/z8e+n/9/xL9v/5/y+/X/+v/Wbf3/n+l9z/7v+fuf1Lc0mT/AwAAQAe5+58ct9j/AAAAMI3c/U+JW+x/AAAAmEbu/qfGLU32v/5f/+/7//p//b/+f5/0/8P2/2f/X+8w/f8F0f/r/8/X/9/rAt6v/6eD0fr/3P1Pi1ua7H8AAADoIHf/0+MW+x8AAACmkbv/hrjF/gcAAIBp5O5/RtzSZP/r//X/+n/9/+H+/1TL/v/2n+n/90P/P2z/v0z/f0H0//p/3//X/7NstP4/d/8z45Ym+x8AAAA6yN3/rLjF/gcAAIBp5O5/dtxi/wMAAMA0cvc/J25psv/1//p//b/+/0jf/79ijv7f9//3R/+v/1+i/9f/b/n9+n/9P+tG6/9z9z83bmmy/wEAAGB6p3a1+58Xt9j/AAAAMI3c/c+PW+x/AAAAmEbu/hfELU32v/5f/6//1/8fqf+f5Pv/+v/90f/r/5dcaP+/0//XX4v+f5z36//1/6wbrf/P3f/CuKXJ/gcAAIAOcve/KG6x/wEAAGAauftfHLfY/wAAADCN3P0viVua7H/9v/5f/6//1//r//dJ/6//X+L7//r/Lb9f/6//Z91o/X/u/pfGLU32PwAAAHSQu/9lcYv9DwAAANPI3f/yuMX+BwAAgGnk7n9F3HL2/j91OV91+ej/9f/6f/2//l//v0/6f/3/Ev3/ufv/q87z6+n/x3q//l//z7rR+v/c/TfGLf75PwAAAEwjd/8r4xb7HwAAAKaRu/9VcYv9DwAAANPI3f/quKXJ/j9f/3/rnQ/+vP7/wuj/z/1+/b/+X/+v/9f/6/+X6P99/3/L79f/6/9ZN1r/n7v/NXFLk/0PAAAAHeTuf23cYv8DAADANHL3vy5usf8BAABgGrn7Xx+3NNn/x//9/2v0//p//X9c/b/+X/+v/9f/L9P/6/+3/H79v/6fdaP1/7n73xC3NNn/AAAA0EHu/jfGLfY/AAAATCN3/5viFvsfAAAAppG7/81xS5P9f/z9v+//6/8vsv8/pf9P+v/4+6r/1/9fBP2//n+n/79kJ93Pb/39+n/9P+tG6/9z9990Zur12/8AAADQwU1n/njV7i1xi/0PAAAA08jd/9a4xf4HAACAaeTuf1vc0mT/6//1/yfe//v+f9H/x99X/b/+/yLo//X/O/3/JTvpfn7r79f/6/9ZN1r/n7v/7XFLk/0PAAAAHeTuf0fcYv8DAADANGL3H/zL7/Y/AAAATOmdZ/541e5dcUuT/d+4/7/mqP3/1f/1n/X/536//v9Y+v+bzv69p//X/2+J/l//v0T/r//f8vvH6f/jB9fq/xnPaP1/7v53xy1N9j8AAAB0kLv/PXGL/Q8AAADTyN1/c9xi/wMAAMA0cve/N25psv8b9/+TfP//PrfEC/T/8/b/vv8fV/+v/z8X/b/+f6f/v2Qn3c9v/f3j9P++/8+4Ruv/c/e/L25psv8BAACgg9z9749b7H8AAACYRu7+D8Qt9j8AAABMI3f/B+OWJvtf/7/1/t/3//X/+n/9/9j0//r/Jfp//f+W36//1/+zbrT+P3f/h+KWJvsfAAAAOsjd/+G4xf4HAACAaeTu/0jcYv8DAADANHL3fzRuabL/9f/6/331/7f/Ivr/Jv3/dfr/nf7/vPT/+v8l+n/9/5bfr//X/7NutP4/d//H4pYm+x8AAAA6yN3/8bjF/gcAAIBp5O7/RNxi/wMAAMA0cvd/Mm64x11O7knH6/R5fh69uf5f/+/7//p/3//X/++T/l//v0T/r//f8vv1//p/1o3W/+fu/1Tc4p//AwAAwDRy9386brH/AQAAYBq5+z8Tt9j/AAAAMI3c/Z+NW5rsf/2//l//v9n+/2r9/+H36//HpP/X/y/R/+v/t/x+/b/+n3Wj9f+5+z8XtzTZ/wAAANBB7v7Pxy32PwAAAEwjd/8X4hb7HwAAAKaRu/+LcUuT/a//1//r/zfb//v+/1nv1/+PSf+v/1+i/9f/b/n9+n/9P+tG6/9z938pbmmy/wEAAKCD3P1fjlvsfwAAAJhG7v6vxC32PwAAAEwjd/9X45Ym+1//r//X/+v/9f/6/33S/+v/l+j/9f9bfr/+X//PutH6/9z9X4tbmux/AAAA6CB3/9fjFvsfAAAAppG7/xtxi/0PAAAA08jd/824pcn+n7n/X/qf6f8P6P/1/zv9v/5/z/T/+v8l+n/9/5bfr//X/7NutP4/d/+34pYm+x8AAAA6yN3/7bjF/gcAAIBp5O7/Ttxi/wMAAMA0cvd/N25psv9n7v+X6P8P6P/1/zv9v/5/z/T/+v8l+n/9/5bfr//X/7PuhPr/07vz9P+5+78XtzTZ/wAAANBB7v7vxy32PwAAAEwjd/8P4hb7HwAAAKaRu/+Hccs8+/++Ny/8Sf3/sff/Z34T6f/1/7sh+//Th96p/z+g/98v/b/+f4n+X/+/5ffr//X/rBvt+/+5+38Ut8yz/wEAAKC93P0/jlvsfwAAAJhG7v6fxC32PwAAAEwjd/9P45Ym+1//7/v/+v9O/f89r9j5/r/+/zLT/+v/l+j/9f9bfr/+X//PutH6/9z9P4tbmux/AAAA6CB3/8/jFvsfAAAAppG7/xdxi/0PAAAA08jd/8u4pcn+1//r//X/rfr/Q+/X/x/Q/++X/l//v0T/r//f8vuz/8/fd/p//T//a7T+P3f/r+KWJvsfAAAAOsjd/+u4xf4HAACAaeTu/03cYv8DAADANHL3/zZuabL/9f/6f/1/m/7/trvtdvp//f9lN1D/f+VRfh39/wH9/2H6f/2/7//r/1k2Wv+fu/+WuKXJ/gcAAIAOcvf/Lm6x/wEAAGAauft/H7fY/wAAADCN3P23xi1N9r/+X/8/Zf9/J/2/7//r/0cxUP9/JPr/A/r/w/T/+n/9v/6fZaP1/7n7/xC3NNn/AAAA0EHu/j/GLfY/AAAATCN3/5/iFvsfAAAAppG7/89xS5P9r//X/198/3+6/rqH7f99/1//r/8fxrz9/5X6f/3/kfv/G248+LH+f5vv1//r/1k3Wv+fu/8vcUuT/Q8AAAAd5O7/a9xi/wMAAMA0cvf/LW6x/wEAAGAaufv/Hrc02f/T9P93v+vB1f/7/r/+X/8fP9f/j2He/t/3//X/vv+v/9f/6/9ZM1r/n7v/H3FLk/0PAAAAHeTu/2fcYv8DAADANHL3/ytusf8BAABgGrn7/x23NNn/0/T/Sf+v/9f/6//j5/r/Mej/9f9L9P/6/y2/X/+v/2fdaP1/7v7/BAAA//9RaTCH")
syz_mount_image$vfat(&(0x7f0000000200), &(0x7f0000000240)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x20000, 0x0, 0x0, 0x0, &(0x7f0000000100))
mount(0x0, &(0x7f0000000000)='.\x00', 0x0, 0x2236824, 0x0)

59.064699061s ago: executing program 3 (id=589):
r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000006180), 0x0, 0x0)
socket$inet_sctp(0x2, 0x0, 0x84)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000003b810000850000007d000000850000005000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000100)='sys_exit\x00', r1}, 0x10)
shmctl$IPC_SET(0x0, 0x1, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sendmsg$key(r0, &(0x7f0000001a40)={0x0, 0x0, &(0x7f0000001a00)={&(0x7f0000001b00)=ANY=[@ANYBLOB="021070091c00000028bd7000fddbdf2502001000000004d6000004d4005700000005001a00ac1414aa000000000000000000000000e00000010000000000000000000000001800101002001000000004d2000004d4000000001100180010ac7d00f0a98eaac80517f1a57f72b1240b82a10d875aa2195b90abd17fa1cdfe1f588b99fff796db7b227151389b328015862bb9dae18cf15e4c8afd3067df0ab12338ae0f3f4ee324289876e8f63fccf459281d80df4d6594dfc79996"], 0xe0}}, 0x44040000)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x80a02, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, &(0x7f0000000040), 0x4)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$PIO_UNIMAP(r3, 0x4b67, &(0x7f0000000080)={0x7, &(0x7f0000000440)=[{0x5, 0xd0}, {0x0, 0x8fb6}, {0x4, 0x2}, {0xfffd, 0xf842}, {0x80, 0x1}, {0xc2, 0x5}, {0x2, 0x100}]})
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r4 = memfd_create(&(0x7f0000000780)='\xa3\x9fn\xb4dR\x04i5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x85\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xf7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\"q\x1b0)\xccm\xacz\xc1\xadd\x9b6a\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xd4\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\nh<\x99\xaa\xe1\xf3\xb8Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e\x10D\x7f!\xca\x0ev<\x97\x1a2_\x82\xfa\x15h$\x01\xdd\xe5\xceC\x19\xb3\x01\x85\a\xe4qv&\x9c\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xb2\xf5\x1e5.\xc1\xa1\x05\x92\x82d\x0e\xf5PMjIt\xc5u~Tw\xbeNg\xb5\xeeP\x9c\xce\xfaS\xa7\xec0\xf4\xd2\xc2+@\x12=\xaa\b\xd2&\x19k6\xc7\xa6+\x04V\xc3\xe1\xd3\fZZ\x1cJo\xa5(& \r\xf1\xa4\xb8\xc23\x16\xc3\xaejA/', 0x0)
write$binfmt_elf32(r4, &(0x7f0000000f00)=ANY=[@ANYBLOB="7f454c466000002ed8e4f97765ce27b90300060000000000000000b738000000000035f4c38422a3bc82200005"], 0x66)
execveat(r4, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NFC_CMD_GET_TARGET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x14, r5, 0x315, 0x70bd2c, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0xc8c1}, 0x4000094)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x102, 0x700000})
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$phonet(0x23, 0x2, 0x1)
syz_open_procfs(0x0, &(0x7f0000000280)='net/vlan/config\x00')

43.945685412s ago: executing program 32 (id=589):
r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000006180), 0x0, 0x0)
socket$inet_sctp(0x2, 0x0, 0x84)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000003b810000850000007d000000850000005000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000100)='sys_exit\x00', r1}, 0x10)
shmctl$IPC_SET(0x0, 0x1, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sendmsg$key(r0, &(0x7f0000001a40)={0x0, 0x0, &(0x7f0000001a00)={&(0x7f0000001b00)=ANY=[@ANYBLOB="021070091c00000028bd7000fddbdf2502001000000004d6000004d4005700000005001a00ac1414aa000000000000000000000000e00000010000000000000000000000001800101002001000000004d2000004d4000000001100180010ac7d00f0a98eaac80517f1a57f72b1240b82a10d875aa2195b90abd17fa1cdfe1f588b99fff796db7b227151389b328015862bb9dae18cf15e4c8afd3067df0ab12338ae0f3f4ee324289876e8f63fccf459281d80df4d6594dfc79996"], 0xe0}}, 0x44040000)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x80a02, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, &(0x7f0000000040), 0x4)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$PIO_UNIMAP(r3, 0x4b67, &(0x7f0000000080)={0x7, &(0x7f0000000440)=[{0x5, 0xd0}, {0x0, 0x8fb6}, {0x4, 0x2}, {0xfffd, 0xf842}, {0x80, 0x1}, {0xc2, 0x5}, {0x2, 0x100}]})
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r4 = memfd_create(&(0x7f0000000780)='\xa3\x9fn\xb4dR\x04i5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x85\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xf7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\"q\x1b0)\xccm\xacz\xc1\xadd\x9b6a\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xd4\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\nh<\x99\xaa\xe1\xf3\xb8Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e\x10D\x7f!\xca\x0ev<\x97\x1a2_\x82\xfa\x15h$\x01\xdd\xe5\xceC\x19\xb3\x01\x85\a\xe4qv&\x9c\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xb2\xf5\x1e5.\xc1\xa1\x05\x92\x82d\x0e\xf5PMjIt\xc5u~Tw\xbeNg\xb5\xeeP\x9c\xce\xfaS\xa7\xec0\xf4\xd2\xc2+@\x12=\xaa\b\xd2&\x19k6\xc7\xa6+\x04V\xc3\xe1\xd3\fZZ\x1cJo\xa5(& \r\xf1\xa4\xb8\xc23\x16\xc3\xaejA/', 0x0)
write$binfmt_elf32(r4, &(0x7f0000000f00)=ANY=[@ANYBLOB="7f454c466000002ed8e4f97765ce27b90300060000000000000000b738000000000035f4c38422a3bc82200005"], 0x66)
execveat(r4, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NFC_CMD_GET_TARGET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x14, r5, 0x315, 0x70bd2c, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0xc8c1}, 0x4000094)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x102, 0x700000})
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$phonet(0x23, 0x2, 0x1)
syz_open_procfs(0x0, &(0x7f0000000280)='net/vlan/config\x00')

17.649480929s ago: executing program 4 (id=728):
r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000006180), 0x0, 0x0)
socket$inet_sctp(0x2, 0x0, 0x84)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000003b810000850000007d000000850000005000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000100)='sys_exit\x00', r1}, 0x10)
shmctl$IPC_SET(0x0, 0x1, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
sendmsg$key(r0, &(0x7f0000001a40)={0x0, 0x0, &(0x7f0000001a00)={&(0x7f0000001b00)=ANY=[@ANYBLOB="021070091c00000028bd7000fddbdf2502001000000004d6000004d4005700000005001a00ac1414aa000000000000000000000000e00000010000000000000000000000001800101002001000000004d2000004d4000000001100180010ac7d00f0a98eaac80517f1a57f72b1240b82a10d875aa2195b90abd17fa1cdfe1f588b99fff796db7b227151389b328015862bb9dae18cf15e4c8afd3067df0ab12338ae0f3f4ee324289876e8f63fccf459281d80df4d6594dfc79996"], 0xe0}}, 0x44040000)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x80a02, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, &(0x7f0000000040), 0x4)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$PIO_UNIMAP(r3, 0x4b67, &(0x7f0000000080)={0x7, &(0x7f0000000440)=[{0x5, 0xd0}, {0x0, 0x8fb6}, {0x4, 0x2}, {0xfffd, 0xf842}, {0x80, 0x1}, {0xc2, 0x5}, {0x2, 0x100}]})
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r4 = memfd_create(&(0x7f0000000780)='\xa3\x9fn\xb4dR\x04i5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x85\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xf7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\"q\x1b0)\xccm\xacz\xc1\xadd\x9b6a\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xd4\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\nh<\x99\xaa\xe1\xf3\xb8Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e\x10D\x7f!\xca\x0ev<\x97\x1a2_\x82\xfa\x15h$\x01\xdd\xe5\xceC\x19\xb3\x01\x85\a\xe4qv&\x9c\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xb2\xf5\x1e5.\xc1\xa1\x05\x92\x82d\x0e\xf5PMjIt\xc5u~Tw\xbeNg\xb5\xeeP\x9c\xce\xfaS\xa7\xec0\xf4\xd2\xc2+@\x12=\xaa\b\xd2&\x19k6\xc7\xa6+\x04V\xc3\xe1\xd3\fZZ\x1cJo\xa5(& \r\xf1\xa4\xb8\xc23\x16\xc3\xaejA/', 0x0)
write$binfmt_elf32(r4, &(0x7f0000000f00)=ANY=[@ANYBLOB="7f454c466000002ed8e4f97765ce27b90300060000000000000000b738000000000035f4c38422a3bc82200005"], 0x66)
execveat(r4, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NFC_CMD_GET_TARGET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x14, r5, 0x315, 0x70bd2c, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0xc8c1}, 0x4000094)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x102, 0x700000})
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$phonet(0x23, 0x2, 0x1)
syz_open_procfs(0x0, &(0x7f0000000280)='net/vlan/config\x00')

14.938045625s ago: executing program 4 (id=732):
timerfd_settime(0xffffffffffffffff, 0x3, 0x0, 0x0)
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b5b30a40450c056055b5010203010902120001000000000904"], 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000440)={0x34, &(0x7f0000000240)=ANY=[@ANYBLOB="00000003000010"], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)

9.868487563s ago: executing program 4 (id=740):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@ipv4_deladdr={0x18, 0x15, 0x115, 0x70bd26, 0x25dfdbfc, {0x2, 0x8, 0x80, 0xff, r2}}, 0x18}, 0x1, 0x0, 0x0, 0x20004000}, 0x4d884)

9.666229917s ago: executing program 1 (id=742):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0)
ptrace(0x10, r0)
ptrace$setregs(0x1a, r0, 0xc, &(0x7f0000000000))

9.54559234s ago: executing program 5 (id=743):
r0 = syz_usb_connect$sierra_net(0x0, 0x3f, &(0x7f0000000080)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x1199, 0x68a3, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x0, 0x80, 0xfa, {{0x9, 0x4, 0x7, 0x0, 0x3, 0xff, 0x0, 0x0, 0x0, "", {{0x9, 0x5, 0x43978451d8f6fedb, 0x2, 0x40, 0x2, 0x1b, 0xfe}, {0x9, 0x5, 0x7, 0x2, 0x200, 0xc, 0x77, 0x3}, {0x9, 0x5, 0x81, 0x3, 0x20, 0x0, 0xfd, 0x32}}}}}}]}}, 0x0)
syz_usb_control_io$sierra_net(r0, 0x0, 0x0)
syz_usb_control_io$sierra_net(r0, &(0x7f0000000140)={0x14, &(0x7f0000000400)={0x0, 0x23, 0x28, {0x28, 0x31, "70860ad862a1abbddc51a23518f5a0e072ae8a035009e658935d7fe23a536aae1a550b716a1c"}}, 0x0}, 0x0)
syz_usb_control_io$sierra_net(r0, 0x0, 0x0)

9.385491716s ago: executing program 4 (id=746):
r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000006180), 0x0, 0x0)
socket$inet_sctp(0x2, 0x0, 0x84)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000003b810000850000007d000000850000005000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000100)='sys_exit\x00', r1}, 0x10)
shmctl$IPC_SET(0x0, 0x1, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
sendmsg$key(r0, &(0x7f0000001a40)={0x0, 0x0, &(0x7f0000001a00)={&(0x7f0000001b00)=ANY=[@ANYBLOB="021070091c00000028bd7000fddbdf2502001000000004d6000004d4005700000005001a00ac1414aa000000000000000000000000e00000010000000000000000000000001800101002001000000004d2000004d4000000001100180010ac7d00f0a98eaac80517f1a57f72b1240b82a10d875aa2195b90abd17fa1cdfe1f588b99fff796db7b227151389b328015862bb9dae18cf15e4c8afd3067df0ab12338ae0f3f4ee324289876e8f63fccf459281d80df4d6594dfc79996"], 0xe0}}, 0x44040000)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x80a02, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, &(0x7f0000000040), 0x4)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$PIO_UNIMAP(r3, 0x4b67, &(0x7f0000000080)={0x7, &(0x7f0000000440)=[{0x5, 0xd0}, {0x0, 0x8fb6}, {0x4, 0x2}, {0xfffd, 0xf842}, {0x80, 0x1}, {0xc2, 0x5}, {0x2, 0x100}]})
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r4 = memfd_create(&(0x7f0000000780)='\xa3\x9fn\xb4dR\x04i5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x85\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xf7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\"q\x1b0)\xccm\xacz\xc1\xadd\x9b6a\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xd4\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\nh<\x99\xaa\xe1\xf3\xb8Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e\x10D\x7f!\xca\x0ev<\x97\x1a2_\x82\xfa\x15h$\x01\xdd\xe5\xceC\x19\xb3\x01\x85\a\xe4qv&\x9c\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xb2\xf5\x1e5.\xc1\xa1\x05\x92\x82d\x0e\xf5PMjIt\xc5u~Tw\xbeNg\xb5\xeeP\x9c\xce\xfaS\xa7\xec0\xf4\xd2\xc2+@\x12=\xaa\b\xd2&\x19k6\xc7\xa6+\x04V\xc3\xe1\xd3\fZZ\x1cJo\xa5(& \r\xf1\xa4\xb8\xc23\x16\xc3\xaejA/', 0x0)
write$binfmt_elf32(r4, &(0x7f0000000f00)=ANY=[@ANYBLOB="7f454c466000002ed8e4f97765ce27b90300060000000000000000b738000000000035f4c38422a3bc82200005"], 0x66)
execveat(r4, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NFC_CMD_GET_TARGET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x14, r5, 0x315, 0x70bd2c, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0xc8c1}, 0x4000094)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x102, 0x700000})
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$phonet(0x23, 0x2, 0x1)
syz_open_procfs(0x0, &(0x7f0000000280)='net/vlan/config\x00')

9.368297868s ago: executing program 6 (id=747):
syz_mount_image$msdos(&(0x7f0000000080), &(0x7f0000001200)='./file0\x00', 0x1000000, &(0x7f00000001c0)={[{@nodots}, {@fat=@discard}, {@nodots}, {@fat=@flush}, {@nodots}, {@fat=@discard}, {@nodots}, {@nodots}, {}]}, 0x1, 0x11f1, &(0x7f0000001240)="$eJzs3U1rY1UYB/CnmYzNpNPO+DY6s/GgG91cHBeu3BRpQSagzEyEGVd3aKohMQm9WSQiWHDnyg/i0p0gfgE/SXGjm66MtElfsS/S2Dd+v00f+r/PveeewIUbziEbH/34dWu1yFbzfpRmZqLci0ibKVKU4kaMrcd73y//9cOTZ88fLdZqS49TWl58+vDDlNLCW79+8e1Pb//Wn/v854VfZqM06bj3+/2Nv59+1SxSs0idbj/l6UW3289ftBtppVm0spQ+aze2zt/sFI21A/lqu9vrDVPeWZmv9tYaRZHyzjC1GsPU76bvIiL/Mm92UpZlab4aVM7QW9/5iEc346UYjUajW1GNubgd87EQd+JuvByvxKvxWrwe9+KNeDPubx+1e4L1Mw8fAAAAAAAAAAAAAAAAAAAAiM3t3fyjE/f/z/37/n8AAAAAAAAAAAAAAAAAAABgCk67//+I3/8HAAAAAAAAAAAAAAAAAAAApsD+fwAAAAAAAAAAAAAAAAAAALh4T549f7RYqy09TqkS8cf6oD6oj/+O8+VPakvvp23lva4/B4P6jd384ThP46w8yWejOsk/OJDv9Ffi3XfG+Vb28ae1Q/mDWDmfKQAAAIBrL0u77u79d+/9PsuOysfVvu8HDr2/l+NBOSJuH7xe+f+9Hf6jYvhNK2+3G2vHFVHad/DspPPErukVdyaXPI9rTa+YOfVE3YyIyzHmK1pUJlN9WcZzHYrzfhJxEfY95AEAAAAAAAAAALhCjl0GOJosvD3jcsKIWxd9mwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/7ADxwIAAAAAwvyt0+jYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGCpAAAA///tjHSh")
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000240)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_FLUSH(r3, 0x0, 0x485, 0x0, 0x0)
rename(&(0x7f0000000180)='./file1\x00', &(0x7f00000001c0)='./file2\x00')
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000340)="9b400ca600f8fd5a6b17a79144d7630275e299c92f18a1342f538b16d179fe0b7b09b79594fd7974ab049ca811451af4586af5c9d4b0204c7276f13945c63dbde75e2353cb9bed717fc208a692cdd3ca9c", 0x51)
lstat(&(0x7f0000000400)='./file1\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0})
syz_mount_image$fuse(&(0x7f0000000140), &(0x7f0000000240)='./file1\x00', 0x2000000, &(0x7f0000000540)={{}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x1800}}, {@default_permissions}], [{@smackfsdef={'smackfsdef', 0x3d, '\xf0'}}, {@subj_role}, {@fsname={'fsname', 0x3d, '!,(,,}'}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@smackfsroot={'smackfsroot', 0x3d, '9p\x00'}}, {@uid_gt}]}}, 0x1, 0x0, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x10)
sendmsg$NFT_BATCH(r5, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="14000000100001000000000000000005dfd0eb967466a0001100010000000000000000000a00000a"], 0x28}, 0x1, 0x0, 0x0, 0x48800}, 0xc080)
creat(&(0x7f0000000080)='./file0\x00', 0xa)
write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x52)
mount$9p_fd(0x0, 0x0, 0x0, 0xa00000, 0x0)
pipe2(0x0, 0x0)
socket(0x2c, 0x3, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x12, r6, 0x0)
r7 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r7, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r7, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8004}, 0x0)

8.35877426s ago: executing program 1 (id=748):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32=r2, @ANYBLOB="08002600940900000800b7"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)

8.204142213s ago: executing program 4 (id=749):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x12, 0x8031, 0xffffffffffffffff, 0x6a855000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
ioprio_get$pid(0x3, 0x0)

8.079087187s ago: executing program 0 (id=751):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000300)={0x70, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x51, 0x33, @action={{{}, {}, @device_b}, @mesh_hwmp_psel={0xd, 0x1, {@val={0x82, 0x1a, {{0x1, 0x0, 0x1}, 0x9, 0xff, 0xa, @device_a, 0x5, @void, 0x2, 0x80}}, @void, @void, @val={0x7e, 0x15, {{0x1, 0x4d}, 0x0, 0xf, @device_a, 0x35160000, 0x0, 0x8001}}}}}}]}, 0x70}}, 0x0)

7.971329768s ago: executing program 1 (id=752):
syz_mount_image$msdos(&(0x7f0000000080), &(0x7f0000001200)='./file0\x00', 0x1000000, &(0x7f00000001c0)={[{@nodots}, {@fat=@discard}, {@nodots}, {@fat=@flush}, {@nodots}, {@fat=@discard}, {@nodots}, {@nodots}, {}]}, 0x1, 0x11f1, &(0x7f0000001240)="$eJzs3U1rY1UYB/CnmYzNpNPO+DY6s/GgG91cHBeu3BRpQSagzEyEGVd3aKohMQm9WSQiWHDnyg/i0p0gfgE/SXGjm66MtElfsS/S2Dd+v00f+r/PveeewIUbziEbH/34dWu1yFbzfpRmZqLci0ibKVKU4kaMrcd73y//9cOTZ88fLdZqS49TWl58+vDDlNLCW79+8e1Pb//Wn/v854VfZqM06bj3+/2Nv59+1SxSs0idbj/l6UW3289ftBtppVm0spQ+aze2zt/sFI21A/lqu9vrDVPeWZmv9tYaRZHyzjC1GsPU76bvIiL/Mm92UpZlab4aVM7QW9/5iEc346UYjUajW1GNubgd87EQd+JuvByvxKvxWrwe9+KNeDPubx+1e4L1Mw8fAAAAAAAAAAAAAAAAAAAAiM3t3fyjE/f/z/37/n8AAAAAAAAAAAAAAAAAAABgCk67//+I3/8HAAAAAAAAAAAAAAAAAAAApsD+fwAAAAAAAAAAAAAAAAAAALh4T549f7RYqy09TqkS8cf6oD6oj/+O8+VPakvvp23lva4/B4P6jd384ThP46w8yWejOsk/OJDv9Ffi3XfG+Vb28ae1Q/mDWDmfKQAAAIBrL0u77u79d+/9PsuOysfVvu8HDr2/l+NBOSJuH7xe+f+9Hf6jYvhNK2+3G2vHFVHad/DspPPErukVdyaXPI9rTa+YOfVE3YyIyzHmK1pUJlN9WcZzHYrzfhJxEfY95AEAAAAAAAAAALhCjl0GOJosvD3jcsKIWxd9mwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/7ADxwIAAAAAwvyt0+jYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGCpAAAA///tjHSh")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000240)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0)
rename(&(0x7f0000000180)='./file1\x00', &(0x7f00000001c0)='./file2\x00')
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
lstat(&(0x7f0000000400)='./file1\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0})
syz_mount_image$fuse(&(0x7f0000000140), &(0x7f0000000240)='./file1\x00', 0x2000000, &(0x7f0000000540)={{}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x1800}}, {@default_permissions}], [{@smackfsdef={'smackfsdef', 0x3d, '\xf0'}}, {@subj_role}, {@fsname={'fsname', 0x3d, '!,(,,}'}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@smackfsroot={'smackfsroot', 0x3d, '9p\x00'}}, {@uid_gt}]}}, 0x1, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x10)
creat(&(0x7f0000000080)='./file0\x00', 0xa)
write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x52)
mount$9p_fd(0x0, 0x0, 0x0, 0xa00000, 0x0)
pipe2(0x0, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x12, r4, 0x0)
r5 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r5, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r5, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8004}, 0x0)

7.754831006s ago: executing program 0 (id=753):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000001c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x40, r0, 0x1, 0x70bd2a, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_REKEY_DATA={0x24, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "83390a7d854f7755"}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="47706bff92f1fada05f9583e590c5e67"}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x400c811}, 0x4004090)

6.757646446s ago: executing program 0 (id=754):
r0 = syz_usb_connect(0x2, 0x3f, &(0x7f00000007c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000380)={0x2c, &(0x7f00000002c0)={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r1, 0x0, 0x0)

5.608071569s ago: executing program 2 (id=756):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000580)={0x28, r0, 0x801, 0x0, 0x3, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY={0xc, 0x50, 0x0, 0x1, [@NL80211_KEY_IDX={0x5, 0x2, 0xfc}]}]}, 0x28}}, 0x0)

5.462798063s ago: executing program 1 (id=757):
r0 = socket(0x2c, 0x3, 0x0)
r1 = syz_open_dev$media(&(0x7f0000000080), 0x1, 0x0)
pipe(&(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4)
fcntl$setpipe(r3, 0x407, 0x5)
connect$inet(r4, &(0x7f0000000300)={0x2, 0x0, @remote}, 0x10)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r0, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x20, 0x1411, 0x2, 0x70bd27, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @RDMA_NLDEV_ATTR_STAT_RES={0x8, 0x4b, 0xe}]}, 0x20}, 0x1, 0x0, 0x0, 0x800}, 0x4040000)
sendto$inet(r4, &(0x7f0000000200)="e1", 0xfea8, 0x0, 0x0, 0x0)
splice(r4, 0x0, r3, 0x0, 0xfea8, 0xa)
close(0x3)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r1, 0x80047c05, 0x0)
ioctl$sock_inet6_tcp_SIOCINQ(r0, 0x541b, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000300), 0x1c3902, 0x0)
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r7, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xe)
fcntl$getownex(r7, 0x10, &(0x7f0000000040))
sendfile(r6, r6, 0x0, 0x2000fb)
ioctl$PPPIOCSMRU(r2, 0x40047452, &(0x7f0000000280)=0x49)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
r8 = landlock_create_ruleset(&(0x7f0000000000)={0xe01, 0x2, 0x1}, 0x18, 0x0)
landlock_restrict_self(r8, 0x5)
connect$inet(r5, 0x0, 0x0)
ioctl$VIDIOC_S_SELECTION(r2, 0xc040565f, &(0x7f00000002c0)={0x1, 0x2, 0x7, {0x8, 0x131, 0x7, 0x9}})
setresuid(0xee01, 0x0, 0x0)
setresuid(0x0, 0xffffffffffffffff, 0x0)

5.399346151s ago: executing program 5 (id=758):
r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000006180), 0x0, 0x0)
socket$inet_sctp(0x2, 0x0, 0x84)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000003b810000850000007d000000850000005000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000100)='sys_exit\x00', r1}, 0x10)
shmctl$IPC_SET(0x0, 0x1, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
sendmsg$key(r0, &(0x7f0000001a40)={0x0, 0x0, &(0x7f0000001a00)={&(0x7f0000001b00)=ANY=[@ANYBLOB="021070091c00000028bd7000fddbdf2502001000000004d6000004d4005700000005001a00ac1414aa000000000000000000000000e00000010000000000000000000000001800101002001000000004d2000004d4000000001100180010ac7d00f0a98eaac80517f1a57f72b1240b82a10d875aa2195b90abd17fa1cdfe1f588b99fff796db7b227151389b328015862bb9dae18cf15e4c8afd3067df0ab12338ae0f3f4ee324289876e8f63fccf459281d80df4d6594dfc79996"], 0xe0}}, 0x44040000)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x80a02, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, &(0x7f0000000040), 0x4)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$PIO_UNIMAP(r2, 0x4b67, &(0x7f0000000080)={0x7, &(0x7f0000000440)=[{0x5, 0xd0}, {0x0, 0x8fb6}, {0x4, 0x2}, {0xfffd, 0xf842}, {0x80, 0x1}, {0xc2, 0x5}, {0x2, 0x100}]})
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r3 = memfd_create(&(0x7f0000000780)='\xa3\x9fn\xb4dR\x04i5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x85\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xf7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\"q\x1b0)\xccm\xacz\xc1\xadd\x9b6a\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xd4\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\nh<\x99\xaa\xe1\xf3\xb8Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e\x10D\x7f!\xca\x0ev<\x97\x1a2_\x82\xfa\x15h$\x01\xdd\xe5\xceC\x19\xb3\x01\x85\a\xe4qv&\x9c\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xb2\xf5\x1e5.\xc1\xa1\x05\x92\x82d\x0e\xf5PMjIt\xc5u~Tw\xbeNg\xb5\xeeP\x9c\xce\xfaS\xa7\xec0\xf4\xd2\xc2+@\x12=\xaa\b\xd2&\x19k6\xc7\xa6+\x04V\xc3\xe1\xd3\fZZ\x1cJo\xa5(& \r\xf1\xa4\xb8\xc23\x16\xc3\xaejA/', 0x0)
write$binfmt_elf32(r3, &(0x7f0000000f00)=ANY=[@ANYBLOB="7f454c466000002ed8e4f97765ce27b90300060000000000000000b738000000000035f4c38422a3bc82200005"], 0x66)
execveat(r3, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
r4 = syz_genetlink_get_family_id$nfc(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NFC_CMD_GET_TARGET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x14, r4, 0x315, 0x70bd2c, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0xc8c1}, 0x4000094)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x102, 0x700000})
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$phonet(0x23, 0x2, 0x1)
syz_open_procfs(0x0, &(0x7f0000000280)='net/vlan/config\x00')

5.14078447s ago: executing program 2 (id=759):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000480)={0x84, r1, 0x1, 0x70bd2c, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x5e, 0x33, @beacon={{{}, {0x99f}}, 0x3, @random=0x1, 0x1, @void, @val, @void, @val={0x4, 0x6, {0xf8, 0x97, 0x2, 0x1}}, @void, @val={0x5, 0x3, {0xd0, 0x76, 0x3}}, @val={0x25, 0x3, {0x1, 0x3c, 0x1}}, @val={0x2a, 0x1, {0x1, 0x0, 0x1}}, @val={0x3c, 0x4, {0x21, 0x6, 0x34, 0x7}}, @void, @val={0x72, 0x6}, @val={0x71, 0x7, {0x0, 0x0, 0x1, 0x0, 0x2, 0xf6, 0x40}}, @val={0x76, 0x6, {0x5, 0x10, 0x5, 0x2}}}}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0xbd]}]}, 0x84}, 0x1, 0x0, 0x0, 0x4008040}, 0x4000000)

4.873403221s ago: executing program 6 (id=760):
openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000006180), 0x0, 0x0)
socket$inet_sctp(0x2, 0x0, 0x84)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000003b810000850000007d000000850000005000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000100)='sys_exit\x00', r0}, 0x10)
shmctl$IPC_SET(0x0, 0x1, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x80a02, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, &(0x7f0000000040), 0x4)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$PIO_UNIMAP(r2, 0x4b67, &(0x7f0000000080)={0x7, &(0x7f0000000440)=[{0x5, 0xd0}, {0x0, 0x8fb6}, {0x4, 0x2}, {0xfffd, 0xf842}, {0x80, 0x1}, {0xc2, 0x5}, {0x2, 0x100}]})
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r3 = memfd_create(&(0x7f0000000780)='\xa3\x9fn\xb4dR\x04i5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x85\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xf7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\"q\x1b0)\xccm\xacz\xc1\xadd\x9b6a\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xd4\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\nh<\x99\xaa\xe1\xf3\xb8Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e\x10D\x7f!\xca\x0ev<\x97\x1a2_\x82\xfa\x15h$\x01\xdd\xe5\xceC\x19\xb3\x01\x85\a\xe4qv&\x9c\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xb2\xf5\x1e5.\xc1\xa1\x05\x92\x82d\x0e\xf5PMjIt\xc5u~Tw\xbeNg\xb5\xeeP\x9c\xce\xfaS\xa7\xec0\xf4\xd2\xc2+@\x12=\xaa\b\xd2&\x19k6\xc7\xa6+\x04V\xc3\xe1\xd3\fZZ\x1cJo\xa5(& \r\xf1\xa4\xb8\xc23\x16\xc3\xaejA/', 0x0)
write$binfmt_elf32(r3, &(0x7f0000000f00)=ANY=[@ANYBLOB="7f454c466000002ed8e4f97765ce27b90300060000000000000000b738000000000035f4c38422a3bc82200005"], 0x66)
execveat(r3, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
r4 = syz_genetlink_get_family_id$nfc(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NFC_CMD_GET_TARGET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x14, r4, 0x315, 0x70bd2c, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0xc8c1}, 0x4000094)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x102, 0x700000})
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$phonet(0x23, 0x2, 0x1)
syz_open_procfs(0x0, &(0x7f0000000280)='net/vlan/config\x00')

4.873006841s ago: executing program 4 (id=761):
r0 = socket(0x2c, 0x3, 0x0)
r1 = syz_open_dev$media(&(0x7f0000000080), 0x1, 0x0)
pipe(&(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4)
fcntl$setpipe(r3, 0x407, 0x5)
connect$inet(r4, &(0x7f0000000300)={0x2, 0x0, @remote}, 0x10)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r0, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x20, 0x1411, 0x2, 0x70bd27, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @RDMA_NLDEV_ATTR_STAT_RES={0x8, 0x4b, 0xe}]}, 0x20}, 0x1, 0x0, 0x0, 0x800}, 0x4040000)
sendto$inet(r4, &(0x7f0000000200)="e1", 0xfea8, 0x0, 0x0, 0x0)
splice(r4, 0x0, r3, 0x0, 0xfea8, 0xa)
close(0x3)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r1, 0x80047c05, 0x0)
ioctl$sock_inet6_tcp_SIOCINQ(r0, 0x541b, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000300), 0x1c3902, 0x0)
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r7, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xe)
fcntl$getownex(r7, 0x10, &(0x7f0000000040))
sendfile(r6, r6, 0x0, 0x2000fb)
ioctl$PPPIOCSMRU(r2, 0x40047452, &(0x7f0000000280)=0x49)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
r8 = landlock_create_ruleset(&(0x7f0000000000)={0xe01, 0x2, 0x1}, 0x18, 0x0)
landlock_restrict_self(r8, 0x5)
connect$inet(r5, 0x0, 0x0)
ioctl$VIDIOC_S_SELECTION(r2, 0xc040565f, &(0x7f00000002c0)={0x1, 0x2, 0x7, {0x8, 0x131, 0x7, 0x9}})
setresuid(0xee01, 0x0, 0x0)
setresuid(0x0, 0xffffffffffffffff, 0x0)

4.644049837s ago: executing program 2 (id=762):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_GET_MESH_CONFIG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, r1, 0x1, 0x70bd27, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x200000c4}, 0x4008000)

4.154254359s ago: executing program 5 (id=763):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000040)={0x24, r2, 0x401, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r1}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x14a0}]]}, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x80)

3.549918543s ago: executing program 6 (id=764):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000006f8a6280062b9c48000008000300", @ANYRES32=r2, @ANYBLOB="10007d80"], 0x2c}, 0x1, 0x0, 0x0, 0x20004080}, 0x0)

3.508170471s ago: executing program 2 (id=765):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)={0x28, r1, 0x5, 0x0, 0x80, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT={0x6, 0xa, 0x5}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x4041}, 0x80)

3.442910816s ago: executing program 0 (id=766):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x6, 0x4, 0x65bf, 0x40, 0x0, 0x1, 0xcb00, '\x00', 0x0, 0xffffffffffffffff, 0x40000, 0x4}, 0x50)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="340000001c00010429bd7000fddbdf2507000000", @ANYRES32=r1, @ANYBLOB="0200ee050a000200aae6dd462c0200000c000e80050001"], 0x34}, 0x1, 0x0, 0x0, 0x40000}, 0x20040040)

3.401390632s ago: executing program 5 (id=767):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_DEL_PMKSA(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x1c, r1, 0x1, 0x70bd2b, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000880}, 0x0)

3.249491477s ago: executing program 6 (id=768):
r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000006180), 0x0, 0x0)
socket$inet_sctp(0x2, 0x0, 0x84)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000003b810000850000007d000000850000005000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000100)='sys_exit\x00', r1}, 0x10)
shmctl$IPC_SET(0x0, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
sendmsg$key(r0, &(0x7f0000001a40)={0x0, 0x0, &(0x7f0000001a00)={&(0x7f0000001b00)=ANY=[@ANYBLOB="021070091c00000028bd7000fddbdf2502001000000004d6000004d4005700000005001a00ac1414aa000000000000000000000000e00000010000000000000000000000001800101002001000000004d2000004d4000000001100180010ac7d00f0a98eaac80517f1a57f72b1240b82a10d875aa2195b90abd17fa1cdfe1f588b99fff796db7b227151389b328015862bb9dae18cf15e4c8afd3067df0ab12338ae0f3f4ee324289876e8f63fccf459281d80df4d6594dfc79996"], 0xe0}}, 0x44040000)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x80a02, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, &(0x7f0000000040), 0x4)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$PIO_UNIMAP(r3, 0x4b67, &(0x7f0000000080)={0x7, &(0x7f0000000440)=[{0x5, 0xd0}, {0x0, 0x8fb6}, {0x4, 0x2}, {0xfffd, 0xf842}, {0x80, 0x1}, {0xc2, 0x5}, {0x2, 0x100}]})
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r4 = memfd_create(&(0x7f0000000780)='\xa3\x9fn\xb4dR\x04i5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x85\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xf7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\"q\x1b0)\xccm\xacz\xc1\xadd\x9b6a\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xd4\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\nh<\x99\xaa\xe1\xf3\xb8Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e\x10D\x7f!\xca\x0ev<\x97\x1a2_\x82\xfa\x15h$\x01\xdd\xe5\xceC\x19\xb3\x01\x85\a\xe4qv&\x9c\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xb2\xf5\x1e5.\xc1\xa1\x05\x92\x82d\x0e\xf5PMjIt\xc5u~Tw\xbeNg\xb5\xeeP\x9c\xce\xfaS\xa7\xec0\xf4\xd2\xc2+@\x12=\xaa\b\xd2&\x19k6\xc7\xa6+\x04V\xc3\xe1\xd3\fZZ\x1cJo\xa5(& \r\xf1\xa4\xb8\xc23\x16\xc3\xaejA/', 0x0)
write$binfmt_elf32(r4, &(0x7f0000000f00)=ANY=[@ANYBLOB="7f454c466000002ed8e4f97765ce27b90300060000000000000000b738000000000035f4c38422a3bc82200005"], 0x66)
execveat(r4, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NFC_CMD_GET_TARGET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x14, r5, 0x315, 0x70bd2c, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0xc8c1}, 0x4000094)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x102, 0x700000})
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$phonet(0x23, 0x2, 0x1)
syz_open_procfs(0x0, &(0x7f0000000280)='net/vlan/config\x00')

3.241104392s ago: executing program 2 (id=769):
syz_mount_image$msdos(&(0x7f0000000080), &(0x7f0000001200)='./file0\x00', 0x1000000, &(0x7f00000001c0)={[{@nodots}, {@fat=@discard}, {@nodots}, {@fat=@flush}, {@nodots}, {@fat=@discard}, {@nodots}, {@nodots}, {}]}, 0x1, 0x11f1, &(0x7f0000001240)="$eJzs3U1rY1UYB/CnmYzNpNPO+DY6s/GgG91cHBeu3BRpQSagzEyEGVd3aKohMQm9WSQiWHDnyg/i0p0gfgE/SXGjm66MtElfsS/S2Dd+v00f+r/PveeewIUbziEbH/34dWu1yFbzfpRmZqLci0ibKVKU4kaMrcd73y//9cOTZ88fLdZqS49TWl58+vDDlNLCW79+8e1Pb//Wn/v854VfZqM06bj3+/2Nv59+1SxSs0idbj/l6UW3289ftBtppVm0spQ+aze2zt/sFI21A/lqu9vrDVPeWZmv9tYaRZHyzjC1GsPU76bvIiL/Mm92UpZlab4aVM7QW9/5iEc346UYjUajW1GNubgd87EQd+JuvByvxKvxWrwe9+KNeDPubx+1e4L1Mw8fAAAAAAAAAAAAAAAAAAAAiM3t3fyjE/f/z/37/n8AAAAAAAAAAAAAAAAAAABgCk67//+I3/8HAAAAAAAAAAAAAAAAAAAApsD+fwAAAAAAAAAAAAAAAAAAALh4T549f7RYqy09TqkS8cf6oD6oj/+O8+VPakvvp23lva4/B4P6jd384ThP46w8yWejOsk/OJDv9Ffi3XfG+Vb28ae1Q/mDWDmfKQAAAIBrL0u77u79d+/9PsuOysfVvu8HDr2/l+NBOSJuH7xe+f+9Hf6jYvhNK2+3G2vHFVHad/DspPPErukVdyaXPI9rTa+YOfVE3YyIyzHmK1pUJlN9WcZzHYrzfhJxEfY95AEAAAAAAAAAALhCjl0GOJosvD3jcsKIWxd9mwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/7ADxwIAAAAAwvyt0+jYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGCpAAAA///tjHSh")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000240)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0)
rename(&(0x7f0000000180)='./file1\x00', &(0x7f00000001c0)='./file2\x00')
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
lstat(&(0x7f0000000400)='./file1\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0})
syz_mount_image$fuse(&(0x7f0000000140), &(0x7f0000000240)='./file1\x00', 0x2000000, &(0x7f0000000540)={{}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x1800}}, {@default_permissions}], [{@smackfsdef={'smackfsdef', 0x3d, '\xf0'}}, {@subj_role}, {@fsname={'fsname', 0x3d, '!,(,,}'}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@smackfsroot={'smackfsroot', 0x3d, '9p\x00'}}, {@uid_gt}]}}, 0x1, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x10)
creat(&(0x7f0000000080)='./file0\x00', 0xa)
write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x52)
mount$9p_fd(0x0, 0x0, 0x0, 0xa00000, 0x0)
pipe2(0x0, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x12, r4, 0x0)
r5 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r5, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r5, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8004}, 0x0)

2.90235664s ago: executing program 5 (id=770):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000b40)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x8b19, &(0x7f0000000000)={'wlan1\x00', @random="020000000400"})
bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0)

2.062677359s ago: executing program 6 (id=771):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@RTM_NEWMDB={0x38, 0x55, 0x2e5, 0x70bd26, 0x1, {0x7, r2}, [@MDBA_SET_ENTRY={0x20, 0x1, {r2, 0x0, 0x0, 0x1, {@ip4=@empty}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x2000c844}, 0x20000110)

1.996428809s ago: executing program 0 (id=772):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000100)={0x2, &(0x7f00000001c0)=[{0x30, 0x5, 0x53, 0xfffff034}, {0x6, 0x4a, 0x6, 0x6}]}, 0x10)
syz_emit_ethernet(0xae, &(0x7f0000000000)=ANY=[], 0x0)

1.904711105s ago: executing program 1 (id=773):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000740)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r2, @ANYBLOB="28002d8004"], 0x44}}, 0x0)

1.833704258s ago: executing program 6 (id=774):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x54c, 0x24b, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x4f8}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, &(0x7f00000001c0)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="000ac5000000000409"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0)

1.80497459s ago: executing program 5 (id=775):
r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000006180), 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000003b810000850000007d000000850000005000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000100)='sys_exit\x00', r1}, 0x10)
shmctl$IPC_SET(0x0, 0x1, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
sendmsg$key(r0, &(0x7f0000001a40)={0x0, 0x0, &(0x7f0000001a00)={&(0x7f0000001b00)=ANY=[@ANYBLOB="021070091c00000028bd7000fddbdf2502001000000004d6000004d4005700000005001a00ac1414aa000000000000000000000000e00000010000000000000000000000001800101002001000000004d2000004d4000000001100180010ac7d00f0a98eaac80517f1a57f72b1240b82a10d875aa2195b90abd17fa1cdfe1f588b99fff796db7b227151389b328015862bb9dae18cf15e4c8afd3067df0ab12338ae0f3f4ee324289876e8f63fccf459281d80df4d6594dfc79996"], 0xe0}}, 0x44040000)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x80a02, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, &(0x7f0000000040), 0x4)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$PIO_UNIMAP(r3, 0x4b67, &(0x7f0000000080)={0x7, &(0x7f0000000440)=[{0x5, 0xd0}, {0x0, 0x8fb6}, {0x4, 0x2}, {0xfffd, 0xf842}, {0x80, 0x1}, {0xc2, 0x5}, {0x2, 0x100}]})
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r4 = memfd_create(&(0x7f0000000780)='\xa3\x9fn\xb4dR\x04i5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x85\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xf7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\"q\x1b0)\xccm\xacz\xc1\xadd\x9b6a\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xd4\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\nh<\x99\xaa\xe1\xf3\xb8Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e\x10D\x7f!\xca\x0ev<\x97\x1a2_\x82\xfa\x15h$\x01\xdd\xe5\xceC\x19\xb3\x01\x85\a\xe4qv&\x9c\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xb2\xf5\x1e5.\xc1\xa1\x05\x92\x82d\x0e\xf5PMjIt\xc5u~Tw\xbeNg\xb5\xeeP\x9c\xce\xfaS\xa7\xec0\xf4\xd2\xc2+@\x12=\xaa\b\xd2&\x19k6\xc7\xa6+\x04V\xc3\xe1\xd3\fZZ\x1cJo\xa5(& \r\xf1\xa4\xb8\xc23\x16\xc3\xaejA/', 0x0)
write$binfmt_elf32(r4, &(0x7f0000000f00)=ANY=[@ANYBLOB="7f454c466000002ed8e4f97765ce27b90300060000000000000000b738000000000035f4c38422a3bc82200005"], 0x66)
execveat(r4, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NFC_CMD_GET_TARGET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x14, r5, 0x315, 0x70bd2c, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0xc8c1}, 0x4000094)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x102, 0x700000})
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$phonet(0x23, 0x2, 0x1)
syz_open_procfs(0x0, &(0x7f0000000280)='net/vlan/config\x00')

1.67141724s ago: executing program 1 (id=776):
pipe2$watch_queue(0x0, 0x80)
clock_settime(0x0, &(0x7f0000000240)={0x77359400})
clock_adjtime(0x0, &(0x7f0000000640)={0x7, 0x9, 0x380000, 0x8, 0xfffffffffffffff9, 0xfffffffffffffff7, 0x9, 0x0, 0xae, 0x6, 0x7, 0x0, 0xfffffffffffff04f, 0x7, 0x80000000, 0xfffffffffffffff8, 0xffffffffffffffff, 0x2, 0x0, 0x100, 0x4, 0x2, 0x5, 0x3, 0x8, 0x8})
clock_adjtime(0x0, &(0x7f0000000900)={0x6, 0x20000000e, 0xf, 0x0, 0xf, 0x8000000000000000, 0xa, 0x2, 0x9, 0x4, 0x5, 0x8000000000000000, 0xc, 0x9, 0x7, 0x9, 0x8, 0x3, 0xd24f, 0xfffffffffffffffa, 0x0, 0x5, 0x7, 0x7, 0x3, 0x6})

278.171421ms ago: executing program 2 (id=777):
syz_mount_image$msdos(&(0x7f0000000080), &(0x7f0000001200)='./file0\x00', 0x1000000, &(0x7f00000001c0)={[{@nodots}, {@fat=@discard}, {@nodots}, {@fat=@flush}, {@nodots}, {@fat=@discard}, {@nodots}, {@nodots}, {}]}, 0x1, 0x11f1, &(0x7f0000001240)="$eJzs3U1rY1UYB/CnmYzNpNPO+DY6s/GgG91cHBeu3BRpQSagzEyEGVd3aKohMQm9WSQiWHDnyg/i0p0gfgE/SXGjm66MtElfsS/S2Dd+v00f+r/PveeewIUbziEbH/34dWu1yFbzfpRmZqLci0ibKVKU4kaMrcd73y//9cOTZ88fLdZqS49TWl58+vDDlNLCW79+8e1Pb//Wn/v854VfZqM06bj3+/2Nv59+1SxSs0idbj/l6UW3289ftBtppVm0spQ+aze2zt/sFI21A/lqu9vrDVPeWZmv9tYaRZHyzjC1GsPU76bvIiL/Mm92UpZlab4aVM7QW9/5iEc346UYjUajW1GNubgd87EQd+JuvByvxKvxWrwe9+KNeDPubx+1e4L1Mw8fAAAAAAAAAAAAAAAAAAAAiM3t3fyjE/f/z/37/n8AAAAAAAAAAAAAAAAAAABgCk67//+I3/8HAAAAAAAAAAAAAAAAAAAApsD+fwAAAAAAAAAAAAAAAAAAALh4T549f7RYqy09TqkS8cf6oD6oj/+O8+VPakvvp23lva4/B4P6jd384ThP46w8yWejOsk/OJDv9Ffi3XfG+Vb28ae1Q/mDWDmfKQAAAIBrL0u77u79d+/9PsuOysfVvu8HDr2/l+NBOSJuH7xe+f+9Hf6jYvhNK2+3G2vHFVHad/DspPPErukVdyaXPI9rTa+YOfVE3YyIyzHmK1pUJlN9WcZzHYrzfhJxEfY95AEAAAAAAAAAALhCjl0GOJosvD3jcsKIWxd9mwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/7ADxwIAAAAAwvyt0+jYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGCpAAAA///tjHSh")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000240)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_FLUSH(r3, 0x0, 0x485, 0x0, 0x0)
rename(&(0x7f0000000180)='./file1\x00', &(0x7f00000001c0)='./file2\x00')
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000340)="9b400ca600f8fd5a6b17a79144d7630275e299c92f18a1342f538b16d179fe0b7b09b79594fd7974ab049ca811451af4586af5c9d4b0204c7276f13945c63dbde75e2353cb9bed717fc208a692cdd3ca9c", 0x51)
lstat(&(0x7f0000000400)='./file1\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0})
syz_mount_image$fuse(&(0x7f0000000140), &(0x7f0000000240)='./file1\x00', 0x2000000, &(0x7f0000000540)={{}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x1800}}, {@default_permissions}], [{@smackfsdef={'smackfsdef', 0x3d, '\xf0'}}, {@subj_role}, {@fsname={'fsname', 0x3d, '!,(,,}'}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}, {@smackfsroot={'smackfsroot', 0x3d, '9p\x00'}}, {@uid_gt}]}}, 0x1, 0x0, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x10)
sendmsg$NFT_BATCH(r5, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="14000000100001000000000000000005dfd0eb967466a0001100010000000000000000000a00000a"], 0x28}, 0x1, 0x0, 0x0, 0x48800}, 0xc080)
creat(&(0x7f0000000080)='./file0\x00', 0xa)
write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x52)
mount$9p_fd(0x0, 0x0, 0x0, 0xa00000, 0x0)
pipe2(0x0, 0x0)
socket(0x2c, 0x3, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x12, r6, 0x0)
r7 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r7, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r7, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8004}, 0x0)

0s ago: executing program 0 (id=778):
openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000006180), 0x0, 0x0)
socket$inet_sctp(0x2, 0x0, 0x84)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000003b810000850000007d000000850000005000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000100)='sys_exit\x00', r0}, 0x10)
shmctl$IPC_SET(0x0, 0x1, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x80a02, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, &(0x7f0000000040), 0x4)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$PIO_UNIMAP(r2, 0x4b67, &(0x7f0000000080)={0x7, &(0x7f0000000440)=[{0x5, 0xd0}, {0x0, 0x8fb6}, {0x4, 0x2}, {0xfffd, 0xf842}, {0x80, 0x1}, {0xc2, 0x5}, {0x2, 0x100}]})
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r3 = memfd_create(&(0x7f0000000780)='\xa3\x9fn\xb4dR\x04i5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x85\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xf7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\"q\x1b0)\xccm\xacz\xc1\xadd\x9b6a\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xd4\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\nh<\x99\xaa\xe1\xf3\xb8Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e\x10D\x7f!\xca\x0ev<\x97\x1a2_\x82\xfa\x15h$\x01\xdd\xe5\xceC\x19\xb3\x01\x85\a\xe4qv&\x9c\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xb2\xf5\x1e5.\xc1\xa1\x05\x92\x82d\x0e\xf5PMjIt\xc5u~Tw\xbeNg\xb5\xeeP\x9c\xce\xfaS\xa7\xec0\xf4\xd2\xc2+@\x12=\xaa\b\xd2&\x19k6\xc7\xa6+\x04V\xc3\xe1\xd3\fZZ\x1cJo\xa5(& \r\xf1\xa4\xb8\xc23\x16\xc3\xaejA/', 0x0)
write$binfmt_elf32(r3, &(0x7f0000000f00)=ANY=[@ANYBLOB="7f454c466000002ed8e4f97765ce27b90300060000000000000000b738000000000035f4c38422a3bc82200005"], 0x66)
execveat(r3, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
r4 = syz_genetlink_get_family_id$nfc(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NFC_CMD_GET_TARGET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x14, r4, 0x315, 0x70bd2c, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0xc8c1}, 0x4000094)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x102, 0x700000})
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$phonet(0x23, 0x2, 0x1)
syz_open_procfs(0x0, &(0x7f0000000280)='net/vlan/config\x00')

kernel console output (not intermixed with test programs):

: error, invalid access to FAT (entry 0x0000ff00)
[  200.622713][ T6688] FAT-fs (loop5): Filesystem has been set read-only
[  201.626101][ T6693] loop0: detected capacity change from 0 to 4096
[  201.643466][ T6693] ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512).
[  201.913474][ T6702] IPVS: lblc: FWM 3 0x00000003 - no destination available
[  201.932147][ T6702] loop4: detected capacity change from 0 to 512
[  202.104236][ T6704] delete_channel: no stack
[  203.328361][ T5915] IPVS: starting estimator thread 0...
[  203.739438][ T6705] IPVS: using max 22 ests per chain, 52800 per kthread
[  204.144882][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[  204.155105][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  204.843795][ T6693] ntfs3(loop0): Failed to read $UpCase (-4).
[  204.933281][ T6717] loop3: detected capacity change from 0 to 512
[  205.301277][ T6721] IPVS: lblc: FWM 3 0x00000003 - no destination available
[  205.368127][ T6721] loop4: detected capacity change from 0 to 512
[  206.523350][ T6717] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -13
[  206.602758][ T6717] EXT4-fs error (device loop3): ext4_orphan_get:1392: inode #13: comm syz.3.195: iget: bad i_size value: 12154757448730
[  206.683864][ T6717] EXT4-fs error (device loop3): ext4_orphan_get:1395: comm syz.3.195: couldn't read orphan inode 13 (err -117)
[  207.239702][ T6717] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  207.566782][ T6717] EXT4-fs: Ignoring sb option on remount
[  207.617277][ T6717] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000.
[  208.037638][ T6734] input: syz1 as /devices/virtual/input/input14
[  208.197869][ T6724] loop1: detected capacity change from 0 to 8192
[  208.223301][ T5828] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  209.742750][ T6748] loop3: detected capacity change from 0 to 8192
[  210.274985][ T6765] fuse: Bad value for 'fd'
[  211.233177][ T6769] IPVS: lblc: FWM 3 0x00000003 - no destination available
[  211.299322][ T6769] loop4: detected capacity change from 0 to 512
[  214.731507][ T6765] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000ff00)
[  214.739548][ T6765] FAT-fs (loop3): Filesystem has been set read-only
[  216.709620][ T6773] loop2: detected capacity change from 0 to 8192
[  217.076100][ T6789] fuse: Bad value for 'fd'
[  217.083256][ T6789] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000ff00)
[  217.091147][ T6789] FAT-fs (loop2): Filesystem has been set read-only
[  218.083868][ T6797] loop3: detected capacity change from 0 to 1024
[  218.113881][ T6797] EXT4-fs: Ignoring removed nobh option
[  218.189695][ T6797] EXT4-fs: Ignoring removed bh option
[  218.248425][ T6802] input: syz1 as /devices/virtual/input/input15
[  218.305407][ T6797] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  218.447961][ T6807] loop5: detected capacity change from 0 to 512
[  218.473443][ T6797] EXT4-fs error (device loop3): ext4_find_dest_de:2051: inode #2: block 16: comm syz.3.218: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=2, rec_len=5, size=1024 fake=1
[  218.540249][ T6807] EXT4-fs error (device loop5): ext4_orphan_get:1392: inode #15: comm syz.5.221: inode has both inline data and extents flags
[  218.550052][ T6807] EXT4-fs error (device loop5): ext4_orphan_get:1395: comm syz.5.221: couldn't read orphan inode 15 (err -117)
[  218.582275][ T6807] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  218.914992][ T6808] loop4: detected capacity change from 0 to 4096
[  219.101514][ T6815] IPVS: lblc: FWM 3 0x00000003 - no destination available
[  219.159284][ T6815] loop0: detected capacity change from 0 to 512
[  219.229105][    T9] IPVS: starting estimator thread 0...
[  219.339750][ T6816] IPVS: using max 20 ests per chain, 48000 per kthread
[  219.864909][ T6808] ntfs3(loop4): ino=0, mi_enum_attr
[  219.871219][ T5828] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  219.948565][ T6808] ntfs3(loop4): ino=0, mi_enum_attr
[  219.948615][ T6808] ntfs3(loop4): Mark volume as dirty due to NTFS errors
[  220.139542][ T5830] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  220.204622][ T6813] loop2: detected capacity change from 0 to 8192
[  220.402259][ T6808] ntfs3(loop4): failed to convert "0080" to cp852
[  220.536595][ T6808] ntfs3(loop4): failed to convert name for inode 1e.
[  220.982138][ T6808] ntfs3(loop4): ino=1f, mi_enum_attr
[  221.875494][ T6820] loop5: detected capacity change from 0 to 8192
[  223.101872][ T6838] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000ff00)
[  223.109996][ T6838] FAT-fs (loop5): Filesystem has been set read-only
[  224.970967][ T6856] IPVS: lblc: FWM 3 0x00000003 - no destination available
[  225.036464][ T6856] loop0: detected capacity change from 0 to 512
[  226.884613][ T6878] input: syz1 as /devices/virtual/input/input16
[  226.999729][ T5838] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  227.101824][ T6881] IPVS: lblc: FWM 3 0x00000003 - no destination available
[  227.134245][ T6881] loop1: detected capacity change from 0 to 512
[  228.273356][ T5838] usb 1-1: unable to get BOS descriptor or descriptor too short
[  228.292857][ T5838] usb 1-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config
[  228.335291][ T5838] usb 1-1: New USB device found, idVendor=0cf3, idProduct=1010, bcdDevice=26.db
[  228.335340][ T5838] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  228.335377][ T5838] usb 1-1: Product: syz
[  228.335403][ T5838] usb 1-1: Manufacturer: syz
[  228.335431][ T5838] usb 1-1: SerialNumber: syz
[  228.657475][ T6884] loop1: detected capacity change from 0 to 512
[  228.672637][ T6884] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  228.736177][ T6884] EXT4-fs warning (device loop1): ext4_update_dynamic_rev:1134: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  231.068661][ T5838] usb 1-1: reset high-speed USB device number 3 using dummy_hcd
[  231.604639][ T5142] Bluetooth: hci2: command 0x0406 tx timeout
[  231.604861][ T5142] Bluetooth: hci1: command 0x0406 tx timeout
[  231.605027][ T5142] Bluetooth: hci3: command 0x0406 tx timeout
[  231.605134][ T5142] Bluetooth: hci4: command 0x0406 tx timeout
[  231.605351][ T5142] Bluetooth: hci5: command 0x0406 tx timeout
[  231.605570][ T5142] Bluetooth: hci0: command 0x0406 tx timeout
[  231.749718][ T6884] EXT4-fs error (device loop1): ext4_validate_block_bitmap:440: comm syz.1.244: bg 0: block 248: padding at end of block bitmap is not set
[  231.989101][ T6898] tty tty2: ldisc open failed (-12), clearing slot 1
[  232.073395][ T6884] Quota error (device loop1): write_blk: dquota write failed
[  232.073599][ T6884] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[  232.073676][ T6884] EXT4-fs error (device loop1): ext4_acquire_dquot:6943: comm syz.1.244: Failed to acquire dquot type 1
[  232.079025][ T6884] EXT4-fs (loop1): 1 truncate cleaned up
[  232.082450][ T6884] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0008-000000000000 r/w without journal. Quota mode: writeback.
[  232.430452][ T5826] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0008-000000000000.
[  232.839286][   T10] usb 4-1: new full-speed USB device number 4 using dummy_hcd
[  232.903478][ T6902] loop5: detected capacity change from 0 to 8192
[  232.925349][ T6904] loop0: detected capacity change from 0 to 8192
[  233.022250][   T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  233.053868][   T10] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2
[  233.108287][   T10] usb 4-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  233.148578][ T5838] usb 1-1: USB disconnect, device number 3
[  233.170502][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  233.256982][   T10] usb 4-1: config 0 descriptor??
[  234.096009][   T10] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  234.141006][ T6921] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000ff00)
[  234.149520][ T6921] FAT-fs (loop5): Filesystem has been set read-only
[  234.249124][   T10] dvb-usb: bulk message failed: -22 (3/0)
[  234.272368][   T10] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  234.295764][   T10] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  234.396557][   T10] usb 4-1: media controller created
[  234.432364][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  234.651164][   T10] dvb-usb: bulk message failed: -22 (6/0)
[  234.745289][   T10] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  234.879452][ T6929] IPVS: lblc: FWM 3 0x00000003 - no destination available
[  234.947904][ T6929] loop4: detected capacity change from 0 to 512
[  235.484975][   T10] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input17
[  235.502215][   T10] dvb-usb: schedule remote query interval to 150 msecs.
[  235.509222][   T10] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  235.519497][   T10] usb 4-1: USB disconnect, device number 4
[  235.855351][   T10] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  236.149897][ T6931] loop1: detected capacity change from 0 to 8192
[  236.582593][ T6945] IPVS: lblc: FWM 3 0x00000003 - no destination available
[  236.597968][ T6945] loop4: detected capacity change from 0 to 512
[  237.887647][ T6950] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000ff00)
[  237.895713][ T6950] FAT-fs (loop1): Filesystem has been set read-only
[  237.989591][ T6954] loop0: detected capacity change from 0 to 128
[  238.009402][ T5935] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  238.043207][ T6954] EXT4-fs: Ignoring removed nobh option
[  238.241479][ T6954] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  238.315847][ T6954] ext4 filesystem being mounted at /42/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  238.432904][ T5935] usb 6-1: unable to get BOS descriptor or descriptor too short
[  238.555797][ T5935] usb 6-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config
[  238.795161][ T5935] usb 6-1: New USB device found, idVendor=0cf3, idProduct=1010, bcdDevice=26.db
[  238.923293][ T6954] EXT4-fs warning (device loop0): verify_group_input:136: Cannot add at group 25 (only 1 groups)
[  238.951141][ T5935] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  239.009331][ T5935] usb 6-1: Product: syz
[  239.054741][ T5935] usb 6-1: Manufacturer: syz
[  239.088660][ T5935] usb 6-1: SerialNumber: syz
[  240.471595][ T5825] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  240.839510][ T6984] input: syz1 as /devices/virtual/input/input18
[  240.889388][   T24] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  243.456318][ T5935] usb 6-1: USB disconnect, device number 2
[  243.605891][   T24] usb 4-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65
[  243.605941][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  243.605979][   T24] usb 4-1: Product: syz
[  243.606007][   T24] usb 4-1: Manufacturer: syz
[  243.606036][   T24] usb 4-1: SerialNumber: syz
[  243.650265][   T24] usb 4-1: config 0 descriptor??
[  243.917610][   T24] usb 4-1: can't set config #0, error -71
[  243.924474][   T24] usb 4-1: USB disconnect, device number 5
[  244.023895][ T6986] tty tty2: ldisc open failed (-12), clearing slot 1
[  245.546590][ T7000] loop3: detected capacity change from 0 to 8192
[  245.720367][ T7012] delete_channel: no stack
[  246.065260][ T7014] IPVS: lblc: FWM 3 0x00000003 - no destination available
[  246.123205][ T7014] loop1: detected capacity change from 0 to 512
[  246.788175][ T7008] loop5: detected capacity change from 0 to 8192
[  246.832563][ T7009] loop4: detected capacity change from 0 to 8192
[  248.009491][ T7026] fuse: Bad value for 'fd'
[  248.024948][ T7024] fuse: Bad value for 'fd'
[  248.031983][ T7025] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000ff00)
[  248.041182][ T7025] FAT-fs (loop4): Filesystem has been set read-only
[  248.059487][ T7027] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000ff00)
[  248.067444][ T7027] FAT-fs (loop5): Filesystem has been set read-only
[  251.321578][ T7050] loop3: detected capacity change from 0 to 64
[  251.500650][ T7053] input: syz1 as /devices/virtual/input/input19
[  254.600539][ T7065] tty tty2: ldisc open failed (-12), clearing slot 1
[  256.066701][ T7071] delete_channel: no stack
[  256.520071][ T7076] loop3: detected capacity change from 0 to 4096
[  256.619344][ T7076] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512).
[  257.952709][ T7077] loop1: detected capacity change from 0 to 8192
[  258.337741][ T7076] ntfs3(loop3): ino=19, mi_enum_attr
[  258.626021][ T7076] ntfs3(loop3): Mark volume as dirty due to NTFS errors
[  258.773713][ T7093] fuse: Bad value for 'fd'
[  258.799943][ T7093] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000ff00)
[  258.808373][ T7093] FAT-fs (loop1): Filesystem has been set read-only
[  259.713844][ T7087] loop5: detected capacity change from 0 to 8192
[  263.049304][   T10] usb 2-1: new full-speed USB device number 2 using dummy_hcd
[  263.238963][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  263.273671][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  263.329334][   T10] usb 2-1: New USB device found, idVendor=22d4, idProduct=1503, bcdDevice= 0.00
[  263.348809][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  263.877626][ T7130] delete_channel: no stack
[  264.100567][   T10] usb 2-1: config 0 descriptor??
[  264.129761][ T7121] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  264.490550][ T7136] loop0: detected capacity change from 0 to 4096
[  265.034684][ T7136] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512).
[  265.052813][   T10] hid (null): report_id 0 is invalid
[  265.286371][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[  265.292820][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  265.318838][   T10] glorious 0003:22D4:1503.0002: report_id 0 is invalid
[  265.373837][   T10] glorious 0003:22D4:1503.0002: item 0 0 1 8 parsing failed
[  265.460257][   T10] glorious 0003:22D4:1503.0002: probe with driver glorious failed with error -22
[  265.556633][   T10] usb 2-1: USB disconnect, device number 2
[  265.569083][ T7136] ntfs3(loop0): Failed to load $Extend (-22).
[  265.622824][ T7136] ntfs3(loop0): Failed to initialize $Extend.
[  265.740402][ T7140] loop3: detected capacity change from 0 to 8192
[  266.123069][ T7148] fuse: Bad value for 'fd'
[  266.132342][ T7148] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000ff00)
[  266.140255][ T7148] FAT-fs (loop3): Filesystem has been set read-only
[  268.060832][ T7153] loop2: detected capacity change from 0 to 8192
[  269.244301][ T7176] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000ff00)
[  269.252333][ T7176] FAT-fs (loop2): Filesystem has been set read-only
[  269.452388][ T7168] loop0: detected capacity change from 0 to 4096
[  269.650244][ T7170] ubi31: attaching mtd0
[  269.656704][ T7170] ubi31: scanning is finished
[  270.003988][ T7168] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  270.073186][ T7168] fs-verity (loop0, inode 16): Unsupported log_blocksize: 13
[  270.207995][ T7170] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4
[  270.256408][ T5825] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  270.369452][   T10] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  270.610449][   T10] usb 3-1: too many configurations: 67, using maximum allowed: 8
[  271.743488][ T7185] loop5: detected capacity change from 0 to 8192
[  272.954361][ T7208] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000ff00)
[  272.962440][ T7208] FAT-fs (loop5): Filesystem has been set read-only
[  273.507732][   T10] usb 3-1: unable to read config index 1 descriptor/start: -71
[  273.524225][   T10] usb 3-1: can't read configurations, error -71
[  273.602003][ T7203] loop0: detected capacity change from 0 to 8192
[  274.628885][ T7221] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000ff00)
[  274.636894][ T7221] FAT-fs (loop0): Filesystem has been set read-only
[  276.973034][ T7227] loop1: detected capacity change from 0 to 8192
[  277.189393][   T24] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  277.267760][ T7235] loop0: detected capacity change from 0 to 8192
[  277.299386][ T5935] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  277.393098][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  277.413731][ T7242] fuse: Bad value for 'fd'
[  277.420921][ T7242] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000ff00)
[  277.430214][ T7242] FAT-fs (loop1): Filesystem has been set read-only
[  277.459383][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  277.492504][ T5935] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  277.516544][   T24] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  277.569413][ T5935] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  277.610398][   T24] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  277.626043][ T5935] usb 4-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00
[  277.819360][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  277.844031][ T5935] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  277.854008][   T24] usb 5-1: config 0 descriptor??
[  277.870035][ T5935] usb 4-1: config 0 descriptor??
[  277.943543][ T7244] fuse: Bad value for 'fd'
[  277.948244][ T7241] loop5: detected capacity change from 0 to 8192
[  278.122954][ T7244] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000ff00)
[  278.399141][ T7246] delete_channel: no stack
[  278.514849][ T7244] FAT-fs (loop0): Filesystem has been set read-only
[  278.971761][ T7258] ubi31: attaching mtd0
[  279.005019][ T7258] ubi31: scanning is finished
[  279.428997][ T5935] sony 0003:054C:024B.0004: unknown main item tag 0x0
[  279.488829][ T7254] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000ff00)
[  279.496810][ T7254] FAT-fs (loop5): Filesystem has been set read-only
[  279.592781][ T5935] sony 0003:054C:024B.0004: unknown main item tag 0x0
[  279.613990][ T5935] sony 0003:054C:024B.0004: unknown main item tag 0x0
[  279.621910][   T24] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  279.634414][ T5935] sony 0003:054C:024B.0004: unknown main item tag 0x0
[  279.664600][ T5935] sony 0003:054C:024B.0004: unknown main item tag 0x0
[  279.693153][   T24] usb 5-1: USB disconnect, device number 2
[  279.705658][ T5935] sony 0003:054C:024B.0004: unknown main item tag 0x0
[  279.725487][ T5935] sony 0003:054C:024B.0004: unknown main item tag 0x0
[  279.747068][ T7261] loop1: detected capacity change from 0 to 256
[  279.763608][ T5935] sony 0003:054C:024B.0004: unknown main item tag 0x0
[  279.779267][ T5935] sony 0003:054C:024B.0004: unknown main item tag 0x0
[  279.882826][ T7258] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4
[  279.889297][ T5935] sony 0003:054C:024B.0004: unknown main item tag 0x0
[  279.898805][ T5935] sony 0003:054C:024B.0004: unexpected long global item
[  279.934626][ T5935] sony 0003:054C:024B.0004: parse failed
[  279.959039][ T5935] sony 0003:054C:024B.0004: probe with driver sony failed with error -22
[  280.067474][ T5935] usb 4-1: USB disconnect, device number 6
[  280.113671][ T7262] fido_id[7262]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  280.164720][ T7261] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xf6e00961, utbl_chksum : 0xe619d30d)
[  280.505133][ T7271] input: syz1 as /devices/virtual/input/input21
[  280.873464][ T7276] loop1: detected capacity change from 0 to 128
[  280.949820][ T7276] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  281.002507][ T7280] Bluetooth: MGMT ver 1.23
[  281.007772][ T7270] loop3: detected capacity change from 0 to 8192
[  281.086384][ T7276] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  282.023175][ T7288] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000ff00)
[  282.031193][ T7288] FAT-fs (loop3): Filesystem has been set read-only
[  282.537411][ T7293] ipvlan2: entered promiscuous mode
[  282.572697][ T7293] ipvlan2: entered allmulticast mode
[  282.599355][ T7293] team0: entered allmulticast mode
[  282.630619][ T7293] team_slave_0: entered allmulticast mode
[  282.654280][ T7293] team_slave_1: entered allmulticast mode
[  282.705325][ T7293] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  283.081476][ T7299] loop2: detected capacity change from 0 to 2048
[  283.139465][ T7299] UDF-fs: error (device loop2): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  283.209210][ T7299] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found
[  283.253212][ T7299] UDF-fs: Scanning with blocksize 512 failed
[  283.447315][ T7297] loop3: detected capacity change from 0 to 8192
[  283.464154][ T7299] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  284.369081][ T7309] fuse: Bad value for 'fd'
[  284.382779][ T7309] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000ff00)
[  284.392894][ T7309] FAT-fs (loop3): Filesystem has been set read-only
[  284.647758][ T7304] loop5: detected capacity change from 0 to 8192
[  285.117984][ T7317] fuse: Bad value for 'fd'
[  285.124281][ T7317] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000ff00)
[  285.132152][ T7317] FAT-fs (loop5): Filesystem has been set read-only
[  285.547444][ T7321] loop3: detected capacity change from 0 to 2048
[  285.638621][ T7325] loop2: detected capacity change from 0 to 512
[  285.640568][ T7321] EXT4-fs: inline encryption not supported
[  285.701019][ T7324] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  285.707813][ T7324] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  286.306293][ T7324] vhci_hcd vhci_hcd.0: Device attached
[  286.539706][   T24] vhci_hcd: vhci_device speed not set
[  286.562926][ T7321] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  286.689363][   T24] usb 37-1: new full-speed USB device number 2 using vhci_hcd
[  286.702669][ T7340] loop1: detected capacity change from 0 to 128
[  286.713570][ T7321] ext4 filesystem being mounted at /58/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  286.719421][ T7325] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  286.802130][ T7340] FAT-fs (loop1): Directory bread(block 162) failed
[  286.809085][ T7340] FAT-fs (loop1): Directory bread(block 163) failed
[  286.839634][ T7325] EXT4-fs (loop2): orphan cleanup on readonly fs
[  286.894431][ T7340] FAT-fs (loop1): Directory bread(block 164) failed
[  286.906229][ T7325] EXT4-fs error (device loop2): ext4_do_update_inode:5632: inode #16: comm syz.2.360: corrupted inode contents
[  286.927614][ T7325] EXT4-fs (loop2): Remounting filesystem read-only
[  286.936573][ T5828] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  286.962224][ T7325] EXT4-fs (loop2): 1 truncate cleaned up
[  286.968332][ T7340] FAT-fs (loop1): Directory bread(block 165) failed
[  286.981901][   T12] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  287.002575][ T7340] FAT-fs (loop1): Directory bread(block 166) failed
[  287.049294][   T10] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  287.145784][ T7340] FAT-fs (loop1): Directory bread(block 167) failed
[  287.268594][ T7340] FAT-fs (loop1): Directory bread(block 168) failed
[  287.415146][ T7340] FAT-fs (loop1): Directory bread(block 169) failed
[  287.537211][ T7347] loop4: detected capacity change from 0 to 512
[  287.810007][   T12] Quota error (device loop2): write_blk: dquota write failed
[  287.818040][   T12] Quota error (device loop2): remove_free_dqentry: Can't write block (5) with free entries
[  287.828275][   T12] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  287.838845][   T12] Quota error (device loop2): write_blk: dquota write failed
[  287.846751][   T12] Quota error (device loop2): free_dqentry: Can't move quota data block (5) to free list
[  287.854616][ T7347] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -13
[  287.856721][   T12] EXT4-fs (loop2): Quota write (off=8, len=24) cancelled because transaction is not started
[  287.877105][   T12] Quota error (device loop2): v2_write_file_info: Can't write info structure
[  287.888055][   T12] Quota error (device loop2): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  287.902794][ T7347] EXT4-fs error (device loop4): ext4_orphan_get:1392: inode #13: comm syz.4.365: iget: bad i_size value: 12154757448730
[  287.903241][ T7325] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  287.924236][ T7340] FAT-fs (loop1): Directory bread(block 162) failed
[  287.948420][ T7340] FAT-fs (loop1): Directory bread(block 163) failed
[  287.959092][ T7347] EXT4-fs error (device loop4): ext4_orphan_get:1395: comm syz.4.365: couldn't read orphan inode 13 (err -117)
[  288.012775][ T7327] vhci_hcd: cannot find a urb of seqnum 7552370 max seqnum 1
[  288.017226][ T7347] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  288.020512][   T10] usb 1-1: Using ep0 maxpacket: 32
[  288.063934][ T5990] vhci_hcd: stop threads
[  288.068498][ T5990] vhci_hcd: release socket
[  288.073939][   T10] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  288.096712][ T5990] vhci_hcd: disconnect device
[  288.103378][   T10] usb 1-1: New USB device found, idVendor=9022, idProduct=d662, bcdDevice=b3.0e
[  288.142997][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  288.193019][   T10] usb 1-1: config 0 descriptor??
[  288.218895][ T7347] EXT4-fs: Ignoring sb option on remount
[  288.224587][   T10] dvb-usb: found a 'TeVii S662' in warm state.
[  288.224638][   T10] dw2102: su3000_power_ctrl: 1, initialized 0
[  288.224938][   T10] dvb-usb: bulk message failed: -22 (2/0)
[  288.251145][   T10] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  288.298563][   T10] dvbdev: DVB: registering new adapter (TeVii S662)
[  288.298652][ T7347] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000.
[  288.316697][   T10] usb 1-1: media controller created
[  288.370950][   T10] dvb-usb: bulk message failed: -22 (6/0)
[  288.376977][   T10] dw2102: i2c transfer failed.
[  288.389347][ T5838] usb 4-1: new full-speed USB device number 7 using dummy_hcd
[  288.452110][ T7342] dvb-usb: bulk message failed: -22 (4/0)
[  288.469878][ T7342] dw2102: i2c transfer failed.
[  288.476820][   T10] dvb-usb: bulk message failed: -22 (6/0)
[  288.489328][   T10] dw2102: i2c transfer failed.
[  288.493656][ T5827] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  288.494136][   T10] dvb-usb: bulk message failed: -22 (6/0)
[  288.553148][   T10] dw2102: i2c transfer failed.
[  288.564148][   T10] dvb-usb: bulk message failed: -22 (6/0)
[  288.593472][   T10] dw2102: i2c transfer failed.
[  288.600579][ T5838] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  288.633737][   T10] dvb-usb: bulk message failed: -22 (6/0)
[  288.649736][ T5838] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  288.667669][   T10] dw2102: i2c transfer failed.
[  288.681669][   T10] dvb-usb: bulk message failed: -22 (6/0)
[  288.689502][ T5838] usb 4-1: New USB device found, idVendor=045e, idProduct=009d, bcdDevice= 0.00
[  288.704134][   T10] dw2102: i2c transfer failed.
[  288.708953][   T10] dvb-usb: MAC address: 02:02:02:02:02:02
[  288.725565][ T5838] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  288.737428][ T5824] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  288.771552][ T5838] usb 4-1: config 0 descriptor??
[  288.778001][ T7352] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  288.833237][ T5906] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  288.886576][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  288.999611][ T5906] usb 6-1: Using ep0 maxpacket: 32
[  289.000204][   T10] dvb-usb: bulk message failed: -22 (3/0)
[  289.019744][   T10] dw2102: command 0x0e transfer failed.
[  289.036132][   T10] dvb-usb: bulk message failed: -22 (3/0)
[  289.042986][ T5906] usb 6-1: config 0 has an invalid interface number: 89 but max is 0
[  289.044247][   T10] dw2102: command 0x0e transfer failed.
[  289.071823][ T5906] usb 6-1: config 0 has no interface number 0
[  289.077940][ T5906] usb 6-1: config 0 interface 89 has no altsetting 0
[  289.273834][ T5838] microsoft 0003:045E:009D.0005: bogus close delimiter
[  289.322041][ T5838] microsoft 0003:045E:009D.0005: item 0 4 2 10 parsing failed
[  289.385584][ T5906] usb 6-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  289.389368][   T10] dvb-usb: bulk message failed: -22 (3/0)
[  289.399319][ T5906] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  289.410820][ T5838] microsoft 0003:045E:009D.0005: parse failed
[  289.419267][ T5906] usb 6-1: Product: syz
[  289.423465][ T5906] usb 6-1: Manufacturer: syz
[  289.428073][ T5906] usb 6-1: SerialNumber: syz
[  289.437482][ T5838] microsoft 0003:045E:009D.0005: probe with driver microsoft failed with error -22
[  289.450700][ T5906] usb 6-1: config 0 descriptor??
[  289.538843][ T7366] IPVS: lblc: FWM 3 0x00000003 - no destination available
[  289.605203][ T7366] loop2: detected capacity change from 0 to 512
[  289.908680][ T5908] IPVS: starting estimator thread 0...
[  290.106363][   T10] dw2102: command 0x0e transfer failed.
[  290.112030][   T10] dvb-usb: bulk message failed: -22 (3/0)
[  290.114979][ T5906] em28xx 6-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[  290.117763][   T10] dw2102: command 0x0e transfer failed.
[  290.117782][   T10] dvb-usb: bulk message failed: -22 (1/0)
[  290.117806][   T10] dw2102: command 0x51 transfer failed.
[  290.117821][   T10] dvb-usb: bulk message failed: -22 (5/0)
[  290.156852][ T5838] usb 4-1: USB disconnect, device number 7
[  290.199373][ T7367] IPVS: using max 21 ests per chain, 50400 per kthread
[  290.303674][ T5906] em28xx 6-1:0.89: Video interface 89 found: bulk
[  290.312969][   T10] dw2102: i2c probe for address 0x68 failed.
[  290.326883][   T10] dvb-usb: bulk message failed: -22 (5/0)
[  290.335517][   T10] dw2102: i2c probe for address 0x69 failed.
[  290.341546][   T10] dvb-usb: bulk message failed: -22 (5/0)
[  290.347278][   T10] dw2102: i2c probe for address 0x6a failed.
[  290.353296][   T10] dw2102: probing for demodulator failed. Is the external power switched on?
[  290.362455][   T10] dvb-usb: no frontend was attached by 'TeVii S662'
[  290.536117][ T7364] loop0: detected capacity change from 0 to 8192
[  290.613155][ T7372] loop2: detected capacity change from 0 to 512
[  290.679250][   T10] rc_core: IR keymap rc-tt-1500 not found
[  290.688982][   T10] Registered IR keymap rc-empty
[  290.719120][   T10] rc rc0: TeVii S662 as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0
[  290.735864][ T7372] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  290.819451][   T10] input: TeVii S662 as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0/input24
[  290.837031][ T5906] em28xx 6-1:0.89: unknown em28xx chip ID (0)
[  291.653901][ T7372] EXT4-fs (loop2): 1 truncate cleaned up
[  291.674227][   T10] dvb-usb: schedule remote query interval to 250 msecs.
[  291.688339][ T5906] em28xx 6-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[  291.689283][   T10] dw2102: su3000_power_ctrl: 0, initialized 1
[  291.702908][   T10] dvb-usb: TeVii S662 successfully initialized and connected.
[  291.713299][   T10] usb 1-1: USB disconnect, device number 4
[  291.722757][ T7372] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  291.819455][ T5906] em28xx 6-1:0.89: board has no eeprom
[  291.868248][ T7381] IPVS: lblc: FWM 3 0x00000003 - no destination available
[  291.903207][ T5824] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  291.909434][   T24] vhci_hcd: vhci_device speed not set
[  291.919346][ T5906] em28xx 6-1:0.89: Identified as Terratec Grabby (card=67)
[  291.926582][ T5906] em28xx 6-1:0.89: analog set to bulk mode.
[  292.000024][ T5908] em28xx 6-1:0.89: Registering V4L2 extension
[  292.024364][ T7387] loop3: detected capacity change from 0 to 256
[  292.045621][ T7381] loop4: detected capacity change from 0 to 512
[  292.064018][ T5906] usb 6-1: USB disconnect, device number 3
[  292.072756][ T7382] fuse: Bad value for 'fd'
[  292.116791][ T5906] em28xx 6-1:0.89: Disconnecting em28xx
[  292.182318][   T10] dvb-usb: TeVii S662 successfully deinitialized and disconnected.
[  292.232031][ T7382] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000ff00)
[  292.255767][ T7387] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  292.321302][ T7382] FAT-fs (loop0): Filesystem has been set read-only
[  292.399360][ T5838] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  292.604236][ T5838] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  292.747738][ T7400] ubi31: attaching mtd0
[  292.778239][ T7400] ubi31: scanning is finished
[  293.429995][ T5838] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  293.439993][ T5838] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  293.453275][ T5838] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  293.462460][ T5838] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  293.473948][ T5838] usb 2-1: config 0 descriptor??
[  293.480424][ T5908] em28xx 6-1:0.89: Config register raw data: 0xffffffed
[  293.525845][ T5908] em28xx 6-1:0.89: AC97 chip type couldn't be determined
[  293.568776][ T5908] em28xx 6-1:0.89: No AC97 audio processor
[  293.713155][ T5908] usb 6-1: Decoder not found
[  293.717824][ T5908] em28xx 6-1:0.89: failed to create media graph
[  293.733459][ T7400] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4
[  293.788541][ T5908] em28xx 6-1:0.89: V4L2 device video103 deregistered
[  294.001591][ T5908] em28xx 6-1:0.89: Registering snapshot button...
[  294.021724][ T5908] input: em28xx snapshot button as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.89/input/input25
[  294.056863][ T5838] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  294.102073][ T5908] em28xx 6-1:0.89: Remote control support is not available for this card.
[  294.141448][ T5906] em28xx 6-1:0.89: Closing input extension
[  294.160588][ T5906] em28xx 6-1:0.89: Deregistering snapshot button
[  294.259291][   T10] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  294.362283][ T7408] loop5: detected capacity change from 0 to 512
[  294.659221][ T5838] usb 2-1: USB disconnect, device number 3
[  294.696387][ T5906] em28xx 6-1:0.89: Freeing device
[  294.872240][   T10] usb 4-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64
[  294.912710][ T7408] EXT4-fs (loop5): Cannot turn on journaled quota: type 1: error -13
[  294.921108][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  294.929429][   T10] usb 4-1: Product: syz
[  294.958718][   T10] usb 4-1: Manufacturer: syz
[  294.965074][ T7408] EXT4-fs error (device loop5): ext4_orphan_get:1392: inode #13: comm syz.5.383: iget: bad i_size value: 12154757448730
[  294.968847][   T10] usb 4-1: SerialNumber: syz
[  295.037600][ T7408] EXT4-fs error (device loop5): ext4_orphan_get:1395: comm syz.5.383: couldn't read orphan inode 13 (err -117)
[  295.150364][   T10] usb 4-1: config 0 descriptor??
[  295.169039][   T10] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state.
[  295.211135][ T7408] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  295.242369][   T10] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  295.304841][   T10] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0))
[  295.326492][ T7412] fido_id[7412]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  295.350648][   T10] usb 4-1: media controller created
[  295.409599][ T7408] EXT4-fs: Ignoring sb option on remount
[  295.445618][ T7408] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000.
[  295.471370][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  295.519459][ T5838] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  295.637657][   T10] DVB: Unable to find symbol mt352_attach()
[  295.648743][ T5830] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  295.689224][ T5838] usb 3-1: Using ep0 maxpacket: 8
[  295.705332][ T5838] usb 3-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d
[  295.739293][ T5838] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  295.769378][ T5838] usb 3-1: Product: syz
[  295.784388][ T5838] usb 3-1: Manufacturer: syz
[  295.807637][ T5838] usb 3-1: SerialNumber: syz
[  295.835614][ T5838] usb 3-1: config 0 descriptor??
[  295.874167][   T10] DVB: Unable to find symbol nxt6000_attach()
[  295.887393][ T5838] gspca_main: sonixj-2.14.0 probing 0c45:613e
[  295.912725][   T10] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)'
[  295.943948][   T10] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input27
[  296.520104][   T10] dvb-usb: schedule remote query interval to 1000 msecs.
[  296.527200][   T10] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected.
[  296.599380][   T10] dvb-usb: bulk message failed: -22 (7/0)
[  296.620116][   T10] dvb-usb: bulk message failed: -22 (7/0)
[  296.646528][   T10] usb 4-1: USB disconnect, device number 8
[  296.918924][ T5838] gspca_sonixj: reg_w1 err -71
[  296.924010][ T5838] sonixj 3-1:0.0: probe with driver sonixj failed with error -71
[  296.969627][ T5838] usb 3-1: USB disconnect, device number 4
[  297.064398][   T10] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected.
[  297.097813][ T7425] loop3: detected capacity change from 0 to 4096
[  297.162565][ T7425] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512).
[  297.266729][ T7425] ntfs3(loop3): Failed to load $Extend (-22).
[  297.267510][ T7431] loop5: detected capacity change from 0 to 256
[  297.340849][ T7425] ntfs3(loop3): Failed to initialize $Extend.
[  297.362115][ T7433] loop1: detected capacity change from 0 to 512
[  297.384734][ T7431] FAT-fs (loop5): error, clusters badly computed (0 != 128)
[  297.430794][ T7431] FAT-fs (loop5): Filesystem has been set read-only
[  297.456836][ T7433] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  297.487767][ T7431] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 196)
[  297.555154][ T7433] EXT4-fs (loop1): 1 truncate cleaned up
[  297.586274][ T7433] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  297.914267][ T7441] loop5: detected capacity change from 0 to 64
[  297.915056][ T5826] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  297.988532][ T7439] loop0: detected capacity change from 0 to 4096
[  298.039302][   T24] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  298.209456][   T24] usb 3-1: Using ep0 maxpacket: 16
[  298.382423][   T24] usb 3-1: New USB device found, idVendor=046d, idProduct=c211, bcdDevice= 0.00
[  298.501816][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  298.596856][ T7445] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  298.701022][   T24] usb 3-1: config 0 descriptor??
[  298.772365][   T30] audit: type=1800 audit(1761178839.483:3): pid=7439 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.392" name="file1" dev="loop0" ino=15 res=0 errno=0
[  299.608493][   T24] logitech 0003:046D:C211.0007: hidraw0: USB HID v0.02 Device [HID 046d:c211] on usb-dummy_hcd.2-1/input0
[  299.676035][   T24] logitech 0003:046D:C211.0007: no inputs found
[  299.768222][   T24] usb 3-1: USB disconnect, device number 5
[  299.848164][    T9] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  299.866186][ T7427] loop4: detected capacity change from 0 to 32768
[  299.933055][ T7454] fido_id[7454]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  299.938208][ T7427] read_mapping_page failed!
[  300.004169][ T7427] diRead: diIAGRead returned -5
[  300.058606][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  300.119299][ T5915] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  300.149353][ T5906] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  300.150692][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  300.315219][    T9] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  300.527978][    T9] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  300.690384][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  301.037226][    T9] usb 4-1: config 0 descriptor??
[  301.383405][ T5906] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  301.409406][ T5915] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  301.456161][ T5906] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  301.476484][ T5915] usb 6-1: New USB device found, idVendor=09da, idProduct=022b, bcdDevice= 0.00
[  301.503513][ T5906] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  301.527083][ T5915] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  301.560841][ T5906] usb 2-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00
[  301.584306][ T5915] usb 6-1: config 0 descriptor??
[  301.599305][ T5906] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  301.660872][ T7471] loop0: detected capacity change from 0 to 256
[  301.670321][ T5906] usb 2-1: config 0 descriptor??
[  301.721535][    T9] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  301.782841][ T7471] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xf6e00961, utbl_chksum : 0xe619d30d)
[  301.799510][   T10] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  301.938808][   T24] usb 4-1: USB disconnect, device number 9
[  301.969281][   T10] usb 3-1: Using ep0 maxpacket: 16
[  302.009920][   T10] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  302.039023][   T10] usb 3-1: config 0 interface 0 has no altsetting 0
[  302.041640][ T5915] a4tech 0003:09DA:022B.0009: hidraw0: USB HID v0.02 Device [HID 09da:022b] on usb-dummy_hcd.5-1/input0
[  302.071572][   T10] usb 3-1: New USB device found, idVendor=15c2, idProduct=0041, bcdDevice=1f.20
[  302.092887][ T7472] fido_id[7472]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  302.112183][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  302.131311][   T10] usb 3-1: Product: syz
[  302.136735][   T10] usb 3-1: Manufacturer: syz
[  302.145875][   T10] usb 3-1: SerialNumber: syz
[  302.150289][ T5906] acrux 0003:1A34:0802.000A: hidraw1: USB HID v0.00 Device [HID 1a34:0802] on usb-dummy_hcd.1-1/input0
[  302.181679][ T5906] acrux 0003:1A34:0802.000A: no inputs found
[  302.195224][ T5906] acrux 0003:1A34:0802.000A: Failed to enable force feedback support, error: -19
[  302.268487][   T24] usb 6-1: USB disconnect, device number 4
[  302.305689][   T10] usb 3-1: config 0 descriptor??
[  302.329947][ T5906] usb 2-1: USB disconnect, device number 4
[  302.493640][ T7479] loop4: detected capacity change from 0 to 256
[  302.506404][ T7474] fido_id[7474]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  302.561091][ T7479] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  302.622123][   T10] input: iMON Panel, Knob and Mouse(15c2:0041) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input29
[  302.709135][ T7476] loop0: detected capacity change from 0 to 8192
[  302.766134][ T7478] fido_id[7478]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[  302.791023][   T30] audit: type=1800 audit(1761178843.503:4): pid=7481 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.406" name="file2" dev="loop4" ino=1048810 res=0 errno=0
[  302.988136][    C0] imon 3-1:0.0: imon usb_rx_callback_intf0: status(-71)
[  302.998892][   T10] imon:send_packet: packet tx failed (-71)
[  303.032795][   T10] imon 3-1:0.0: panel buttons/knobs setup failed
[  303.138189][ T7476] fuse: Bad value for 'fd'
[  303.149926][ T7476] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000ff00)
[  303.157771][ T7476] FAT-fs (loop0): Filesystem has been set read-only
[  303.250440][ T5906] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  303.403335][   T10] rc_core: IR keymap rc-imon-pad not found
[  303.410117][ T7490] loop4: detected capacity change from 0 to 4096
[  303.421076][ T5906] usb 4-1: Using ep0 maxpacket: 16
[  303.460933][   T10] Registered IR keymap rc-empty
[  303.515226][ T5906] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  303.649841][ T5906] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  303.650080][   T10] imon 3-1:0.0: Looks like you're trying to use an IR protocol this device does not support
[  303.699534][   T10] imon 3-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  303.783053][ T7490] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512).
[  303.872687][ T5906] usb 4-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00
[  304.023765][ T5906] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  304.055001][   T10] imon:send_packet: packet tx failed (-71)
[  304.088066][ T7490] ntfs3(loop4): Failed to load $Extend (-22).
[  304.099567][   T10] imon 3-1:0.0: remote input dev register failed
[  304.100610][ T5906] usb 4-1: config 0 descriptor??
[  304.113809][ T7490] ntfs3(loop4): Failed to initialize $Extend.
[  304.130632][   T10] imon 3-1:0.0: imon_init_intf0: rc device setup failed
[  304.829974][   T10] imon 3-1:0.0: unable to initialize intf0, err 0
[  304.863024][   T10] imon:imon_probe: failed to initialize context!
[  305.339465][   T10] imon 3-1:0.0: unable to register, err -19
[  305.341173][ T5906] hid_parser_main: 138 callbacks suppressed
[  305.341201][ T5906] corsair 0003:1B1C:1B02.000B: unknown main item tag 0x0
[  305.492670][   T10] usb 3-1: USB disconnect, device number 6
[  305.523743][ T5906] corsair 0003:1B1C:1B02.000B: unknown main item tag 0x0
[  305.555415][ T5906] corsair 0003:1B1C:1B02.000B: unknown main item tag 0x0
[  305.584314][ T5906] corsair 0003:1B1C:1B02.000B: unknown main item tag 0x0
[  305.617655][ T5906] corsair 0003:1B1C:1B02.000B: unknown main item tag 0x0
[  305.723092][ T5906] corsair 0003:1B1C:1B02.000B: hidraw0: USB HID v0.00 Device [HID 1b1c:1b02] on usb-dummy_hcd.3-1/input0
[  305.848259][ T5906] corsair 0003:1B1C:1B02.000B: Failed to get K90 initial state (error -71).
[  305.940054][ T5906] usb 4-1: USB disconnect, device number 10
[  306.153840][ T7513] loop4: detected capacity change from 0 to 1024
[  306.223081][ T7513] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  306.320672][ T7511] fido_id[7511]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  306.377745][ T7513] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:482: comm syz.4.416: Invalid block bitmap block 0 in block_group 0
[  306.449319][   T24] usb 1-1: new full-speed USB device number 5 using dummy_hcd
[  306.459632][   T10] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  307.314180][   T10] usb 3-1: Using ep0 maxpacket: 8
[  307.347527][ T7513] EXT4-fs (loop4): Remounting filesystem read-only
[  307.486658][ T7513] Quota error (device loop4): write_blk: dquota write failed
[  307.669725][   T10] usb 3-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  307.679110][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  307.687371][   T10] usb 3-1: Product: syz
[  307.699983][ T7513] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[  307.712041][   T24] usb 1-1: config 0 has an invalid interface number: 251 but max is 0
[  307.752523][   T10] usb 3-1: Manufacturer: syz
[  307.765826][   T24] usb 1-1: config 0 has no interface number 0
[  307.781521][   T10] usb 3-1: SerialNumber: syz
[  307.796862][ T7513] EXT4-fs (loop4): 1 orphan inode deleted
[  307.815074][   T24] usb 1-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  307.844432][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  307.847968][   T10] usb 3-1: config 0 descriptor??
[  307.868090][   T24] usb 1-1: Product: syz
[  307.874635][ T7513] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  307.907868][   T24] usb 1-1: Manufacturer: syz
[  307.915171][   T24] usb 1-1: SerialNumber: syz
[  307.916684][   T10] gspca_main: sq930x-2.14.0 probing 2770:930c
[  307.944189][   T24] usb 1-1: config 0 descriptor??
[  308.096184][ T5827] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  308.243534][ T5838] usb 6-1: new low-speed USB device number 5 using dummy_hcd
[  308.307888][ T7534] loop3: detected capacity change from 0 to 8192
[  308.559949][   T10] gspca_sq930x: reg_w 0305 fd00 failed -71
[  308.846386][ T7534] fuse: Bad value for 'fd'
[  308.865209][ T7542] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000ff00)
[  308.873307][ T7542] FAT-fs (loop3): Filesystem has been set read-only
[  309.006793][   T24] asix 1-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[  309.165308][ T5838] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  309.180787][ T5838] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  309.191773][ T5838] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  309.203859][ T5838] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  309.215151][ T5838] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  309.227888][ T5838] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  309.301682][   T24] asix 1-1:0.251 (unnamed net_device) (uninitialized): Failed to read MAC address: -61
[  309.319476][ T5838] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  309.324721][   T24] asix 1-1:0.251: probe with driver asix failed with error -5
[  309.353784][   T10] gspca_sq930x: Sensor ov9630 not yet treated
[  309.361425][   T10] sq930x 3-1:0.0: probe with driver sq930x failed with error -22
[  309.369251][ T5838] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  309.409343][   T24] usb 1-1: USB disconnect, device number 5
[  309.449423][ T5838] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  309.487434][   T10] usb 3-1: USB disconnect, device number 7
[  309.496545][ T5838] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  309.521460][ T5838] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  309.528953][ T5838] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  309.602240][ T5838] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  309.618251][ T7546] loop2: detected capacity change from 0 to 512
[  309.645700][ T5838] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  309.706045][ T5838] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  309.749699][ T7546] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  309.790996][ T5838] usb 6-1: string descriptor 0 read error: -22
[  309.821150][ T5838] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  309.866730][ T5838] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  309.937426][ T5824] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  309.979590][ T5838] adutux 6-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  311.342578][ T7565] loop3: detected capacity change from 0 to 256
[  311.396165][ T7562] loop2: detected capacity change from 0 to 8192
[  311.411346][ T7565] exfat: Deprecated parameter 'utf8'
[  311.439919][ T5906] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  311.489527][ T7565] exfat: Deprecated parameter 'namecase'
[  311.516489][ T7567] loop4: detected capacity change from 0 to 2048
[  311.542897][ T7567] EXT4-fs: inline encryption not supported
[  311.590412][ T7565] exFAT-fs (loop3): failed to load upcase table (idx : 0x00012153, chksum : 0xc3dffc2e, utbl_chksum : 0xe619d30d)
[  311.743048][ T7562] fuse: Bad value for 'fd'
[  311.747481][ T7567] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  311.747618][ T7567] ext4 filesystem being mounted at /81/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  311.773919][ T7562] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000ff00)
[  311.781886][ T7562] FAT-fs (loop2): Filesystem has been set read-only
[  311.882409][ T5906] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  312.097428][ T5906] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  312.169047][ T5906] usb 2-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00
[  312.181612][ T5906] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  312.205614][ T5827] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  312.208631][ T5906] usb 2-1: config 0 descriptor??
[  312.404530][ T7577] loop3: detected capacity change from 0 to 8192
[  312.730940][ T5906] sony 0003:054C:024B.000C: unknown main item tag 0x0
[  312.771860][ T5906] sony 0003:054C:024B.000C: unknown main item tag 0x0
[  312.797679][ T5906] sony 0003:054C:024B.000C: unknown main item tag 0x0
[  312.828603][ T5906] sony 0003:054C:024B.000C: unknown main item tag 0x0
[  312.840843][ T5906] sony 0003:054C:024B.000C: unknown main item tag 0x0
[  312.865577][ T5906] sony 0003:054C:024B.000C: unknown main item tag 0x0
[  312.905843][ T7586] fuse: Bad value for 'fd'
[  312.911192][ T5906] sony 0003:054C:024B.000C: unknown main item tag 0x0
[  312.919499][ T5906] sony 0003:054C:024B.000C: unknown main item tag 0x0
[  312.930540][ T7586] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000ff00)
[  312.933668][ T5906] sony 0003:054C:024B.000C: unknown main item tag 0x0
[  312.938389][ T7586] FAT-fs (loop3): Filesystem has been set read-only
[  312.953136][ T5906] sony 0003:054C:024B.000C: unknown main item tag 0x0
[  312.964413][ T5906] sony 0003:054C:024B.000C: unexpected long global item
[  312.972354][ T5906] sony 0003:054C:024B.000C: parse failed
[  312.984940][ T5906] sony 0003:054C:024B.000C: probe with driver sony failed with error -22
[  312.998687][ T5906] usb 2-1: USB disconnect, device number 5
[  313.130790][   T24] usb 6-1: USB disconnect, device number 5
[  313.162067][ T7583] loop4: detected capacity change from 0 to 8192
[  313.528379][ T7583] fuse: Bad value for 'fd'
[  313.534520][ T7583] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000ff00)
[  313.542465][ T7583] FAT-fs (loop4): Filesystem has been set read-only
[  313.571188][ T7592] loop5: detected capacity change from 0 to 256
[  313.849436][ T5906] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  314.059397][ T5906] usb 1-1: Using ep0 maxpacket: 16
[  314.119287][ T5906] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  314.128397][ T5906] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  314.198797][ T5906] usb 1-1: Product: syz
[  314.320090][ T5906] usb 1-1: Manufacturer: syz
[  314.412543][ T5906] usb 1-1: SerialNumber: syz
[  314.685316][ T5906] r8152-cfgselector 1-1: Unknown version 0x0000
[  314.784755][ T5906] r8152-cfgselector 1-1: config 0 descriptor??
[  315.363456][ T5906] r8152-cfgselector 1-1: Needed 1 retries to read version
[  315.614887][ T5906] r8152-cfgselector 1-1: USB disconnect, device number 6
[  317.427854][ T7621] loop0: detected capacity change from 0 to 1024
[  317.459873][ T7623] skbuff: bad partial csum: csum=65489/0 headroom=64 headlen=65491
[  317.718130][ T7625] loop1: detected capacity change from 0 to 2048
[  317.854601][ T7627] delete_channel: no stack
[  318.361805][ T7625] EXT4-fs: inline encryption not supported
[  318.578358][ T7625] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  318.731447][ T7625] ext4 filesystem being mounted at /69/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  318.845748][ T7638] loop2: detected capacity change from 0 to 512
[  318.867398][ T7638] EXT4-fs: Ignoring removed bh option
[  318.880651][ T7638] EXT4-fs: Ignoring removed mblk_io_submit option
[  318.960103][ T7638] EXT4-fs (loop2): Test dummy encryption mode enabled
[  319.067621][ T7638] EXT4-fs error (device loop2): ext4_orphan_get:1392: comm syz.2.453: inode #13: comm syz.2.453: iget: illegal inode #
[  319.195554][ T7638] EXT4-fs error (device loop2): ext4_orphan_get:1395: comm syz.2.453: couldn't read orphan inode 13 (err -117)
[  319.262455][ T7638] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  319.439972][ T5826] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  319.676622][ T5824] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  320.021756][   T24] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  320.968090][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  321.010267][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  321.142407][   T24] usb 5-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00
[  321.225749][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  321.516743][   T24] usb 5-1: config 0 descriptor??
[  321.566107][ T7666] loop3: detected capacity change from 0 to 256
[  321.606631][ T7668] loop2: detected capacity change from 0 to 256
[  321.638703][ T7668] exfat: Deprecated parameter 'utf8'
[  321.672849][ T7666] FAT-fs (loop3): Directory bread(block 64) failed
[  321.680213][ T7668] exfat: Deprecated parameter 'namecase'
[  321.700724][ T7666] FAT-fs (loop3): Directory bread(block 65) failed
[  321.743126][ T7666] FAT-fs (loop3): Directory bread(block 66) failed
[  321.760188][ T7668] exFAT-fs (loop2): failed to load upcase table (idx : 0x00012153, chksum : 0xc3dffc2e, utbl_chksum : 0xe619d30d)
[  321.790946][ T7666] FAT-fs (loop3): Directory bread(block 67) failed
[  321.818156][ T7666] FAT-fs (loop3): Directory bread(block 68) failed
[  321.846162][ T7666] FAT-fs (loop3): Directory bread(block 69) failed
[  321.950031][ T7666] FAT-fs (loop3): Directory bread(block 70) failed
[  322.026602][   T24] hid_parser_main: 138 callbacks suppressed
[  322.026632][   T24] sony 0003:054C:024B.000D: unknown main item tag 0x0
[  322.049812][ T7666] FAT-fs (loop3): Directory bread(block 71) failed
[  322.143949][ T7666] FAT-fs (loop3): Directory bread(block 72) failed
[  322.238394][ T7666] FAT-fs (loop3): Directory bread(block 73) failed
[  323.172761][    T9] usb 6-1: new full-speed USB device number 6 using dummy_hcd
[  323.598949][    T9] usb 6-1: config 0 interface 0 has no altsetting 0
[  323.785987][    T9] usb 6-1: New USB device found, idVendor=05ac, idProduct=0267, bcdDevice= 0.00
[  324.045725][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  324.467101][    T9] usb 6-1: config 0 descriptor??
[  324.694807][   T24] sony 0003:054C:024B.000D: unknown main item tag 0x0
[  324.701804][   T24] sony 0003:054C:024B.000D: unknown main item tag 0x0
[  324.708707][   T24] sony 0003:054C:024B.000D: unknown main item tag 0x0
[  324.715643][   T24] sony 0003:054C:024B.000D: unknown main item tag 0x0
[  324.722645][   T24] sony 0003:054C:024B.000D: unknown main item tag 0x0
[  324.729596][   T24] sony 0003:054C:024B.000D: unknown main item tag 0x0
[  324.739644][   T24] sony 0003:054C:024B.000D: unknown main item tag 0x0
[  324.746531][   T24] sony 0003:054C:024B.000D: unknown main item tag 0x0
[  324.753483][   T24] sony 0003:054C:024B.000D: unknown main item tag 0x0
[  324.761314][   T24] sony 0003:054C:024B.000D: unexpected long global item
[  324.769311][   T24] sony 0003:054C:024B.000D: parse failed
[  324.777578][   T24] sony 0003:054C:024B.000D: probe with driver sony failed with error -22
[  324.790498][   T24] usb 5-1: USB disconnect, device number 3
[  325.137983][ T7683] loop2: detected capacity change from 0 to 64
[  325.191654][ T7683] hfs: unable to locate alternate MDB
[  325.224176][ T7683] hfs: continuing without an alternate MDB
[  325.265188][    T9] apple 0003:05AC:0267.000E: hidraw0: USB HID v1.01 Device [HID 05ac:0267] on usb-dummy_hcd.5-1/input0
[  325.883254][ T5906] usb 6-1: USB disconnect, device number 6
[  326.724845][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[  326.733747][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  327.029874][ T5935] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  327.253556][ T5935] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  327.307955][ T5935] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  327.552007][ T5935] usb 4-1: New USB device found, idVendor=0458, idProduct=5014, bcdDevice= 0.00
[  327.782915][ T5935] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  328.085307][ T5935] usb 4-1: config 0 descriptor??
[  328.410177][ T7727] loop1: detected capacity change from 0 to 2048
[  328.476721][ T7727] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  328.518499][ T7727] ext4 filesystem being mounted at /74/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  328.586582][ T5935] kye 0003:0458:5014.000F: tablet report size too small, or kye_tablet_rdesc unexpectedly large
[  328.671496][ T5935] kye 0003:0458:5014.000F: hidraw0: USB HID v0.00 Device [HID 0458:5014] on usb-dummy_hcd.3-1/input0
[  328.710011][ T5935] kye 0003:0458:5014.000F: tablet-enabling feature report not found
[  328.749376][ T5838] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  328.819323][ T5935] kye 0003:0458:5014.000F: tablet enabling failed
[  328.925682][ T5935] usb 4-1: USB disconnect, device number 11
[  329.432026][ T5826] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  329.453197][ T7741] fido_id[7741]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  329.571452][ T5838] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 254, changing to 11
[  329.589316][ T5838] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  329.648357][ T5838] usb 3-1: New USB device found, idVendor=172f, idProduct=0034, bcdDevice= 0.00
[  329.699556][ T5838] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  329.722747][ T5838] usb 3-1: config 0 descriptor??
[  330.482873][ T5838] waltop 0003:172F:0034.0010: item fetching failed at offset 4/7
[  330.512190][ T5838] waltop 0003:172F:0034.0010: probe with driver waltop failed with error -22
[  330.624302][ T7759] IPVS: lblc: FWM 3 0x00000003 - no destination available
[  330.686585][ T7759] loop1: detected capacity change from 0 to 512
[  331.447747][ T5838] usb 3-1: USB disconnect, device number 8
[  331.461916][ T5906] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  331.526839][ T7760] loop3: detected capacity change from 0 to 512
[  331.554271][ T7760] EXT4-fs: Ignoring removed mblk_io_submit option
[  331.634993][ T7760] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  331.679344][ T5906] usb 1-1: Using ep0 maxpacket: 8
[  331.687335][ T5906] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  331.700755][ T5906] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  331.711609][ T5906] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  331.729977][ T5906] usb 1-1: New USB device found, idVendor=046d, idProduct=ca03, bcdDevice= 0.00
[  331.739403][ T5906] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  331.770703][ T5906] usb 1-1: config 0 descriptor??
[  332.025693][ T5828] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  332.263734][ T5906] hid_parser_main: 138 callbacks suppressed
[  332.263764][ T5906] logitech 0003:046D:CA03.0011: unknown main item tag 0x2
[  332.333354][ T5906] logitech 0003:046D:CA03.0011: item fetching failed at offset 4/8
[  332.355415][ T5906] logitech 0003:046D:CA03.0011: parse failed
[  332.364544][ T5906] logitech 0003:046D:CA03.0011: probe with driver logitech failed with error -22
[  332.503379][ T5838] usb 1-1: USB disconnect, device number 7
[  332.539359][ T5935] usb 4-1: new full-speed USB device number 12 using dummy_hcd
[  332.849691][   T24] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  332.885347][ T5935] usb 4-1: config 0 has an invalid interface number: 251 but max is 0
[  332.904155][ T5935] usb 4-1: config 0 has no interface number 0
[  332.945686][ T5935] usb 4-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  332.965292][ T5935] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  332.984242][ T5935] usb 4-1: Product: syz
[  332.994367][ T5935] usb 4-1: Manufacturer: syz
[  333.004732][ T5935] usb 4-1: SerialNumber: syz
[  333.024802][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  333.052340][ T5935] usb 4-1: config 0 descriptor??
[  333.064838][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  333.109513][   T24] usb 3-1: New USB device found, idVendor=04b4, idProduct=de61, bcdDevice= 0.00
[  333.118656][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  333.145548][   T24] usb 3-1: config 0 descriptor??
[  333.740337][ T5935] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[  333.961336][ T5935] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read MAC address: -61
[  334.049022][   T24] cypress 0003:04B4:DE61.0012: item fetching failed at offset 5/7
[  334.116489][ T5935] asix 4-1:0.251: probe with driver asix failed with error -5
[  334.174479][   T24] cypress 0003:04B4:DE61.0012: parse failed
[  334.238304][   T24] cypress 0003:04B4:DE61.0012: probe with driver cypress failed with error -22
[  334.286152][ T5935] usb 4-1: USB disconnect, device number 12
[  334.388642][   T24] usb 3-1: USB disconnect, device number 9
[  336.091854][   T24] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  336.259292][    T9] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  336.279670][   T24] usb 5-1: Using ep0 maxpacket: 32
[  336.370366][   T24] usb 5-1: config 0 interface 0 altsetting 15 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  336.580249][   T24] usb 5-1: config 0 interface 0 has no altsetting 0
[  336.681071][   T24] usb 5-1: New USB device found, idVendor=6666, idProduct=8801, bcdDevice= 0.00
[  336.792237][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  336.974819][   T24] usb 5-1: config 0 descriptor??
[  337.144261][    T9] usb 1-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64
[  337.159370][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  337.178288][    T9] usb 1-1: Product: syz
[  337.185547][    T9] usb 1-1: Manufacturer: syz
[  338.075950][    T9] usb 1-1: SerialNumber: syz
[  338.130250][    T9] usb 1-1: config 0 descriptor??
[  338.157718][    T9] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state.
[  338.178101][    T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  338.210092][    T9] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0))
[  338.219793][    T9] usb 1-1: media controller created
[  338.299830][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  338.359807][   T24] smartjoyplus 0003:6666:8801.0013: hidraw0: USB HID vf.fe Device [HID 6666:8801] on usb-dummy_hcd.4-1/input0
[  338.410595][   T24] smartjoyplus 0003:6666:8801.0013: Force feedback for SmartJoy PLUS PS2/USB adapter
[  338.567140][   T24] usb 5-1: USB disconnect, device number 4
[  338.675433][    T9] DVB: Unable to find symbol mt352_attach()
[  338.736248][ T7841] fido_id[7841]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  339.297313][ T7837] loop3: detected capacity change from 0 to 8192
[  339.632592][ T7837] fuse: Bad value for 'fd'
[  339.639868][ T7837] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000ff00)
[  339.647696][ T7837] FAT-fs (loop3): Filesystem has been set read-only
[  340.010143][    T9] DVB: Unable to find symbol nxt6000_attach()
[  340.080182][    T9] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)'
[  340.143904][    T9] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input31
[  340.216619][    T9] dvb-usb: schedule remote query interval to 1000 msecs.
[  340.248330][ T7860] loop2: detected capacity change from 0 to 128
[  340.255092][    T9] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected.
[  340.279352][    T9] dvb-usb: bulk message failed: -22 (7/0)
[  340.301878][    T9] dvb-usb: bulk message failed: -22 (7/0)
[  340.324827][    T9] usb 1-1: USB disconnect, device number 8
[  340.335489][ T7860] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  340.351573][ T7860] ext4 filesystem being mounted at /90/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  340.391682][ T7860] EXT4-fs warning (device loop2): ext4_group_extend:1891: can't read last block, resize aborted
[  340.741323][ T5838] usb 2-1: new full-speed USB device number 6 using dummy_hcd
[  341.565783][ T5838] usb 2-1: config 0 has an invalid interface number: 251 but max is 0
[  341.960018][ T5838] usb 2-1: config 0 has no interface number 0
[  342.060518][ T5838] usb 2-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  342.110451][ T5838] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  342.120400][    T9] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected.
[  342.149931][ T5838] usb 2-1: Product: syz
[  342.154131][ T5838] usb 2-1: Manufacturer: syz
[  342.174480][ T5838] usb 2-1: SerialNumber: syz
[  342.258388][ T5824] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  342.288612][ T5838] usb 2-1: config 0 descriptor??
[  342.619390][   T10] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  342.633029][ T7884] IPVS: lblc: FWM 3 0x00000003 - no destination available
[  342.786791][ T5838] asix 2-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[  342.827251][ T5838] asix 2-1:0.251 (unnamed net_device) (uninitialized): Failed to read MAC address: -61
[  342.837201][   T10] usb 4-1: Using ep0 maxpacket: 8
[  342.845554][   T10] usb 4-1: config 0 has an invalid interface number: 52 but max is 0
[  342.864740][ T5838] asix 2-1:0.251: probe with driver asix failed with error -5
[  342.873564][   T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  342.895389][ T7884] loop4: detected capacity change from 0 to 512
[  342.905458][   T10] usb 4-1: config 0 has no interface number 0
[  342.920080][   T10] usb 4-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  343.020377][   T10] usb 4-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  343.037578][   T10] usb 4-1: config 0 interface 52 has no altsetting 0
[  343.049592][   T10] usb 4-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  343.069041][   T10] usb 4-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0
[  343.079598][   T10] usb 4-1: Manufacturer: syz
[  343.100245][   T10] usb 4-1: config 0 descriptor??
[  343.108489][   T10] hub 4-1:0.52: bad descriptor, ignoring hub
[  343.130473][   T10] hub 4-1:0.52: probe with driver hub failed with error -5
[  343.156416][ T5935] usb 2-1: USB disconnect, device number 6
[  343.276474][ T7887] loop2: detected capacity change from 0 to 8192
[  343.368103][   T10] input: syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.52/input/input32
[  343.435561][ T7891] loop5: detected capacity change from 0 to 8192
[  343.840218][ T7891] fuse: Bad value for 'fd'
[  343.850164][ T7891] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000ff00)
[  343.858024][ T7891] FAT-fs (loop5): Filesystem has been set read-only
[  343.946316][   T24] usb 4-1: USB disconnect, device number 13
[  345.408060][ T7898] loop5: detected capacity change from 0 to 8192
[  345.818048][ T7912] IPVS: lblc: FWM 3 0x00000003 - no destination available
[  345.878385][ T7912] loop3: detected capacity change from 0 to 512
[  346.770150][ T7917] fuse: Bad value for 'fd'
[  346.776305][ T7917] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000ff00)
[  346.784992][ T7917] FAT-fs (loop5): Filesystem has been set read-only
[  348.006040][ T5843] Bluetooth: hci3: unexpected cc 0x2005 length: 8 > 1
[  348.013071][ T5843] Bluetooth: hci3: unexpected event for opcode 0x2005
[  348.994872][ T7934] delete_channel: no stack
[  349.538825][ T7945] loop2: detected capacity change from 0 to 256
[  349.597287][ T7945] exfat: Deprecated parameter 'utf8'
[  349.621626][ T7941] loop3: detected capacity change from 0 to 8192
[  349.665757][ T7945] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[  349.929957][ T7949] netlink: 8 bytes leftover after parsing attributes in process `syz.4.551'.
[  350.012330][ T7941] fuse: Bad value for 'fd'
[  350.020594][ T7941] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000ff00)
[  350.029611][ T7941] FAT-fs (loop3): Filesystem has been set read-only
[  350.059283][ T5935] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  350.253931][ T5935] usb 1-1: Using ep0 maxpacket: 16
[  350.310336][ T5935] usb 1-1: New USB device found, idVendor=046d, idProduct=c211, bcdDevice= 0.00
[  350.332638][ T5935] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  350.441763][ T5935] usb 1-1: config 0 descriptor??
[  350.753564][ T7959] netlink: 1 bytes leftover after parsing attributes in process `syz.2.554'.
[  350.785256][ T7959] xt_policy: neither incoming nor outgoing policy selected
[  350.922993][ T5935] logitech 0003:046D:C211.0014: hidraw0: USB HID v0.02 Device [HID 046d:c211] on usb-dummy_hcd.0-1/input0
[  351.006460][ T5935] logitech 0003:046D:C211.0014: no inputs found
[  351.122139][ T5935] usb 1-1: USB disconnect, device number 9
[  351.267197][ T7966] fido_id[7966]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  351.320169][ T7965] loop1: detected capacity change from 0 to 8192
[  351.392916][ T7964] loop3: detected capacity change from 0 to 8192
[  351.764562][ T7979] loop5: detected capacity change from 0 to 1024
[  351.820171][ T7981] fuse: Bad value for 'fd'
[  351.826273][ T7981] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000ff00)
[  351.834222][ T7981] FAT-fs (loop3): Filesystem has been set read-only
[  352.477465][ T7985] netlink: 'syz.3.564': attribute type 21 has an invalid length.
[  353.043254][ T7992] delete_channel: no stack
[  353.193210][ T7989] loop5: detected capacity change from 0 to 8192
[  353.256739][ T7991] loop0: detected capacity change from 0 to 8192
[  353.283853][ T7989] fuse: Bad value for 'fd'
[  353.343969][ T7998] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000ff00)
[  353.352226][ T7998] FAT-fs (loop5): Filesystem has been set read-only
[  353.418857][ T7991] fuse: Bad value for 'fd'
[  353.442938][ T7991] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000ff00)
[  353.451997][ T7991] FAT-fs (loop0): Filesystem has been set read-only
[  353.561194][ T8001] delete_channel: no stack
[  354.458734][ T8003] loop2: detected capacity change from 0 to 256
[  354.507788][ T8003] exfat: Deprecated parameter 'utf8'
[  354.610301][ T8003] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x40a90196, utbl_chksum : 0xe619d30d)
[  354.624824][ T8010] loop5: detected capacity change from 0 to 1024
[  354.713274][ T8010] EXT4-fs: Ignoring removed orlov option
[  355.448953][ T8009] loop0: detected capacity change from 0 to 4096
[  355.451819][ T8010] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  355.485567][ T8009] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  355.580541][ T8009] EXT4-fs (loop0): Test dummy encryption mode enabled
[  355.634936][   T30] audit: type=1800 audit(1761178896.333:5): pid=8010 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.570" name="bus" dev="loop5" ino=18 res=0 errno=0
[  355.738465][ T8009] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  355.863478][ T5830] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  356.129586][ T5825] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  356.216501][ T8022] loop2: detected capacity change from 0 to 8192
[  356.656989][ T8037] fuse: Bad value for 'fd'
[  356.663614][ T8037] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000ff00)
[  356.671477][ T8037] FAT-fs (loop2): Filesystem has been set read-only
[  357.570648][ T8044] loop2: detected capacity change from 0 to 8192
[  357.597312][ T8025] loop3: detected capacity change from 0 to 32768
[  357.624427][ T8044] fuse: Bad value for 'fd'
[  357.632659][ T8044] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000ff00)
[  357.640626][ T8044] FAT-fs (loop2): Filesystem has been set read-only
[  357.677227][ T8026] loop1: detected capacity change from 0 to 32768
[  357.706518][ T8026] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.574 (8026)
[  357.922983][ T8026] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  357.956057][ T8046] loop5: detected capacity change from 0 to 8192
[  357.989556][ T8025] ERROR: (device loop3): txAbort: 
[  357.989556][ T8025] 
[  357.996194][ T8026] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[  358.013212][ T8025] ERROR: (device loop3): remounting filesystem as read-only
[  358.067744][ T8046] fuse: Bad value for 'fd'
[  358.079548][ T8046] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000ff00)
[  358.087463][ T8046] FAT-fs (loop5): Filesystem has been set read-only
[  359.057165][ T8026] BTRFS error (device loop1): open_ctree failed: -4
[  360.989864][ T8094] netlink: 1 bytes leftover after parsing attributes in process `syz.1.595'.
[  361.029673][ T8094] xt_policy: neither incoming nor outgoing policy selected
[  361.107156][ T8100] delete_channel: no stack
[  361.560304][ T8097] loop5: detected capacity change from 0 to 8192
[  362.052244][ T8114] netlink: 8 bytes leftover after parsing attributes in process `syz.2.602'.
[  362.180277][ T8117] fuse: Bad value for 'fd'
[  362.194043][ T8117] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000ff00)
[  362.345968][ T8117] FAT-fs (loop5): Filesystem has been set read-only
[  364.071519][ T5843] Bluetooth: hci2: unexpected cc 0x203e length: 2 > 1
[  364.089504][ T5843] Bluetooth: hci2: unexpected event for opcode 0x203e
[  365.322334][ T8139] loop4: detected capacity change from 0 to 8192
[  365.410785][ T8149] netlink: 'syz.2.614': attribute type 2 has an invalid length.
[  365.812191][ T8151] fuse: Bad value for 'fd'
[  365.851431][ T8151] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000ff00)
[  365.953624][ T8151] FAT-fs (loop4): Filesystem has been set read-only
[  366.422488][ T8158] loop1: detected capacity change from 0 to 8192
[  366.493341][ T8162] delete_channel: no stack
[  366.852757][ T8163] fuse: Bad value for 'fd'
[  366.858976][ T8163] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000ff00)
[  366.866879][ T8163] FAT-fs (loop1): Filesystem has been set read-only
[  368.081086][ T5843] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  368.090596][ T5843] Bluetooth: hci2: Injecting HCI hardware error event
[  368.099865][ T5848] Bluetooth: hci2: hardware error 0x00
[  370.170033][ T5848] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  371.196887][ T8202] loop0: detected capacity change from 0 to 512
[  372.029514][ T5848] Bluetooth: hci4: unexpected event 0x01 length: 4 > 1
[  372.063702][ T8211] loop5: detected capacity change from 0 to 8192
[  372.508841][ T8225] fuse: Bad value for 'fd'
[  372.519333][ T8225] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000ff00)
[  372.527197][ T8225] FAT-fs (loop5): Filesystem has been set read-only
[  373.232526][ T8219] loop1: detected capacity change from 0 to 8192
[  373.857296][ T8236] fuse: Bad value for 'fd'
[  373.914541][ T8236] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000ff00)
[  373.923554][ T8238] netlink: 204 bytes leftover after parsing attributes in process `syz.2.641'.
[  374.015832][ T8236] FAT-fs (loop1): Filesystem has been set read-only
[  374.599521][ T5935] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  374.909356][ T5935] usb 5-1: Using ep0 maxpacket: 8
[  374.944947][ T5935] usb 5-1: config index 0 descriptor too short (expected 30, got 18)
[  374.967216][ T5935] usb 5-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  375.004942][ T5935] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  375.055139][ T5935] usb 5-1: Product: syz
[  375.063717][ T5935] usb 5-1: Manufacturer: syz
[  375.068333][ T5935] usb 5-1: SerialNumber: syz
[  375.120849][ T5935] usb 5-1: config 0 descriptor??
[  375.141972][ T5935] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  375.165178][ T5935] usb 5-1: setting power ON
[  375.179271][ T5935] dvb-usb: bulk message failed: -22 (2/0)
[  375.209553][ T5935] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  375.249697][ T5935] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  375.434742][ T8244] dvb-usb: bulk message failed: -22 (3/0)
[  375.524805][ T8244] cxusb: i2c wr: len=80 is too big!
[  375.524805][ T8244] 
[  376.066938][ T5935] usb 5-1: media controller created
[  376.094783][ T5935] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  376.118217][ T5935] usb 5-1: selecting invalid altsetting 6
[  376.125630][ T5935] usb 5-1: digital interface selection failed (-22)
[  376.132365][ T5935] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  376.144257][ T5935] usb 5-1: setting power OFF
[  376.153396][ T5935] dvb-usb: bulk message failed: -22 (2/0)
[  376.161727][ T5935] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  376.171278][ T5935] (NULL device *): no alternate interface
[  376.204912][ T5935] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  376.259742][ T5935] usb 5-1: USB disconnect, device number 5
[  377.052339][ T5843] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  377.068251][ T5843] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  377.076770][ T5843] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  377.086943][ T5843] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  377.096039][ T5843] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  377.373414][ T8274] vlan2: entered allmulticast mode
[  377.712051][ T8275] loop2: detected capacity change from 0 to 8192
[  378.207476][ T8287] fuse: Bad value for 'fd'
[  378.440907][ T8287] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000ff00)
[  378.448887][ T8287] FAT-fs (loop2): Filesystem has been set read-only
[  379.120277][ T5843] Bluetooth: hci6: command tx timeout
[  379.154964][ T8293] loop0: detected capacity change from 0 to 4096
[  379.170130][ T8293] ntfs3(loop0): Different NTFS sector size (2048) and media sector size (512).
[  379.223746][ T8267] chnl_net:caif_netlink_parms(): no params data found
[  379.260730][ T8298] netlink: 16 bytes leftover after parsing attributes in process `syz.2.661'.
[  379.299232][ T8293] ntfs3(loop0): Failed to initialize $Extend/$Reparse.
[  379.332771][ T8293] ntfs3(loop0): ino=5, mi_enum_attr
[  379.861330][ T8267] bridge0: port 1(bridge_slave_0) entered blocking state
[  379.884540][ T8267] bridge0: port 1(bridge_slave_0) entered disabled state
[  380.073138][ T8267] bridge_slave_0: entered allmulticast mode
[  380.309250][ T8267] bridge_slave_0: entered promiscuous mode
[  380.426551][ T8267] bridge0: port 2(bridge_slave_1) entered blocking state
[  380.492631][ T8267] bridge0: port 2(bridge_slave_1) entered disabled state
[  380.500391][ T8267] bridge_slave_1: entered allmulticast mode
[  380.512094][ T8267] bridge_slave_1: entered promiscuous mode
[  380.819263][   T24] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  381.199500][ T5843] Bluetooth: hci6: command tx timeout
[  383.279471][ T5843] Bluetooth: hci6: command tx timeout
[  384.012201][   T24] usb 6-1: device descriptor read/all, error -71
[  384.066103][ T8267] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  384.186538][ T8267] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  384.213872][ T6006] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  384.260216][ T8339] loop4: detected capacity change from 0 to 16
[  384.288327][ T8339] erofs (device loop4): mounted with root inode @ nid 36.
[  384.307764][ T8336] loop5: detected capacity change from 0 to 2048
[  384.399367][ T6006] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  384.469792][ T8341] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  384.481337][ T8267] team0: Port device team_slave_0 added
[  384.495568][ T6006] usb 3-1: New USB device found, idVendor=1044, idProduct=7a4d, bcdDevice= 0.00
[  384.521018][ T8267] team0: Port device team_slave_1 added
[  384.529858][ T6006] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  384.569362][ T5935] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  384.570145][ T6006] usb 3-1: config 0 descriptor??
[  384.755492][ T8341] NILFS (loop5): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[  384.799228][ T8341] NILFS error (device loop5): nilfs_bmap_propagate: broken bmap (inode number=4)
[  384.799262][ T5935] usb 5-1: Using ep0 maxpacket: 16
[  384.837716][ T5935] usb 5-1: config 0 has no interfaces?
[  384.850388][ T5935] usb 5-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  384.883917][ T5935] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  384.890700][ T8341] Remounting filesystem read-only
[  384.913135][ T5830] NILFS (loop5): disposed unprocessed dirty file(s) when stopping log writer
[  384.919547][ T5935] usb 5-1: Product: syz
[  384.926449][ T5935] usb 5-1: Manufacturer: syz
[  384.938125][ T5935] usb 5-1: SerialNumber: syz
[  384.950338][ T5935] usb 5-1: config 0 descriptor??
[  384.963960][ T8267] batman_adv: batadv0: Adding interface: batadv_slave_0
[  384.995584][ T8267] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  385.067464][ T8267] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  385.075126][ T6006] waterforce 0003:1044:7A4D.0015: unknown main item tag 0x0
[  385.117249][ T6006] waterforce 0003:1044:7A4D.0015: unknown main item tag 0x0
[  385.137590][ T6006] waterforce 0003:1044:7A4D.0015: unknown main item tag 0x0
[  385.161682][ T8267] batman_adv: batadv0: Adding interface: batadv_slave_1
[  385.188821][ T6006] waterforce 0003:1044:7A4D.0015: hidraw0: USB HID v0.00 Device [HID 1044:7a4d] on usb-dummy_hcd.2-1/input0
[  385.206829][ T5838] usb 5-1: USB disconnect, device number 6
[  385.213206][ T5843] Bluetooth: hci4: adv larger than maximum supported
[  385.213262][ T5843] Bluetooth: hci4: Malformed LE Event: 0x0d
[  385.228713][ T8267] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  385.257995][ T8267] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  385.359332][ T5843] Bluetooth: hci6: command tx timeout
[  385.389925][ T6006] waterforce 0003:1044:7A4D.0015: fw version request failed with -38
[  385.462971][ T6006] usb 3-1: USB disconnect, device number 10
[  385.528566][ T8344] fido_id[8344]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/3-1/report_descriptor': No such file or directory
[  385.540273][ T8267] hsr_slave_0: entered promiscuous mode
[  385.580139][ T8267] hsr_slave_1: entered promiscuous mode
[  385.586776][ T8267] debugfs: 'hsr0' already exists in 'hsr'
[  385.593154][ T8267] Cannot create hsr debugfs directory
[  385.641810][ T8337] loop0: detected capacity change from 0 to 32768
[  385.715103][ T8337] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  385.729429][ T8337] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  385.837658][ T8337] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms
[  385.953828][ T6006] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  385.977028][ T6006] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  386.499391][   T24] usb 3-1: new full-speed USB device number 11 using dummy_hcd
[  386.523045][ T6006] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 546ms
[  386.564264][ T6006] gfs2: fsid=syz:syz.0: jid=0: Done
[  386.583979][ T8337] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  386.702188][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  386.719922][ T8337] gfs2: fsid=syz:syz.0: gfs2_check_dirent: gfs2_dirent too small (not first in block)
[  386.739039][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  386.754212][ T8337] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error - inode = 12 2341, function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 590
[  386.760879][   T24] usb 3-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00
[  386.781691][ T8343] loop5: detected capacity change from 0 to 32768
[  386.814201][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  386.859563][ T8337] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:aqo t:SH d:EX/0 a:0 v:0 r:2 m:20 p:1
[  386.866428][   T24] usb 3-1: config 0 descriptor??
[  386.917836][ T8343] (syz.5.674,8343,0):ocfs2_block_check_validate:400 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  386.953235][ T8337] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:8337 [syz.0.670] __gfs2_lookup+0xa0/0x290
[  386.978846][ T8343] (syz.5.674,8343,0):ocfs2_block_check_validate:400 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  386.989494][ T8337] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  387.008499][ T8337] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  387.091460][ T8337] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  387.137268][ T8343] JBD2: Ignoring recovery information on journal
[  387.143764][ T8337] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  387.154473][ T8337] gfs2: fsid=syz:syz.0: File system withdrawn
[  387.176332][ T8337] CPU: 0 UID: 0 PID: 8337 Comm: syz.0.670 Not tainted syzkaller #0 PREEMPT(full) 
[  387.176385][ T8337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  387.176409][ T8337] Call Trace:
[  387.176422][ T8337]  <TASK>
[  387.176435][ T8337]  dump_stack_lvl+0x16c/0x1f0
[  387.176484][ T8337]  gfs2_withdraw+0xa8b/0x1130
[  387.176531][ T8337]  ? __pfx_gfs2_withdraw+0x10/0x10
[  387.176583][ T8337]  ? __pfx_gfs2_meta_read+0x10/0x10
[  387.176655][ T8337]  ? srso_alias_return_thunk+0x5/0xfbef5
[  387.176700][ T8337]  gfs2_dirent_scan+0x352/0x420
[  387.176753][ T8337]  ? __pfx_gfs2_dirent_find+0x10/0x10
[  387.176805][ T8337]  gfs2_dirent_search+0x44b/0x5b0
[  387.176845][ T8337]  ? __pfx_gfs2_dirent_find+0x10/0x10
[  387.176900][ T8337]  ? __pfx_gfs2_dirent_search+0x10/0x10
[  387.176946][ T8337]  ? gfs2_permission+0x333/0x500
[  387.176985][ T8337]  ? srso_alias_return_thunk+0x5/0xfbef5
[  387.177044][ T8337]  gfs2_dir_search+0x97/0x2e0
[  387.177093][ T8337]  ? __pfx_gfs2_dir_search+0x10/0x10
[  387.177147][ T8337]  gfs2_lookupi+0x4b7/0x6e0
[  387.177211][ T8337]  ? __pfx_gfs2_lookupi+0x10/0x10
[  387.177262][ T8337]  ? __gfs2_lookup+0xa0/0x290
[  387.177306][ T8337]  ? d_alloc_parallel+0x864/0x1510
[  387.177371][ T8337]  __gfs2_lookup+0xa0/0x290
[  387.177419][ T8337]  ? __pfx___gfs2_lookup+0x10/0x10
[  387.177479][ T8337]  ? srso_alias_return_thunk+0x5/0xfbef5
[  387.177523][ T8337]  ? srso_alias_return_thunk+0x5/0xfbef5
[  387.177560][ T8337]  ? lockdep_init_map_type+0x5c/0x280
[  387.177589][ T8337]  ? srso_alias_return_thunk+0x5/0xfbef5
[  387.177649][ T8337]  __lookup_slow+0x251/0x460
[  387.177693][ T8337]  ? __pfx___lookup_slow+0x10/0x10
[  387.177739][ T8337]  ? srso_alias_return_thunk+0x5/0xfbef5
[  387.177800][ T8337]  ? srso_alias_return_thunk+0x5/0xfbef5
[  387.177841][ T8337]  ? lookup_fast+0x156/0x610
[  387.177885][ T8337]  walk_component+0x353/0x5b0
[  387.177945][ T8337]  path_lookupat+0x142/0x6d0
[  387.178000][ T8337]  filename_lookup+0x224/0x5f0
[  387.178051][ T8337]  ? __pfx_filename_lookup+0x10/0x10
[  387.178141][ T8337]  ? __might_fault+0xe3/0x190
[  387.178179][ T8337]  ? __might_fault+0xe3/0x190
[  387.178226][ T8337]  ? srso_alias_return_thunk+0x5/0xfbef5
[  387.178285][ T8337]  filename_setxattr+0x9d/0x1d0
[  387.178332][ T8337]  ? __pfx_filename_setxattr+0x10/0x10
[  387.178394][ T8337]  ? getname_flags.part.0+0x1c5/0x550
[  387.178446][ T8337]  path_setxattrat+0x1de/0x2a0
[  387.178494][ T8337]  ? __pfx_path_setxattrat+0x10/0x10
[  387.178599][ T8337]  ? srso_alias_return_thunk+0x5/0xfbef5
[  387.178637][ T8337]  ? __x64_sys_openat+0x174/0x210
[  387.178685][ T8337]  ? srso_alias_return_thunk+0x5/0xfbef5
[  387.178729][ T8337]  ? xfd_validate_state+0x61/0x180
[  387.178782][ T8337]  __x64_sys_lsetxattr+0xc9/0x140
[  387.178843][ T8337]  ? do_syscall_64+0x91/0xfa0
[  387.178883][ T8337]  ? srso_alias_return_thunk+0x5/0xfbef5
[  387.178918][ T8337]  ? lockdep_hardirqs_on+0x7c/0x110
[  387.178955][ T8337]  do_syscall_64+0xcd/0xfa0
[  387.179002][ T8337]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  387.179038][ T8337] RIP: 0033:0x7f8a6ed8efc9
[  387.179061][ T8337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  387.179089][ T8337] RSP: 002b:00007f8a6fc88038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd
[  387.179126][ T8337] RAX: ffffffffffffffda RBX: 00007f8a6efe5fa0 RCX: 00007f8a6ed8efc9
[  387.179151][ T8337] RDX: 00002000000001c0 RSI: 00002000000000c0 RDI: 0000200000000140
[  387.179179][ T8337] RBP: 00007f8a6ee11f91 R08: 0000000000000000 R09: 0000000000000000
[  387.179203][ T8337] R10: 000000000000fe37 R11: 0000000000000246 R12: 0000000000000000
[  387.179226][ T8337] R13: 00007f8a6efe6038 R14: 00007f8a6efe5fa0 R15: 00007ffc8bc482a8
[  387.179277][ T8337]  </TASK>
[  387.575205][ T8267] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  387.598778][ T8343] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  387.652701][ T8267] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  387.733699][ T8267] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  387.764974][ T8267] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  387.783061][   T24] isku 0003:1E7D:319C.0016: hidraw0: USB HID v0.00 Device [HID 1e7d:319c] on usb-dummy_hcd.2-1/input0
[  387.978120][   T24] isku 0003:1E7D:319C.0016: couldn't init struct isku_device
[  388.045815][   T24] isku 0003:1E7D:319C.0016: couldn't install keyboard
[  388.084563][   T24] isku 0003:1E7D:319C.0016: probe with driver isku failed with error -71
[  388.143699][   T24] usb 3-1: USB disconnect, device number 11
[  388.171238][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[  388.177759][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  388.577070][ T5830] ocfs2: Unmounting device (7,5) on (node local)
[  388.668415][ T8267] 8021q: adding VLAN 0 to HW filter on device bond0
[  388.728845][ T8267] 8021q: adding VLAN 0 to HW filter on device team0
[  388.784850][ T6628] bridge0: port 1(bridge_slave_0) entered blocking state
[  388.792089][ T6628] bridge0: port 1(bridge_slave_0) entered forwarding state
[  388.835970][ T6628] bridge0: port 2(bridge_slave_1) entered blocking state
[  388.843226][ T6628] bridge0: port 2(bridge_slave_1) entered forwarding state
[  388.995998][ T8375] warning: `syz.1.681' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  389.270134][ T8384] netlink: 24 bytes leftover after parsing attributes in process `syz.1.684'.
[  390.715270][ T8267] 8021q: adding VLAN 0 to HW filter on device batadv0
[  390.894932][ T8413] loop0: detected capacity change from 0 to 512
[  391.050166][ T8413] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  391.127000][ T8413] ext4 filesystem being mounted at /112/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  391.334910][ T8425] IPVS: lblc: FWM 3 0x00000003 - no destination available
[  391.402296][ T8425] loop4: detected capacity change from 0 to 512
[  392.164184][ T5825] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  392.215566][ T8427] loop1: detected capacity change from 0 to 4096
[  392.602203][ T8267] veth0_vlan: entered promiscuous mode
[  392.669044][ T8267] veth1_vlan: entered promiscuous mode
[  393.604280][ T8267] veth0_macvtap: entered promiscuous mode
[  393.702252][ T8267] veth1_macvtap: entered promiscuous mode
[  393.797877][ T8267] batman_adv: batadv0: Interface activated: batadv_slave_0
[  393.877018][ T8267] batman_adv: batadv0: Interface activated: batadv_slave_1
[  393.914054][ T3447] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  393.940243][ T3447] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  393.973974][ T3447] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  393.987566][ T8453] loop1: detected capacity change from 0 to 8192
[  393.997616][ T3447] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  394.449595][ T8465] fuse: Bad value for 'fd'
[  394.781609][ T8465] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000ff00)
[  394.789674][ T8465] FAT-fs (loop1): Filesystem has been set read-only
[  395.220046][ T7450] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  395.274357][ T7450] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  395.300247][   T10] usb 3-1: new full-speed USB device number 12 using dummy_hcd
[  395.413239][ T6628] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  395.431679][ T6628] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  395.482315][   T10] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  395.529345][   T10] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  395.559307][   T10] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  395.611358][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  396.047046][   T10] usb 3-1: GET_CAPABILITIES returned 0
[  396.133794][ T8486] IPVS: lblc: FWM 3 0x00000003 - no destination available
[  397.017023][ T8486] loop1: detected capacity change from 0 to 512
[  397.056512][   T10] usbtmc 3-1:16.0: can't read capabilities
[  397.586736][   T10] usb 3-1: USB disconnect, device number 12
[  398.150240][ T8479] loop5: detected capacity change from 0 to 4096
[  398.434672][ T8479] ntfs3(loop5): Different NTFS sector size (2048) and media sector size (512).
[  398.710862][ T8479] ntfs3(loop5): Failed to initialize $Extend/$Reparse.
[  398.736896][ T8499] loop1: detected capacity change from 0 to 512
[  398.764190][ T8479] ntfs3(loop5): ino=5, mi_enum_attr
[  398.798729][ T8499] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002]
[  398.817955][ T8499] EXT4-fs (loop1): orphan cleanup on readonly fs
[  398.887594][ T8499] EXT4-fs warning (device loop1): ext4_enable_quotas:7176: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix.
[  398.956090][ T8499] EXT4-fs (loop1): Cannot turn on quotas: error -22
[  398.990212][ T8499] EXT4-fs error (device loop1): ext4_ext_check_inode:523: inode #13: comm syz.1.713: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0)
[  399.129946][ T8499] EXT4-fs error (device loop1): ext4_orphan_get:1395: comm syz.1.713: couldn't read orphan inode 13 (err -117)
[  399.166192][ T8499] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  399.275593][ T8499] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended
[  399.327416][ T8499] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002]
[  399.382305][ T8499] EXT4-fs warning (device loop1): ext4_enable_quotas:7176: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix.
[  399.434299][ T8506] loop2: detected capacity change from 0 to 8192
[  399.733090][ T5826] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  399.887100][ T8518] delete_channel: no stack
[  400.042195][ T8517] loop0: detected capacity change from 0 to 8192
[  400.533749][ T8531] fuse: Bad value for 'fd'
[  400.861500][ T8531] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000ff00)
[  400.869890][ T8531] FAT-fs (loop0): Filesystem has been set read-only
[  401.389280][ T8539] IPVS: lblc: FWM 3 0x00000003 - no destination available
[  401.451484][ T8539] loop5: detected capacity change from 0 to 512
[  401.674302][ T5908] IPVS: starting estimator thread 0...
[  402.411585][ T8540] IPVS: using max 20 ests per chain, 48000 per kthread
[  404.489309][ T5908] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  404.722131][ T5908] usb 5-1: New USB device found, idVendor=0c45, idProduct=6005, bcdDevice=b5.55
[  404.734922][ T5908] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  404.769393][ T5908] usb 5-1: Product: syz
[  404.780338][ T5908] usb 5-1: Manufacturer: syz
[  404.791260][ T5908] usb 5-1: SerialNumber: syz
[  404.816886][ T8565] netlink: 12 bytes leftover after parsing attributes in process `syz.2.735'.
[  404.819991][ T5908] usb 5-1: config 0 descriptor??
[  405.278623][ T5908] gspca_main: sonixb-2.14.0 probing 0c45:6005
[  405.910999][ T5908] sonixb 5-1:0.0: Error writing register 01: -110
[  405.917662][ T5908] sonixb 5-1:0.0: probe with driver sonixb failed with error -110
[  408.186096][   T24] usb 5-1: USB disconnect, device number 7
[  408.776866][ T8587] loop2: detected capacity change from 0 to 512
[  408.862026][ T8587] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  408.979249][   T10] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  409.872263][   T10] usb 6-1: config 1 has an invalid interface number: 7 but max is 0
[  409.889242][   T10] usb 6-1: config 1 has no interface number 0
[  409.895420][   T10] usb 6-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[  409.946874][   T10] usb 6-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  409.947654][ T5824] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  409.985342][   T10] usb 6-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  410.011875][ T8596] loop6: detected capacity change from 0 to 8192
[  410.041266][   T10] usb 6-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[  410.060771][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  410.079631][   T10] usb 6-1: Product: syz
[  410.130549][   T10] usb 6-1: Manufacturer: syz
[  410.135209][   T10] usb 6-1: SerialNumber: syz
[  410.181289][ T8584] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  410.477642][ T8584] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  411.118580][   T10] sierra_net 6-1:1.7 wwan0: register 'sierra_net' at usb-dummy_hcd.5-1, Sierra Wireless USB-to-WWAN Modem, 00:00:00:00:01:07
[  411.270425][ T8610] loop1: detected capacity change from 0 to 8192
[  411.789477][ T5828] jfs_flush_journal: synclist not empty
[  411.795660][ T5915] usb 1-1: new full-speed USB device number 10 using dummy_hcd
[  411.804887][   T10] sierra_net 6-1:1.7 wwan0: Submit SYNC failed -71
[  411.813788][ T5828] metapage: ffff888079514000: 00001000 00000000 00003938 00000000
[  411.829393][   T10] sierra_net 6-1:1.7 wwan0: Send SYNC failed, status -71
[  411.855372][   T10] usb 6-1: USB disconnect, device number 9
[  411.864514][   T10] sierra_net 6-1:1.7 wwan0: unregister 'sierra_net' usb-dummy_hcd.5-1, Sierra Wireless USB-to-WWAN Modem
[  411.872674][ T5828] metapage: ffff888079514010: 1e7a53f0 ffff8880 72c11a28 ffff8880
[  411.960783][ T5828] metapage: ffff888079514020: 00000004 00000000 00000000 00000000
[  411.968827][ T5828] metapage: ffff888079514030: 28505000 ffff8880 0000002d 00000000
[  412.016708][ T8622] fuse: Bad value for 'fd'
[  412.036496][ T8622] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000ff00)
[  412.044553][ T8622] FAT-fs (loop1): Filesystem has been set read-only
[  412.298690][ T5828] metapage: ffff888079514040: 00000000 dead4ead ffffffff 00000000
[  412.378513][ T5828] metapage: ffff888079514050: ffffffff ffffffff 9ac0d2c0 ffffffff
[  412.430401][ T5828] metapage: ffff888079514060: 95b0e980 ffffffff 00000000 00000000
[  412.479491][ T5828] metapage: ffff888079514070: 8bcea8e0 ffffffff 00000300 00000000
[  412.530345][ T5828] metapage: ffff888079514080: 79514080 ffff8880 79514080 ffff8880
[  412.575205][ T5828] metapage: ffff888079514090: 00a14140 ffffea00 24e4c000 ffff8880
[  412.614681][ T5828] metapage: ffff8880795140a0: 00001000 00003e24 00000000 00000000
[  412.652131][ T5828] metapage: ffff8880795140b0: 72c11800 ffff8880
[  412.658453][ T5828] page: ffffea0000a14140: 00fff2000000403c ffffea0001e55d08
[  412.681784][ T5828] page: ffffea0000a14150: ffff88801be99a60 0000000000000000
[  412.711376][ T5915] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  412.741305][ T5828] page: ffffea0000a14160: 000000000000002d ffff888079514000
[  412.748770][ T5915] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  412.789594][ T5828] page: ffffea0000a14170: 00000001ffffffff ffff888140ad2700
[  412.796982][ T5828] metapage: ffff88801e7a53e0: 00001000 00000000 00003cb0 00000000
[  412.816273][   T10] sierra_net 6-1:1.7 wwan0 (unregistered): usb_control_msg failed, status -19
[  412.828631][ T5915] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  412.852930][ T5828] metapage: ffff88801e7a53f0: 7755b010 ffff8880 79514010 ffff8880
[  412.868287][ T5915] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  412.899333][ T5828] metapage: ffff88801e7a5400: 00000004 00000000 00000000 00000000
[  412.934808][ T5828] metapage: ffff88801e7a5410: 26bbe000 ffff8880 00000030 00000000
[  413.000214][ T5828] metapage: ffff88801e7a5420: 00000000 dead4ead ffffffff 00000000
[  413.038640][ T5828] metapage: ffff88801e7a5430: ffffffff ffffffff 9ac0d2c0 ffffffff
[  413.094060][ T5828] metapage: ffff88801e7a5440: 95b0e980 ffffffff 00000000 00000000
[  413.123198][ T5828] metapage: ffff88801e7a5450: 8bcea8e0 ffffffff 00000300 00000000
[  413.142970][ T5828] metapage: ffff88801e7a5460: 1e7a5460 ffff8880 1e7a5460 ffff8880
[  413.167568][ T5915] usb 1-1: GET_CAPABILITIES returned 0
[  413.181129][ T5828] metapage: ffff88801e7a5470: 009aef80 ffffea00 24e4c000 ffff8880
[  413.204029][ T5915] usbtmc 1-1:16.0: can't read capabilities
[  413.232036][ T5828] metapage: ffff88801e7a5480: 00001000 00003e24 00000000 00000000
[  413.279328][ T5828] metapage: ffff88801e7a5490: 72c11800 ffff8880
[  413.307917][ T5828] page: ffffea00009aef80: 00fff2800000403c ffffea0001f810c8
[  413.348064][ T5828] page: ffffea00009aef90: ffffea0001e5f588 0000000000000000
[  413.397869][ T5828] page: ffffea00009aefa0: 0000000000000030 ffff88801e7a53e0
[  413.449696][ T5828] page: ffffea00009aefb0: 00000001ffffffff ffff888140ad2700
[  413.457265][ T5828] metapage: ffff88807755b000: 00001000 00000000 00003d58 00000000
[  413.469115][ T8619] usbtmc 1-1:16.0: send_request_dev_dep_msg_in returned -90
[  413.503239][   T10] usb 1-1: USB disconnect, device number 10
[  413.511225][ T5828] metapage: ffff88807755b010: 72c11a28 ffff8880 1e7a53f0 ffff8880
[  413.543699][ T5828] metapage: ffff88807755b020: 00000004 00000000 00000000 00000000
[  413.575039][ T5828] metapage: ffff88807755b030: 27c0a000 ffff8880 0000001c 00000000
[  413.612418][ T5828] metapage: ffff88807755b040: 00000000 dead4ead ffffffff 00000000
[  413.630812][ T5828] metapage: ffff88807755b050: ffffffff ffffffff 9ac0d2c0 ffffffff
[  413.713820][ T5828] metapage: ffff88807755b060: 95b0e980 ffffffff 00000000 00000000
[  413.811230][ T5828] metapage: ffff88807755b070: 8bcea8e0 ffffffff 00000300 00000000
[  413.974703][ T5828] metapage: ffff88807755b080: 7755b080 ffff8880 7755b080 ffff8880
[  414.092608][ T5828] metapage: ffff88807755b090: 009f0280 ffffea00 24e4c000 ffff8880
[  414.288039][ T5828] metapage: ffff88807755b0a0: 00001000 00003e24 00000000 00000000
[  414.407980][ T5828] metapage: ffff88807755b0b0: 72c11800 ffff8880
[  414.414350][ T5828] page: ffffea00009f0280: 00fff2800000403c ffffea0001cf7c08
[  414.421783][ T5828] page: ffffea00009f0290: ffffea0001faa748 0000000000000000
[  414.429082][ T5828] page: ffffea00009f02a0: 000000000000001c ffff88807755b000
[  414.436618][ T5828] page: ffffea00009f02b0: 00000001ffffffff ffff888140ad2700
[  414.452388][ T5828] read_mapping_page failed!
[  414.456904][ T5828] diWriteSpecial: failed to read aggregate inode extent!
[  416.088710][ T8663] loop2: detected capacity change from 0 to 8192
[  417.369375][ T5908] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  417.398633][ T8687] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000ff00)
[  417.410007][ T8687] FAT-fs (loop2): Filesystem has been set read-only
[  522.819191][    C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  522.826189][    C0] rcu: 	1-...!: (0 ticks this GP) idle=233c/1/0x4000000000000000 softirq=34573/34574 fqs=2
[  522.837709][    C0] rcu: 	(detected by 0, t=10502 jiffies, g=29589, q=528 ncpus=2)
[  522.845460][    C0] Sending NMI from CPU 0 to CPUs 1:
[  522.845498][    C1] NMI backtrace for cpu 1
[  522.845519][    C1] CPU: 1 UID: 0 PID: 8640 Comm: syz.4.761 Not tainted syzkaller #0 PREEMPT(full) 
[  522.845573][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  522.845593][    C1] RIP: 0010:rcu_is_watching+0x80/0xc0
[  522.845642][    C1] Code: 89 da 48 c1 ea 03 0f b6 14 02 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 24 8b 03 c1 e8 02 83 e0 01 65 ff 0d 00 78 ff 11 <74> 07 5b 5d e9 d2 78 6e ff e8 82 1e 8a ff 5b 5d e9 c6 78 6e ff 48
[  522.845674][    C1] RSP: 0018:ffffc90000a08d30 EFLAGS: 00000082
[  522.845699][    C1] RAX: 0000000000000001 RBX: ffff8880b85332a8 RCX: ffffffff896a4547
[  522.845721][    C1] RDX: 0000000000000000 RSI: ffffffff8bf07240 RDI: ffffffff8dcd0ee8
[  522.845742][    C1] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
[  522.845761][    C1] R10: 0000000000000001 R11: 0000000000000001 R12: ffffffff896a436c
[  522.845782][    C1] R13: 18771ede74000000 R14: 0000000000000002 R15: ffff888034ec2810
[  522.845805][    C1] FS:  0000000000000000(0000) GS:ffff888124b0c000(0000) knlGS:0000000000000000
[  522.845833][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  522.845854][    C1] CR2: 000000110c31f06d CR3: 00000000566be000 CR4: 0000000000350ef0
[  522.845875][    C1] Call Trace:
[  522.845891][    C1]  <IRQ>
[  522.845904][    C1]  lock_release+0x201/0x2f0
[  522.845961][    C1]  advance_sched+0x6f1/0xc80
[  522.846015][    C1]  ? __pfx_advance_sched+0x10/0x10
[  522.846056][    C1]  __hrtimer_run_queues+0x202/0xad0
[  522.846104][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  522.846143][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  522.846187][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  522.846225][    C1]  ? rcu_is_watching+0x12/0xc0
[  522.846270][    C1]  hrtimer_interrupt+0x397/0x8e0
[  522.846322][    C1]  __sysvec_apic_timer_interrupt+0x10b/0x3f0
[  522.846358][    C1]  sysvec_apic_timer_interrupt+0x9f/0xc0
[  522.846394][    C1]  </IRQ>
[  522.846404][    C1]  <TASK>
[  522.846415][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  522.846451][    C1] RIP: 0010:_raw_spin_unlock_irqrestore+0x31/0x80
[  522.846487][    C1] Code: f5 53 48 8b 74 24 10 48 89 fb 48 83 c7 18 e8 16 c9 37 f6 48 89 df e8 fe 1c 38 f6 f7 c5 00 02 00 00 75 23 9c 58 f6 c4 02 75 37 <bf> 01 00 00 00 e8 45 26 28 f6 65 8b 05 7e 35 40 08 85 c0 74 16 5b
[  522.846519][    C1] RSP: 0018:ffffc9000aff7388 EFLAGS: 00000246
[  522.846543][    C1] RAX: 0000000000000006 RBX: ffffffff9ad0dad0 RCX: 0000000000000006
[  522.846563][    C1] RDX: 0000000000000000 RSI: ffffffff8da2897d RDI: ffffffff8bf072c0
[  522.846584][    C1] RBP: 0000000000000286 R08: 0000000000000001 R09: 0000000000000001
[  522.846604][    C1] R10: ffffffff90822cd7 R11: 0000000000000001 R12: dffffc0000000000
[  522.846624][    C1] R13: 000000000000042e R14: 0000000000000005 R15: ffff88804d400000
[  522.846661][    C1]  debug_check_no_obj_freed+0x31f/0x600
[  522.846710][    C1]  ? __pfx_debug_check_no_obj_freed+0x10/0x10
[  522.846759][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  522.846802][    C1]  free_unref_folios+0x359/0x1610
[  522.846856][    C1]  folios_put_refs+0x4be/0x750
[  522.846911][    C1]  ? __pfx_folios_put_refs+0x10/0x10
[  522.846962][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  522.847001][    C1]  ? mlock_drain_local+0x24c/0x4f0
[  522.847048][    C1]  truncate_inode_pages_range+0x311/0xe50
[  522.847087][    C1]  ? __pfx_truncate_inode_pages_range+0x10/0x10
[  522.847141][    C1]  ? smp_call_function_many_cond+0x1239/0x1600
[  522.847187][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  522.847226][    C1]  ? lockdep_hardirqs_on+0x7c/0x110
[  522.847260][    C1]  ? __pfx_invalidate_bh_lru+0x10/0x10
[  522.847293][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  522.847331][    C1]  ? smp_call_function_many_cond+0x457/0x1600
[  522.847402][    C1]  ? __pfx_invalidate_bh_lru+0x10/0x10
[  522.847434][    C1]  ? __pfx_has_bh_in_lru+0x10/0x10
[  522.847489][    C1]  blkdev_flush_mapping+0xfb/0x290
[  522.847539][    C1]  ? filemap_check_errors+0xa9/0x160
[  522.847573][    C1]  blkdev_put_whole+0xc4/0xf0
[  522.847622][    C1]  bdev_release+0x47e/0x6d0
[  522.847657][    C1]  ? __pfx_blkdev_release+0x10/0x10
[  522.847689][    C1]  blkdev_release+0x15/0x20
[  522.847719][    C1]  __fput+0x402/0xb70
[  522.847759][    C1]  task_work_run+0x150/0x240
[  522.847795][    C1]  ? __pfx_task_work_run+0x10/0x10
[  522.847830][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  522.847869][    C1]  ? do_raw_spin_unlock+0x172/0x230
[  522.847914][    C1]  do_exit+0x86f/0x2bf0
[  522.847962][    C1]  ? __pfx___might_resched+0x10/0x10
[  522.848008][    C1]  ? __pfx_do_exit+0x10/0x10
[  522.848055][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  522.848094][    C1]  ? do_raw_spin_lock+0x12c/0x2b0
[  522.848128][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  522.848166][    C1]  ? find_held_lock+0x2b/0x80
[  522.848210][    C1]  do_group_exit+0xd3/0x2a0
[  522.848262][    C1]  get_signal+0x2671/0x26d0
[  522.848309][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  522.848347][    C1]  ? lock_acquire+0x179/0x350
[  522.848376][    C1]  ? __pfx_get_signal+0x10/0x10
[  522.848418][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  522.848456][    C1]  ? find_held_lock+0x2b/0x80
[  522.848499][    C1]  arch_do_signal_or_restart+0x8f/0x7c0
[  522.848543][    C1]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  522.848590][    C1]  ? find_held_lock+0x2b/0x80
[  522.848636][    C1]  exit_to_user_mode_loop+0x85/0x130
[  522.848673][    C1]  do_syscall_64+0x426/0xfa0
[  522.848712][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  522.848744][    C1] RIP: 0033:0x7f6e2ff8efc9
[  522.848767][    C1] Code: Unable to access opcode bytes at 0x7f6e2ff8ef9f.
[  522.848782][    C1] RSP: 002b:00007f6e30e69038 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[  522.848811][    C1] RAX: fffffffffffffe00 RBX: 00007f6e301e5fa0 RCX: 00007f6e2ff8efc9
[  522.848832][    C1] RDX: 0000000000000006 RSI: 0000000000000000 RDI: 0000000000000007
[  522.848852][    C1] RBP: 00007f6e30011f91 R08: 000000000000fea8 R09: 000000000000000a
[  522.848872][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  522.848895][    C1] R13: 00007f6e301e6038 R14: 00007f6e301e5fa0 R15: 00007ffe0620ea68
[  522.848930][    C1]  </TASK>
[  522.849493][    C0] rcu: rcu_preempt kthread starved for 10490 jiffies! g29589 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
[  523.447685][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  523.457664][    C0] rcu: RCU grace-period kthread stack dump:
[  523.463551][    C0] task:rcu_preempt     state:R  running task     stack:27816 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00080000
[  523.477565][    C0] Call Trace:
[  523.480850][    C0]  <TASK>
[  523.483799][    C0]  __schedule+0x1190/0x5de0
[  523.488323][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  523.493994][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  523.499647][    C0]  ? __lock_acquire+0x622/0x1c90
[  523.504651][    C0]  ? __pfx___schedule+0x10/0x10
[  523.509526][    C0]  ? find_held_lock+0x2b/0x80
[  523.514226][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  523.519889][    C0]  schedule+0xe7/0x3a0
[  523.524069][    C0]  schedule_timeout+0x123/0x290
[  523.528953][    C0]  ? __pfx_schedule_timeout+0x10/0x10
[  523.534360][    C0]  ? __pfx_process_timeout+0x10/0x10
[  523.539676][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  523.545324][    C0]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  523.551140][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  523.556792][    C0]  ? prepare_to_swait_event+0xf5/0x480
[  523.562296][    C0]  rcu_gp_fqs_loop+0x1ea/0xaf0
[  523.567072][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  523.572723][    C0]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  523.578020][    C0]  ? lockdep_hardirqs_on+0x7c/0x110
[  523.583236][    C0]  ? __pfx_rcu_gp_init+0x10/0x10
[  523.588180][    C0]  ? rcu_gp_cleanup+0x7c1/0xd90
[  523.593047][    C0]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  523.598872][    C0]  rcu_gp_kthread+0x26d/0x380
[  523.603564][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  523.608770][    C0]  ? rcu_is_watching+0x12/0xc0
[  523.613560][    C0]  ? lockdep_hardirqs_on+0x7c/0x110
[  523.618781][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  523.624434][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  523.630085][    C0]  ? __kthread_parkme+0x19e/0x250
[  523.635141][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  523.640352][    C0]  kthread+0x3c5/0x780
[  523.644432][    C0]  ? __pfx_kthread+0x10/0x10
[  523.649035][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  523.654687][    C0]  ? rcu_is_watching+0x12/0xc0
[  523.659478][    C0]  ? __pfx_kthread+0x10/0x10
[  523.664080][    C0]  ret_from_fork+0x675/0x7d0
[  523.668702][    C0]  ? __pfx_kthread+0x10/0x10
[  523.673303][    C0]  ret_from_fork_asm+0x1a/0x30
[  523.678118][    C0]  </TASK>
[  523.681132][    C0] rcu: Stack dump where RCU GP kthread last ran:
[  523.687451][    C0] CPU: 0 UID: 0 PID: 6627 Comm: kworker/u8:14 Not tainted syzkaller #0 PREEMPT(full) 
[  523.697005][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  523.707061][    C0] Workqueue: events_unbound toggle_allocation_gate
[  523.713603][    C0] RIP: 0010:smp_call_function_many_cond+0xdfd/0x1600
[  523.720310][    C0] Code: 57 48 8b 54 24 10 4c 89 74 24 10 49 89 d5 48 89 d5 48 89 54 24 18 49 c1 ed 03 83 e5 07 4d 01 e5 83 c5 03 e8 a5 0d 0c 00 f3 90 <41> 0f b6 45 00 40 38 c5 7c 08 84 c0 0f 85 e0 05 00 00 8b 43 08 31
[  523.739941][    C0] RSP: 0018:ffffc9001e247878 EFLAGS: 00000293
[  523.746023][    C0] RAX: 0000000000000000 RBX: ffff8880b8540460 RCX: ffffffff81b0ec81
[  523.754085][    C0] RDX: ffff888027eb1e40 RSI: ffffffff81b0ec5b RDI: 0000000000000005
[  523.762063][    C0] RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000000
[  523.770039][    C0] R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000
[  523.778013][    C0] R13: ffffed10170a808d R14: 0000000000000001 R15: 0000000000000001
[  523.785994][    C0] FS:  0000000000000000(0000) GS:ffff888124a0c000(0000) knlGS:0000000000000000
[  523.794930][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  523.801520][    C0] CR2: 00007f9bbce65000 CR3: 000000000e182000 CR4: 0000000000350ef0
[  523.809495][    C0] Call Trace:
[  523.812774][    C0]  <TASK>
[  523.815710][    C0]  ? __pfx_do_sync_core+0x10/0x10
[  523.820764][    C0]  ? __pfx_smp_call_function_many_cond+0x10/0x10
[  523.827135][    C0]  ? __pfx___text_poke+0x10/0x10
[  523.832093][    C0]  ? __pfx_do_sync_core+0x10/0x10
[  523.837129][    C0]  on_each_cpu_cond_mask+0x40/0x90
[  523.842269][    C0]  ? __kmalloc_node_track_caller_noprof+0xf4/0x8a0
[  523.848804][    C0]  smp_text_poke_batch_finish+0x27b/0xdb0
[  523.854744][    C0]  ? __pfx___mutex_lock+0x10/0x10
[  523.860232][    C0]  ? __pfx_smp_text_poke_batch_finish+0x10/0x10
[  523.866504][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  523.872155][    C0]  ? arch_jump_label_transform_queue+0xc0/0x120
[  523.878438][    C0]  ? find_held_lock+0x2b/0x80
[  523.883178][    C0]  arch_jump_label_transform_apply+0x1c/0x30
[  523.889185][    C0]  jump_label_update+0x376/0x550
[  523.894142][    C0]  static_key_enable_cpuslocked+0x1b7/0x270
[  523.900051][    C0]  static_key_enable+0x1a/0x20
[  523.904825][    C0]  toggle_allocation_gate+0xfa/0x280
[  523.910145][    C0]  ? __pfx_toggle_allocation_gate+0x10/0x10
[  523.916156][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  523.921811][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  523.927458][    C0]  ? rcu_is_watching+0x12/0xc0
[  523.932243][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  523.937895][    C0]  process_one_work+0x9cf/0x1b70
[  523.942861][    C0]  ? __pfx_nsim_dev_trap_report_work+0x10/0x10
[  523.949046][    C0]  ? __pfx_process_one_work+0x10/0x10
[  523.954434][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  523.960095][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  523.965745][    C0]  ? assign_work+0x1a0/0x250
[  523.970353][    C0]  worker_thread+0x6c8/0xf10
[  523.974983][    C0]  ? __pfx_worker_thread+0x10/0x10
[  523.980106][    C0]  kthread+0x3c5/0x780
[  523.984185][    C0]  ? __pfx_kthread+0x10/0x10
[  523.988786][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  523.994435][    C0]  ? rcu_is_watching+0x12/0xc0
[  523.999221][    C0]  ? __pfx_kthread+0x10/0x10
[  524.003824][    C0]  ret_from_fork+0x675/0x7d0
[  524.008443][    C0]  ? __pfx_kthread+0x10/0x10
[  524.013042][    C0]  ret_from_fork_asm+0x1a/0x30
[  524.017855][    C0]  </TASK>
[  661.769972][    C0] watchdog: BUG: soft lockup - CPU#0 stuck for 246s! [kworker/u8:14:6627]
[  661.770007][    C0] Modules linked in:
[  661.770024][    C0] irq event stamp: 1591532
[  661.770037][    C0] hardirqs last  enabled at (1591531): [<ffffffff8b5e5d6b>] irqentry_exit+0x3b/0x90
[  661.770089][    C0] hardirqs last disabled at (1591532): [<ffffffff8b5e47ce>] sysvec_apic_timer_interrupt+0xe/0xc0
[  661.770135][    C0] softirqs last  enabled at (1591528): [<ffffffff817d358e>] handle_softirqs+0x5be/0x8e0
[  661.770191][    C0] softirqs last disabled at (1591523): [<ffffffff817d3a49>] __irq_exit_rcu+0x109/0x170
[  661.770247][    C0] CPU: 0 UID: 0 PID: 6627 Comm: kworker/u8:14 Not tainted syzkaller #0 PREEMPT(full) 
[  661.770289][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  661.770313][    C0] Workqueue: events_unbound toggle_allocation_gate
[  661.770368][    C0] RIP: 0010:smp_call_function_many_cond+0xe02/0x1600
[  661.770422][    C0] Code: 10 4c 89 74 24 10 49 89 d5 48 89 d5 48 89 54 24 18 49 c1 ed 03 83 e5 07 4d 01 e5 83 c5 03 e8 a5 0d 0c 00 f3 90 41 0f b6 45 00 <40> 38 c5 7c 08 84 c0 0f 85 e0 05 00 00 8b 43 08 31 ff 83 e0 01 41
[  661.770457][    C0] RSP: 0018:ffffc9001e247878 EFLAGS: 00000293
[  661.770483][    C0] RAX: 0000000000000000 RBX: ffff8880b8540460 RCX: ffffffff81b0ec81
[  661.770506][    C0] RDX: ffff888027eb1e40 RSI: ffffffff81b0ec5b RDI: 0000000000000005
[  661.770529][    C0] RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000000
[  661.770551][    C0] R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000
[  661.770573][    C0] R13: ffffed10170a808d R14: 0000000000000001 R15: 0000000000000001
[  661.770598][    C0] FS:  0000000000000000(0000) GS:ffff888124a0c000(0000) knlGS:0000000000000000
[  661.770629][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  661.770652][    C0] CR2: 00007f9bbce65000 CR3: 000000000e182000 CR4: 0000000000350ef0
[  661.770675][    C0] Call Trace:
[  661.770686][    C0]  <TASK>
[  661.770707][    C0]  ? __pfx_do_sync_core+0x10/0x10
[  661.770758][    C0]  ? __pfx_smp_call_function_many_cond+0x10/0x10
[  661.770823][    C0]  ? __pfx___text_poke+0x10/0x10
[  661.770864][    C0]  ? __pfx_do_sync_core+0x10/0x10
[  661.770903][    C0]  on_each_cpu_cond_mask+0x40/0x90
[  661.770955][    C0]  ? __kmalloc_node_track_caller_noprof+0xf4/0x8a0
[  661.771011][    C0]  smp_text_poke_batch_finish+0x27b/0xdb0
[  661.771060][    C0]  ? __pfx___mutex_lock+0x10/0x10
[  661.771106][    C0]  ? __pfx_smp_text_poke_batch_finish+0x10/0x10
[  661.771160][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  661.771207][    C0]  ? arch_jump_label_transform_queue+0xc0/0x120
[  661.771255][    C0]  ? find_held_lock+0x2b/0x80
[  661.771311][    C0]  arch_jump_label_transform_apply+0x1c/0x30
[  661.771360][    C0]  jump_label_update+0x376/0x550
[  661.771403][    C0]  static_key_enable_cpuslocked+0x1b7/0x270
[  661.771444][    C0]  static_key_enable+0x1a/0x20
[  661.771482][    C0]  toggle_allocation_gate+0xfa/0x280
[  661.771539][    C0]  ? __pfx_toggle_allocation_gate+0x10/0x10
[  661.771597][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  661.771644][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  661.771686][    C0]  ? rcu_is_watching+0x12/0xc0
[  661.771735][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  661.771779][    C0]  process_one_work+0x9cf/0x1b70
[  661.771833][    C0]  ? __pfx_nsim_dev_trap_report_work+0x10/0x10
[  661.771891][    C0]  ? __pfx_process_one_work+0x10/0x10
[  661.771930][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  661.771983][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  661.772025][    C0]  ? assign_work+0x1a0/0x250
[  661.772063][    C0]  worker_thread+0x6c8/0xf10
[  661.772123][    C0]  ? __pfx_worker_thread+0x10/0x10
[  661.772161][    C0]  kthread+0x3c5/0x780
[  661.772201][    C0]  ? __pfx_kthread+0x10/0x10
[  661.772237][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  661.772279][    C0]  ? rcu_is_watching+0x12/0xc0
[  661.772325][    C0]  ? __pfx_kthread+0x10/0x10
[  661.772361][    C0]  ret_from_fork+0x675/0x7d0
[  661.772416][    C0]  ? __pfx_kthread+0x10/0x10
[  661.772451][    C0]  ret_from_fork_asm+0x1a/0x30
[  661.772526][    C0]  </TASK>
[  661.772538][    C0] Sending NMI from CPU 0 to CPUs 1:
[  662.163589][    C1] NMI backtrace for cpu 1
[  662.163609][    C1] CPU: 1 UID: 0 PID: 8640 Comm: syz.4.761 Not tainted syzkaller #0 PREEMPT(full) 
[  662.163647][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  662.163667][    C1] RIP: 0010:advance_sched+0x269/0xc80
[  662.163715][    C1] Code: bb 52 f8 48 8b 04 24 4c 8d b5 10 01 00 00 48 8d b8 40 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 <0f> 85 2f 09 00 00 48 8b 04 24 48 8d bd 28 01 00 00 48 89 fa 4c 8b
[  662.163747][    C1] RSP: 0018:ffffc90000a08d90 EFLAGS: 00000046
[  662.163772][    C1] RAX: dffffc0000000000 RBX: ffff8880785dd340 RCX: ffffffff896a3eb4
[  662.163794][    C1] RDX: 1ffff110069d8528 RSI: ffffffff896a3ec2 RDI: ffff888034ec2940
[  662.163815][    C1] RBP: ffff88804e4b3400 R08: 0000000000000006 R09: 187f45b95c000000
[  662.163836][    C1] R10: 0000000000000000 R11: 0000000000000001 R12: 187f45b95c000000
[  662.163856][    C1] R13: 0000000000000000 R14: ffff88804e4b3510 R15: ffffffff896a3c80
[  662.163880][    C1] FS:  0000000000000000(0000) GS:ffff888124b0c000(0000) knlGS:0000000000000000
[  662.163908][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  662.163929][    C1] CR2: 000000110c31f06d CR3: 00000000566be000 CR4: 0000000000350ef0
[  662.163950][    C1] Call Trace:
[  662.163961][    C1]  <IRQ>
[  662.163974][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  662.164015][    C1]  ? find_held_lock+0x2b/0x80
[  662.164059][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  662.164098][    C1]  ? do_raw_spin_unlock+0x172/0x230
[  662.164136][    C1]  ? __pfx_advance_sched+0x10/0x10
[  662.164180][    C1]  __hrtimer_run_queues+0x202/0xad0
[  662.164228][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  662.164268][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  662.164309][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  662.164348][    C1]  ? rcu_is_watching+0x12/0xc0
[  662.164392][    C1]  hrtimer_interrupt+0x397/0x8e0
[  662.164444][    C1]  __sysvec_apic_timer_interrupt+0x10b/0x3f0
[  662.164480][    C1]  sysvec_apic_timer_interrupt+0x9f/0xc0
[  662.164517][    C1]  </IRQ>
[  662.164527][    C1]  <TASK>
[  662.164538][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  662.164573][    C1] RIP: 0010:_raw_spin_unlock_irqrestore+0x31/0x80
[  662.164609][    C1] Code: f5 53 48 8b 74 24 10 48 89 fb 48 83 c7 18 e8 16 c9 37 f6 48 89 df e8 fe 1c 38 f6 f7 c5 00 02 00 00 75 23 9c 58 f6 c4 02 75 37 <bf> 01 00 00 00 e8 45 26 28 f6 65 8b 05 7e 35 40 08 85 c0 74 16 5b
[  662.164640][    C1] RSP: 0018:ffffc9000aff7388 EFLAGS: 00000246
[  662.164664][    C1] RAX: 0000000000000006 RBX: ffffffff9ad0dad0 RCX: 0000000000000006
[  662.164684][    C1] RDX: 0000000000000000 RSI: ffffffff8da2897d RDI: ffffffff8bf072c0
[  662.164705][    C1] RBP: 0000000000000286 R08: 0000000000000001 R09: 0000000000000001
[  662.164724][    C1] R10: ffffffff90822cd7 R11: 0000000000000001 R12: dffffc0000000000
[  662.164745][    C1] R13: 000000000000042e R14: 0000000000000005 R15: ffff88804d400000
[  662.164781][    C1]  debug_check_no_obj_freed+0x31f/0x600
[  662.164830][    C1]  ? __pfx_debug_check_no_obj_freed+0x10/0x10
[  662.164879][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  662.164922][    C1]  free_unref_folios+0x359/0x1610
[  662.164975][    C1]  folios_put_refs+0x4be/0x750
[  662.165027][    C1]  ? __pfx_folios_put_refs+0x10/0x10
[  662.165077][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  662.165115][    C1]  ? mlock_drain_local+0x24c/0x4f0
[  662.165166][    C1]  truncate_inode_pages_range+0x311/0xe50
[  662.165205][    C1]  ? __pfx_truncate_inode_pages_range+0x10/0x10
[  662.165259][    C1]  ? smp_call_function_many_cond+0x1239/0x1600
[  662.165305][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  662.165344][    C1]  ? lockdep_hardirqs_on+0x7c/0x110
[  662.165378][    C1]  ? __pfx_invalidate_bh_lru+0x10/0x10
[  662.165411][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  662.165449][    C1]  ? smp_call_function_many_cond+0x457/0x1600
[  662.165519][    C1]  ? __pfx_invalidate_bh_lru+0x10/0x10
[  662.165551][    C1]  ? __pfx_has_bh_in_lru+0x10/0x10
[  662.165605][    C1]  blkdev_flush_mapping+0xfb/0x290
[  662.165656][    C1]  ? filemap_check_errors+0xa9/0x160
[  662.165689][    C1]  blkdev_put_whole+0xc4/0xf0
[  662.165738][    C1]  bdev_release+0x47e/0x6d0
[  662.165772][    C1]  ? __pfx_blkdev_release+0x10/0x10
[  662.165822][    C1]  blkdev_release+0x15/0x20
[  662.165852][    C1]  __fput+0x402/0xb70
[  662.165892][    C1]  task_work_run+0x150/0x240
[  662.165928][    C1]  ? __pfx_task_work_run+0x10/0x10
[  662.165963][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  662.166001][    C1]  ? do_raw_spin_unlock+0x172/0x230
[  662.166042][    C1]  do_exit+0x86f/0x2bf0
[  662.166088][    C1]  ? __pfx___might_resched+0x10/0x10
[  662.166135][    C1]  ? __pfx_do_exit+0x10/0x10
[  662.166185][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  662.166224][    C1]  ? do_raw_spin_lock+0x12c/0x2b0
[  662.166258][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  662.166295][    C1]  ? find_held_lock+0x2b/0x80
[  662.166340][    C1]  do_group_exit+0xd3/0x2a0
[  662.166390][    C1]  get_signal+0x2671/0x26d0
[  662.166438][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  662.166476][    C1]  ? lock_acquire+0x179/0x350
[  662.166504][    C1]  ? __pfx_get_signal+0x10/0x10
[  662.166546][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  662.166585][    C1]  ? find_held_lock+0x2b/0x80
[  662.166628][    C1]  arch_do_signal_or_restart+0x8f/0x7c0
[  662.166670][    C1]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  662.166717][    C1]  ? find_held_lock+0x2b/0x80
[  662.166764][    C1]  exit_to_user_mode_loop+0x85/0x130
[  662.166800][    C1]  do_syscall_64+0x426/0xfa0
[  662.166838][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  662.166871][    C1] RIP: 0033:0x7f6e2ff8efc9
[  662.166894][    C1] Code: Unable to access opcode bytes at 0x7f6e2ff8ef9f.
[  662.166908][    C1] RSP: 002b:00007f6e30e69038 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[  662.166937][    C1] RAX: fffffffffffffe00 RBX: 00007f6e301e5fa0 RCX: 00007f6e2ff8efc9
[  662.166958][    C1] RDX: 0000000000000006 RSI: 0000000000000000 RDI: 0000000000000007
[  662.166978][    C1] RBP: 00007f6e30011f91 R08: 000000000000fea8 R09: 000000000000000a
[  662.166998][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  662.167018][    C1] R13: 00007f6e301e6038 R14: 00007f6e301e5fa0 R15: 00007ffe0620ea68
[  662.167053][    C1]  </TASK>
[  662.167583][    C0] Kernel panic - not syncing: softlockup: hung tasks
[  662.766812][    C0] CPU: 0 UID: 0 PID: 6627 Comm: kworker/u8:14 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  662.777947][    C0] Tainted: [L]=SOFTLOCKUP
[  662.782266][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  662.792327][    C0] Workqueue: events_unbound toggle_allocation_gate
[  662.798875][    C0] Call Trace:
[  662.802156][    C0]  <IRQ>
[  662.805001][    C0]  dump_stack_lvl+0x3d/0x1f0
[  662.809609][    C0]  vpanic+0x640/0x6f0
[  662.813628][    C0]  panic+0xca/0xd0
[  662.817379][    C0]  ? __pfx_panic+0x10/0x10
[  662.821826][    C0]  ? nmi_backtrace_stall_check+0x6e/0x540
[  662.827562][    C0]  ? irq_work_queue+0xce/0x100
[  662.832348][    C0]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  662.838362][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  662.844016][    C0]  ? __wake_up_klogd.part.0+0x99/0xf0
[  662.849407][    C0]  ? watchdog_timer_fn+0x5ee/0x780
[  662.854542][    C0]  ? watchdog_timer_fn+0x5e1/0x780
[  662.859679][    C0]  watchdog_timer_fn+0x5ff/0x780
[  662.864645][    C0]  ? __pfx_watchdog_timer_fn+0x10/0x10
[  662.870126][    C0]  __hrtimer_run_queues+0x5ed/0xad0
[  662.875364][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  662.881102][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  662.886792][    C0]  hrtimer_interrupt+0x397/0x8e0
[  662.891805][    C0]  __sysvec_apic_timer_interrupt+0x10b/0x3f0
[  662.897818][    C0]  sysvec_apic_timer_interrupt+0x9f/0xc0
[  662.903467][    C0]  </IRQ>
[  662.906394][    C0]  <TASK>
[  662.909322][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  662.915317][    C0] RIP: 0010:smp_call_function_many_cond+0xe02/0x1600
[  662.922020][    C0] Code: 10 4c 89 74 24 10 49 89 d5 48 89 d5 48 89 54 24 18 49 c1 ed 03 83 e5 07 4d 01 e5 83 c5 03 e8 a5 0d 0c 00 f3 90 41 0f b6 45 00 <40> 38 c5 7c 08 84 c0 0f 85 e0 05 00 00 8b 43 08 31 ff 83 e0 01 41
[  662.941642][    C0] RSP: 0018:ffffc9001e247878 EFLAGS: 00000293
[  662.947722][    C0] RAX: 0000000000000000 RBX: ffff8880b8540460 RCX: ffffffff81b0ec81
[  662.955701][    C0] RDX: ffff888027eb1e40 RSI: ffffffff81b0ec5b RDI: 0000000000000005
[  662.963678][    C0] RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000000
[  662.971653][    C0] R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000
[  662.979628][    C0] R13: ffffed10170a808d R14: 0000000000000001 R15: 0000000000000001
[  662.987616][    C0]  ? smp_call_function_many_cond+0xe21/0x1600
[  662.993715][    C0]  ? smp_call_function_many_cond+0xdfb/0x1600
[  662.999815][    C0]  ? smp_call_function_many_cond+0xdfb/0x1600
[  663.005927][    C0]  ? __pfx_do_sync_core+0x10/0x10
[  663.010982][    C0]  ? __pfx_smp_call_function_many_cond+0x10/0x10
[  663.017348][    C0]  ? __pfx___text_poke+0x10/0x10
[  663.022311][    C0]  ? __pfx_do_sync_core+0x10/0x10
[  663.027346][    C0]  on_each_cpu_cond_mask+0x40/0x90
[  663.032485][    C0]  ? __kmalloc_node_track_caller_noprof+0xf4/0x8a0
[  663.039017][    C0]  smp_text_poke_batch_finish+0x27b/0xdb0
[  663.044759][    C0]  ? __pfx___mutex_lock+0x10/0x10
[  663.049807][    C0]  ? __pfx_smp_text_poke_batch_finish+0x10/0x10
[  663.056073][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  663.061723][    C0]  ? arch_jump_label_transform_queue+0xc0/0x120
[  663.067987][    C0]  ? find_held_lock+0x2b/0x80
[  663.072695][    C0]  arch_jump_label_transform_apply+0x1c/0x30
[  663.078700][    C0]  jump_label_update+0x376/0x550
[  663.083654][    C0]  static_key_enable_cpuslocked+0x1b7/0x270
[  663.089565][    C0]  static_key_enable+0x1a/0x20
[  663.094340][    C0]  toggle_allocation_gate+0xfa/0x280
[  663.099657][    C0]  ? __pfx_toggle_allocation_gate+0x10/0x10
[  663.105581][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  663.111237][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  663.116886][    C0]  ? rcu_is_watching+0x12/0xc0
[  663.121678][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  663.127330][    C0]  process_one_work+0x9cf/0x1b70
[  663.132297][    C0]  ? __pfx_nsim_dev_trap_report_work+0x10/0x10
[  663.138484][    C0]  ? __pfx_process_one_work+0x10/0x10
[  663.143872][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  663.149538][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  663.155187][    C0]  ? assign_work+0x1a0/0x250
[  663.159790][    C0]  worker_thread+0x6c8/0xf10
[  663.164415][    C0]  ? __pfx_worker_thread+0x10/0x10
[  663.169539][    C0]  kthread+0x3c5/0x780
[  663.173620][    C0]  ? __pfx_kthread+0x10/0x10
[  663.178224][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  663.183872][    C0]  ? rcu_is_watching+0x12/0xc0
[  663.188662][    C0]  ? __pfx_kthread+0x10/0x10
[  663.193267][    C0]  ret_from_fork+0x675/0x7d0
[  663.197888][    C0]  ? __pfx_kthread+0x10/0x10
[  663.202493][    C0]  ret_from_fork_asm+0x1a/0x30
[  663.207307][    C0]  </TASK>
[  664.378673][    C0] Shutting down cpus with NMI
[  664.383643][    C0] Kernel Offset: disabled
[  664.387963][    C0] Rebooting in 86400 seconds..