last executing test programs:

11m51.44215942s ago: executing program 3 (id=121):
bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB], 0x48)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
sendto$inet6(r1, 0x0, 0x0, 0x20004041, 0x0, 0x0)
connect$inet6(r1, &(0x7f0000000280)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x19}, 0x7}, 0x1c)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000300), r2)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0900000000000000000002000000140001800500020001"], 0x28}}, 0x0)

11m49.690484524s ago: executing program 3 (id=125):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000083667d1040206402d14e0102030109021b000100000000090400000190f19c00090584"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0xc0802)
write$binfmt_elf32(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000280)={0x1c, &(0x7f00000002c0)=ANY=[@ANYBLOB='`@V'], 0x0, 0x0})

11m41.915493868s ago: executing program 3 (id=143):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_procs(r1, &(0x7f0000000140)='tasks\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f00000000c0), 0x12)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0xa000, 0x1da)
read$FUSE(r3, &(0x7f0000000080)={0x2020}, 0x2020)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = openat$cgroup_procs(r4, &(0x7f0000000480)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r5, &(0x7f00000001c0), 0x12)
close_range(r0, 0xffffffffffffffff, 0x0)

11m37.514884537s ago: executing program 3 (id=149):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
mkdir(&(0x7f0000000200)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x2008000, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, &(0x7f0000000180))

11m36.916982812s ago: executing program 3 (id=153):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$key(0xf, 0x3, 0x2)
r1 = syz_io_uring_setup(0x10c, &(0x7f0000000380)={0x0, 0x5885, 0x10, 0x1}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_TIMEOUT={0xb, 0x1, 0x0, 0x0, 0x7, &(0x7f0000000100)={0x0, 0x989680}, 0x1, 0x4, 0x1})
io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0)

11m34.036025752s ago: executing program 3 (id=158):
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x12}, 0xfffffda0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xfffffff9)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800000f, @void, @value}, 0x94)

11m32.503858972s ago: executing program 32 (id=158):
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x12}, 0xfffffda0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xfffffff9)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800000f, @void, @value}, 0x94)

10m29.220122539s ago: executing program 1 (id=286):
socket$inet_udplite(0x2, 0x2, 0x88)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(0xffffffffffffffff, 0x708, 0x41e3, 0x0, 0x0, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000001a80)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000040)="a1"})

10m27.206515649s ago: executing program 1 (id=289):
syz_open_dev$vim2m(&(0x7f00000000c0), 0x800, 0x2)
socket$igmp(0x2, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
ptrace$setsig(0x4203, 0xffffffffffffffff, 0x7, 0x0)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x4000000)
epoll_create1(0x80000)
fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f0000000000))
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
sendmmsg$sock(0xffffffffffffffff, &(0x7f00000044c0), 0x4000000000001c0, 0x0)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000001140)=@req={0x6f, 0x10001, 0x5, 0x8}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x102311, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
readv(r1, &(0x7f0000000000)=[{&(0x7f0000001300)=""/244, 0x940}], 0x1)
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='net/ip_tables_matches\x00')
preadv(r2, &(0x7f0000000000)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x1, 0x4, 0x2)

10m25.964690729s ago: executing program 1 (id=291):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r3 = epoll_create1(0x0)
r4 = socket$unix(0x1, 0x5, 0x0)
r5 = dup(r4)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280), 0x10000, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])

10m24.431682936s ago: executing program 1 (id=295):
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000080)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x44)
open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
eventfd2(0xf, 0x1)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f00000004c0)=ANY=[@ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_GETKMSGREDIRECT(r2, 0x541c, &(0x7f0000000000))

10m21.996743507s ago: executing program 1 (id=298):
syz_mount_image$vfat(&(0x7f0000000440), &(0x7f0000000000)='./file0\x00', 0xa00a14, &(0x7f0000000080)=ANY=[], 0x1, 0x322, &(0x7f0000000580)="$eJzs3M9LI2cYwPEnP4xJxEwOpaWF4kt7aXsYNO25EIpCaaCiplQLhVEnbcg0kUywpJRqT72W/ge97EE8ehN29x/wsrfdy1725mVhDyuL7CyZH5roJO6OZqPr9wMy78zzPOP7khieCc4c/vjvb7WKrVeMlsTTSmIiIkcieYlLIOZv4+44Jd225fOJZw8/Xlxe+a5YKs0uKDVXXPqyoJTKTd39/c+Mn7Y/Lgf5nw+fFp4cvH/w4eHLpV+rtqraqt5oKUOtNh63jFXLVOtVu6YrNW+Zhm2qat02m1684cUrVmNjo62M+vpkdqNp2rYy6m1VM9uq1VCtZlsZvxjVutJ1XU1mJUwq9OhtVd5ZWDCKEYvXrngyiOqF4zgDwk6saCREJHMuUt4Z6rwAAMC1dKb/T7gtfaT+X3Ju/99JPu3/dz+535r4YS/n9//7qbD+/6tH3rl6+v+0iFxp/58OWf35jujG23qT5Ev1/7geps5f08Z69prNopH1/35df/+0O+0O6P8BAAAAAAAAAAAAAAAAAAAAALgJjhxHcxxHC7b+zxenGd6xUc4Rw9Pn9dfG/Tumgv1RzxPDsbi8Imn3xr1kTsT6Z7O8Wfa2fjxInBZNjt33g68zDu48Uh15uWdt+fVbm+WEGylWpCqWmDIjmuTP1jvO3Lel2Rnl6a0fk2x3fUE0eS+8vhBan5LPPu2q10WTB2vSEEvWO+/rY+ek/q8Zpb75vnSmPuPmAQAAAADwLtDVidDrd13vF/fqT66ve78fEOm6Pp8OvT5Pah8lR7t2AAAAAABuC7v9R82wLLM5YJCRi3OiD5LRyscG5SS6VtgTku2+S075Twge3koHDIJ/pKilukJp+d8/HOXMwfqHM+e4RKmaEmfcm9VlfnvwtVG/HJkf9uuV7BP64L87z6OdOeY/tbc79PVe+oKVDm0w9lofHk7ikp8+AAAAAN6moOnP2O5ubNTzAQAAAAAAAAAAAAAAAAAAAAAAAAAAAADgNhrwGLDkVT1ObNRrBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAK6LVwEAAP//mxn/6g==")
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x5, 0x41, 0x40, 0x44, 0x41, 0xffffffffffffffff, 0x2000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000180)={'rose0\x00', 0x112})
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000000180), 0x1003, r1}, 0x38)
bpf$MAP_LOOKUP_ELEM(0x15, &(0x7f0000000b80)={r1, &(0x7f0000000a80), &(0x7f0000000b40)=""/31}, 0x20)

10m18.941565264s ago: executing program 1 (id=301):
r0 = socket$nl_route(0x10, 0x3, 0x0)
fsopen(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$proc_mixer(0xffffffffffffff9c, 0x0, 0x2002, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000003c0)=@newlink={0x3c, 0x10, 0x437, 0x2, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_STATS_PER_PORT={0x5, 0x2d, 0x3}]}}}]}, 0x3c}}, 0x0)

10m2.028022132s ago: executing program 33 (id=301):
r0 = socket$nl_route(0x10, 0x3, 0x0)
fsopen(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$proc_mixer(0xffffffffffffff9c, 0x0, 0x2002, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000003c0)=@newlink={0x3c, 0x10, 0x437, 0x2, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_STATS_PER_PORT={0x5, 0x2d, 0x3}]}}}]}, 0x3c}}, 0x0)

9m28.393853938s ago: executing program 4 (id=382):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000000)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
r3 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r4 = open(&(0x7f0000000180)='./file1\x00', 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r3, 0xc018937d, &(0x7f0000000680)={{0x1, 0x1, 0x18, r4}, './file0\x00'})

9m25.204041937s ago: executing program 4 (id=385):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x10000008, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mq_open(&(0x7f0000000480)='!sel\x00\x00\x00\x10\x00\x00\x00\x00\xd7\\P\xc1\xde.O\xcb]0y\x00\x00\x00\x00\x00\x00\x00\x00', 0x6e93ebbbcc0884f2, 0x196, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000440)=[<r4=>0x0], 0x0, 0x0, 0x0, 0x1})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x800000000, 0xf, &(0x7f0000006680))
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r3, 0xc05064a7, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffdd, 0x0, 0x0, r4})

9m21.876450372s ago: executing program 4 (id=387):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x1)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x1}, 0x8)
sendto$inet6(r3, &(0x7f0000000040)="aa", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r3, 0x84, 0x7c, &(0x7f0000000380)={0x0, 0x0, 0xfffb}, 0x8)
clock_adjtime(0x0, &(0x7f0000000100)={0xf89, 0x6a, 0x55cd, 0xa, 0x48c, 0x4000000004, 0xd, 0x6465, 0x2, 0x1c5, 0x800, 0xfffffffffffffff7, 0x7, 0x2, 0x81, 0x5, 0x0, 0x5, 0x2, 0x8b7, 0x3, 0x6, 0x9, 0x574, 0x5, 0x3})

9m20.310688538s ago: executing program 4 (id=388):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000240)={@ifindex, 0xffffffffffffffff, 0x2f, 0x2032, 0xffffffffffffffff, @void, @void, @value}, 0x20)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000881}, 0x4001841)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x11}, 0x80)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="a800000000010904000500000000000002000000240001801400018008000100e000000108000200ac1e01010c0002800500010000000900240002"], 0xa8}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

9m17.179852523s ago: executing program 4 (id=393):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
capget(0x0, 0x0)
mount$9p_rdma(0x0, 0x0, 0x0, 0x1000800, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, 0x0, &(0x7f0000000040)='autofs\x00', 0x0, 0x0)
socket$netlink(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}, @NFT_MSG_DELOBJ={0x34, 0x14, 0xa, 0x3, 0x0, 0x0, {0x2}, [@NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x2}]}], {0x14}}, 0x98}}, 0x0)

9m15.519019757s ago: executing program 4 (id=398):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r2, 0x0, 0x24004080)
syz_open_dev$video4linux(0x0, 0x7fffffff, 0x80100)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r4 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r4, 0x2f126000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)

8m59.222321685s ago: executing program 34 (id=398):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r2, 0x0, 0x24004080)
syz_open_dev$video4linux(0x0, 0x7fffffff, 0x80100)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r4 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r4, 0x2f126000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)

6m22.356005907s ago: executing program 7 (id=593):
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r4, &(0x7f0000003000)=[{{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000640)}], 0x1}}, {{&(0x7f0000000d40)={0xa, 0x0, 0x0, @private1}, 0x1c, &(0x7f0000000f40)=[{&(0x7f00000077c0)="d7", 0x1}], 0x1}}], 0x2, 0x24000045)
shutdown(r4, 0x1)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000040)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r2, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r5})
ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000180)={0x28, 0x4, r5, 0x0, &(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x7})
close(r2)

6m21.632243078s ago: executing program 7 (id=595):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000380), 0x107000, 0x0)
r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$vim2m_VIDIOC_EXPBUF(r4, 0xc0405610, 0x0)
setresgid(0xffffffffffffffff, 0xee00, 0xffffffffffffffff)
setfsgid(0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, 0x0, 0x10)

6m18.024760597s ago: executing program 7 (id=598):
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="05000000040000000800000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r4}, 0x10)
r5 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$uinput_user_dev(r5, &(0x7f0000000a00)={'syz1\x00', {0x9, 0x7, 0x5, 0x5}, 0x3f, [0x9, 0x2, 0x8, 0x2, 0x5334, 0x400, 0x80000000, 0x5, 0x8, 0x0, 0x6, 0xf3, 0xfffffffb, 0x39, 0x747d5e13, 0x8, 0xfffffb9a, 0xfffffffc, 0x4, 0xfffffffb, 0x4, 0x3, 0x4, 0xf252, 0x80, 0x800, 0x300000, 0x7, 0xe, 0x4623f, 0x0, 0x0, 0x1ff, 0x8000, 0x0, 0x3, 0xd, 0x3, 0xba55, 0x8da8, 0x2, 0x200, 0x2, 0x400008, 0xe, 0x4, 0x2, 0xde, 0x8, 0x9, 0x1, 0x199f, 0x8, 0x2, 0x9, 0xffffffff, 0x4, 0x6, 0x1000, 0x5, 0x40, 0x9, 0xa, 0x5], [0x6, 0x1e, 0x3, 0x8000, 0xfffffffe, 0x3, 0x0, 0x25, 0x7, 0xfffffffc, 0x4, 0x7fff, 0x72c, 0x1c32, 0x3, 0x5, 0x10000, 0x400, 0x8001, 0x3, 0x1, 0x297, 0x5, 0x0, 0x981, 0x4, 0x100, 0x3ff, 0x0, 0xfffffffe, 0x0, 0x1000001, 0x10, 0xfffffff9, 0xfffffffd, 0x5, 0x1, 0xffffffff, 0x6, 0x5, 0x800, 0xffff, 0x6, 0x96, 0xfffffff9, 0x101, 0x0, 0x2, 0x401, 0xc, 0x3, 0x379, 0x9, 0xe, 0x5, 0x7, 0x6, 0x2, 0x1, 0x1, 0x8, 0x6, 0x200, 0x3], [0x401, 0xc584, 0xffff, 0xcd4, 0x7, 0x20, 0x404, 0x4, 0x8, 0x10, 0x7, 0x9, 0xe8b, 0x5, 0x80000001, 0x8, 0x3f92, 0x1000, 0x2, 0x10, 0x1, 0xfffffff9, 0xe55, 0x1000, 0x80000001, 0x4, 0x4, 0x5, 0x200003, 0x2, 0x5, 0x80, 0x9, 0x8001, 0x47, 0x0, 0x3, 0x4, 0x3, 0x6d7e, 0x3, 0x8, 0x3, 0xbf23, 0x6, 0x8, 0x956, 0x0, 0x3ff, 0x3, 0x6, 0x100fffd, 0x2005, 0x9, 0x4, 0xea, 0x9, 0x20000005, 0x6, 0xd9, 0x0, 0x7d, 0x401, 0x5], [0x108e, 0xffff, 0x3, 0x3, 0x88, 0x2, 0x6, 0x4, 0x50, 0x2, 0x763, 0xb, 0x402, 0x800, 0x5, 0x1000, 0x7f, 0x5, 0x3fa6, 0x4, 0x0, 0x5, 0x1e2, 0x4, 0xe47, 0x3, 0x3, 0x4, 0x200, 0x1000, 0x3b, 0x20000002, 0x5, 0x800, 0xa80a, 0x65f413f9, 0x4, 0x20008, 0x8a8, 0x2, 0x40, 0x409, 0x3, 0x4, 0x4, 0x10, 0x4, 0x0, 0x7fff, 0x2, 0xfffffff8, 0x401, 0x1, 0x200, 0x7, 0x4edf, 0xfffffffd, 0xa, 0xe, 0x2, 0xf, 0xf, 0x133, 0x6]}, 0x45c)
ioctl$UI_DEV_CREATE(r5, 0x5501)
readv(r5, 0x0, 0x0)
write$input_event(r5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x0)

6m15.286357298s ago: executing program 7 (id=601):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x28, &(0x7f00000000c0), 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sched_setaffinity(0x0, 0x0, 0x0)
fcntl$getown(0xffffffffffffffff, 0x9)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
close(0xffffffffffffffff)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='devtmpfs\x00', 0x0, 0x0)
chroot(0x0)
r4 = open_tree(0xffffffffffffff9c, &(0x7f00000002c0)='\x00', 0x89901)
move_mount(r4, &(0x7f0000000400)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
setsockopt$inet_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0)

6m10.801147709s ago: executing program 7 (id=611):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000380), 0x107000, 0x0)
r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2)
openat2$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$vim2m_VIDIOC_EXPBUF(r4, 0xc0405610, 0x0)
setresgid(0xffffffffffffffff, 0xee00, 0xffffffffffffffff)
setfsgid(0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, 0x0, 0x10)

6m4.313959879s ago: executing program 7 (id=623):
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000200), 0x2, 0x101182)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$vim2m(0x0, 0x10000000000201, 0x2)
ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205648, &(0x7f00000001c0)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x9c)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
r2 = eventfd(0x7fffffff)
ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2)
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/242, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/60, 0xeeee0000})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x1)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0xd, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800"/12], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xaaf95a35ee44968b, 0x5, 0x0, &(0x7f0000000100)='syzkaller\x00', 0xd, 0x0, 0x0, 0x41100, 0x10, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50)
socket$vsock_stream(0x28, 0x1, 0x0)

6m1.56806482s ago: executing program 35 (id=623):
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000200), 0x2, 0x101182)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$vim2m(0x0, 0x10000000000201, 0x2)
ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205648, &(0x7f00000001c0)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x9c)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
r2 = eventfd(0x7fffffff)
ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2)
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/242, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/60, 0xeeee0000})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x1)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0xd, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800"/12], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xaaf95a35ee44968b, 0x5, 0x0, &(0x7f0000000100)='syzkaller\x00', 0xd, 0x0, 0x0, 0x41100, 0x10, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50)
socket$vsock_stream(0x28, 0x1, 0x0)

3m10.255579247s ago: executing program 9 (id=1037):
r0 = socket(0x25, 0x5, 0x0)
setresuid(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
r1 = syz_open_dev$dri(0x0, 0x1ff, 0x100)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
pselect6(0x0, 0x0, 0x0, &(0x7f00000002c0)={0x3ff, 0x1, 0x0, 0x8, 0xfffffffffffffffe, 0x0, 0x2, 0x7}, 0x0, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x41, 0x0, 0x0)
connect$inet(r3, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='net/igmp\x00')
sendmsg$kcm(r4, 0x0, 0x0)
mkdir(0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000200)='./file0\x00', 0x48c44, &(0x7f0000000240)=ANY=[@ANYRESDEC=r1, @ANYRESDEC=0x0, @ANYRES32=r0], 0xa, 0x27e, &(0x7f0000000d00)="$eJzs3U9qG1ccB/DfWJIttQtp0VUpeKBddGXsnsCmuFBqKLRo0XbRmlqGYgmDDYL+oaqh0BP0BIXeppuSC+QACckqXphMGM9IVsIoRolsmeTz2ejx3vvO+72ZQVrN6IcPBkcHx6eHZ7/dj2YziZXt2I7zJDqxEmN/RKV7D6v7AYA77jzL4lFWWKuc0ZiRrK/caGEAwI2Z/v1fdi0AwO34+ptvv9jZ29v9Kk2bEYO/ht0kis9ifOcwfop+9GIz2nERkU0U7c8+39uNeprrxEeD0bCbJwff/1cef+dBxGV+K9rRqc5vpYWp/GjYbcQ75frb/eh9+U+0473q/CcV+eiuxscfTtW/Ee34/8c4jn4clLWN879vpemn2d9Pfv0u783zyWjYXZvMK2fXbvXCAAAAAAAAAAAAAAAAAAAAAADwRttIJzrPv3+ndhHx51rErPEiP+v9QKOp9/NspmmaJcX8q3w93q9HfambBwAAAAAAAAAAAAAAAAAAgDvi9Odfjvb7/d7JQhvjx/orhuLpItdanzcVtbK0fhIx31qNMnn95Nqcu2jl9fROknos7hIkk57W9NB6FGvlPa2iMdXz2qs347IxvruO9pO4JtWsukkW0Mgqbr/azNTqiz2tcgcVk1vVi2ZZfpx3X6nmrD1j6PG/EY3JyXz5cRqLPYe39Q0EAAAAAAAAAAAAAAAAAACMXT30WzF4toSCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAJrv7/f47GqAzPmpPV8kY9yp4lbxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC3wLMAAAD//wqFbM0=")
syz_clone3(0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000000000), 0xfffffffffffffffd, 0x408100)

3m9.001539357s ago: executing program 9 (id=1040):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0xf691, 0x10100, 0x0, 0x2b4}, &(0x7f0000000180)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r2, 0x708, 0x41e3, 0x0, 0x0, 0x0)
msgrcv(0x0, 0x0, 0x0, 0x1, 0x1000)

3m6.951161142s ago: executing program 9 (id=1049):
r0 = socket(0x25, 0x5, 0x0)
setresuid(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
r1 = syz_open_dev$dri(0x0, 0x1ff, 0x100)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
pselect6(0x0, 0x0, 0x0, &(0x7f00000002c0)={0x3ff, 0x1, 0x0, 0x8, 0xfffffffffffffffe, 0x0, 0x2, 0x7}, 0x0, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x41, 0x0, 0x0)
connect$inet(r3, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/igmp\x00')
pread64(r5, &(0x7f0000000180)=""/15, 0xfffffe9c, 0xb6)
sendmsg$kcm(r4, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000200)='./file0\x00', 0x48c44, &(0x7f0000000240)=ANY=[@ANYRESDEC=r1, @ANYRESDEC=0x0, @ANYRES32=r0], 0xa, 0x27e, &(0x7f0000000d00)="$eJzs3U9qG1ccB/DfWJIttQtp0VUpeKBddGXsnsCmuFBqKLRo0XbRmlqGYgmDDYL+oaqh0BP0BIXeppuSC+QACckqXphMGM9IVsIoRolsmeTz2ejx3vvO+72ZQVrN6IcPBkcHx6eHZ7/dj2YziZXt2I7zJDqxEmN/RKV7D6v7AYA77jzL4lFWWKuc0ZiRrK/caGEAwI2Z/v1fdi0AwO34+ptvv9jZ29v9Kk2bEYO/ht0kis9ifOcwfop+9GIz2nERkU0U7c8+39uNeprrxEeD0bCbJwff/1cef+dBxGV+K9rRqc5vpYWp/GjYbcQ75frb/eh9+U+0473q/CcV+eiuxscfTtW/Ee34/8c4jn4clLWN879vpemn2d9Pfv0u783zyWjYXZvMK2fXbvXCAAAAAAAAAAAAAAAAAAAAAADwRttIJzrPv3+ndhHx51rErPEiP+v9QKOp9/NspmmaJcX8q3w93q9HfambBwAAAAAAAAAAAAAAAAAAgDvi9Odfjvb7/d7JQhvjx/orhuLpItdanzcVtbK0fhIx31qNMnn95Nqcu2jl9fROknos7hIkk57W9NB6FGvlPa2iMdXz2qs347IxvruO9pO4JtWsukkW0Mgqbr/azNTqiz2tcgcVk1vVi2ZZfpx3X6nmrD1j6PG/EY3JyXz5cRqLPYe39Q0EAAAAAAAAAAAAAAAAAACMXT30WzF4toSCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAJrv7/f47GqAzPmpPV8kY9yp4lbxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC3wLMAAAD//wqFbM0=")
syz_clone3(0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000000000), 0xfffffffffffffffd, 0x408100)

3m5.082111421s ago: executing program 9 (id=1054):
socket$key(0xf, 0x3, 0x2)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000002c0)=ANY=[@ANYRES32=r1, @ANYRES32=r0, @ANYBLOB="020000"], 0x10)
accept$inet6(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000006c0)=ANY=[@ANYBLOB="380000000314010000000000000008000900020073797a310000000008004100736977001400330073797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)

3m3.564158935s ago: executing program 9 (id=1059):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x1c5ed000)
r0 = userfaultfd(0x1)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
syz_clone3(&(0x7f0000000480)={0x20000, 0x0, 0x0, 0x0, {0x12}, 0x0, 0x0, 0x0, 0x0}, 0x58)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2})

3m2.03418809s ago: executing program 9 (id=1065):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x410c84, &(0x7f0000000340), 0x1, 0x784, &(0x7f0000001900)="$eJzs3c1rHOUfAPDvbN7aNL9fIghaTwFBA6UbU2Or6KHiQQQLBT3bLpttqNlkS3dTmhDQIoIXQcWDoJeefak3r75c9V/w5EEsVdNixYNEZrPTbJvdNEmTbHU/H5js88zM5pnvPDPzPLvzMBtA1xpN/+QiDkbEe0nEcGN+EhF99VRvxPHV9W4uLxXTKYmVlVd+S+rr3FheKkbTe1IHGpmHI+LbtyMO5daXW11YnCmUy6Xzjfx4bfbceHWhPyIK06Xp0tzRicnJI8eeOnZ052L944fFoavvv/j4F8f/euuhK+9+l8TxGGosa45jp4zGaGOf9KW78DYv7HRhHZZ0egPYlvTU7Fk9y+NgDEdPPQUA/Je9ERErAECXSbT/ANBlsu8BbiwvFbOps99I7K1rz0fEvtX4s/ubq0t6G/fs9tXvgw7eSG67M5JExMgOlD8aEZ989dpn6ZTmf3y2u/Y/0DlvXoqI0yOj66//yboxC1v1xAbL+huvo3fM77b2Bzrp67T/83Sr/l/uVv8nWvR/Blqcu9tx1/N//w4UsoG0//dc09i2m03xN4z0NHL/q/f5+pIzZ8ul9Nr2/4gYi76BND+xQRlj1/++3m5Zc//v9w9e/zQtP31dWyP3S+/A7e+ZKtQK9xJzs2uXIh7pbRV/cqv+kzb935ObLOOlZ975uN2yNP403mxaH380RiftjpXLEY+1rP+1EW3J2vjExcNnZ+8YnzhePxzGs4OihS9/+miwXfnN9Z9OafnZZ4G9kNb/4MbxjyTN4zWrWy/j+8vD37Rbdvf4Wx///cmr9XTWj7hYqNXOT0T0Jy+vn39k7b1ZPls/jX/s0dbn/0bHf/qZ8HSrgFrUdO/VXz/ffvy7K41/akv1v/XElZszPe3K31z9T9ZTY405m7n+bXYD72XfAQAAAAAAAAAAAAAAAAAAAAAAAMBm5SJiKJJc/lY6l8vnV3/D+8EYzJUr1dqhM5X5uamo/1b2SPTlskddDjc9D3Wi8Tz8LH/kjvyTEfFARHw4sD/JnqM41eHYAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACBzoM3v/6d+Huj01gEAu2ZfpzcAANhz2n8A6D7afwDoPtp/AOg+2n8A6D7afwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHbZyRMn0mnlz+WlYpqfurAwP1O5cHiqVJ3Jz84X88WhOJefrlSmy6V8sTJ7t/9XrlTOTcbc/MXxWqlaG68uLJ6arczP1U6dnS1Ml06V+vYkKgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYmurC4kyhXC6dl9hGYuX+2IzOJ3oah9MuFJFEROcD3HAL74/N2OFEhy9MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP8S/wQAAP//iZYeGw==")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000240), 0x208e24b)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, &(0x7f0000000200))
ioctl$FIBMAP(r0, 0x1, &(0x7f0000000000)=0x7)

2m55.321539081s ago: executing program 6 (id=1092):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001800110101000000000000000a00800000020008"], 0x20}, 0x1, 0x0, 0x0, 0x4805}, 0x4)

2m51.38326834s ago: executing program 6 (id=1101):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0x1, "ff0f000000000000f5a72d866b0000000000f0ffdefe00"})
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r2 = io_uring_setup(0x177d, &(0x7f00000002c0)={0x0, 0x698c, 0x40, 0x2, 0xfffffffe})
close_range(r2, 0xffffffffffffffff, 0x200000000000000)
r3 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r3, 0xc0184800, &(0x7f0000000100)={0x4, <r4=>r1})
ioctl$DMA_BUF_SET_NAME_A(r4, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00')
ioctl$DMA_BUF_IOCTL_SYNC(r4, 0x40086200, &(0x7f0000000080)=0x2)

2m50.362294842s ago: executing program 6 (id=1106):
syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f00000004c0)='./file1\x00', 0x1800810, &(0x7f0000000300)=ANY=[], 0xfb, 0x6bd, &(0x7f0000001440)="$eJzs3c1vHGcdB/DvrDd2Ni2pm6ZtQJVqNRIgIhInVlrMhYAQyqGqqnLgbCVOY2WTFsdFboWIw+u1h/4B5ZAL4oTEiUukwoELvfWGfOCAhMSlHDCXDprZWXv9trXz4hf4fKLx8zzzPPPMb34zs7teK5oA/7cun0n7fopcPvPqYtVevjfVXb43dbNXf62dZCzJUlJVW0mKf5dl+VFyKSlWpyk2lJt8MDf9xiefLv+912o3Sz2+NWy7DZpxSxtWL/XXTSQZacqHsG6+Kw89X7Ea+aUkp5sS9t2RJOU6P/zzk6s9AzpbbX10T2IEHq+i9765yXhyrLnRq88B/Xfe1t5Gt3NjOxy38RMEAAAAHDb178DtTavXrXlqJStZLI7vYVgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwqC2tPf+/aJZWvz6Rov/8/9FmXZr6wfLi7obff1xxAAAAAAAAAMAeenElK1nM8X67LOq/+b9UN07WP5/IO7md2cznbBYzk4UsZD7nk4wPTDS6OLOwMNZvDdvywlZbzl/YFFpZDLb6U3fWjRl5uKMHAAAAAAAAgP8ZP83ltb//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAQVAkI70ixd2B1eNptZMcTTJarVhKPu7XD7P7+x0AAAAA7IGxZCWLOd5vl0VOJnmu/g7gaN7JrSxkLgvpZjZX6+8Fer/1t5bvTXWX703drJbN8377n7sKo54xve8ett7zqXpEJ9cyV685myt5K91cTavesnKqiac/64a47lYxFd9qvLKzyK42ZXXk7zflJnd2dbDb2eWXKeN1Ro70MjKSTDaxVdl4un9mtj5Duzw79Z6KrOb+fFqrwZ7csKfR9QezPudrU7aG7e9YU1bH88vtcl75rNzVcTy8Xs4/K3tmc2Hg6ntueM6Tr/z+tz+YbOrbHtIBNdKUvYR3Nlx9mc3UQCae30kmrndv3bh+7faZw5aJTSbrTDy72r6c7+X7OZOJvJ75zOVHmclCZjOR79a1mebkFwO3/DaZurSu9frnRTLaXKG9k7W7mF6qtz2eubyWt3I1s3m5/nch5/NKLuZipgfO8MjwuOu7vrX5rq+VX9gy+NNfbSqdJL9qyoOhyuvTA3ldu+on63w/vW7NWpZODL8PtnttHKb9paZS7eNnn/dCuqfGk3Is694lxvp9zwzPxK/rl5Xb3Vs35q/PvL2z3Z14v6lU99EvkomD80JSXS8nqpNVt8bWXR1V3zOrfYNXzvm67+RqX2tT37P5Q9rt/l7msrTtnTrafIbbPNOFuu/5Lfum6r5TA31bfd4C4MA79rVjo51/dP7S+bDz8871zqtHvzP2jbEXRnPkj0e+2Z4c+XLrheJ3+TA/Wfv9HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeHC3333vxky3Ozu/oVKW5Z2Pt+7aYaX/vJoH3Hxjpf9UqB0MzsRfn6iGbtE1kvLONl0Dlfa2aXmAyhefTB7FPIe78p+yLJs1xTZjfvOnjYkayz6lrnnOX9ktn9r/1O1TZd9ekoA9cm7h5tvnbr/73tfnbs68Ofvm7K3pixenJ6cvvvy3c9fmurOTvZ/7HSXwOKy96e93JAAAAAAAAAAAAMBOPeL/M7C0Vdd+HyMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwuF0+k/b9FDk/eXayai/fm+pWS7++NrKdpJWk+HFSfJRcSm/J+MB0xXb7+WBu+o1PPl3+V9nTzFePbw3bbmeWmiUTSUZ65d1HNd+VphyqGHYIxeoRVgk73U8c7Lf/BgAA//8f/xAz")
openat$yama_ptrace_scope(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000c40)='memory.current\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000001400), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
syz_mount_image$fuse(0x0, 0x0, 0x1000000, 0x0, 0x1, 0x0, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', <r2=>0x0})
sendto$packet(r1, &(0x7f0000000180)="0b0312002e0064000200475400f6a13bb1000000086086dd4803", 0x100a6, 0x0, &(0x7f0000000140)={0x11, 0x8100, r2}, 0x14)

2m49.418305751s ago: executing program 6 (id=1111):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000c80)='./file1\x00', 0x210000, &(0x7f0000007c40)={[{@jqfmt_vfsv1}, {@resgid}, {@nodioread_nolock}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x3}}, {@nomblk_io_submit}, {@grpid}, {@orlov}]}, 0xfc, 0x572, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hvSuj6TKadKx14PbgXnyRIYg4EP8A330c/gP+FQMdDBlFH0So3PSmy9qkv5aZbPl84Lbn5N7bc78593t7Tm5CAhhYx7IfhYiXI+KbJOJQy7pi5CuPrW63/PD6VLYksbLy6Z9JJPljze2T/PeBvPJSRPz6VcTJwsZ2a4tLs+VKJZ3P62P1uStjtcWlU5fmyjPpTHp5YnLyzFuTE+++83bXYn39/N/ff3L3wzNfH1/+7uf7h28ncTYO5uta43gCN1orx8r/5qXhOLtuw/EuNNZPkl4fALsylOf5cGTXgEMxlGc98Pz7MiJWgAGVyH8YUM1xQHNu36V58DPjwQerE6BG7COt8RdXXxuJvY250f7l5LGZUTbfHe1C+1kbv/xx53a2xOavQ+zbog6wIzduRsTpYnHj9T/Jr3+7d7rx4vHm1rcxaP9/oJfuZuOfN9qN/wpr459oM/450CZ3d2Pr/C/c70IzHWXjv/fajn/XLl2jQ3nthcaYbzi5eKmSno6IFyPiRAzvyeqb3c85s3xvpdO61vFftmTtN8eC+XHcL+55fJ/pcr0cESNPEnfTg5sRrxTbxZ+s9X/Spv+z5+P8Nts4mt55tdO6reN/ulZ+initbf8/uqOVbH5/cqxxPow1z4qN/rp19LdO7fc6/qz/928e/2jSer+2tvM2ftz7T9pp3W7P/5Hks0a5mQTXyvX6/HjESPLxxscnHu3brDe3z+I/cXzz61+78z+bfH2+zfhvHbnVcdN+6P/pHfX/zgv3Pvrih07tb6//32yUTuSP5Ne/9vJzZbsH+KTPHwAAAAAAAPSTQkQcjKRQWisXCqXS6vs7jsT+QqVaq5+8WF24PB2Nz8qOxnCheaf7UMv7Icbz98M26xPr6pMRcTgivh3a16iXpqqV6V4HDwAAAAAAAAAAAAAAAAAAAH3iQIfP/2d+H+r10QFPXeOLDfb0+iiAXtjyK/+78U1PQF/aMv+B55b8h8El/2FwyX8YXPIfBpf8h8El/2FwyX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoqvPnzmXLyvLD61NZffrq4sJs9eqp6bQ2W5pbmCpNVeevlGaq1ZlKWpqqzm319yrV6pXxiVi4NlZPa/Wx2uLShbnqwuX6hUtz5Zn0Qjr8v0QFAAAAAAAAAAAAAAAAAAAAz5ba4tJsuVJJ5xU6Ft6PvjiMpxngql3tXuyXKBQ6FG7m3buzvXp4UQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAdf4LAAD//++4Mnc=")
chdir(&(0x7f0000000240)='./file0\x00')
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/netstat\x00')
r1 = fanotify_init(0x0, 0x80000)
r2 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x50)
readv(r1, &(0x7f0000000100)=[{&(0x7f0000000040)=""/175, 0xaf}], 0x1)
fanotify_mark(r1, 0x1, 0x40001019, r2, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
getdents(r0, &(0x7f0000001200)=""/198, 0xc6)

2m48.037116117s ago: executing program 6 (id=1115):
r0 = shmget$private(0x0, 0x4000, 0x1000, &(0x7f0000ffc000/0x4000)=nil)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
mount$fuseblk(&(0x7f0000002440), 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000002240)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}})
shmctl$SHM_LOCK(r0, 0xb)
shmctl$IPC_RMID(r0, 0x0)

2m46.17047003s ago: executing program 6 (id=1120):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa802, 0x0)
close(r2)
socket$netlink(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0xb, 0xd}, {}, {0x8, 0xfff1}}}, 0x24}}, 0x40004)
recvmmsg(r5, &(0x7f0000005140)=[{{0x0, 0x0, &(0x7f0000001a80)=[{&(0x7f0000000640)=""/216, 0xd8}, {&(0x7f00000052c0)=""/235, 0xeb}, {&(0x7f0000003080)=""/4096, 0x1000}], 0x3}, 0x3}], 0x1b00, 0x0, 0x0)

2m30.945501554s ago: executing program 36 (id=1120):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa802, 0x0)
close(r2)
socket$netlink(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0xb, 0xd}, {}, {0x8, 0xfff1}}}, 0x24}}, 0x40004)
recvmmsg(r5, &(0x7f0000005140)=[{{0x0, 0x0, &(0x7f0000001a80)=[{&(0x7f0000000640)=""/216, 0xd8}, {&(0x7f00000052c0)=""/235, 0xeb}, {&(0x7f0000003080)=""/4096, 0x1000}], 0x3}, 0x3}], 0x1b00, 0x0, 0x0)

1m35.608480295s ago: executing program 8 (id=1233):
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0b00000008000000070000000900000001"], 0x50)
r0 = openat$vcsu(0xffffffffffffff9c, 0x0, 0x7a101, 0x0)
getsockname$packet(r0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r1}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
fsopen(&(0x7f0000000480)='adfs\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$inet(0x2, 0x4000000000000001, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r3 = open(&(0x7f0000000580)='./bus\x00', 0x84242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r3, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x3, 0x5, 0x6, 0x3, 0x1, {0x400000000001, 0x180, 0x20ff, 0x6, 0x89, 0xd615, 0x9, 0x3, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x5, 0x1}}, {0x0, 0x13}}}, 0xa0)
sendfile(r3, r3, &(0x7f0000000080), 0x7f03)

1m32.319173287s ago: executing program 8 (id=1237):
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$inet6(0xa, 0x80005, 0x20008)
write(0xffffffffffffffff, &(0x7f00000001c0), 0x0)
fadvise64(0xffffffffffffffff, 0x18, 0x0, 0x1)
getpid()
add_key$user(&(0x7f0000000640), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
add_key$user(&(0x7f00000003c0), 0x0, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
renameat2(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, &(0x7f00000005c0)='./file5\x00', 0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
r2 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000340)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0)
sendfile(r2, r1, &(0x7f00000000c0)=0x58, 0x5)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_MCE_KILL(0x35, 0x0, 0x8)
prctl$PR_GET_SPECULATION_CTRL(0x35, 0x0, 0x2)

1m27.812680256s ago: executing program 8 (id=1240):
syz_mount_image$udf(&(0x7f0000000a40), &(0x7f0000000000)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x4400, &(0x7f0000000240)=ANY=[@ANYBLOB="73686f72746164000000006d653d3030303030303030303030303030303030b030342c6e6f6164696e6963622c7569643d00", @ANYRES8, @ANYRES64=0x0], 0x1, 0xa23, &(0x7f0000000a80)="$eJzs209sm+d9B/Dfw1eyaadrFbd1kzbLWLQIPKUN5P9KvAH2rApt5iZGZWXzZTBlyQ4R/askF043tB42oAjQg1FgPWzAkMsOA3bwDrvsFOwwDBg2GDsMxYp2Wrpm6WkMNiCnTcP78qFEyXKsxbEl25+PYX/Jl7+XfP7Q5Es+fAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAiPiNr5waOpi2uxUAwP300tg3hg57/weAR8o5n/8BAAAAAAAAAAAAAGCnS1HEn0SKV3/STheq6x31M63ZK1fHR0Y3321PihS1KKr68m/94KHDR44eOz7czQ/e/6P2ZLw8du5U4/TczPzC1OLi1GRjfLZ1cW5yasv3cLf7bzRYDUBj5rUrk5cuLTYOPXd43c1XB97Z/dj+gRPHXzy/r1s7PjI6OtZT09f/oR/9Frc7w2NXFPGzSFH/3rupGRG1uPuxuMNz517bU3VisOrE+Mho1ZHpVnN2qbwx1XJVLWKgZ6eT3TG6D3NxVxoR18rmlw0eLLs3Nt9caE5MTzXONheWWkutudlU67S27M9A1GI4RcxHRLu49e76o4h/jRTff7+dJiKi6I7Ds9WJwXduT+0e9HEL+sq+FRE34wGYsx1sdxTxRqT4wfmhuJjHtRq2ZyK+XubTEd8scznier6eyifIUxHvbfJ84sHSF0X8Q6SYS+002Z376nXlzCuNr81emuup7b6uPPDvD/fTDn9tqkcRE9Urfjt9+IMdAAAAAAB2niL+OlLcmDmQ5qN3TbE1e7lxrjkx3flWuPvdfyPvtbKysjKQOtnIOZTzZM6zOS/knM95Lef1nG/mvJHzrZw3cy7nbOeMWn78nI2cQzlP5jyb80LO+ZzXcl7P+WbOGznfynkz53LOds6w7gUAAAAAAADADrMnivhxpPjCX32rOq84qvPSP3Fi+MBXv9h7zvhn7nA/Ze1zEXEjtnZObn8+dTjVyj8ffb/YmnoU8Z18/t/vb3djAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAbVWLIj4TKX74RjtFiohGxIXo5HKx3a0DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPox6KuJ0pPjFV+rV9ZsR8dmI+N+V8k9ELK9ssN0tBgAAAAAAAABukYoYihSPP9lOAxFxdeCd3Y/tHzhx/MXz+4ooIpUlvfUvj5071Tg9NzO/MLW4ODXZGJ9tXZybnNrqw9XPtGavXB0fGb0nnbmjPfe4/Xvqp+fmX19oXX51adPb99ZPTSwuLTQvbn5z7IlaxFDvlsGqweMjo1Wjp1vN2WrXVLtNA2sRja12BgAAAAAAAICHxt5UxNFI8WrrSOquG/d11vx/qXOtWK39s99b+y3A9Ibs6v39wFYup602dLBaeG+Mj4yOjvVs7uu/tbRsU0pF/GWk+NxvP1Gth6fYu+naeFm3K1Ic+9aRXDfwubLu5Lqq+uD4yGjjpbnZL5+anp672FxqTkxPNcbmmxe3/MMBAAAAAAAAALiH9qYi/jRS/M7QzdQ97zyv//d1rvWs//9atYReqaf1uapa2/94tbbfufyJE8ON0V+53fZ7sf5ftimlIv4lUjz+u09U59N31/+HNtSWdf8VKf7575/KdbVdZd3Bbnc693ipNT01lPJYff7Zbm1Utcdz7SfXag+WtZ+PFH/+zPra4Vz7qbXaQ2XtH0aK/zm6ee2n12oPl7V/ECl+8+1Gt3ZvWXsm1+5fq33u4tz05J2GtZz/v4kUZ3/x1dTt823nv+f3H9c25Kpb5vyDL39U8z/Qs+1antcf5/k/eIf5/9tI8Uc/fSrXdcb+UL798erftfn/rUjxH7+8vvZYrt23Vntwq93abuX8fylSnPjRj1b7nOc/j+zaDPXO/2f71ufqs2Sb5v/xnm0DuV2H/59j8ShafP3brzWnp6cWHpQL/5kbvlPa44ILD+WFbX5h4r4o3///MVK8cKaWuscx+f3/Y51ra8d/739n7f3/hQ25apve//f1bHshH7X090XUl2bm+/dH1Bdf//aXWzPNy1OXp2aHjx098vzwsWPP9+/qHtutXdry0D0Uyvk/Eyle+ek/rX6OWX/8t/nx/94NuWqb5v+TvX1ad1yz5aF4JJXzfz1SfPftd1c/b37Q8X/38/+BL6zP1f9/2zT/n+rZVv3G/+MRz/dsO/DpiFNbfSwAAAB4yOzN6+R//Kt/t3rO+/rP//HFbm3v9z+3sxPO/wcAAAAAgEfd3lTEX0SK/x76UuqeQ7aV339ObshV2/T7v/092ybv03ktWx5kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAdKEURT0eKV3/STstFeb2jfqY1e+Xq+Mjo5rvtSZGiFkVVX/6tHzx0+MjRY8eHu/nB+3/UnoyXx86dapyem5lfmFpcnJpsjM+2Ls5NTm35Hu52/40GqwFozLx2ZfLSpcXGoecOr7v56sA7ux/bP3Di+Ivn93Vrx0dGR8d6avr6P/Sj3yLdZvuuKOJSpKh/7930b0VELe5+LO7w3LnX9lSdGKw6MT4yWnVkutWcXSpvTLVcVYsY6NnpZHeM7sNc3JVGxLWy+WWDB8vujc03F5oT01ONs82FpdZSa2421TqtLfszELUYThHzEdEubr27/ihiIlJ8//12eruIKLrj8OxLY98YOnzn9tTuQR97rXx30819Zd+KiJvxAMzZDrY7ivhYpPjB+aH4WdEZ12rYnon4eplPR3yzzOWI6/l6Kp8gT0W8t8nziQdLXxRxNlLMpXb69yLPffW6cuaVxtdmL8311HZfVx7494f7aYe/NtWjiJ9Xr/jt9HP/nwEAAAAAHiJF/HqkuDFzIFXrg6triq3Zy41zzYnpztf63e/+G3mvlZWVlYHUyUbOoZwnc57NeSHnfM5rOa/nfDPnjZxv5byZczlnO2fU8uPnbOQcynky59mcF3LO57yW83rON3PeyPlWzps5l3O2c4bvyQEAAAAAAIAdqBZFPBEpfvhGO60UnQXeC9HJZeucD73/CwAA//8Nuzyo")
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, 0x0, 0x800, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
setreuid(0x0, 0xee01)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, 0x0, 0x0)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
r6 = getpid()
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r5, 0xc1105517, &(0x7f0000000340)={{0xfffffffe, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x6, 0x2, 0x4, r6, 0x0, 0x0, 'syz1\x00', 0x0})
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r5, 0xc1105518, &(0x7f0000000c40)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0x80000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x108000000000000, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x80000000000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000, 0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x80000000000000, 0xfffffffc, 0x1, 0x8, 0x4, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x4, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0xfffffffc, 0x7]})
r7 = openat(r0, &(0x7f0000000180)='./file1\x00', 0x42041, 0x0)
pwritev2(r7, &(0x7f00000001c0)=[{0x0}], 0x1, 0xe7b, 0x0, 0x0)

1m24.355831283s ago: executing program 8 (id=1244):
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000240)=ANY=[], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_setup(0x499, 0x0, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008094)
pipe(&(0x7f00000007c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
vmsplice(r3, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1)
close(r3)
r4 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4)
setsockopt$inet_tcp_TCP_MD5SIG(r4, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @loopback}}, 0x0, 0x20000000005, 0x21}, 0xd8)
bind$inet(r4, &(0x7f0000deb000)={0x2, 0x4e23, @multicast2}, 0x10)
sendto$inet(r4, 0x0, 0x0, 0x240087f9, &(0x7f0000000100)={0x2, 0x4e23, @loopback}, 0x10)
splice(r2, 0x0, r3, 0x0, 0xfffd, 0x0)

1m21.353984989s ago: executing program 8 (id=1249):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
shutdown(0xffffffffffffffff, 0x1)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x4, 0x93, &(0x7f00000003c0)=""/147, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000100)={0x1f, 0xffff}, 0x6)
r5 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r5, &(0x7f00000000c0), 0x10)

1m17.389797376s ago: executing program 8 (id=1254):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x1000, 0x2})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r3 = dup3(r2, r1, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x44, 0x0, &(0x7f0000000900)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000ac0)={0x4c, 0x0, &(0x7f0000000240)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f00000001c0)={0x30, 0x30, 0x30}}}], 0x0, 0x0, 0x0})
socket$inet(0x2, 0x4, 0x100)
r5 = socket$inet6(0xa, 0x3, 0x7)
connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev, @in=@empty, 0x0, 0x0, 0x1, 0x4, 0xa}, {0xbd1, 0x0, 0x3}, {0x81, 0x2}, 0x2000000, 0x0, 0x1, 0x0, 0x0, 0x2}, {{@in=@local, 0x8000, 0x33}, 0x0, @in6=@empty, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x10000}}, 0xe8)
sendmmsg(r5, &(0x7f0000000480), 0x2e9, 0xffe0)
r6 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000000)={0x4}, 0x10)
write(r6, &(0x7f0000000080)="240000001a007f0214f9f4070009040803000000000000050002000008000f40fe00000e", 0x24)
getsockopt$IP_VS_SO_GET_TIMEOUT(r6, 0x0, 0x486, &(0x7f0000000100), &(0x7f0000000300)=0xc)

1m1.901000149s ago: executing program 37 (id=1254):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x1000, 0x2})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r3 = dup3(r2, r1, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x44, 0x0, &(0x7f0000000900)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000ac0)={0x4c, 0x0, &(0x7f0000000240)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f00000001c0)={0x30, 0x30, 0x30}}}], 0x0, 0x0, 0x0})
socket$inet(0x2, 0x4, 0x100)
r5 = socket$inet6(0xa, 0x3, 0x7)
connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev, @in=@empty, 0x0, 0x0, 0x1, 0x4, 0xa}, {0xbd1, 0x0, 0x3}, {0x81, 0x2}, 0x2000000, 0x0, 0x1, 0x0, 0x0, 0x2}, {{@in=@local, 0x8000, 0x33}, 0x0, @in6=@empty, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x10000}}, 0xe8)
sendmmsg(r5, &(0x7f0000000480), 0x2e9, 0xffe0)
r6 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000000)={0x4}, 0x10)
write(r6, &(0x7f0000000080)="240000001a007f0214f9f4070009040803000000000000050002000008000f40fe00000e", 0x24)
getsockopt$IP_VS_SO_GET_TIMEOUT(r6, 0x0, 0x486, &(0x7f0000000100), &(0x7f0000000300)=0xc)

19.734394928s ago: executing program 5 (id=1317):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat(r0, 0x0, 0x515401, 0x408)
r1 = syz_open_dev$dri(0x0, 0x0, 0x0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c643f, 0x0)
setsockopt$inet_tcp_TLS_TX(r0, 0x6, 0x1, &(0x7f0000000140)=@ccm_128={{0x304}, "e4a12d146189f1f7", "e2d54cd929726529ff18ddc098ab4715", 'I9\vb', "ce2478a16532796e"}, 0x28)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setpgid(0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket(0x840000000002, 0x3, 0xff)
sendmmsg$inet(r5, &(0x7f0000000280)=[{{&(0x7f00000001c0)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000000)=[{0x0}], 0x1}}, {{&(0x7f0000000040)={0x2, 0x4e21, @remote}, 0x10, 0x0, 0x0, &(0x7f00000000c0)=[@ip_retopts={{0x10}}], 0x10}}], 0x2, 0x20004086)
r6 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_GET_MR_FOR_DEST(r6, 0x114, 0x7, &(0x7f0000000080)={@x25, {0x0}, 0x0, 0x13}, 0xa0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

18.430416125s ago: executing program 5 (id=1318):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
getpid()
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000300)={{0xffffffffffffffff, 0x2}})

17.858839098s ago: executing program 0 (id=1319):
r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f0000000080)={0x0, 0x300})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x4000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r4, 0x400448ca, 0x0)
ioctl$KDSETLED(0xffffffffffffffff, 0x4b32, 0x1)
modify_ldt$write2(0x11, &(0x7f0000000400)={0x2, 0x20001000, 0xffffffffffffffff, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1}, 0x10)
modify_ldt$read(0x0, 0x0, 0xfffffffffffffef3)
r5 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_DISCONNECT(r5, 0xab08)
bind$bt_hci(r4, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
write$bt_hci(r4, 0x0, 0x7)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r6, &(0x7f00000000c0)={0x1f, 0xffff, 0x3}, 0x6)
io_setup(0x3fe, &(0x7f0000000100))

17.858438057s ago: executing program 5 (id=1320):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000f00)={0x11, 0x7, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000020000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$kcm(0x11, 0xa, 0x300)
socket$can_j1939(0x1d, 0x2, 0x7)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0))
syz_usbip_server_init(0x1)
syz_usbip_server_init(0x1)
syz_usbip_server_init(0x2)
syz_usbip_server_init(0x0)
syz_usbip_server_init(0x1)
syz_usbip_server_init(0x5)
syz_usbip_server_init(0x0)
syz_usbip_server_init(0x0)
syz_usbip_server_init(0x0)
openat$binfmt_register(0xffffff9c, 0x0, 0x1, 0x0)
syz_usbip_server_init(0x3)
r1 = syz_io_uring_setup(0x42e6, &(0x7f0000000200)={0x0, 0x5eda, 0x10100, 0x4, 0x25d}, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpu.stat\x00', 0x275a, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x18, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, {0x3}})
socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000001c0))
write$UHID_CREATE2(r4, &(0x7f00000001c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_POLL_REMOVE={0x7, 0x49, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1})
io_uring_enter(r1, 0x7330, 0x0, 0x0, 0x0, 0x0)

16.369817437s ago: executing program 5 (id=1321):
syz_mount_image$udf(&(0x7f0000000a40), &(0x7f0000000000)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x4400, &(0x7f0000000240)=ANY=[@ANYBLOB="73686f72746164000000006d653d3030303030303030303030303030303030b030342c6e6f6164696e6963622c7569643d00", @ANYRES8, @ANYRES64=0x0], 0x1, 0xa23, &(0x7f0000000a80)="$eJzs209sm+d9B/Dfw1eyaadrFbd1kzbLWLQIPKUN5P9KvAH2rApt5iZGZWXzZTBlyQ4R/askF043tB42oAjQg1FgPWzAkMsOA3bwDrvsFOwwDBg2GDsMxYp2Wrpm6WkMNiCnTcP78qFEyXKsxbEl25+PYX/Jl7+XfP7Q5Es+fAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAiPiNr5waOpi2uxUAwP300tg3hg57/weAR8o5n/8BAAAAAAAAAAAAAGCnS1HEn0SKV3/STheq6x31M63ZK1fHR0Y3321PihS1KKr68m/94KHDR44eOz7czQ/e/6P2ZLw8du5U4/TczPzC1OLi1GRjfLZ1cW5yasv3cLf7bzRYDUBj5rUrk5cuLTYOPXd43c1XB97Z/dj+gRPHXzy/r1s7PjI6OtZT09f/oR/9Frc7w2NXFPGzSFH/3rupGRG1uPuxuMNz517bU3VisOrE+Mho1ZHpVnN2qbwx1XJVLWKgZ6eT3TG6D3NxVxoR18rmlw0eLLs3Nt9caE5MTzXONheWWkutudlU67S27M9A1GI4RcxHRLu49e76o4h/jRTff7+dJiKi6I7Ds9WJwXduT+0e9HEL+sq+FRE34wGYsx1sdxTxRqT4wfmhuJjHtRq2ZyK+XubTEd8scznier6eyifIUxHvbfJ84sHSF0X8Q6SYS+002Z376nXlzCuNr81emuup7b6uPPDvD/fTDn9tqkcRE9Urfjt9+IMdAAAAAAB2niL+OlLcmDmQ5qN3TbE1e7lxrjkx3flWuPvdfyPvtbKysjKQOtnIOZTzZM6zOS/knM95Lef1nG/mvJHzrZw3cy7nbOeMWn78nI2cQzlP5jyb80LO+ZzXcl7P+WbOGznfynkz53LOds6w7gUAAAAAAADADrMnivhxpPjCX32rOq84qvPSP3Fi+MBXv9h7zvhn7nA/Ze1zEXEjtnZObn8+dTjVyj8ffb/YmnoU8Z18/t/vb3djAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAbVWLIj4TKX74RjtFiohGxIXo5HKx3a0DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPox6KuJ0pPjFV+rV9ZsR8dmI+N+V8k9ELK9ssN0tBgAAAAAAAABukYoYihSPP9lOAxFxdeCd3Y/tHzhx/MXz+4ooIpUlvfUvj5071Tg9NzO/MLW4ODXZGJ9tXZybnNrqw9XPtGavXB0fGb0nnbmjPfe4/Xvqp+fmX19oXX51adPb99ZPTSwuLTQvbn5z7IlaxFDvlsGqweMjo1Wjp1vN2WrXVLtNA2sRja12BgAAAAAAAICHxt5UxNFI8WrrSOquG/d11vx/qXOtWK39s99b+y3A9Ibs6v39wFYup602dLBaeG+Mj4yOjvVs7uu/tbRsU0pF/GWk+NxvP1Gth6fYu+naeFm3K1Ic+9aRXDfwubLu5Lqq+uD4yGjjpbnZL5+anp672FxqTkxPNcbmmxe3/MMBAAAAAAAAALiH9qYi/jRS/M7QzdQ97zyv//d1rvWs//9atYReqaf1uapa2/94tbbfufyJE8ON0V+53fZ7sf5ftimlIv4lUjz+u09U59N31/+HNtSWdf8VKf7575/KdbVdZd3Bbnc693ipNT01lPJYff7Zbm1Utcdz7SfXag+WtZ+PFH/+zPra4Vz7qbXaQ2XtH0aK/zm6ee2n12oPl7V/ECl+8+1Gt3ZvWXsm1+5fq33u4tz05J2GtZz/v4kUZ3/x1dTt823nv+f3H9c25Kpb5vyDL39U8z/Qs+1antcf5/k/eIf5/9tI8Uc/fSrXdcb+UL798erftfn/rUjxH7+8vvZYrt23Vntwq93abuX8fylSnPjRj1b7nOc/j+zaDPXO/2f71ufqs2Sb5v/xnm0DuV2H/59j8ShafP3brzWnp6cWHpQL/5kbvlPa44ILD+WFbX5h4r4o3///MVK8cKaWuscx+f3/Y51ra8d/739n7f3/hQ25apve//f1bHshH7X090XUl2bm+/dH1Bdf//aXWzPNy1OXp2aHjx098vzwsWPP9+/qHtutXdry0D0Uyvk/Eyle+ek/rX6OWX/8t/nx/94NuWqb5v+TvX1ad1yz5aF4JJXzfz1SfPftd1c/b37Q8X/38/+BL6zP1f9/2zT/n+rZVv3G/+MRz/dsO/DpiFNbfSwAAAB4yOzN6+R//Kt/t3rO+/rP//HFbm3v9z+3sxPO/wcAAAAAgEfd3lTEX0SK/x76UuqeQ7aV339ObshV2/T7v/092ybv03ktWx5kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAdKEURT0eKV3/STstFeb2jfqY1e+Xq+Mjo5rvtSZGiFkVVX/6tHzx0+MjRY8eHu/nB+3/UnoyXx86dapyem5lfmFpcnJpsjM+2Ls5NTm35Hu52/40GqwFozLx2ZfLSpcXGoecOr7v56sA7ux/bP3Di+Ivn93Vrx0dGR8d6avr6P/Sj3yLdZvuuKOJSpKh/7930b0VELe5+LO7w3LnX9lSdGKw6MT4yWnVkutWcXSpvTLVcVYsY6NnpZHeM7sNc3JVGxLWy+WWDB8vujc03F5oT01ONs82FpdZSa2421TqtLfszELUYThHzEdEubr27/ihiIlJ8//12eruIKLrj8OxLY98YOnzn9tTuQR97rXx30819Zd+KiJvxAMzZDrY7ivhYpPjB+aH4WdEZ12rYnon4eplPR3yzzOWI6/l6Kp8gT0W8t8nziQdLXxRxNlLMpXb69yLPffW6cuaVxtdmL8311HZfVx7494f7aYe/NtWjiJ9Xr/jt9HP/nwEAAAAAHiJF/HqkuDFzIFXrg6triq3Zy41zzYnpztf63e/+G3mvlZWVlYHUyUbOoZwnc57NeSHnfM5rOa/nfDPnjZxv5byZczlnO2fU8uPnbOQcynky59mcF3LO57yW83rON3PeyPlWzps5l3O2c4bvyQEAAAAAAIAdqBZFPBEpfvhGO60UnQXeC9HJZeucD73/CwAA//8Nuzyo")
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, 0x0, 0x800, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
setreuid(0x0, 0xee01)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, 0x0, 0x0)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
r6 = getpid()
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r5, 0xc1105517, &(0x7f0000000340)={{0xfffffffe, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x6, 0x2, 0x4, r6, 0x0, 0x0, 'syz1\x00', 0x0})
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r5, 0xc1105518, &(0x7f0000000c40)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0x80000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x108000000000000, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x80000000000000, 0x0, 0x0, 0x0, 0x0, 0x40, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000, 0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x80000000000000, 0xfffffffc, 0x1, 0x8, 0x4, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x4, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0xfffffffc, 0x7]})
r7 = openat(r0, &(0x7f0000000180)='./file1\x00', 0x42041, 0x0)
pwritev2(r7, &(0x7f00000001c0)=[{0x0}], 0x1, 0xe7b, 0x0, 0x0)

14.917283691s ago: executing program 5 (id=1323):
sigaltstack(0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)

14.916139362s ago: executing program 0 (id=1325):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
getpid()
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000300)={{0xffffffffffffffff, 0x2}})

12.882959356s ago: executing program 0 (id=1327):
syz_mount_image$udf(&(0x7f0000000500), &(0x7f00000000c0)='./file3\x00', 0x0, &(0x7f0000000700)=ANY=[], 0x43, 0xc11, &(0x7f0000000d00)="$eJzs3V1oXOl5B/DnnSOtRto00WYTb9Jm04GUxCi18VdsBZcgZxW1AccbIit0r6LRh51h5ZGR5MabtkFtSQu9Cd2b0psimi4t5KJX3V5WabaQUAol5CK9KAiaLHvRC10ECi0bhXPmHWlky7ayXlvS7u+3zP7PnHnO+P0YnzkCvzoBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAER89nOXTp1OB90KAOBxujL5pVNnff8DwLvKVT//AwAAAAAAAAAAAADAYZeiiGORYujVzTRdPe+oX261b92eGp/Y+7DBFClqUVT15aN++szZc586f2G0m/c//u324Xh+8uqlxnOLN24uzS8vz881ptqt2cW5+X2/w8Mef6eRagAaN168NXft2nLjzMmzu16+Pfz6wJPHhi9eOHF+tFs7NT4xMdlT09f/lv/0u9xrhccTUUQzUrw5/EZqRkQtHn4sHvDZedQGq06MVJ2YGp+oOrLQarZXyhdTLVfVIho9B411x+gxzMVDGYtYLZtfNnik7N7kzeZSc2ZhvvHF5tJKa6W12E61TmvL/jSiFqMpYi0iNgbufrv+KOKjkeLlU5tpJiKK7jh8sloY/OD21B5BH/ehbGejP2KtdgTm7BAbiCKuRIqfvXY8Zssxy4/4eMQXynw14pUyPxORyg/GuYif7vE54mjqiyL+PVIsps00V50PuueVy19ufL59bbGntnteOfLfD4/TIT831aOImeqMv5ne+sUOAAAAAAAAAAAAAAAAAG+3wSji25HiT579vWpdcVTr0t93cfQ9L/x275rxZx7wPmXtyYhYre1vTW5/XjqcauV/j6Bj7Es9ivhGXv/3RwfdGAAAAAAAAAAAAAAAAAAAgHe1Il6IFF85cTytRe89xVvt642rzZmFzl1hu/f+7d4zfWtra6uROjmWczrnas61nOs5N3JGLR+fcyzndM7VnGs513Nu5IwiH59zLOd0ztWcaznXc27kjL58fM6xnNM5V3Ou5VzPuZEzDsm9ewEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3klqUcTPI8W3vraZIkXEWMR0dHJ94KBbBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACU6qmIk5Fi/YV69XytFnE1In6+tbXVfUTEZpkP66D7CgAAAAAAAAAAAAAAAAAAAIdWKuJjkeLp/9tMjYi4Pfz6wJPHhi9eOHF+tIgiUlnSW//85NVLjecWb9xcml9enp9rTLVbs4tz8/v94+qXW+1bt6fGJx5JZx5o8BG3f7D+3OLNl5Za17+6sufrQ/VLM8srS83ZvV+OwahFTPfuGakaPDU+UTV6odVsV4em2j0aWIsY229nAAAAAAAAAAAAAAAAAAAAODSGUhGfixQ/+a9zqbtuvK+z5v9XOs+K7dpX/mDndwEs3JFdvb8/YD/bab8NHakW3jemxicmJnt29/XfXVq2KaUinokUn3j5Q9V6+BRDe66NL+veW9bdOJfrhn+trFvdVVUfmRqfaFxZbJ+4tLCwONtcac4szDcmbzZn9/2LAwAAAAAAAAAAAAAAAAAAAOA+hlIRP4oU//P3/5G6953P6//7Os961v//VrWEvlJPu3Nbtbb/vdXa/s72+y6ODn302XvtfxTr/8s2pVTENyPF2R99qLqffnf9//QdtWXdn0WKN579SK6rPVHWNbvd6bzjtdbC/Kmy9q8jxa+/2a2NqvZ6rn16p/Z0WTsYKf5yc3ftV3PtB3Zqz5S1xyPF9/5779oP7tSeLWt/Ein+6e8a3dqhsvb3c+2xndqTs4sLcw8a1nL+vxMp/vbK76Run+85/z2//2H1jtx215zff/vtmv/hnn2reV7/NM9/8wHzfz5SfKf+kVzXGfuZ/PpT1f935v8TkeI//2137bVc+/6d2tP77dZBK+f/25Hiu3/14+0+5/nPI7szQ73z/6t9u3P7U3JA8/9Uz77h3K7ZX3Is3o2WX/r6i82FhfklGzZs2NjeOOgzE49D+f3/55Hi/48VqXsdk7//39N5tnP997/f2Pn+v3hHbjug7//39+y7mK9a+vsi6is3bvY/E1FffunrJ1o3mtfnr8+3z5w+9elPnz996vT5/ie6F3c7W/seu3eCcv5/ECl++A8/3P45Zvf1397X/0N35LYDmv+ne/u067pm30PxrlTO/99Eiqc+++Ptnzfvd/3f/fn/+Md25/bfvwOa/w/07BvO7Wr9kmMBAAAAAAAAAABwlAylIv4iUvzuH/9m6q4h2s+//5u7I7cd0L//Otazb+4xrWvY9yADABwi5fXfByPFP299f3st9+7rv/iNbm3v9d+9HIb7/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFGXoog/jBRDr26m9YHyeUf9cqt96/bU+MTehw2mSFGLoqovH/XTZ86e+9T5C6PdvP/xb7cPx/OTVy81nlu8cXNpfnl5fq4x1W7NLs7N7/sdHvb4O41UA9C48eKtuWvXlhtnTp7d9fLt4dcHnjw2fPHCifOj3dqp8YmJyZ6avv63/KffJd1j/xNRxPcjxZvDb6TvDkTU4uHH4gGfnUdtsOrESNWJqfGJqiMLrWZ7pXwx1XJVLaLRc9BYd4wew1w8lLGI1bL5ZYNHyu5N3mwuNWcW5htfbC6ttFZai+1U67S27E8jajGaItYiYmPg7rfrjyK+GSlePrWZ/mUgouiOwyevTH7p1NkHt6f2CPq4D2U7G/0Ra7UjMGeH2EAU8Y+R4mevHY/vDUT0RecRH4/4QpmvRrxS5mciUvnBOBfx0z0+RxxNfVHEuUixmDbTawPl+aB7Xrn85cbn29cWe2q755Uj//3wOB3yc1M9ivhBdcbfTP/q7zUAAAAAAAAAAAAAAADAIVLEWqT4yonjqVofvL2muNW+3rjanFnoLOvrrv3rrpne2traaqROjuWczrmacy3nes6NnFHLx+ccyzmdczXnWs71nBs5o8jH5xzLOZ1zNedazvWcGzmjLx+fcyzndM7VnGs513Nu5IxDsnYPAAAAAAAAAAAAAAAAAAB4Z6lFUd3F/Vtf20xbA537S09HJ9fdD/Qd7xcBAAD//0kCdPc=")
sched_setaffinity(0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0)
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="666d61736b3d30303030303030303030303030303030303030303030322c646973636172642c6572726f72733d72656d6f756e742d726f2c696f636861727365743d63703837342c616c6c6f775f7574696d653d30303030303030303030303030303030303030343030312c6572726f72733d72656d6f756e742d726f2c6572726f72733d636f6e74696e75652c6572726f72733d72656d6f756e742d726f2c696f636861727365743d63703836302c646973636172642c00dced11a2761e8532b2e0199234d7a478a2aec0301261dde220b36942b4f3d68482a89f58807c55940bdceffd4304c6e43f1216c6dc21daa755559823f0b9888dc6900528ec81651ff87269792ed5127d2ee52b9c8db3aa710ae36b906361a733254beccd064f03dab460f16c773d5c6adde92a15560e0a3257ddad10a92455a9655422ea47117f789464f7a779a56cc2a03dd0430e633e2b235ae19b1adf47a79f8970571500a1eac601a0d49337c615e8d5fb2f8384fb9e757ff9b4e3"], 0x3, 0x1510, &(0x7f0000003640)="$eJzs3Am4TlX7MPD7Xmvt45D0dJLhsNa6N08yLCdJMiTJkCRJkmRKSDrJKwmJQ6akQxKS4ZAMh5AMJ0465nkekyTpJEmmTMn6rlN83t7qe//v/+17/a//uX/Xta9n3c/a99prP/czrL0N33UZWrNxrWoNiQj+LfjrQxIAxALAQAC4DgACACgXVy4uqz+nxKR/7yDsr/VI6tWeAbuauP7ZG9c/e+P6Z29c/+yN65+9cf2zN65/9sb1Zyw72zy94PW8Zd+N7/9nZ/z7/79IZumxX60tfWPXfyGF65+9cf3/1wr+Kztx/bM3rn/2xvXP3rj+2UGOP+3h+mdvXH/GsrOrff+Zt6u7Xe33H2OMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4yx7OGsv0IBwOX21Z4XY4wxxhhjjDHG/jo+x9WeAWOMMcYYY4wxxv7/QxAgQUEAMZADYiEn5AIBANdCHrgOInA9xMENkBduhHyQHwpAQYiHQlAYNBiwQBBCESgKUbgJisHNUBxKQEkoBQ5KQwLcAmXgVigLt0E5uB3Kwx1QASpCJagMd0IVuAuqwt1QDe6B6lADakItuBdqw31QB+6HuvAA1IMHoT48BA3gYWgIj0AjeBQaw2PQBB6HptAMmkMLaPnfyn8JesDL0BN6QRL0hj7wCvSFftAfBsBAeBUGwWswGF6HZBgCQ+ENGAZvwnB4C0bASBgFb8NoeAfGwFgYB+MhBSbARHgXJsF7MBmmwFSYBqkwHWbA+zATZsFs+ADmwIcwF+bBfFgAafARLIRFkA4fw2L4BDJgCSyFZbAcVsBKWAWrYQ2shXWwHjbARtgEm2ELbIVtsB12wE7YBbvhU9gDn8Fe+Bz2wRf/Yv6Zf8jvioCAAgUqVBiDMRiLsZgLc2FuzI15MA9GMIJxGId5MS/mw3xYAAtgPMZjYSyMBg0SEhbBIhjFKBbDYlgci2NJLIkOHSZgApbBW7EslsVyWA7LY3msgBWxIlbGylgFq2BVrIrVsBpWx+pYE2vivXgv9sY6WAfrYl2sh/Uu357ChtgQG2EjbIyNsQk2wabYFJtjc2yJLbEVtsLW2BrbYltsh+2wPbbHREzEDtgBO2JH7ISdsDN2xi7YBbtiN+yGL+UAfBlfxl5YXfTGPtgH+2Jyjv44AAfgqzgIX8PX8HVMxiE4FN/AN/BNHI6ncQSOxFE4CquId3AMjkUS4zEFU3AiTsRJOAkn4xScgtMwFafjDJyBM3EWzsIPcA5+iB/iPJyHCzAN03AhLsJ0TMfFeAYzcAkuxWW4HFfgclyFq3EVrsV1uBY34AbchJtwC27BbbgNd+AO3IUKAD/Fz/AzTMZ9uA/34348gAfwIB7ETMzEQ3gID+NhPIJH8CgexWN4HE/gcTyFp/A0nsGzeBbP43m8gC/Ef9NoV4k1ySCyKKFEjIgRsSJW5BK5RG6RW+QReURERESciBN5RV6RT+QTBUQBES/iRWFRWBhhBIkwBgBEVERFMVFMFBfFRUlRUjjhRIJIEGVEGVFWlBXlxO2ivLhDVBAVRRtXWVQWVURbV1XcLaqJaqK6qCFqilqilqgtaos6oo6oK+qKeqKeqC8eEg1Eb+yPj4isyjQWQ7CJGIpNRTMhL32DtRLDsbVoI9qKp8RIHIHtRSuXKJ4VHcQY7Cj+Jsbi86KzGI9dxIuiq+gmuouXRA/R2vUUvcRk7C36iGnYV/QT/cUAMRNriA9wTs6a4nWRLIaIoeINsQDfFMPFW2KEGClGibfFaPGOGCPGinFivEgRE8RE8a6YJN4Tk8UUMVVME6liupgh3hczxSwxW3wg5ogPxVwxT8wXC0Sa+EgsFItEuvhYLBafiAyxRCwVy8RysUKsFKvEarFGrBXrxHqxQWwUm8RmsUVsFdvEdrFD7BS7xG7xqdgjPhN7xedin/hC7BdfigPiK3FQfC0yxTfikPhWHBbfiSPie3FU/CCOiePihDgpTokfxWlxRpwV58R58ZO4IH4WF4UXIFEKKaWSgYyROWSszClzyWtkbhlcenWvl3HyBplX3ijzyfyygCwo42UhWVhqaaSVJENZRBaVUXmTLCZvlsVlCVlSlpJOlpYJ8hZZRt4qy8rbZDl5uywv75AVZEVZSVaWd8oq8i4JkV+PUV3WkDVlLXmvrC3vk3Xk/bKufEDWkw/K+vIh2UA+LBvKR2Qj+ahsLB+TTeTjsqlsJpvLFrKlfEK2kk/K1rKNbCufku3k07K9fEYmymdlB+kvvUWel53lC7KLfFF2ld1kd/mzvCi97Cl7SYDeso98RfaV/WR/OUAOlK/KQfI1OVi+LpPlEDlUviGHyTflcPmWHCFHylHybTlaviPHyLFynBwvU+QEOVG+KyfJ9+RkOUVOldNkqpwu+18aabaU/zT/3T/IH/zL0TfJzXKL3Cq3ye1yh9wpd8ndcrfcI/fIvXKv3Cf3yf1yvzwgD8iD8qDMlJnykDwkD8vD8og8Io/Ko/KYPC7PyZPylPxRnpZn5Bl5Tp6X5+WFS68BKFRCSaVUoGJUDhWrcqpc6hqVW12r8qjrVERdr+LUDSqvulHlU/lVAVVQxatCqrDSyiirSIWqiCqqouomvPSGUSVVKeVUaZWgbvlX8lUxdbMqrkr8Jv/y/JL+ZH4tVUvVSrVSrVVr1Va1Ve1UO9VetVeJKlF1UB1UR9VRdVKdVGfVWXVRXVRX1VV1V91VD9VD9VQ9VZJKUn3UK6qv6qf6qwFqoHpVDVKD1GA1WCWrZDVUDVXD1DA1XA1XI9QINUqNUqPVaDVGjVHj1DiVolLURDVRTVKT1GQ1WU1VU1WqSlUz1Aw1U81Us9VsNUfNUXPVXDVfzVdpKk0tVAtVukpXi9VilaGWqCVqmVqmVqgVapVapdaoNWqdWqc2qA0qQ21Wm9VWtVVtV9vVTrVT7Va71R61R+1Ve9U+tU/tV/vVAXVAHVQHVabKVIfUIXVYHVZH1BF1VB1Vx9QxdUKdUKfUKXVanVZn1Vl1Xp1XF9QFdVFdzFr2BSIQgQpUEBPEBLFBbJAryBXkDnIHeYI8QSSIBHFBXJA3uDHIF+QPCgQFg/igUFA40IEJbCAuFT0a3BQUC24OigclgpJBqcAFpYOE4JagTHBrUDa4LSgX3B6UD+4IKgQVg0pB5eDOoEpwV1A1uDuoFtwTVA9qBDWDWsG9Qe3gvqBOcH9QN3ggqBc8GNQPHgoaBA8HDYNHgkbBo0Hj4LGgSfB40DRoFjQPWgQt/9LxvT+d/0nXU/fSSbq37qNf0X11P91fD9AD9at6kH5ND9av62Q9RA/Vb+hh+k09XL+lR+iRepR+W4/W7+gxeqwep8frFD1BT9Tv6kn6PT1ZT9FT9TSdqqfrGfp9PVPP0rP1B3qO/lDP1fP0fL1Ap+mP9EK9SKfrj/Vi/YnO0Ev0Ur1ML9cr9Eq9Sq/Wa/RavU6v1xv0Rr1Jb9Zb9Fa9TW/XO/ROvUvv1p/qPfozvVd/rvfpL/R+/aU+oL/SB/XXOlN/ow/pb/Vh/Z0+or/XR/UP+pg+rk/ok/qU/lGf1mf0WX1On9c/6Qv6Z31R+6zFfdbPu1FGmRgTY2JNrMllcpncJrfJY/KYiImYOBNn8pq8Jp/JZwqYAibexJvCprDJQoZMEVPERE3UFDPFTHFT3JQ0JY0zziSYBFPGlDFlTVlTzpQz5U15U8FUMJVMJXOnudPcZe4yd5u7zT3mHlPD1DC1TC1T29Q2dUwdU9fUNfVMPVPf1DcNTAPT0DQ0jUwj09g0Nk1ME9PUNDXNTXPT0rQ0rUwr09q0Nm1NW9POtDPtTXuTaBJNB9PBdDQdTSfTyXQ2nU0X08V0NV1Nd9Pd9DA9TE/T0ySZJNPH9DF9TV/T3/Q3A81AM8gMMoPNYJNsks1QM9QMM8PMcDPcjDAjzaishap5x4wxY804M96kmBQz0Uw0k8wkM9lMNlPNVJNqUs0MM8PMNDPNbDPbzDFzzFwz18w3802aSTMLzUKTbtLNYrPYZJgMs9QsNcvNcrPSrDSrzWqz1qw162G92Wg2ms1ms9lqtprtZrvZaXaa3Wa32WP2mL1mr9ln9pn9Zr85YA6Yg+agyTSZ5pA5ZA6bw+aIOWKOmqPmmDlmTpgT5pQ5ZU6b0+asOWvOm/yXfi+9ibU5bS57jc1tr7V57HX2H+MCtqCNt4VsYattPpv/N7Gx1ha3JWxJW8o6W9om2Ft+F1ewFW0lW9neaavYu2zV38W17X22jr3f1rUP2Fr23t/E9eyDtr59zDZABLDNbCPbwja2j9km9nHb1DazzW0L284+bdvbZ2yifdZ2sM/9Ll5oF9nVdo1da9fZPfYze9aes4ftd/a8/cn2tL3sQPuqHWRfs4Pt6zbZDvldPMq+bUfbd+wYO9aOs+N/F0+102yqnW5n2PftTDvrd3Ga/cjOsel2rp1n59sFv8RZc0q3H9vF9hObYZfYpXaZXW5X2JV21f+d6zK7wW60m+xu+6ndarfZ7XaH3Wl3/RJnncde+7ndZ7+wh+y39oD9yh60R2ym/eaXOOv8jtjv7VH7gz1mj9sT9qQ9ZX+0p+2ZX84/69xP2p/tRestEBKQJEUBxVAOiqWclIuuodx0LeWh6yhC11Mc3UB56UbKR/mpABWkeCpEhUmTIUtEIRWhohSlm+jyOr0klSJHpSmBbqEydCuVpduoHN1O5ekOqkAVqRJVpjupCt1FVeluqkb3UHWqQTWpFt1Ltek+qkP3U116gOrRg1SfHqIG9DA1pEeoET1KjekxakKPU1NqRs2pBbWkJ6gVPUmtqQ21paeoHT1N7ekZSqRnqQM9Rx3pb9SJnqfO9AJ1oRepK3Wj7vQS9aCXqSf1oiTqTX3oFepL/ag/DaCB9CoNotdoML1OyTSEhtIbNIzepOH0Fo2gkTSK3qbR9A6NobE0jsZTCk2gifQuTaL3aDJNoak0jVJpOs2g92kmzaLZ9AHNoQ9pLs2j+bSA0ugjWkiLKJ0+psX0CWXQElpKy2g5raCVtIpW0xpaS+toPW2gjbSJNtMW2krbaDvtoJ20i3bTp7SHPqO99Dntoy9oP31JB+grOkhfUyZ9Q4foWzpM39ER+t73oh/oGB2nE3SSTtGPdJrO0Fk6R+fpJ7pAP9NF8gQhhiKUoQqDMCbMEcaGOcNc4TVh7vDaME94XRgJrw/jwhvCvOGNYb4wf1ggLBjGh4XCwqEOTWhDCsOwSFg0jIY3hcXCm8PiYYmwZFgqdGHpMCG8JSwT3hqWDW8Ly4W3h+XDO8IKYcXwsQcqh3eGVcK7wqrh3WG18J6welgjrBnWCu8Na4f3hXXC+8O64QNh2fDBsH74UNggfDhsGD4SNgofDRuHj4VNwsfDpmGzsHnYImwZPhG2Cp8MW4dtwrbhU2G78OmwffhMmBg+G3YIn/ul/8FFf96fFPYO+4SvhK+E3t8v50cXRNOiH0UXRhdF06MfRxdHP4lmRJdEl0aXRZdHV0RXRldFV0fXRNdG10XXRzdEN0Y3Rb2vlQMcOuGkUy5wMS6Hi3U5XS53jcvtrnV53HUu4q53ce4Gl9fd6PK5/K6AK+jiXSFX2GlnnHXkQlfEFXVRd5Mr5m52xV0JV9KVcs6VdgmuhWvpWrpW7knX2rVxbd1T7in3tHvaPeOecc+6Du4519H9zXVyz7vO7gX3gnvRdXXdXHf3kuvhJuT59TOZ5Pq4Pq6v6+v6u/5uoBvoBrlBbrAb7JJdshvqhrphbpgb7oa7EW6EG+VGudFutBvjxrhxbpxLcSluopvoJrlJbrKb7Ka6qS7VpboZboab6Wa6KrN+PcpcN9fNd/NdmktzC13WmjHdLXaLXYbLcEvdUrfcLXcr3Uq32q12a91at96tdxvdRrfZbXZb3Va33W13O91Ot9vtdnv8db8O6va5/W6/O+AOuIPua5fpvnGH3LfusPvOHXHfu6PuB3fMHXcn3El3yv3oTrsz7qw75867n9wF97O76LxLiUyITIy8G5kUeS8yOTIlMjUyLZIamR6ZEXk/MjMyKzI78kFkTuTDyNzIvMj8yIJIWuSjyMLIokh65OPI4sgnkYzIksjSyLLI8siKiPeFtoa+iC/qo/4mX8zf7Iv7Er6kL+WdL+0T/C2+jL/Vl/W3+XL+dl/e3+Er+Iq+kn/cN/XNfHPfwrf0T/hW/knf2rfxbf1Tvp1/2rf3z/hE/6zv4J/zHf3ffCf/vO/sX/Bd/Iu+q+/mu/uXfA//su/pe/kk39v38a/4vr6f7+8H+IH+VT/Iv+YH+9d9sh/ih/o3/DD/ph/u3/Ij/Eg/KuZtP/ryJTKM9yl+gp/o3/WT/Ht+sp/ip/ppPtVP9zP8+36mn+Vn+w/8HP+hn+vn+fl+gU/zH/mFfpFP9x/7xf4Tn+GXXL6p7Ff6VX61X+PX+nV+vd/gN/pNfrPf4rf6bX673+F3+l1+t//U7/Gf+b3+c7/Pf+H3+y/9Af+VP+i/9pn+G3/If+sP++/8Ef+9P+p/8Mf8cX/Cn/Sn/I/+tD/jz/pz/rz/yV/wP/uL/G/WGGOMMcb+SyZcaYo/6u/9B8+Jv9u5DwBcu61g5t/3Z60o1+f7td1PxLeLAMCzvbo8cnmrXj0pKenSvhkSgqLzAC7/SVCWGLgSL4G28DQkQhso84fz7ye6nad/Mn70doBcf5cTC1fiK+N/+SfjP/HUqIXlw7Nx/4/x5wEUL3olJydciZdAW5X12AbK/sn4+Vv9k/nn/CoFoPXf5eSGK/GV+SfAk/AcJP5mT8YYY4wxxhhj7Ff9RKVOl68/L/+Nzz+6Po9XV3JywJX4n12fM8YYY4wxxhhj7Op7vlv3Z55ITGzT6V9vVP1vZXHjf2rDe4DLzygA+DcHBPiPn8WW/8ixki99dP6xa/k5H8D/jFL+FY2r/MXEGGOMMcYY+8tdWfT/9nl1tSbEGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4xlQ/+J/07sap8jY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxdrX9nwAAAP//geYOMQ==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r3, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="b4050000200080006110600000000000c60000000000000095000000000000009f33ef60916e6e893f1eeb0be20000d072f5b89c3043c47c896ce0bc8731fa595b6b4d45ef26dcca5582054d54d53cd2b6db714e4b94bdae214fa68a0557eb3c5ca683a4b6fc89398f2b9000f224891060017c4700de60beac671e8e8fdecb03588aa6007e71f871ab5c2ff88afc6002084e5b52710aeee835cf0d78e45f70983826fb8579c1fb47d2c5553d2ccb5fc5b51fe6b174ebd9907dcff414ed55b0d18a93ee341ab59016f81860324b800300000000000092d9c5fe34ccb80a61ffcb3363073fd8962823ee45f5d7394e9510f4a801efdf008499d7aca1afac6c702cfabe8a9c55c8dafcdb110036e14c1035cafdfef6a358cbfadb3579a285580a3c080d4e0a48d7bdc38a0437c8c1b3aa408a"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="12000000040000"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000500)=ANY=[@ANYRES32=r5, @ANYRES32=r4, @ANYBLOB], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000a80)={r5, &(0x7f0000000940), 0x0}, 0x20)
recvmmsg(r3, &(0x7f0000002600)=[{{0x0, 0x0, 0x0}, 0x1}], 0x1, 0x2142, 0x0)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x7)
capset(&(0x7f0000000000)={0x20080522, r6}, &(0x7f0000000040)={0x0, 0x0, 0x7, 0x40000, 0x0, 0xfffffffc})
ioctl$GIO_UNISCRNMAP(0xffffffffffffffff, 0x4b69, 0x0)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000, 0x1)
unlink(&(0x7f0000000200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

10.134600125s ago: executing program 0 (id=1328):
sigaltstack(0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

9.759058049s ago: executing program 2 (id=1329):
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0xa8202, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
clock_gettime(0xfffffff2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x320, 0x180, 0x0, 0x200, 0x0, 0x0, 0x250, 0x2e8, 0x2e8, 0x250, 0x2e8, 0x3, 0x0, {[{{@uncond, 0x0, 0x118, 0x180, 0x0, {}, [@common=@unspec=@limit={{0x48}, {0xffff, 0xf5f}}, @inet=@rpfilter={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz0\x00'}}}, {{@ipv6={@local, @empty, [], [], 'ip6_vti0\x00', 'veth0\x00', {}, {}, 0x21}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE1={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x380)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r4, 0xc1105517, &(0x7f0000000340)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x6, 0x0, 0x4, 0x0, 0x54, 0x0, 'syz0\x00', 0x0})
socket$nl_audit(0x10, 0x3, 0x9)
r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000002c0), 0x80, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r6, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r7=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r6, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r7})
close_range(r0, 0xffffffffffffffff, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
syz_mount_image$f2fs(&(0x7f0000000480), &(0x7f00000004c0)='./file1\x00', 0x1021000, &(0x7f00000005c0)=ANY=[], 0x1, 0x5522, &(0x7f000000cf00)="$eJzs3E1vG1UXAODjpOn32zdCLNh1pAopkWqrTj8EuwKt+BCtogILVuDYjuXW9kSx44RsYMESseCfIJBYseQ3sGDNDrEAsUMq8twJNECliDoxoc8jjc/M9fWZc60o0pmxJoCn1mL2y0+VuBBnImI+Is5HFPuVcivcTOG5iLgYEXOPbJVy/PeBkxFxNiIuTJKnnJXyrc8ujy9d//GNn7/+9tSJc59/9d3sVg3M2vMR0d9I+9v9FPNOivfL8ca4W8T+tXEZ0xv9B+VxnuJ2e63IsN3Ym9co4tVOmp9vbA0ncb3XaE5ip7tejG8M0gmH485enuID9xubxXGrvVbE7jAvYmc31bWzm/637Q5HKU+rzPdBkT5Go72Yxts77bSejQdFbA5G5XjKm7faO5M4LmN5umjmvVZRx9qTfNP/bm92B1s72bi9Oezmg+x6rf5CrX6jWt/MW+1R+1q10W/duJYtdXqTadVRu9G/2cnzTq9da+b95Wyp02xW6/Vs6VZ7rdsYZPV67WrtSvX6crl3OXv17jtZr5UtTeLL3cHWqNsbZuv5ZpY+sZyt1K6+uJxdqmdv3VnNVu/dvn1n9e33br1796U7r79STvpLWdnSypWVlWr9SnWlvvxPVz5//Nb/cVn6VNYPU1CZdQEAx4/+H5iFw+v/N+9FHH7/Hwfp/xfSPP3/4x2r/neq/b/1wxPT/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLW+X/jitWJnMR2fK8f/Vw49Ux5XImIuIh7+jfk4uS/nfJln4THzF/5UwzeVKDJMznGq3M5GxM1y+/X/h/0tAAAAwH/Xlx9d/DR16+llcdYFcZTSRZu58+9PKV8lIhYWf5hStrnJy7NTSlb8fZ+InSllKy5gnZ5SsnTJ7cS0sh3I/L5w+pFQSWHuSMsBAACOxP5O4Gi7EAAAAI7SJ7MugNmoxN6tzL17wcUv7/+4IXhm3xEAAABwDFVmXQAAAABw6Ir+/8DP/3v4Ydrx/D8AAAA4VtLz/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4jZ37yU0biOIA/Gxwof9UVHXfq3QHx+gRuuyy4gC9BAfogl4hF+AMZJcjRBDhcQhEVpTIg61E3yeZwZb58QbBYmbEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABc0nW1Xvz/8/1v15zdvps8vQEAAADabKv1on4yS+cfm+ufm0tfm/MiIsqIaBu7j+LdWeaoyake7v93en/1qIariDrh8B6T5vgQET+a4/bLpT8FAAAAeLs2y9U8jdbTw2zoguhTmrQpP/3MlFdERDW7yZRWHvK+ZQqrv9/j+J0prZ7AmmYKS1Nu41xpz1L/3I+zdtOTpkhN2fqyY5HZ+g4AAPRodNb0OwoBAACgT7+GLoBhFHG/lHlcCpykplnee392BgAAALxCxdAFAAAAAC/U/o/dp9Tj/572/9vb/w8AAACGkfb/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4JK21XqxWa7mXXN2+27y9AYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4Y3/eUSAEwiAM9q7vTOb+h5UGTU1NqkD4+BuDAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgze/+8n9iapxJ5l4bS88jydqpsXVq7J0bR38YX78GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICL/XlJgRAIgiiYM/530vc/rCToGUSIgIZHFbVoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPii3/3yf2JqnEnmThtLxyPJ2lVj66qx96Bx9GC8/RsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICLnfv3jZuKAwD+bJ+vtIA4ArohCIHEAAu9XktLN8QAihj4E5Ci9FpCr/xoM9CqQmRhQ5m7IBgRQgKFrf9D51bKErYMNwSJGWSfnXOSk7iAsC/J5yM9v+85lt/3OVaUr58TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA0ujdSZxkm844jot9j3fvr2T9kwN95uHG1mLWsjiqM+nj4eXqh6jbXCIAAACcHklZ34cQttPNpayPO3n9n5bHZDX/98+O47KeP1j3l31Z+2ftt193XtwbqDMeJzvp9dXh4MLhVFr/3yzn23P/eEQrv/L5s5ck/4bEH6y/MErz6xl9++jRe+08PFNHtgDAv3G+7Iug/H0o6/tNJgbAqdGqFN5l/Z90ms0JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoA6j9fB0GUchhMXWJM482b2/Mq1/uLG1WLYrDx5shK8n58xOkYYQrq8OBxdqnc18u3P33s3l4XBwu/7glRBCU6O/U0z/5kczHBzCtC9Fxe3YxKUTHCWIy5u9Mx/5HI+goR9IAACcWGnRskJqO91cyvZFCyH89cP++v/1ShxmrP93Pr7yuDpWtf7v1zbD+ddbu/V5787de2+u3lq+Mbgx+PSti/23+5euXr58tZc/K+l5YgIAAMB/0y5atf6PFw6v/5+rxGHG+v+L7/pfVcdK1P9TTRb9ms4EAADgdHv+1T//iKbsj9rt8OXy2trt/ni79/nieNtAqkd2pmjV+j9ZaDorAAAAoA6j9Wjf+v+1ShxmXP9/5seXfq6eMwkhnC3W/8+vfDa8Vt905lodf07c9BwBAABo1tmiVdf/0/z9/3jvlYc4hPDGa+O4+DeAM9X/yfvf/FQdq/r+/6X6pjiX4u74euR9N4RWt+mMAAAAOMmeKlpW7P+ebi598su5D9ve/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACo298BAAD//5MXOeI=")
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000580)='./file1\x00', 0x1000801, &(0x7f0000000140)=ANY=[], 0x1, 0x217, &(0x7f00000001c0)="$eJzsmTFrFEEUx/8zu7d7RhEttLA5i4ARzN7unkoawdiKICSiloeZhJhNTi5X5A4Eg42NH8AvopDKws5GLKwsVBAsTJlGwZGZncnNZb01F3NY5P2K5T+z771583bvDeyBIIgjy5fPO5+e35iZvwTgBCYRmvlvXt+GO/YfX3gVI9+snXy8tTceAyBlf+z/Zf0Ax/F61gOeVE5B+/6Q7v1JE3MeXGvFHXBcNPouGCKbq1TkUoDhvpl+6OjWMSMywR60soXF5UzEi9d3RKJUqi4NQA7kv73JsACgapZgTn7r3d5KMwPauciEFRVp1yncGlWU1U/nN8txzSmBel73nj3dVOPIzMdO/RJwJEY3wDBn9AxCRFFUM0OROPs/5/fje+qxDex/vzup7s84PIyqdXsrp6dLbewmDmWtEvFLjiVycKBHMB6h8hjdi9eKXsFocYID5Mz2zqgf9O7M2e2tt0Wvr/+1vP8mdOMCULj1fiLLbrkz724acWYgznm3Po6wb+DQVyLvH8wHLjj9yXdOhXpn9VF9vdubXl5tLoklsZamjavx5Ti+ktZ1b86vJf2vqvvThBO/MsQ2YAE2mp1OO9kAOu1kd5zmV6fjzr1sfdc+XPc/jqmfUtrjRW87/PMa+vwLcz+mR1Pe0OQJgiAIgiAIgiAIgiAIgiBKqH2wyn6MreEVzLdKZv8TK+Knt7X17wAAAP//U/xi4w==")
umount2(&(0x7f0000000040)='./file0\x00', 0xb)

7.812871792s ago: executing program 2 (id=1330):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x0, 0x0, 0x0, 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
shutdown(0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f0000000440))
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x83, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r3 = mq_open(&(0x7f0000001140)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\xe0\x9d\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xdf\x15\f]\x15\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb', 0x42, 0x0, 0x0)
mq_unlink(&(0x7f0000000000)='eth0\x00')
close(r3)
socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r4, 0x84, 0x81, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000000), 0x0)
sendto$inet6(r4, &(0x7f0000000500)="a4", 0x34000, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r4, 0x84, 0x1b, 0x0, 0x0)

7.812417045s ago: executing program 5 (id=1331):
sigaltstack(0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)

6.438222967s ago: executing program 2 (id=1332):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r3, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x75, &(0x7f00000003c0)={0x0, 0x465f}, 0x8)
bind$inet6(r3, &(0x7f00000002c0)={0xa, 0x4e23, 0x3, @loopback}, 0x1c)
sendmmsg$inet6(r3, &(0x7f0000001b00)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000080)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1}}], 0x1, 0x4008041)

5.0108123s ago: executing program 2 (id=1333):
r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f0000000080)={0x0, 0x300})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x4000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r4, 0x400448ca, 0x0)
ioctl$KDSETLED(0xffffffffffffffff, 0x4b32, 0x1)
modify_ldt$write2(0x11, &(0x7f0000000400)={0x2, 0x20001000, 0xffffffffffffffff, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1}, 0x10)
modify_ldt$read(0x0, 0x0, 0xfffffffffffffef3)
r5 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_DISCONNECT(r5, 0xab08)
bind$bt_hci(r4, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
write$bt_hci(r4, 0x0, 0x7)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r6, &(0x7f00000000c0)={0x1f, 0xffff, 0x3}, 0x6)
io_setup(0x3fe, &(0x7f0000000100))

5.004436734s ago: executing program 0 (id=1343):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x0, 0x0, 0x0, 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
shutdown(0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f0000000440))
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x83, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r3 = mq_open(&(0x7f0000001140)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\xe0\x9d\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xdf\x15\f]\x15\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb', 0x42, 0x0, 0x0)
mq_unlink(&(0x7f0000000000)='eth0\x00')
close(r3)
socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r4, 0x84, 0x81, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000000), 0x0)
sendto$inet6(r4, &(0x7f0000000500)="a4", 0x34000, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r4, 0x84, 0x1b, 0x0, 0x0)

2.789260504s ago: executing program 0 (id=1334):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
getpid()
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
syz_io_uring_submit(0x0, 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000300)={{0xffffffffffffffff, 0x2}})

1.327193035s ago: executing program 2 (id=1335):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000000)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
r3 = open(&(0x7f0000000180)='./file1\x00', 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000680)={{0x1, 0x1, 0x18, r3}, './file0\x00'})

0s ago: executing program 2 (id=1336):
r0 = syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[<r1=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f0000000240)={0x0, 0x0, r1, <r2=>0x0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r4 = epoll_create1(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r4, &(0x7f0000000000)={0xa0000001})
epoll_wait(r7, &(0x7f0000000340)=[{}], 0x1, 0x1000)
ioctl$DRM_IOCTL_MODE_GETFB2(r0, 0xc06864ce, &(0x7f0000000300)={r2, 0x0, 0x9, 0x0, 0x0, [<r8=>0x0], [0x9, 0x0, 0x0, 0x8], [0x3, 0x0, 0x100, 0x3], [0x1000000000000, 0x0, 0xa, 0x200]})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000080)={r8, 0x0, <r9=>0xffffffffffffffff})
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1000004, 0x13, r9, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000004c0)={0xffffffffffffffff, 0xe0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f00000000c0)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x0, 0x69, &(0x7f0000000180)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000000200), &(0x7f00000002c0), 0x8, 0x32, 0x8, 0x0, 0x0}}, 0x10)

kernel console output (not intermixed with test programs):

9: probe with driver asix failed with error -71
[  586.433574][ T5898] usb 9-1: USB disconnect, device number 3
[  586.467435][ T9297] team0: Port device bridge1 added
[  586.693820][ T2860] team0 (unregistering): Port device team_slave_1 removed
[  586.817723][ T2860] team0 (unregistering): Port device team_slave_0 removed
[  587.413817][   T30] kauditd_printk_skb: 43 callbacks suppressed
[  587.413843][   T30] audit: type=1326 audit(1748717369.190:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9308 comm="syz.8.771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f44b8e969 code=0x7ffc0000
[  587.485794][   T30] audit: type=1326 audit(1748717369.250:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9308 comm="syz.8.771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=294 compat=0 ip=0x7f7f44b8e969 code=0x7ffc0000
[  587.540361][   T30] audit: type=1326 audit(1748717369.250:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9308 comm="syz.8.771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f44b8e969 code=0x7ffc0000
[  587.565165][   T30] audit: type=1326 audit(1748717369.250:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9308 comm="syz.8.771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f44b8e969 code=0x7ffc0000
[  587.642278][ T1202] usb 1-1: new full-speed USB device number 7 using dummy_hcd
[  587.803687][ T9133] bridge0: port 1(bridge_slave_0) entered blocking state
[  587.865405][ T9133] bridge0: port 1(bridge_slave_0) entered disabled state
[  587.899811][ T9315] loop8: detected capacity change from 0 to 512
[  587.910317][ T1202] usb 1-1: config 4 has an invalid interface number: 231 but max is 0
[  587.916472][ T9133] bridge_slave_0: entered allmulticast mode
[  587.936294][ T1202] usb 1-1: config 4 has no interface number 0
[  587.971903][ T9133] bridge_slave_0: entered promiscuous mode
[  588.761357][ T1202] usb 1-1: New USB device found, idVendor=13d3, idProduct=3224, bcdDevice=cb.0d
[  588.798265][ T9315] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  588.811981][ T1202] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  588.820064][ T1202] usb 1-1: Product: syz
[  588.883965][ T9133] bridge0: port 2(bridge_slave_1) entered blocking state
[  588.915940][ T9315] ext4 filesystem being mounted at /47/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  588.924122][ T1202] usb 1-1: Manufacturer: syz
[  588.942113][ T1202] usb 1-1: SerialNumber: syz
[  588.949999][ T9133] bridge0: port 2(bridge_slave_1) entered disabled state
[  588.974651][ T1202] dvb-usb: found a 'DigitalNow TinyUSB 2 DVB-t Receiver' in warm state.
[  588.983231][ T9133] bridge_slave_1: entered allmulticast mode
[  588.991346][ T9133] bridge_slave_1: entered promiscuous mode
[  589.200945][ T8424] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  589.375140][ T9133] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  589.393870][ T1202] vp7045: USB control message 'in' went wrong.
[  589.412494][ T1202] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  589.436665][ T9133] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  589.472287][ T1202] dvb-usb: DigitalNow TinyUSB 2 DVB-t Receiver error while loading driver (-19)
[  589.521031][ T1202] usb 1-1: USB disconnect, device number 7
[  589.744011][ T9133] team0: Port device team_slave_0 added
[  589.762242][ T5897] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  589.818186][ T9338] vivid-000: disconnect
[  591.115258][   T30] audit: type=1326 audit(1748717371.600:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9334 comm="syz.2.782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b2538e969 code=0x7ffc0000
[  591.477422][ T9133] team0: Port device team_slave_1 added
[  591.512233][   T24] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  591.569423][   T30] audit: type=1326 audit(1748717371.610:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9334 comm="syz.2.782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b2538e969 code=0x7ffc0000
[  591.836160][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 252, changing to 11
[  591.933487][   T30] audit: type=1326 audit(1748717371.610:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9334 comm="syz.2.782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f5b2538e969 code=0x7ffc0000
[  592.026241][   T24] usb 3-1: New USB device found, idVendor=258a, idProduct=0036, bcdDevice= 0.00
[  592.115247][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  592.177741][   T30] audit: type=1326 audit(1748717371.610:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9334 comm="syz.2.782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b2538e969 code=0x7ffc0000
[  592.311521][   T24] usb 3-1: config 0 descriptor??
[  592.698150][   T30] audit: type=1326 audit(1748717371.610:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9334 comm="syz.2.782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b2538e969 code=0x7ffc0000
[  592.832196][ T5897] usb 9-1: device descriptor read/all, error -71
[  592.940197][   T30] audit: type=1326 audit(1748717371.610:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9334 comm="syz.2.782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f5b2538e969 code=0x7ffc0000
[  592.986411][   T30] audit: type=1326 audit(1748717371.610:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9334 comm="syz.2.782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b2538e969 code=0x7ffc0000
[  593.097418][   T30] audit: type=1326 audit(1748717371.620:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9334 comm="syz.2.782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5b2538e969 code=0x7ffc0000
[  593.167008][   T24] glorious 0003:258A:0036.0003: reserved main item tag 0xd
[  593.224876][   T30] audit: type=1326 audit(1748717371.620:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9334 comm="syz.2.782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b2538e969 code=0x7ffc0000
[  593.257809][   T24] glorious 0003:258A:0036.0003: item fetching failed at offset 4/5
[  593.268738][ T9133] batman_adv: batadv0: Adding interface: batadv_slave_0
[  593.302559][ T9133] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  593.311014][   T24] glorious 0003:258A:0036.0003: probe with driver glorious failed with error -22
[  593.547092][ T9133] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  593.633216][ T9133] batman_adv: batadv0: Adding interface: batadv_slave_1
[  593.648442][ T9133] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  593.694310][ T9334] vivid-000: reconnect
[  593.708550][   T30] audit: type=1326 audit(1748717371.630:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9334 comm="syz.2.782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5b2538e969 code=0x7ffc0000
[  593.751386][ T9133] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  593.799744][   T24] usb 3-1: USB disconnect, device number 6
[  593.827339][   T30] audit: type=1326 audit(1748717371.630:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9334 comm="syz.2.782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b2538e969 code=0x7ffc0000
[  593.850658][ T8980] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  593.934036][ T8980] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  593.961114][   T30] audit: type=1326 audit(1748717371.630:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9334 comm="syz.2.782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b2538e969 code=0x7ffc0000
[  594.046006][   T30] audit: type=1326 audit(1748717371.630:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9334 comm="syz.2.782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5b2538e969 code=0x7ffc0000
[  594.076907][ T8980] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  594.142878][ T8980] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  594.152526][   T30] audit: type=1326 audit(1748717371.630:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9334 comm="syz.2.782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b2538e969 code=0x7ffc0000
[  594.359003][ T9351] loop4: detected capacity change from 0 to 524255232
[  594.492779][ T9133] hsr_slave_0: entered promiscuous mode
[  594.545075][ T9354] netlink: 36 bytes leftover after parsing attributes in process `syz.8.788'.
[  594.570713][ T9133] hsr_slave_1: entered promiscuous mode
[  594.619111][ T9133] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  594.633282][ T9351] netlink: 'syz.8.788': attribute type 21 has an invalid length.
[  594.659419][ T9133] Cannot create hsr debugfs directory
[  594.868449][ T9351] netlink: 'syz.8.788': attribute type 6 has an invalid length.
[  594.898401][ T9351] netlink: 132 bytes leftover after parsing attributes in process `syz.8.788'.
[  595.805093][ T9133] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  595.825691][ T9133] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  595.858925][ T9133] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  595.903772][ T9133] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  596.420351][ T9371] loop0: detected capacity change from 0 to 32768
[  596.541249][ T9133] 8021q: adding VLAN 0 to HW filter on device bond0
[  596.616569][ T9133] 8021q: adding VLAN 0 to HW filter on device team0
[  597.163043][ T9371] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  597.234724][ T9384] netlink: 12 bytes leftover after parsing attributes in process `syz.2.800'.
[  597.358125][ T9371] (syz.0.795,9371,1):ocfs2_mknod:502 ERROR: status = -2
[  597.405302][ T9371] (syz.0.795,9371,0):ocfs2_mkdir:658 ERROR: status = -2
[  597.692933][ T5831] (syz-executor,5831,1):ocfs2_inode_is_valid_to_delete:866 ERROR: Skipping delete of root inode.
[  597.749635][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  597.756836][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  597.802740][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  597.803378][ T5831] ocfs2: Unmounting device (7,0) on (node local)
[  597.809961][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  598.248436][ T5843] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  598.260151][ T5843] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  598.269690][ T5843] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  598.291892][ T5843] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  598.301440][ T5843] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  598.542287][ T9407] vivid-000: disconnect
[  598.582180][   T30] kauditd_printk_skb: 53 callbacks suppressed
[  598.582296][   T30] audit: type=1326 audit(1748717380.330:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9403 comm="syz.0.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7aff98e969 code=0x7ffc0000
[  598.942766][ T8822] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  599.352690][   T30] audit: type=1326 audit(1748717380.330:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9403 comm="syz.0.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7aff98e969 code=0x7ffc0000
[  599.407788][ T8822] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 252, changing to 11
[  599.661579][ T8822] usb 1-1: New USB device found, idVendor=258a, idProduct=0036, bcdDevice= 0.00
[  599.861234][ T8822] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  599.874641][   T30] audit: type=1326 audit(1748717380.330:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9403 comm="syz.0.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f7aff98e969 code=0x7ffc0000
[  600.352449][ T5836] Bluetooth: hci2: command tx timeout
[  600.374011][   T30] audit: type=1326 audit(1748717380.330:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9403 comm="syz.0.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7aff98e969 code=0x7ffc0000
[  600.454796][ T8822] usb 1-1: config 0 descriptor??
[  600.769805][   T30] audit: type=1326 audit(1748717380.340:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9403 comm="syz.0.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7aff98e969 code=0x7ffc0000
[  601.188105][   T30] audit: type=1326 audit(1748717380.340:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9403 comm="syz.0.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7aff98e969 code=0x7ffc0000
[  601.233208][ T8822] glorious 0003:258A:0036.0004: reserved main item tag 0xd
[  601.241568][ T8822] glorious 0003:258A:0036.0004: item fetching failed at offset 4/5
[  601.326009][ T8822] glorious 0003:258A:0036.0004: probe with driver glorious failed with error -22
[  601.562891][   T30] audit: type=1326 audit(1748717380.340:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9403 comm="syz.0.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7aff98e969 code=0x7ffc0000
[  601.591568][   T30] audit: type=1326 audit(1748717380.340:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9403 comm="syz.0.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7aff98e969 code=0x7ffc0000
[  601.614841][   T30] audit: type=1326 audit(1748717380.340:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9403 comm="syz.0.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7aff98e969 code=0x7ffc0000
[  601.642181][   T30] audit: type=1326 audit(1748717380.350:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9403 comm="syz.0.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7aff98e969 code=0x7ffc0000
[  601.732759][   T12] bridge_slave_1: left allmulticast mode
[  601.738436][   T12] bridge_slave_1: left promiscuous mode
[  601.753149][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  601.772992][   T12] bridge_slave_0: left allmulticast mode
[  601.778659][   T12] bridge_slave_0: left promiscuous mode
[  601.794788][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  602.111260][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  602.124041][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  602.147424][   T12] bond0 (unregistering): Released all slaves
[  602.196199][ T9133] 8021q: adding VLAN 0 to HW filter on device batadv0
[  602.337360][   T12] hsr_slave_0: left promiscuous mode
[  602.369271][   T12] hsr_slave_1: left promiscuous mode
[  602.388041][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  602.399727][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  602.433023][ T5836] Bluetooth: hci2: command tx timeout
[  602.642530][ T5903] usb 1-1: USB disconnect, device number 8
[  602.677421][ T9403] vivid-000: reconnect
[  602.784211][   T12] team0 (unregistering): Port device team_slave_1 removed
[  602.821251][   T12] team0 (unregistering): Port device team_slave_0 removed
[  603.342276][ T9395] chnl_net:caif_netlink_parms(): no params data found
[  603.689875][ T9395] bridge0: port 1(bridge_slave_0) entered blocking state
[  603.698166][ T9395] bridge0: port 1(bridge_slave_0) entered disabled state
[  603.705425][ T9395] bridge_slave_0: entered allmulticast mode
[  603.713782][ T9395] bridge_slave_0: entered promiscuous mode
[  603.723345][ T9395] bridge0: port 2(bridge_slave_1) entered blocking state
[  603.730485][ T9395] bridge0: port 2(bridge_slave_1) entered disabled state
[  603.738885][ T9395] bridge_slave_1: entered allmulticast mode
[  603.746894][ T9395] bridge_slave_1: entered promiscuous mode
[  603.799242][ T9395] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  603.813201][ T9395] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  603.868221][ T9395] team0: Port device team_slave_0 added
[  603.886363][ T9395] team0: Port device team_slave_1 added
[  603.940394][ T9395] batman_adv: batadv0: Adding interface: batadv_slave_0
[  603.950706][ T9395] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  603.978554][ T9395] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  603.996376][ T9395] batman_adv: batadv0: Adding interface: batadv_slave_1
[  604.005065][ T9395] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  604.031177][ T9395] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  604.064819][ T9133] veth0_vlan: entered promiscuous mode
[  604.131358][ T9395] hsr_slave_0: entered promiscuous mode
[  604.140255][ T9395] hsr_slave_1: entered promiscuous mode
[  604.155159][ T9133] veth1_vlan: entered promiscuous mode
[  604.371881][ T9133] veth0_macvtap: entered promiscuous mode
[  604.419302][ T9133] veth1_macvtap: entered promiscuous mode
[  604.506412][ T9133] batman_adv: batadv0: Interface activated: batadv_slave_0
[  604.514755][ T5836] Bluetooth: hci2: command tx timeout
[  604.563596][ T9133] batman_adv: batadv0: Interface activated: batadv_slave_1
[  604.590840][ T9133] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  604.605276][ T9133] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  604.627522][ T9133] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  604.639568][ T9133] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  604.858009][ T7483] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  604.891415][ T7483] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  604.982468][ T7483] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  604.990405][ T7483] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  605.001086][ T9395] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  605.021113][ T9395] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  605.048966][ T9395] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  605.075679][ T9395] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  605.611134][ T9451] loop9: detected capacity change from 0 to 32768
[  605.662319][ T9395] 8021q: adding VLAN 0 to HW filter on device bond0
[  606.317064][ T9395] 8021q: adding VLAN 0 to HW filter on device team0
[  606.377413][ T3511] bridge0: port 1(bridge_slave_0) entered blocking state
[  606.384602][ T3511] bridge0: port 1(bridge_slave_0) entered forwarding state
[  606.593058][ T5836] Bluetooth: hci2: command tx timeout
[  606.605037][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  606.612233][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  607.104492][ T9458] loop2: detected capacity change from 0 to 40427
[  607.965024][ T9458] F2FS-fs (loop2): invalid crc value
[  608.181819][ T9458] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  608.260336][ T9395] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  611.544676][ T5830] syz-executor: attempt to access beyond end of device
[  611.544676][ T5830] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  611.598160][ T5830] CPU: 0 UID: 0 PID: 5830 Comm: syz-executor Not tainted 6.15.0-syzkaller-09161-g0f70f5b08a47 #0 PREEMPT(full) 
[  611.598211][ T5830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  611.598234][ T5830] Call Trace:
[  611.598245][ T5830]  <TASK>
[  611.598259][ T5830]  dump_stack_lvl+0x16c/0x1f0
[  611.598309][ T5830]  f2fs_handle_critical_error+0x621/0x9f0
[  611.598372][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  611.598418][ T5830]  ? f2fs_build_fault_attr+0x53/0x1f0
[  611.598480][ T5830]  f2fs_write_end_io+0x785/0xc20
[  611.598547][ T5830]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  611.598616][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  611.598670][ T5830]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  611.598731][ T5830]  bio_endio+0x70d/0x850
[  611.598802][ T5830]  submit_bio_noacct+0x56d/0x1eb0
[  611.598859][ T5830]  __submit_merged_bio+0x33c/0x770
[  611.598927][ T5830]  __submit_merged_write_cond+0x319/0x3f0
[  611.599003][ T5830]  f2fs_write_cache_pages+0x2067/0x2570
[  611.599075][ T5830]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  611.599127][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  611.599171][ T5830]  ? __lock_acquire+0x622/0x1c90
[  611.599228][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  611.599317][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  611.599400][ T5830]  ? rcu_is_watching+0x12/0xc0
[  611.599434][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  611.599478][ T5830]  ? __mod_memcg_lruvec_state+0x527/0x740
[  611.599532][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  611.599584][ T5830]  f2fs_write_data_pages+0x4ad/0xd90
[  611.599636][ T5830]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  611.599677][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  611.599733][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  611.599787][ T5830]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  611.599833][ T5830]  do_writepages+0x27a/0x600
[  611.599889][ T5830]  ? __pfx_do_writepages+0x10/0x10
[  611.599936][ T5830]  ? do_raw_spin_unlock+0x172/0x230
[  611.599992][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  611.600036][ T5830]  ? _raw_spin_unlock+0x28/0x50
[  611.600079][ T5830]  filemap_fdatawrite_wbc+0x104/0x160
[  611.600136][ T5830]  __filemap_fdatawrite_range+0xb2/0xf0
[  611.600200][ T5830]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  611.600320][ T5830]  ? find_held_lock+0x2b/0x80
[  611.600381][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  611.600427][ T5830]  ? do_raw_spin_unlock+0x172/0x230
[  611.600482][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  611.600533][ T5830]  f2fs_sync_dirty_inodes+0x2a9/0x990
[  611.600600][ T5830]  block_operations+0x2a3/0xfd0
[  611.600642][ T5830]  ? __pfx_stack_trace_save+0x10/0x10
[  611.600685][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  611.600736][ T5830]  ? __pfx_block_operations+0x10/0x10
[  611.600841][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  611.600886][ T5830]  ? down_write+0x14d/0x200
[  611.600935][ T5830]  ? __pfx_down_write+0x10/0x10
[  611.600989][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  611.601034][ T5830]  ? rcu_is_watching+0x12/0xc0
[  611.601073][ T5830]  f2fs_write_checkpoint+0x2b8/0x4c60
[  611.601128][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  611.601172][ T5830]  ? kfree+0x2b4/0x4d0
[  611.601216][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  611.601259][ T5830]  ? lockdep_hardirqs_on+0x7c/0x110
[  611.601301][ T5830]  ? f2fs_stop_gc_thread+0x79/0xd0
[  611.601353][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  611.601409][ T5830]  kill_f2fs_super+0x3c2/0x470
[  611.601456][ T5830]  ? __pfx_kill_f2fs_super+0x10/0x10
[  611.601502][ T5830]  ? lockdep_hardirqs_on+0x7c/0x110
[  611.601564][ T5830]  deactivate_locked_super+0xc1/0x1a0
[  611.601617][ T5830]  deactivate_super+0xde/0x100
[  611.601669][ T5830]  cleanup_mnt+0x225/0x450
[  611.601727][ T5830]  task_work_run+0x150/0x240
[  611.601788][ T5830]  ? __pfx_task_work_run+0x10/0x10
[  611.601839][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  611.601887][ T5830]  ? __pfx___x64_sys_umount+0x10/0x10
[  611.601957][ T5830]  exit_to_user_mode_loop+0xeb/0x110
[  611.602019][ T5830]  do_syscall_64+0x3f6/0x4c0
[  611.602070][ T5830]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  611.602108][ T5830] RIP: 0033:0x7f5b2538fc97
[  611.602138][ T5830] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  611.602176][ T5830] RSP: 002b:00007fff5f43d058 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  611.602210][ T5830] RAX: 0000000000000000 RBX: 00007f5b2541089d RCX: 00007f5b2538fc97
[  611.602235][ T5830] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff5f43d110
[  611.602258][ T5830] RBP: 00007fff5f43d110 R08: 0000000000000000 R09: 0000000000000000
[  611.602281][ T5830] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff5f43e1a0
[  611.602306][ T5830] R13: 00007f5b2541089d R14: 0000000000094ef8 R15: 00007fff5f43e1e0
[  611.602355][ T5830]  </TASK>
[  612.209332][ T5830] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  612.716431][ T9395] 8021q: adding VLAN 0 to HW filter on device batadv0
[  613.195864][   T30] kauditd_printk_skb: 61 callbacks suppressed
[  613.195889][   T30] audit: type=1326 audit(1748717394.970:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9513 comm="syz.0.825" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7aff98e969 code=0x7ffc0000
[  613.224246][    C1] vkms_vblank_simulate: vblank timer overrun
[  613.292271][   T30] audit: type=1326 audit(1748717394.980:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9513 comm="syz.0.825" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7aff98e969 code=0x7ffc0000
[  613.342191][   T30] audit: type=1326 audit(1748717395.010:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9513 comm="syz.0.825" exe="/root/syz-executor" sig=0 arch=c000003e syscall=316 compat=0 ip=0x7f7aff98e969 code=0x7ffc0000
[  613.479335][   T30] audit: type=1326 audit(1748717395.020:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9513 comm="syz.0.825" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7aff98e969 code=0x7ffc0000
[  613.568621][ T9517] loop9: detected capacity change from 0 to 2048
[  613.575249][   T30] audit: type=1326 audit(1748717395.020:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9513 comm="syz.0.825" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7aff98e969 code=0x7ffc0000
[  613.613249][ T9517] EXT4-fs: Ignoring removed bh option
[  613.728715][ T9517] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  614.112555][ T9533] loop0: detected capacity change from 0 to 256
[  614.159808][ T9133] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  614.233768][ T9533] exFAT-fs (loop0): failed to load upcase table (idx : 0x00011a39, chksum : 0xd54015fb, utbl_chksum : 0xe619d30d)
[  614.504766][ T9395] veth0_vlan: entered promiscuous mode
[  614.559509][ T9395] veth1_vlan: entered promiscuous mode
[  615.684778][ T9395] veth0_macvtap: entered promiscuous mode
[  615.733105][ T9395] veth1_macvtap: entered promiscuous mode
[  615.862885][ T9395] batman_adv: batadv0: Interface activated: batadv_slave_0
[  615.898628][ T9395] batman_adv: batadv0: Interface activated: batadv_slave_1
[  615.926142][ T9395] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  615.972093][ T9395] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  616.002065][ T9395] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  616.037041][ T9395] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  616.265634][ T9563] tipc: Started in network mode
[  616.270570][ T9563] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711
[  616.328302][ T9563] tipc: Enabled bearer <eth:team0>, priority 0
[  616.572556][ T2860] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  616.612181][ T2860] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  616.721400][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  616.756221][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  617.030495][ T9584] netlink: 'syz.0.846': attribute type 6 has an invalid length.
[  617.066986][ T9584] netlink: 140 bytes leftover after parsing attributes in process `syz.0.846'.
[  617.454817][ T5903] tipc: Node number set to 11578026
[  618.115755][ T9592] syz.2.844: attempt to access beyond end of device
[  618.115755][ T9592] loop2: rw=0, sector=1, nr_sectors = 1 limit=0
[  618.128789][ T9592] qnx4: unable to read the superblock
[  620.930197][ T9619] loop2: detected capacity change from 0 to 512
[  620.993775][ T9619] EXT4-fs: Ignoring removed nobh option
[  621.189730][ T9619] EXT4-fs error (device loop2): ext4_do_update_inode:5568: inode #16: comm syz.2.854: corrupted inode contents
[  621.214512][ T9619] EXT4-fs (loop2): Remounting filesystem read-only
[  621.228787][ T9619] EXT4-fs (loop2): 1 truncate cleaned up
[  621.245485][ T7483] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  621.282956][ T7483] Quota error (device loop2): write_blk: dquota write failed
[  621.290403][ T7483] Quota error (device loop2): remove_free_dqentry: Can't write block (5) with free entries
[  621.314368][ T9619] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  621.380289][ T7483] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  621.402251][ T9619] ext4 filesystem being mounted at /206/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  621.459770][ T7483] Quota error (device loop2): write_blk: dquota write failed
[  621.502967][ T7483] Quota error (device loop2): free_dqentry: Can't move quota data block (5) to free list
[  621.542404][ T7483] EXT4-fs (loop2): Quota write (off=8, len=24) cancelled because transaction is not started
[  621.598310][ T7483] Quota error (device loop2): v2_write_file_info: Can't write info structure
[  621.652751][ T9635] geneve0: entered allmulticast mode
[  621.673557][ T7483] Quota error (device loop2): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  621.863481][ T5830] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  622.220942][ T9650] netlink: 332 bytes leftover after parsing attributes in process `syz.5.866'.
[  623.503613][ T9659] syz.9.868: attempt to access beyond end of device
[  623.503613][ T9659] loop9: rw=0, sector=1, nr_sectors = 1 limit=0
[  623.516985][ T9659] qnx4: unable to read the superblock
[  626.943164][ T9710] loop6: detected capacity change from 0 to 40427
[  627.041109][ T9710] F2FS-fs (loop6): invalid crc value
[  627.202222][ T9710] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  627.249831][ T9711] loop0: detected capacity change from 0 to 4096
[  627.370489][ T9711] NILFS (loop0): invalid segment: Checksum error in segment payload
[  627.427623][ T9711] NILFS (loop0): trying rollback from an earlier position
[  627.528935][ T9711] NILFS (loop0): recovery complete
[  627.602149][ T9723] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  628.823373][ T9736] netlink: 20 bytes leftover after parsing attributes in process `syz.0.893'.
[  628.879159][ T9736] 8021q: VLANs not supported on gre0
[  629.646556][ T9395] syz-executor: attempt to access beyond end of device
[  629.646556][ T9395] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  629.692225][ T9395] CPU: 1 UID: 0 PID: 9395 Comm: syz-executor Not tainted 6.15.0-syzkaller-09161-g0f70f5b08a47 #0 PREEMPT(full) 
[  629.692276][ T9395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  629.692299][ T9395] Call Trace:
[  629.692310][ T9395]  <TASK>
[  629.692323][ T9395]  dump_stack_lvl+0x16c/0x1f0
[  629.692376][ T9395]  f2fs_handle_critical_error+0x621/0x9f0
[  629.692437][ T9395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  629.692483][ T9395]  ? f2fs_build_fault_attr+0x53/0x1f0
[  629.692544][ T9395]  f2fs_write_end_io+0x785/0xc20
[  629.692616][ T9395]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  629.692683][ T9395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  629.692737][ T9395]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  629.692797][ T9395]  bio_endio+0x70d/0x850
[  629.692862][ T9395]  submit_bio_noacct+0x56d/0x1eb0
[  629.692918][ T9395]  __submit_merged_bio+0x33c/0x770
[  629.692986][ T9395]  __submit_merged_write_cond+0x319/0x3f0
[  629.693065][ T9395]  f2fs_write_cache_pages+0x2067/0x2570
[  629.693137][ T9395]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  629.693188][ T9395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  629.693232][ T9395]  ? __lock_acquire+0x622/0x1c90
[  629.693288][ T9395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  629.693376][ T9395]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  629.693449][ T9395]  ? rcu_is_watching+0x12/0xc0
[  629.693480][ T9395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  629.693520][ T9395]  ? __mod_memcg_lruvec_state+0x527/0x740
[  629.693573][ T9395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  629.693622][ T9395]  f2fs_write_data_pages+0x4ad/0xd90
[  629.693669][ T9395]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  629.693707][ T9395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  629.693758][ T9395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  629.693805][ T9395]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  629.693848][ T9395]  do_writepages+0x27a/0x600
[  629.693899][ T9395]  ? __pfx_do_writepages+0x10/0x10
[  629.693942][ T9395]  ? do_raw_spin_unlock+0x172/0x230
[  629.693993][ T9395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  629.694034][ T9395]  ? _raw_spin_unlock+0x28/0x50
[  629.694073][ T9395]  filemap_fdatawrite_wbc+0x104/0x160
[  629.694124][ T9395]  __filemap_fdatawrite_range+0xb2/0xf0
[  629.694183][ T9395]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  629.694292][ T9395]  ? find_held_lock+0x2b/0x80
[  629.694348][ T9395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  629.694389][ T9395]  ? do_raw_spin_unlock+0x172/0x230
[  629.694440][ T9395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  629.694486][ T9395]  f2fs_sync_dirty_inodes+0x2a9/0x990
[  629.694548][ T9395]  block_operations+0x2a3/0xfd0
[  629.694591][ T9395]  ? __pfx_stack_trace_save+0x10/0x10
[  629.694629][ T9395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  629.694676][ T9395]  ? __pfx_block_operations+0x10/0x10
[  629.694767][ T9395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  629.694808][ T9395]  ? down_write+0x14d/0x200
[  629.694854][ T9395]  ? __pfx_down_write+0x10/0x10
[  629.694902][ T9395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  629.694942][ T9395]  ? rcu_is_watching+0x12/0xc0
[  629.694979][ T9395]  f2fs_write_checkpoint+0x2b8/0x4c60
[  629.695029][ T9395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  629.695069][ T9395]  ? kfree+0x2b4/0x4d0
[  629.695109][ T9395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  629.695150][ T9395]  ? lockdep_hardirqs_on+0x7c/0x110
[  629.695188][ T9395]  ? f2fs_stop_gc_thread+0x79/0xd0
[  629.695236][ T9395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  629.695287][ T9395]  kill_f2fs_super+0x3c2/0x470
[  629.695330][ T9395]  ? __pfx_kill_f2fs_super+0x10/0x10
[  629.695372][ T9395]  ? lockdep_hardirqs_on+0x7c/0x110
[  629.695428][ T9395]  deactivate_locked_super+0xc1/0x1a0
[  629.695477][ T9395]  deactivate_super+0xde/0x100
[  629.695526][ T9395]  cleanup_mnt+0x225/0x450
[  629.695582][ T9395]  task_work_run+0x150/0x240
[  629.695634][ T9395]  ? __pfx_task_work_run+0x10/0x10
[  629.695681][ T9395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  629.695725][ T9395]  ? __pfx___x64_sys_umount+0x10/0x10
[  629.695789][ T9395]  exit_to_user_mode_loop+0xeb/0x110
[  629.695841][ T9395]  do_syscall_64+0x3f6/0x4c0
[  629.695888][ T9395]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  629.695922][ T9395] RIP: 0033:0x7fcc92f8fc97
[  629.695948][ T9395] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  629.695982][ T9395] RSP: 002b:00007ffdfdb62e38 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  629.696015][ T9395] RAX: 0000000000000000 RBX: 00007fcc9301089d RCX: 00007fcc92f8fc97
[  629.696037][ T9395] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdfdb62ef0
[  629.696059][ T9395] RBP: 00007ffdfdb62ef0 R08: 0000000000000000 R09: 0000000000000000
[  629.696080][ T9395] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffdfdb63f80
[  629.696102][ T9395] R13: 00007fcc9301089d R14: 000000000009968a R15: 00007ffdfdb63fc0
[  629.696147][ T9395]  </TASK>
[  630.378327][ T9395] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  630.392072][ T9742] loop8: detected capacity change from 0 to 32768
[  630.392941][ T9754] netlink: 4 bytes leftover after parsing attributes in process `syz.2.897'.
[  630.456593][ T9727] loop9: detected capacity change from 0 to 32768
[  630.509553][ T9742] syz.8.895: attempt to access beyond end of device
[  630.509553][ T9742] loop14: rw=0, sector=8, nr_sectors = 8 limit=0
[  630.569298][ T9742] lbmIODone: I/O error in JFS log
[  630.574923][ T9742] *** Log Format Error ! ***
[  630.581250][ T9742] lmLogInit: exit(-22)
[  630.588649][ T9742] lmLogOpen: exit(-22)
[  630.683429][ T9727] XFS (loop9): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  632.083988][ T9784] loop2: detected capacity change from 0 to 256
[  632.135904][ T9727] XFS (loop9): Ending clean mount
[  634.292581][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  634.358032][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  634.742253][ T9786] loop0: detected capacity change from 0 to 256
[  634.889301][ T9133] XFS (loop9): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  635.602462][ T5896] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  635.867731][ T5896] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  635.916933][ T5896] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  636.000649][ T5896] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  636.110965][ T5896] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  636.176799][ T5896] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  636.241894][ T5896] usb 1-1: Product: syz
[  636.330830][ T9803] loop6: detected capacity change from 0 to 4096
[  636.411878][ T5896] usb 1-1: Manufacturer: syz
[  636.421103][ T5896] usb 1-1: SerialNumber: syz
[  636.421970][ T9803] ntfs3(loop6): Different NTFS sector size (1024) and media sector size (512).
[  636.712635][ T5896] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 9 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  636.725896][ T9803] overlayfs: upper fs does not support tmpfile.
[  636.776128][ T9803] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  636.892462][   T24] usb 1-1: USB disconnect, device number 9
[  636.972686][   T24] usblp0: removed
[  637.163083][ T5910] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  637.352158][ T5910] usb 10-1: Using ep0 maxpacket: 32
[  637.382310][ T5910] usb 10-1: unable to get BOS descriptor or descriptor too short
[  637.417309][ T5910] usb 10-1: config 128 has an invalid interface number: 127 but max is 3
[  637.457740][ T5910] usb 10-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config
[  637.492140][ T5910] usb 10-1: config 128 has 1 interface, different from the descriptor's value: 4
[  637.541873][ T5910] usb 10-1: config 128 has no interface number 0
[  637.575880][ T5910] usb 10-1: config 128 interface 127 altsetting 14 endpoint 0x5 has an invalid bInterval 0, changing to 7
[  637.872184][ T5910] usb 10-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid wMaxPacketSize 0
[  637.892054][ T5910] usb 10-1: config 128 interface 127 has no altsetting 0
[  637.911486][ T9829] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  637.915146][ T5910] usb 10-1: language id specifier not provided by device, defaulting to English
[  637.942492][ T9829] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  638.022523][ T9831] netlink: 52 bytes leftover after parsing attributes in process `syz.6.914'.
[  638.254568][ T9829] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  638.285131][ T5910] usb 10-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55
[  638.544906][ T5910] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  638.632749][ T5910] usb 10-1: Product: syz
[  638.637073][ T5910] usb 10-1: Manufacturer: syz
[  638.641783][ T5910] usb 10-1: SerialNumber: syz
[  638.709404][ T9835] loop2: detected capacity change from 0 to 512
[  638.925174][ T9835] EXT4-fs (loop2): 1 orphan inode deleted
[  638.944095][   T60] Quota error (device loop2): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  638.989656][   T60] EXT4-fs error (device loop2): ext4_release_dquot:6967: comm kworker/u8:4: Failed to release dquot type 1
[  639.007806][ T9835] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  639.095395][ T9835] ext4 filesystem being mounted at /217/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  639.163035][ T5937] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[  639.211685][ T9847] loop0: detected capacity change from 0 to 256
[  639.632455][ T5937] usb 9-1: Using ep0 maxpacket: 8
[  639.927412][ T9835] EXT4-fs error (device loop2): ext4_lookup:1787: inode #15: comm syz.2.917: iget: bad i_size value: 360287970189639690
[  639.950977][ T5937] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  640.030013][ T5937] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[  640.046605][ T5937] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7
[  640.085985][ T5937] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  640.097172][ T5937] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  640.172675][ T5937] usb 9-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  640.191772][ T5937] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  640.226626][ T5910] usb 10-1: USB disconnect, device number 2
[  640.232645][ T5937] usb 9-1: Product: syz
[  640.257532][ T5937] usb 9-1: Manufacturer: syz
[  640.311437][ T5937] usb 9-1: SerialNumber: syz
[  640.333418][ T5830] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  640.343445][ T5937] usb 9-1: config 0 descriptor??
[  640.416880][ T9029] udevd[9029]: error opening ATTR{/sys/devices/platform/dummy_hcd.9/usb10/10-1/10-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  640.624842][ T5937] radio-si470x 9-1:0.0: DeviceID=0x0000 ChipID=0x0000
[  640.653335][ T5937] radio-si470x 9-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0.
[  640.732636][ T1202] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  640.846764][ T5937] radio-si470x 9-1:0.0: software version 80, hardware version 212
[  640.877438][ T5937] radio-si470x 9-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org
[  640.912247][ T1202] usb 7-1: Using ep0 maxpacket: 16
[  640.941311][ T1202] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  640.986332][ T1202] usb 7-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00
[  641.036936][ T1202] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  641.043502][ T5937] radio-si470x 9-1:0.0: si470x_set_report: usb_control_msg returned -71
[  641.051239][ T9864] loop0: detected capacity change from 0 to 2048
[  641.060217][ T9867] loop9: detected capacity change from 0 to 512
[  641.078973][ T9867] EXT4-fs: Ignoring removed oldalloc option
[  641.093473][ T5937] radio-si470x 9-1:0.0: submitting int urb failed (-90)
[  641.126407][ T9867] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement.
[  641.136901][ T5937] radio-si470x 9-1:0.0: si470x_set_report: usb_control_msg returned -71
[  641.170242][ T5937] radio-si470x 9-1:0.0: probe with driver radio-si470x failed with error -22
[  641.184987][ T1202] usb 7-1: config 0 descriptor??
[  641.233567][ T5937] usb 9-1: USB disconnect, device number 6
[  641.248566][ T9864] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  641.362329][ T9864] ext4 filesystem being mounted at /203/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  641.643602][ T1202] hkems 0003:2006:0118.0005: unknown main item tag 0x0
[  641.650541][ T1202] hkems 0003:2006:0118.0005: item fetching failed at offset 5/7
[  641.670904][ T1202] hkems 0003:2006:0118.0005: parse failed
[  641.677848][ T1202] hkems 0003:2006:0118.0005: probe with driver hkems failed with error -22
[  641.724571][ T5831] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  642.039863][ T5898] usb 7-1: USB disconnect, device number 2
[  643.607887][ T9904] loop2: detected capacity change from 0 to 256
[  645.002371][ T5903] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  645.192174][ T5903] usb 7-1: Using ep0 maxpacket: 32
[  645.206966][ T5903] usb 7-1: config index 0 descriptor too short (expected 156, got 27)
[  645.230107][ T5903] usb 7-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  645.293622][ T5903] usb 7-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  645.344570][ T5903] usb 7-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  645.420885][ T5903] usb 7-1: config 0 interface 0 has no altsetting 0
[  645.463856][ T5903] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  645.484137][ T5903] usb 7-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  645.513702][ T5903] usb 7-1: Product: syz
[  645.528987][ T5903] usb 7-1: Manufacturer: syz
[  645.535380][ T5836] Bluetooth: hci7: Dropping invalid advertising data
[  645.543134][ T5836] Bluetooth: hci7: Malformed LE Event: 0x02
[  645.571829][ T5903] usb 7-1: SerialNumber: syz
[  645.581823][ T5903] usb 7-1: config 0 descriptor??
[  645.630511][ T5903] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  645.669391][ T5903] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  645.877485][ T5903] usb 7-1: USB disconnect, device number 3
[  645.883589][    C1] ldusb 7-1:0.0: usb_submit_urb failed (-19)
[  645.927918][ T5903] ldusb 7-1:0.0: LD USB Device #0 now disconnected
[  649.351677][ T9987] loop6: detected capacity change from 0 to 512
[  649.452251][ T9991] netlink: 'syz.2.966': attribute type 1 has an invalid length.
[  649.522454][ T9987] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  649.605651][ T9995] loop8: detected capacity change from 0 to 4096
[  649.614127][ T9987] ext4 filesystem being mounted at /15/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  649.892162][ T9995] ntfs3(loop8): ino=1a, mi_enum_attr
[  649.897547][ T9995] ntfs3(loop8): Mark volume as dirty due to NTFS errors
[  650.010412][ T9395] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  650.230727][ T5937] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  650.320899][T10013] team_slave_0: entered allmulticast mode
[  650.422799][ T5937] usb 10-1: Using ep0 maxpacket: 8
[  650.489263][ T5937] usb 10-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  650.522111][ T5937] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  650.580514][T10015] loop6: detected capacity change from 0 to 2048
[  650.580912][ T5937] usb 10-1: Product: syz
[  650.639656][ T5937] usb 10-1: Manufacturer: syz
[  650.658598][ T5937] usb 10-1: SerialNumber: syz
[  650.673293][T10015] ext3: Unknown parameter 'defcontext'
[  650.750519][ T5937] usb 10-1: config 0 descriptor??
[  650.932383][T10026] loop0: detected capacity change from 0 to 256
[  650.956459][ T5937] gspca_main: sq930x-2.14.0 probing 2770:930c
[  652.502293][ T5937] gspca_sq930x: reg_w 0105 0f00 failed -71
[  652.862151][ T5937] gspca_sq930x: Sensor ov9630 not yet treated
[  652.979697][ T5937] sq930x 10-1:0.0: probe with driver sq930x failed with error -22
[  653.551368][ T5937] usb 10-1: USB disconnect, device number 3
[  655.280121][ T5896] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  658.741237][T10047] Unknown status report in ack skb
[  659.064200][ T5910] usb 7-1: new low-speed USB device number 4 using dummy_hcd
[  659.299015][ T5910] usb 7-1: config 7 interface 0 has no altsetting 0
[  659.306678][   T30] audit: type=1326 audit(1748717441.070:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10064 comm="syz.0.988" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7aff98e969 code=0x7ffc0000
[  659.367654][ T5910] usb 7-1: string descriptor 0 read error: -22
[  659.374235][ T5910] usb 7-1: New USB device found, idVendor=0ace, idProduct=13a1, bcdDevice= 4.44
[  659.387473][   T30] audit: type=1326 audit(1748717441.070:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10064 comm="syz.0.988" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7aff98e969 code=0x7ffc0000
[  659.418071][ T5910] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  659.457224][ T5910] usb 7-1: dvb_usb_v2: found a 'ZyDAS ZD1301 reference design' in warm state
[  659.492216][   T30] audit: type=1326 audit(1748717441.090:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10064 comm="syz.0.988" exe="/root/syz-executor" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7f7aff98e969 code=0x7ffc0000
[  659.530266][ T5910] usb 7-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  659.570969][ T5910] dvbdev: DVB: registering new adapter (ZyDAS ZD1301 reference design)
[  659.610752][ T5910] usb 7-1: media controller created
[  659.616250][   T30] audit: type=1326 audit(1748717441.090:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10064 comm="syz.0.988" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7aff98e969 code=0x7ffc0000
[  659.709975][   T30] audit: type=1326 audit(1748717441.090:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10064 comm="syz.0.988" exe="/root/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7f7aff98e969 code=0x7ffc0000
[  659.735339][ T5910] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  659.804308][   T30] audit: type=1326 audit(1748717441.190:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10064 comm="syz.0.988" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7aff98e969 code=0x7ffc0000
[  659.919311][   T30] audit: type=1326 audit(1748717441.190:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10064 comm="syz.0.988" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7aff98e969 code=0x7ffc0000
[  660.041737][T10088] loop0: detected capacity change from 0 to 256
[  662.126017][T10083] loop9: detected capacity change from 0 to 256
[  662.599142][ T5910] usb 7-1: USB disconnect, device number 4
[  662.812213][ T5896] usb 9-1: new full-speed USB device number 7 using dummy_hcd
[  663.003726][ T5896] usb 9-1: config index 0 descriptor too short (expected 156, got 27)
[  663.042368][ T5896] usb 9-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  663.074957][ T5896] usb 9-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10
[  663.112177][ T5896] usb 9-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64
[  663.152068][ T5896] usb 9-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  663.188333][ T5896] usb 9-1: config 0 interface 0 has no altsetting 0
[  663.211319][ T5896] usb 9-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  663.247821][ T5896] usb 9-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  663.287387][ T5896] usb 9-1: Product: syz
[  663.305854][ T5896] usb 9-1: Manufacturer: syz
[  663.319494][ T5896] usb 9-1: SerialNumber: syz
[  663.338003][T10119] loop6: detected capacity change from 0 to 1024
[  663.347819][ T5896] usb 9-1: config 0 descriptor??
[  663.364409][T10102] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[  663.389468][ T5896] ldusb 9-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  663.409042][T10119] EXT4-fs (loop6): Test dummy encryption mode enabled
[  663.439059][T10119] EXT4-fs (loop6): stripe (9) is not aligned with cluster size (16), stripe is disabled
[  663.446139][ T5896] ldusb 9-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  663.513357][T10119] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  663.717574][T10119] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni"
[  664.020270][T10129] loop9: detected capacity change from 0 to 128
[  664.074978][ T9395] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  664.229399][T10129] EXT4-fs (loop9): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  664.509687][T10129] ext4 filesystem being mounted at /34/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  664.560973][T10112] loop2: detected capacity change from 0 to 40427
[  664.762763][T10112] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  664.884304][T10112] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  665.225743][T10112] F2FS-fs (loop2): invalid crc value
[  665.571146][T10139] loop6: detected capacity change from 0 to 4096
[  665.606912][    C0] ldusb 9-1:0.0: usb_submit_urb failed (-1)
[  665.628328][   T24] usb 9-1: USB disconnect, device number 7
[  665.680035][ T9133] EXT4-fs (loop9): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  665.698476][   T24] ldusb 9-1:0.0: LD USB Device #0 now disconnected
[  665.779914][T10146] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  666.002935][   T30] audit: type=1800 audit(1748717447.770:311): pid=10139 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1008" name="file1" dev="loop6" ino=15 res=0 errno=0
[  666.076326][T10149] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4)
[  666.082882][T10149] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  666.158913][T10149] vhci_hcd vhci_hcd.0: Device attached
[  666.198445][T10156] vhci_hcd: connection closed
[  666.203789][ T4048] vhci_hcd: stop threads
[  666.239173][ T4048] vhci_hcd: release socket
[  666.362466][ T4048] vhci_hcd: disconnect device
[  666.404071][ T5898] usb 33-1: new low-speed USB device number 3 using vhci_hcd
[  666.443858][ T5898] usb 33-1: enqueue for inactive port 0
[  666.568541][ T5898] vhci_hcd: vhci_device speed not set
[  667.319374][T10174] loop8: detected capacity change from 0 to 128
[  667.459217][T10174] EXT4-fs (loop8): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  667.788766][T10174] ext4 filesystem being mounted at /89/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  667.962656][T10189] netlink: 40 bytes leftover after parsing attributes in process `syz.9.1020'.
[  668.801336][ T8424] EXT4-fs (loop8): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  668.962205][ T5937] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[  669.197709][ T5937] usb 10-1: Using ep0 maxpacket: 8
[  669.229367][T10216] binder: 10215:10216 ioctl c0306201 0 returned -14
[  669.239091][ T5937] usb 10-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  669.248823][T10216] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1029'.
[  669.276319][ T5937] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  669.288513][ T5937] usb 10-1: Product: syz
[  669.298385][ T5937] usb 10-1: Manufacturer: syz
[  669.307605][ T5937] usb 10-1: SerialNumber: syz
[  669.347615][ T5937] usb 10-1: config 0 descriptor??
[  669.634524][ T5937] usb 10-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  670.189566][ T5937] dvb_usb_rtl28xxu 10-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  670.337362][T10229] loop8: detected capacity change from 0 to 256
[  670.642599][ T5937] usb 10-1: USB disconnect, device number 4
[  671.067156][T10232] [U] 
[  671.070186][T10232] [U] K{‘
[  671.074705][T10232] [U] ÄT Ž1ÊÀŠªFÌÇÄFËŠÎ`GÊJǘÜGÖƯ¹¬¡—ÞÈOÕÑ/ÜMCÇ
[  671.082499][T10232] [U] TžØ–/,�~ˆÄœ­‹JÕßÊ}8ÎÊÞ'O1�Ü"™7-΂JQœK—¤WºÏQÉ5C%"¬H12–¦Y“„‰ž€ÊXÍ`ˆ‚Íȼ`+³Û(·Â¿!(ÉÛÉZ'ÀTXLN»I®GÅJ– °ÜÝ­·PÅ~÷7Í!‘ÕÒ"بÎ¾ª(È5ˆOBܤ‡ÍƒJÖ
[  671.098384][T10232] [U] ±K\&—}6£6œXÎHX�¥Ôµ„ÌÞ.`¸A“$Û40|϶¿�9°ØÞ¨„¯ÀÏU‚Ò4�ÔÄ®VBZÃÐ}ÌWÔM”TºŽÍQŸÝΦR’4”ß
[  671.110069][T10232] [U] ".H6ØÞ"ÖKÇ[›‰¤ŒJÁ4ÇØI�N¨™[Z(•„C|TË]Z{�Â3ŸC=»¨XÎԞ˅Î4¿W‰)\T‘XJØ�SH{Q;̹¢…ÖTÔÇ+‹¦÷GÍÈß®D„.Ë‚³>Yž�÷ÉWUH„FN—Ž�ÇHL]SÔ2ŠÇÙ\G%ŠO¼&Z)µК'¨PUL‚_<Ã	¢Ø°‰Ò®ÔÅ`Ò±TÔÁÞœÐËÞ;_Ô"(‘U{7Jœ¿2X ‘/€'ÝÙCÑÌÕIº©ÀÏH¿C�Õ³žV¦=�‘AIÇ%W¼ESž RšŸJŠÎœƒÚ”GÂ÷RÁ¹Í¡HI
˜¢œAÏÌ6-ÚD�ÚV¨Á I"ØÅNƨ ÞÚASC~4Áª¹8CØ*­OO5/ßœJš~º§¡W—VK+¬®‰Œ3ÈÇY)Ž¹M°¸ÆV¶ÌYQƽ€DTR¯
OTPEM%F×ÊEJÍA5ÆÔT_-X~ ^AAÛ‚Ò˜½QÖÅ
[  671.149264][T10232] [U] 	+�W‰G?]£Ó'A:	»Ú)Õ
ÏÓ™“' B>T¢ ¡F/™÷<'ÈUÓ'–¼H§IÉ.+]EŸ.½-É¿ß¿Ò%÷È>2`¶^Uß8F.Š6¤Å3ÓØ+ËA¾Â««„°G3ÓPÂÓ6:�^0À�TÉÈV÷'EÕT¼€ÛÂYC‰N¾ÞRÏ©ÞNÈPJ×;ÆZ†ÊÔÑÛ‘8!¯È\Ù…¸AØÊ–2Á£$е™Â­WI.ÍÇ#ŠÈ/BAI¼�Ä`ÐÁ4J’ÔDÎY@ÓZ„ÜGW÷5Ë¿Bĵٜ NÓY"VI2ÛÌ
[  671.173728][T10232] [U] ÔT¦_K5¸T¬YJÐÞÎ9ÐÕCÊ$BRŸLÚNUL¶Ü9WÈÝÍ|žGÅ"ʃÆ%ÇÚ¶ÊCªØ�°¶ºQÎÙ
 ŸÇ3‹ÆQ¯ÔN^HP*½Ü$	µ.Î7YÓ±œ2³
[  671.185217][T10232] [U] ½?�©ßHÜÄ*ÙÁ”Î3Í�7ÜÉ�¾^#Q�"0~‡‚Ð(ÉOÏXLŒB£,'VÎÓ=‹ÝËCÌS«…’G‚S¶Þ0•Ö‚‹Ù`˜›žÙ‡Ÿ†=1(÷ξ™÷P#Ò2DO*Ƀ
[  671.197630][T10232] [U] ©S¹“Gžµ²¶“˜GUÐÔD-{¸™Â|&“�®ŸŸÑ�2µ›LÞC_©œ!`¨ÍOZÖ¥¢B¶³%>ÊRѶÖWχݎSSÂH"£YA4£O.šYÙÛÄ�„RTÔ¶ŒBÚ[+/<<R�B�ÊÄÕ|ФEŽžÑÛ –V96#ÛÚÑͤʦJºUº%
S851ƒ�ÞÒ©S�P±¨\£ƒ?Qª|L�´QXµ0ÂKÔ1ORÉ´2¡½|ÖÜDÖFÌ¿»Ù�ÚË2Þ”–¨×0ÌÅH•}C[/¤»“ŸPX^¼ÈO
[  671.222969][T10232] [U] ÖØ›·Ü—(JÅЛ•§MÛÜXZ˜;œ½±ÓßØ�_¹»µÔ*3÷3…¿5¸\ƒXM³ÚU�‰AK!AQ`¿Ë;FЕ�I+ÖÐVUHÅÐÂMÑJ³´Æ·ÙÛZÄCØÃZ‹¼Â)_ÇŸ¡	Ô‘¡&ßÖ¡ßÁAÇXTOÈÝÊ_½ Ú¼¦:¨Â×%À²PÒ×ÈCÖ²‚YÖ+_ÞÜ›ÝÛ}UÏM˜ƒÆ«CÅ!KJÒ7пG¯Ë=BÈ
[  671.243450][T10232] [U] Ù½¥Fœ%ŽXAÙÂLŸ2R*GŒÒVW¬Ñ$ƒÜJ	ÃA˜›F¶¿�·+ؾ9Í„VIºÖ—¼KÙ¾Å1}_©Â
Á¥%ÃR6„•(]“¦/Ÿ¶Ø�Å™YܺÇÞHä¾ÜÑR GªÄRN/Ü«Î#!ÊDÙÛÚ«%ÞÛËDªÏ-{Ð$ÞVU‘ÝT²¼ª$:MTRÔEŽC1V‰D~ÎÈ];[˜ËÚÐ÷SQ¾¯œÙ(ÌËE,X¦8Â"Ù
ÆÐG¥DŸÚµ2@T8ž¾´ÒƒÀÐßÀT8.RC+Ä@Ëʦ‡P‡UÁ
P”‰¼¶C±‡Ë'Å„YLÓ-SS1E?Å7ÓO‡§Ì^]¦†ÂÓC”½H]§JKR]RKQ܆�ØÝ£Þ´OTCÔÆX¶¨¾4™NË	³Ï&�Á­ÐÚ‹ŠÓ@¶:M7¿~�+”W*ÛÁ–XMÜÓ>>—¡{Q¢Ú×
_²Õ�LX8ÊU„ÇØÎ{ÐZ³ÍØ�)ßÒ7?ËRR;ßC¿R HײڣÁ»¨È1Å>)©Mă‰ÏT§²Ú(ÌÇAÏ�„}9·Ú¥ÃJ*MÑœ¥Ä¡«'L¹£Q	ÌDWŸÒظ=ؽ|Q¬	ÏÆ™W;5ÆÙŽª!ÑDB¸X`ɧÖ/÷ÂE�`ƦM¢XÎÂ"Ä\
[  671.291324][T10232] [U] {;ŽÕ¥ÂÙ˜_ˆO2«Ñ)ÎO®›.2ÐW2ʲ¨ÐYÙÃÃX_  HPϱœSªD­�¦Ø:]‚{Ë©ÔÝÆȽ
[  671.300288][T10232] [U] I,Ç>ÇÓ¤	ÎÙ5�1Ñ÷^1ÒN4¯OǶÞ'0Ý?Ö’IÙ9W.Ï_.¶WŠA¼Š�Vˆ±`)ÑZ¬ÏÆC6GIÓ¹²A»¬XL[¢›½¡FÜ*ÀÑO‰W)+‡Ç'\NÆ
[K@ÑËÄÜ2ÇǬ–®¡P"^`Á‰Í	Ø¿
[  671.313929][T10232] [U] 22½“Æ©ÐÛ©X?0;3U±
[  671.318927][T10232] [U] ÞœÕ
Æ�ÓSOBX 8”Wˆ4Á‘(Ð~/§¿ÍKÇUžÃÔ–OQËE+·G®-YµGY_
•>V¢ÜÈË—3.HÁÓ™]Í„²2‘”)™DË,	‘Ä	ÞD~×D©£¡+ÃW;A\˜F
PÉÞȘ|$ºØ)�
KØ�I³ÉÐÉ¿KÑYT^RÍÜÙÇ™µ“ËA=±#–Üœ	ÝÍ¿ËAE©�TÅ1·Îݯ4K¯.E"RÚS|ПÀSÖ’Á:•Ù>P™…RÐ"Z‰Ú­ÛÚÉ#P!˜KY"›}ÃÆF¿N84ܳƒÅHÞ±£O•ÈS¿™Ì«%DLWÙMƲÇ
[  671.345569][T10232] [U] [ª['XN€'²÷Á¿Ü,MR¦«/žšœÂ1D=!DŽX91BÙ
WÇ»R—LF…ƒÆK̤ZÕÊ# `Ì‘LØ›§Ëœ»×B~ÅMÒÔÖ
[  671.355174][T10232] [U] ™LÖ>�Ñ�D+ˆD¯§—®Ì"5ŽÊ��H3<ª¨ÅIR=F^”F�NÕÓÜÀ‰¿Û­VÛ÷œDÁOIOÚ:UÖ>ÖYÂ
[  671.364009][T10232] [U] 'B—6VÝ20³Ä·Çž¥·×ŒÏ"T8Ñ{9ÆFW��]ÔÊÄÌ©�
[  671.370538][T10232] [U] Ù72Þ‰ÏÂÃUÞC6™ÎÜÔÏ„I]8Cª£TÛ¨QSK�YÞÎIÒÀ¹ ¿|V'ÛTV/ÙÅG•$[ 9KH`Ú"Ü‘ÚÕ}€Ñ[^=ˆÚ0Á]½Ã%ÆÌ‚T“Šž¹ØFÌ_VÖ4C¸ÒÅ
[  671.383411][T10232] [U] ¹EC�
[  671.386896][T10232] [U] �—”|‚ÊÌ<ÄÎ:^Ü3$7NK~Ø-™@÷¦?Ÿ–/MTL·�Û¾©IˆWȬ@G~TØ{ÊÜP¿+Æ$ªJP|µŽÇIÛRIÓ�PMÐ Õ·YÓ Ú”8ÌTÉÐÞVžÙßÆË,ÎLÂ,Õ
[  671.464764][T10231] [U] ˆKÌÚÛÕ‰)0ÄÄÝ~ܳʪÁIP'ÍFÓÒœZÚÞR¬™ß@BÓ]Â5ÝÊ{­©Ê¼Ô'À8ÅÆ¥F‡¹UTQUD
Ç©¤K;7ͪ0C[„ÃY–¼ÈYC¦¶»Ø°Mª™LÒ8’T…ÍšÎ5³ÝÝRX�™¶ÐWÍ X¤²ÓOQHVI'8œ¥Î…Lµ
[  672.091212][T10253] loop9: detected capacity change from 0 to 256
[  675.449866][T10301] loop9: detected capacity change from 0 to 256
[  676.637048][T10307] loop2: detected capacity change from 0 to 512
[  676.862208][T10307] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[  676.930435][T10307] EXT4-fs (loop2): invalid journal inode
[  676.976358][T10307] EXT4-fs (loop2): can't get journal size
[  677.159772][T10314] loop8: detected capacity change from 0 to 256
[  677.365389][T10307] EXT4-fs (loop2): 1 truncate cleaned up
[  677.674788][T10307] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  678.182622][ T5896] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  678.360018][ T5896] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  678.401551][ T5896] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  678.453775][ T5896] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  678.473498][ T5896] usb 7-1: Product: syz
[  678.477702][ T5896] usb 7-1: Manufacturer: syz
[  678.483697][ T5896] usb 7-1: SerialNumber: syz
[  678.487885][ T5830] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  680.276778][ T7483] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  680.389940][ T5896] cdc_ncm 7-1:1.0: failed to get mac address
[  680.533677][ T7483] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  680.597563][ T5896] cdc_ncm 7-1:1.0: bind() failure
[  680.631652][ T5896] cdc_ncm 7-1:1.1: CDC Union missing and no IAD found
[  680.661846][ T5896] cdc_ncm 7-1:1.1: bind() failure
[  680.686353][ T7483] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  680.914729][ T5937] usb 7-1: USB disconnect, device number 5
[  681.007455][ T7483] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  681.101152][T10360] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1066'.
[  681.646862][T10370] loop0: detected capacity change from 0 to 512
[  681.729726][T10370] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  681.733381][   T30] audit: type=1326 audit(1748717463.510:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10371 comm="syz.5.1072" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f915258e969 code=0x0
[  681.844542][T10370] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  681.882238][T10370] ext4 filesystem being mounted at /231/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  682.140985][ T7483] bridge_slave_1: left allmulticast mode
[  682.163306][ T7483] bridge_slave_1: left promiscuous mode
[  682.169178][ T7483] bridge0: port 2(bridge_slave_1) entered disabled state
[  683.152555][ T7483] bridge_slave_0: left allmulticast mode
[  683.196624][ T7483] bridge_slave_0: left promiscuous mode
[  683.221801][ T5843] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  683.234164][ T5843] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  683.250743][T10404] loop6: detected capacity change from 0 to 512
[  683.258627][ T7483] bridge0: port 1(bridge_slave_0) entered disabled state
[  683.268155][ T5843] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  683.279212][ T5843] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  683.292396][ T5843] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  683.402521][ T5897] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  683.438903][ T5831] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  683.463991][T10404] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  683.542322][T10404] ext4 filesystem being mounted at /33/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  683.642152][ T5897] usb 3-1: Using ep0 maxpacket: 8
[  683.658798][ T5897] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  683.695430][ T5897] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  683.716763][   T30] audit: type=1800 audit(1748717465.480:313): pid=10404 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1076" name="file1" dev="loop6" ino=15 res=0 errno=0
[  683.795611][ T5897] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  683.817981][   T30] audit: type=1800 audit(1748717465.530:314): pid=10404 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1076" name="file1" dev="loop6" ino=15 res=0 errno=0
[  683.867909][ T5897] usb 3-1: config 0 descriptor??
[  683.977773][ T9395] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  684.109701][ T5897] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  684.152350][ T5937] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  684.254656][ T1202] libceph: connect (1)[c::]:6789 error -101
[  684.261056][ T1202] libceph: mon0 (1)[c::]:6789 connect error
[  684.273495][ T1202] libceph: connect (1)[c::]:6789 error -101
[  684.279595][ T1202] libceph: mon0 (1)[c::]:6789 connect error
[  684.364655][ T5937] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2
[  684.379510][ T5937] usb 1-1: config 1 has no interface number 0
[  684.386429][ T5937] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  684.391683][T10424] ceph: No mds server is up or the cluster is laggy
[  684.397534][ T5937] usb 1-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  684.413968][ T5937] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  684.425532][ T5937] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 59391, setting to 1024
[  684.442712][ T5937] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  684.455618][ T5937] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  684.463328][ T5897] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  684.464515][ T5937] usb 1-1: Product: syz
[  684.476163][ T5937] usb 1-1: Manufacturer: syz
[  684.480882][ T5937] usb 1-1: SerialNumber: syz
[  684.528278][ T5894] usb 3-1: USB disconnect, device number 7
[  684.672155][ T5897] usb 7-1: Using ep0 maxpacket: 8
[  684.696787][ T5897] usb 7-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  684.713547][T10420] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  684.720638][ T5897] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  684.720677][ T5897] usb 7-1: Product: syz
[  684.720706][ T5897] usb 7-1: Manufacturer: syz
[  684.740996][ T5897] usb 7-1: SerialNumber: syz
[  684.752915][ T5897] usb 7-1: config 0 descriptor??
[  684.779913][ T5897] gspca_main: sq930x-2.14.0 probing 2770:930c
[  684.854353][ T7483] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  684.943766][ T7483] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  685.035487][ T7483] bond0 (unregistering): Released all slaves
[  685.277186][ T7483] tipc: Disabling bearer <eth:team0>
[  685.356544][ T7483] tipc: Left network mode
[  685.397281][ T5843] Bluetooth: hci0: command tx timeout
[  685.419661][T10420] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  685.430974][ T5937] cdc_ncm 1-1:1.1: bind() failure
[  685.698308][ T5937] usb 1-1: USB disconnect, device number 11
[  685.892073][ T5897] gspca_sq930x: reg_w 0105 0f00 failed -71
[  686.112555][ T5897] gspca_sq930x: Sensor ov9630 not yet treated
[  686.119188][ T5897] sq930x 7-1:0.0: probe with driver sq930x failed with error -22
[  686.197356][ T5897] usb 7-1: USB disconnect, device number 6
[  686.492252][ T7483] hsr_slave_0: left promiscuous mode
[  686.632302][ T7483] hsr_slave_1: left promiscuous mode
[  686.682847][ T7483] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  686.740400][ T7483] batman_adv: batadv0: Removing interface: batadv_slave_0
[  686.816716][ T7483] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  686.842061][ T7483] batman_adv: batadv0: Removing interface: batadv_slave_1
[  687.101833][T10469] loop8: detected capacity change from 0 to 128
[  687.109330][ T7483] veth1_macvtap: left promiscuous mode
[  687.117063][ T7483] veth0_macvtap: left promiscuous mode
[  687.123228][ T7483] veth1_vlan: left promiscuous mode
[  687.128600][ T7483] veth0_vlan: left promiscuous mode
[  687.154648][T10469] EXT4-fs (loop8): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  687.172380][ T5937] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  687.247225][T10474] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1092'.
[  687.304716][T10469] ext4 filesystem being mounted at /104/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  687.309919][T10474] IPv6: Can't replace route, no match found
[  687.342943][ T5937] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  687.355137][ T5937] usb 1-1: config 0 has no interface number 0
[  687.465520][ T5937] usb 1-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  687.474838][ T5843] Bluetooth: hci0: command tx timeout
[  687.522173][ T5937] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  687.530204][ T5937] usb 1-1: Product: syz
[  687.534905][ T5937] usb 1-1: Manufacturer: syz
[  687.539528][ T5937] usb 1-1: SerialNumber: syz
[  687.556568][ T5937] usb 1-1: config 0 descriptor??
[  687.857056][ T5937] usb 1-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  687.919959][T10469] fscrypt: Adiantum using implementation "adiantum(xchacha12-x86_64,aes-aesni,nhpoly1305-avx2)"
[  687.976708][ T5937] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  688.021931][ T5937] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  688.049846][ T5937] usb 1-1: media controller created
[  688.086515][ T8424] EXT4-fs (loop8): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  688.162364][ T5937] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  688.361074][ T5937] i2c i2c-1: ec100: i2c rd failed=-71 reg=33
[  688.776358][ T5937] usb 1-1: USB disconnect, device number 12
[  689.360029][ T7483] team0 (unregistering): Port device team_slave_1 removed
[  689.455139][T10493] loop0: detected capacity change from 0 to 512
[  689.562437][ T5843] Bluetooth: hci0: command tx timeout
[  689.606936][T10493] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  689.622842][ T7483] team0 (unregistering): Port device team_slave_0 removed
[  689.659534][T10493] ext4 filesystem being mounted at /234/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  689.887050][ T5831] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  690.030099][T10500] loop0: detected capacity change from 0 to 16
[  690.055925][T10500] erofs: Unknown parameter './file0'
[  690.918838][   T30] audit: type=1804 audit(1748717472.690:315): pid=10507 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1103" name="/newroot/236/file1" dev="fuse" ino=1 res=1 errno=0
[  691.644402][ T5843] Bluetooth: hci0: command tx timeout
[  691.667286][T10402] chnl_net:caif_netlink_parms(): no params data found
[  691.924648][T10519] loop6: detected capacity change from 0 to 1024
[  692.606145][T10527] loop2: detected capacity change from 0 to 2048
[  692.668460][T10531] veth1_to_bond: entered allmulticast mode
[  692.675413][T10527] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  692.733284][T10531] veth1_to_bond: left allmulticast mode
[  692.787362][T10402] bridge0: port 1(bridge_slave_0) entered blocking state
[  692.817785][T10402] bridge0: port 1(bridge_slave_0) entered disabled state
[  692.848304][T10402] bridge_slave_0: entered allmulticast mode
[  692.877935][T10402] bridge_slave_0: entered promiscuous mode
[  692.908773][T10402] bridge0: port 2(bridge_slave_1) entered blocking state
[  692.949733][T10537] loop6: detected capacity change from 0 to 1024
[  692.958481][T10402] bridge0: port 2(bridge_slave_1) entered disabled state
[  692.967495][T10402] bridge_slave_1: entered allmulticast mode
[  692.974960][T10537] EXT4-fs: Ignoring removed nomblk_io_submit option
[  693.022237][T10402] bridge_slave_1: entered promiscuous mode
[  693.083964][T10537] EXT4-fs: Ignoring removed orlov option
[  693.238007][T10537] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  693.784523][T10402] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  693.824958][T10402] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  693.990661][ T9395] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  694.087282][T10402] team0: Port device team_slave_0 added
[  694.181394][T10402] team0: Port device team_slave_1 added
[  694.798319][T10402] batman_adv: batadv0: Adding interface: batadv_slave_0
[  694.850060][T10402] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  694.962145][T10402] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  695.042695][T10402] batman_adv: batadv0: Adding interface: batadv_slave_1
[  695.077528][T10402] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  695.267816][T10560] IPVS: length: 95 != 24
[  695.391705][T10402] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  695.432767][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  695.439108][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  696.028286][T10402] hsr_slave_0: entered promiscuous mode
[  696.094292][T10402] hsr_slave_1: entered promiscuous mode
[  696.141432][T10402] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  696.149384][T10402] Cannot create hsr debugfs directory
[  696.516605][ T5937] libceph: connect (1)[c::]:6789 error -101
[  696.547932][ T5937] libceph: mon0 (1)[c::]:6789 connect error
[  696.567229][T10576] syzkaller0: entered promiscuous mode
[  696.573789][T10576] syzkaller0: entered allmulticast mode
[  696.660226][T10582] Cannot find add_set index 0 as target
[  696.900987][T10575] ceph: No mds server is up or the cluster is laggy
[  697.381937][ T5894] libceph: connect (1)[c::]:6789 error -101
[  697.389003][ T5894] libceph: mon0 (1)[c::]:6789 connect error
[  698.863708][ T1202] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  699.892800][T10605] overlayfs: failed to clone upperpath
[  699.933193][ T1202] usb 1-1: too many configurations: 9, using maximum allowed: 8
[  699.951242][ T1202] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  699.974234][ T1202] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  699.990552][ T1202] usb 1-1: config 0 interface 0 has no altsetting 0
[  700.018826][ T1202] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  700.047294][ T1202] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  700.090498][T10611] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  700.142722][ T1202] usb 1-1: config 0 interface 0 has no altsetting 0
[  700.201850][ T1202] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  700.215798][ T1202] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  700.230557][ T1202] usb 1-1: config 0 interface 0 has no altsetting 0
[  700.306398][ T1202] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  700.324398][ T1202] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  700.338549][ T1202] usb 1-1: config 0 interface 0 has no altsetting 0
[  700.350502][ T1202] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  700.384042][ T1202] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  700.402203][ T1202] usb 1-1: config 0 interface 0 has no altsetting 0
[  700.418570][ T1202] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  700.433217][ T1202] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  700.445974][ T1202] usb 1-1: config 0 interface 0 has no altsetting 0
[  700.461650][ T1202] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  700.473771][ T1202] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  700.489285][ T1202] usb 1-1: config 0 interface 0 has no altsetting 0
[  700.504699][ T1202] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  700.551670][ T1202] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  700.590317][ T1202] usb 1-1: config 0 interface 0 has no altsetting 0
[  700.637703][ T1202] usb 1-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  700.654184][ T1202] usb 1-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  700.663443][ T1202] usb 1-1: Product: syz
[  700.847140][ T1202] usb 1-1: Manufacturer: syz
[  700.870804][ T1202] usb 1-1: SerialNumber: syz
[  700.930926][ T1202] usb 1-1: config 0 descriptor??
[  700.977797][ T1202] yurex 1-1:0.0: USB YUREX device now attached to Yurex #0
[  701.131723][ T5903] usb 1-1: USB disconnect, device number 13
[  701.386965][ T5903] yurex 1-1:0.0: USB YUREX #0 now disconnected
[  704.167737][ T5894] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  704.405047][ T5894] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  704.420490][T10638] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  704.427393][ T5894] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  704.447710][ T5894] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  704.467441][ T5894] usb 3-1: config 0 descriptor??
[  704.490605][ T5894] pwc: Askey VC010 type 2 USB webcam detected.
[  704.920483][ T5894] pwc: recv_control_msg error -32 req 02 val 2b00
[  704.980267][ T5894] pwc: recv_control_msg error -32 req 02 val 2700
[  705.058172][ T5894] pwc: recv_control_msg error -32 req 02 val 2c00
[  705.164114][ T5894] pwc: recv_control_msg error -32 req 04 val 1000
[  705.195898][ T5894] pwc: recv_control_msg error -32 req 04 val 1300
[  705.210255][ T5894] pwc: recv_control_msg error -32 req 04 val 1400
[  705.225062][ T5894] pwc: recv_control_msg error -32 req 02 val 2000
[  705.285789][ T5894] pwc: recv_control_msg error -32 req 02 val 2100
[  705.311228][ T5894] pwc: recv_control_msg error -32 req 04 val 1500
[  705.331241][ T5894] pwc: recv_control_msg error -32 req 02 val 2500
[  705.363478][ T5894] pwc: recv_control_msg error -32 req 02 val 2400
[  705.593957][ T5894] pwc: recv_control_msg error -71 req 02 val 2900
[  705.635619][ T5894] pwc: recv_control_msg error -71 req 02 val 2800
[  705.668392][ T5894] pwc: recv_control_msg error -71 req 04 val 1100
[  705.677866][ T5894] pwc: recv_control_msg error -71 req 04 val 1200
[  705.730248][ T5894] pwc: Registered as video103.
[  705.750754][ T5894] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input19
[  705.806041][ T5894] usb 3-1: USB disconnect, device number 8
[  707.754805][T10661] loop2: detected capacity change from 0 to 256
[  711.112792][T10684] Bluetooth: MGMT ver 1.23
[  711.269400][T10687] input: syz1 as /devices/virtual/input/input20
[  712.959383][T10693] autofs: Unknown parameter '0x0000000000000000'
[  713.739075][ T5836] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  713.749832][ T5836] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  713.760379][ T5836] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  713.795409][ T5836] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  713.814772][ T5836] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  715.009739][T10668] netlink: 44 bytes leftover after parsing attributes in process `syz.5.1148'.
[  715.035901][T10679] warning: `syz.0.1151' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  715.645739][T10709] loop2: detected capacity change from 0 to 32768
[  716.017655][ T5836] Bluetooth: hci4: command tx timeout
[  717.280519][T10722] loop2: detected capacity change from 0 to 32768
[  717.287967][T10722] XFS: ikeep mount option is deprecated.
[  717.400667][T10722] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  717.528886][T10722] XFS (loop2): Ending clean mount
[  717.543937][T10722] XFS (loop2): Quotacheck needed: Please wait.
[  717.683780][T10722] XFS (loop2): Quotacheck: Done.
[  717.967808][ T5830] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  718.035181][ T5836] Bluetooth: hci4: command tx timeout
[  720.741540][ T5836] Bluetooth: hci4: command tx timeout
[  722.218686][T10744] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  723.179346][ T5836] Bluetooth: hci4: command tx timeout
[  724.862233][T10698] chnl_net:caif_netlink_parms(): no params data found
[  725.054329][T10777] loop8: detected capacity change from 0 to 128
[  725.064027][T10777] FAT-fs (loop8): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  725.093892][T10777] FAT-fs (loop8): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  725.134631][T10744] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  726.438455][ T2860] FAT-fs (loop8): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  727.252733][T10744] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  727.328022][T10795] loop8: detected capacity change from 0 to 2048
[  727.371611][T10795] NILFS (loop8): broken superblock, retrying with spare superblock (blocksize = 1024)
[  727.498313][ T9029] udevd[9029]: incorrect nilfs2 checksum on /dev/loop8
[  727.562266][T10795] NILFS (loop8): mounting unchecked fs
[  727.745951][T10795] NILFS (loop8): recovery complete
[  727.776367][T10799] NILFS (loop8): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  727.895185][T10744] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  728.018660][   T30] audit: type=1800 audit(1748717509.690:316): pid=10795 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.1180" name="file2" dev="loop8" ino=16 res=0 errno=0
[  729.183006][T10698] bridge0: port 1(bridge_slave_0) entered blocking state
[  729.190199][T10698] bridge0: port 1(bridge_slave_0) entered disabled state
[  729.262399][T10698] bridge_slave_0: entered allmulticast mode
[  729.291919][T10698] bridge_slave_0: entered promiscuous mode
[  730.552283][T10698] bridge0: port 2(bridge_slave_1) entered blocking state
[  730.559476][T10698] bridge0: port 2(bridge_slave_1) entered disabled state
[  730.574255][T10698] bridge_slave_1: entered allmulticast mode
[  730.582402][T10698] bridge_slave_1: entered promiscuous mode
[  731.649656][T10402] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  732.746585][T10402] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  733.492418][T10698] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  734.394469][T10402] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  734.407779][T10822] loop8: detected capacity change from 0 to 512
[  734.428497][T10402] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  734.450294][T10698] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  734.575848][T10822] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  734.595905][T10822] ext4 filesystem being mounted at /126/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  734.973118][T10698] team0: Port device team_slave_0 added
[  736.056956][T10698] team0: Port device team_slave_1 added
[  737.211500][T10844] 9pnet_virtio: no channels available for device syz
[  737.773820][T10698] batman_adv: batadv0: Adding interface: batadv_slave_0
[  737.802460][T10698] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  738.015926][T10698] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  738.037235][T10698] batman_adv: batadv0: Adding interface: batadv_slave_1
[  738.044714][T10698] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  738.070743][T10698] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  738.188325][T10744] bridge_slave_1: left allmulticast mode
[  738.202159][T10744] bridge_slave_1: left promiscuous mode
[  738.252533][T10744] bridge0: port 2(bridge_slave_1) entered disabled state
[  738.353603][T10744] bridge_slave_0: left allmulticast mode
[  738.359295][T10744] bridge_slave_0: left promiscuous mode
[  738.406049][ T8424] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  738.409272][T10744] bridge0: port 1(bridge_slave_0) entered disabled state
[  738.889460][T10854] loop2: detected capacity change from 0 to 256
[  739.560174][T10854] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[  739.867312][T10853] exFAT-fs (loop2): error, data size is invalid(10)
[  742.136566][T10858] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  747.187932][T10891] loop0: detected capacity change from 0 to 256
[  747.526506][ T5843] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  747.545554][ T5843] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  747.554684][ T5843] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  747.575361][ T5843] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  747.600362][ T5843] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  749.737438][ T5836] Bluetooth: hci2: command tx timeout
[  750.001181][T10909] fuse: Bad value for 'fd'
[  750.358105][T10911] loop8: detected capacity change from 0 to 40427
[  750.372236][T10911] F2FS-fs (loop8): Invalid log_blocksize (268), supports only 12
[  750.380298][T10911] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock
[  750.391333][T10911] F2FS-fs (loop8): invalid crc value
[  750.437565][T10914] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  750.604533][T10911] F2FS-fs (loop8): Try to recover 1th superblock, ret: 0
[  750.611622][T10911] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  751.792430][ T5836] Bluetooth: hci2: command tx timeout
[  751.918066][T10909] overlayfs: failed to clone lowerpath
[  751.924015][ T8424] syz-executor: attempt to access beyond end of device
[  751.924015][ T8424] loop8: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  751.954960][ T8424] CPU: 1 UID: 0 PID: 8424 Comm: syz-executor Not tainted 6.15.0-syzkaller-09161-g0f70f5b08a47 #0 PREEMPT(full) 
[  751.955011][ T8424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  751.955034][ T8424] Call Trace:
[  751.955045][ T8424]  <TASK>
[  751.955060][ T8424]  dump_stack_lvl+0x16c/0x1f0
[  751.955111][ T8424]  f2fs_handle_critical_error+0x621/0x9f0
[  751.955174][ T8424]  ? srso_alias_return_thunk+0x5/0xfbef5
[  751.955220][ T8424]  ? f2fs_build_fault_attr+0x53/0x1f0
[  751.955285][ T8424]  f2fs_write_end_io+0x785/0xc20
[  751.955353][ T8424]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  751.955424][ T8424]  ? srso_alias_return_thunk+0x5/0xfbef5
[  751.955481][ T8424]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  751.955543][ T8424]  bio_endio+0x70d/0x850
[  751.955611][ T8424]  submit_bio_noacct+0x56d/0x1eb0
[  751.955673][ T8424]  __submit_merged_bio+0x33c/0x770
[  751.955744][ T8424]  __submit_merged_write_cond+0x319/0x3f0
[  751.955826][ T8424]  f2fs_sync_node_pages+0x1931/0x1c30
[  751.955892][ T8424]  ? srso_alias_return_thunk+0x5/0xfbef5
[  751.955948][ T8424]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[  751.956004][ T8424]  ? srso_alias_return_thunk+0x5/0xfbef5
[  751.956048][ T8424]  ? __lock_acquire+0xb8a/0x1c90
[  751.956149][ T8424]  ? down_write+0x14d/0x200
[  751.956202][ T8424]  ? srso_alias_return_thunk+0x5/0xfbef5
[  751.956249][ T8424]  ? srso_alias_return_thunk+0x5/0xfbef5
[  751.956293][ T8424]  ? up_write+0x1b2/0x520
[  751.956353][ T8424]  block_operations+0x941/0xfd0
[  751.956414][ T8424]  ? __pfx_block_operations+0x10/0x10
[  751.956528][ T8424]  ? srso_alias_return_thunk+0x5/0xfbef5
[  751.956573][ T8424]  ? down_write+0x14d/0x200
[  751.956622][ T8424]  ? __pfx_down_write+0x10/0x10
[  751.956676][ T8424]  ? srso_alias_return_thunk+0x5/0xfbef5
[  751.956720][ T8424]  ? rcu_is_watching+0x12/0xc0
[  751.956768][ T8424]  f2fs_write_checkpoint+0x2b8/0x4c60
[  751.956824][ T8424]  ? srso_alias_return_thunk+0x5/0xfbef5
[  751.956868][ T8424]  ? kfree+0x2b4/0x4d0
[  751.956912][ T8424]  ? srso_alias_return_thunk+0x5/0xfbef5
[  751.956962][ T8424]  ? srso_alias_return_thunk+0x5/0xfbef5
[  751.957006][ T8424]  ? rcu_is_watching+0x12/0xc0
[  751.957039][ T8424]  ? srso_alias_return_thunk+0x5/0xfbef5
[  751.957082][ T8424]  ? kthread_stop+0x273/0x650
[  751.957137][ T8424]  kill_f2fs_super+0x3c2/0x470
[  751.957185][ T8424]  ? __pfx_kill_f2fs_super+0x10/0x10
[  751.957230][ T8424]  ? lockdep_hardirqs_on+0x7c/0x110
[  751.957298][ T8424]  deactivate_locked_super+0xc1/0x1a0
[  751.957352][ T8424]  deactivate_super+0xde/0x100
[  751.957406][ T8424]  cleanup_mnt+0x225/0x450
[  751.957464][ T8424]  task_work_run+0x150/0x240
[  751.957521][ T8424]  ? __pfx_task_work_run+0x10/0x10
[  751.957570][ T8424]  ? srso_alias_return_thunk+0x5/0xfbef5
[  751.957619][ T8424]  ? __pfx___x64_sys_umount+0x10/0x10
[  751.957691][ T8424]  exit_to_user_mode_loop+0xeb/0x110
[  751.957750][ T8424]  do_syscall_64+0x3f6/0x4c0
[  751.957796][ T8424]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  751.957824][ T8424] RIP: 0033:0x7f7f44b8fc97
[  751.957846][ T8424] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  751.957874][ T8424] RSP: 002b:00007ffdd2000b28 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  751.957899][ T8424] RAX: 0000000000000000 RBX: 00007f7f44c1089d RCX: 00007f7f44b8fc97
[  751.957917][ T8424] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdd2000be0
[  751.957934][ T8424] RBP: 00007ffdd2000be0 R08: 0000000000000000 R09: 0000000000000000
[  751.957951][ T8424] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffdd2001c70
[  751.957968][ T8424] R13: 00007f7f44c1089d R14: 00000000000b7848 R15: 00007ffdd2001cb0
[  751.958011][ T8424]  </TASK>
[  751.958021][ T8424] F2FS-fs (loop8): Stopped filesystem due to reason: 3
[  752.335372][T10909] overlayfs: failed to clone upperpath
[  752.749197][T10744] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  752.768428][T10929] loop0: detected capacity change from 0 to 4096
[  753.036491][T10744] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  753.681481][T10744] bond0 (unregistering): Released all slaves
[  753.872445][ T5836] Bluetooth: hci2: command tx timeout
[  754.064459][T10943] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  755.019066][T10698] hsr_slave_0: entered promiscuous mode
[  755.035351][T10698] hsr_slave_1: entered promiscuous mode
[  755.041863][T10698] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  755.351149][T10698] Cannot create hsr debugfs directory
[  755.952119][ T5836] Bluetooth: hci2: command tx timeout
[  756.967367][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  756.984362][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  758.910673][   T30] audit: type=1800 audit(1748717540.640:317): pid=10961 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1220" name="dmabuf" dev="dmabuf" ino=10 res=0 errno=0
[  761.792415][ T5843] Bluetooth: hci6: command 0x1003 tx timeout
[  761.793732][ T5836] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  761.831399][T10974] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1225'.
[  761.840445][T10974] openvswitch: netlink: Flow key attr not present in new flow.
[  764.655915][T10991] Cannot find add_set index 0 as target
[  767.396078][   T30] audit: type=1800 audit(1748717549.140:318): pid=11009 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.1233" name="bus" dev="overlay" ino=749 res=0 errno=0
[  769.642634][T10744] hsr_slave_0: left promiscuous mode
[  769.652772][T10744] hsr_slave_1: left promiscuous mode
[  769.681910][T10744] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  769.722914][T10744] batman_adv: batadv0: Removing interface: batadv_slave_0
[  769.825795][T11018] futex_wake_op: syz.2.1236 tries to shift op by -1; fix this program
[  771.562856][T10744] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  771.570356][T10744] batman_adv: batadv0: Removing interface: batadv_slave_1
[  771.765961][T10744] veth1_macvtap: left promiscuous mode
[  771.771568][T10744] veth0_macvtap: left promiscuous mode
[  771.883947][T10744] veth1_vlan: left promiscuous mode
[  771.950616][T10744] veth0_vlan: left promiscuous mode
[  773.175338][T11027] loop0: detected capacity change from 0 to 64
[  773.278463][T11029] ubi31: attaching mtd0
[  774.139768][T11029] ubi31: scanning is finished
[  774.144572][T11029] ubi31: empty MTD device detected
[  775.238121][T11033] loop8: detected capacity change from 0 to 1024
[  775.310535][T11033] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  775.341166][T11029] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4
[  776.932687][ T5843] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  776.944552][ T5843] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  777.137319][ T5843] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  777.158362][ T5843] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  777.189478][ T5843] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  779.838432][ T5836] Bluetooth: hci0: command tx timeout
[  780.241216][T11059] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  782.043258][ T5836] Bluetooth: hci0: command tx timeout
[  782.865208][T11074] loop0: detected capacity change from 0 to 32768
[  782.872678][T11074] XFS: ikeep mount option is deprecated.
[  784.036726][T11074] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  784.112172][ T5836] Bluetooth: hci0: command tx timeout
[  784.435992][T11074] XFS (loop0): Ending clean mount
[  784.447981][T11074] XFS (loop0): Quotacheck needed: Please wait.
[  784.511758][T11074] XFS (loop0): Quotacheck: Done.
[  785.016908][ T5831] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  785.171027][T11095] binder: 11092:11095 ioctl c0306201 0 returned -14
[  785.724518][ T7483] Bluetooth: hci6: Frame reassembly failed (-84)
[  786.193203][ T5843] Bluetooth: hci0: command tx timeout
[  787.801219][ T5843] Bluetooth: hci6: command 0xfc11 tx timeout
[  787.808325][ T5836] Bluetooth: hci6: Entering manufacturer mode failed (-110)
[  790.766369][T10744] team0 (unregistering): Port device team_slave_1 removed
[  791.891931][T11128] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  791.926809][T10744] team0 (unregistering): Port device team_slave_0 removed
[  792.447727][T11134] xt_CT: You must specify a L4 protocol and not use inversions on it
[  792.478536][T11134] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  793.441033][T11134] loop0: detected capacity change from 0 to 40427
[  793.612122][T11129] loop0: detected capacity change from 0 to 16
[  793.618926][T11129] erofs: Unknown parameter './file0'
[  796.931389][T11146] loop2: detected capacity change from 0 to 2048
[  797.019501][T11146] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 0 not in group (block 4)!
[  797.041763][T11146] EXT4-fs (loop2): group descriptors corrupted!
[  798.901656][T11161] loop0: detected capacity change from 0 to 32768
[  799.069282][T11161] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode.
[  800.045436][ T5831] ocfs2: Unmounting device (7,0) on (node local)
[  802.314482][T11194] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  804.093149][ T5843] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  804.145051][ T5843] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  804.164311][ T5843] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  804.192711][ T5843] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  804.212321][ T5843] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  805.358527][ T5843] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  805.369456][ T5843] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  805.378357][ T5843] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  805.387214][ T5843] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  805.395231][ T5843] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  805.445312][T11206] loop2: detected capacity change from 0 to 4096
[  805.482767][T11211] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  805.973915][T11214] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  806.333296][T11213] xt_CT: You must specify a L4 protocol and not use inversions on it
[  806.352224][ T5843] Bluetooth: hci6: command tx timeout
[  808.701384][ T5843] Bluetooth: hci8: command tx timeout
[  808.708994][ T5843] Bluetooth: hci6: command tx timeout
[  810.767258][ T5843] Bluetooth: hci8: command tx timeout
[  810.772874][ T5836] Bluetooth: hci6: command tx timeout
[  813.006158][ T5836] Bluetooth: hci6: command tx timeout
[  813.006184][ T5843] Bluetooth: hci8: command tx timeout
[  815.619782][ T5843] Bluetooth: hci8: command tx timeout
[  818.279489][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  818.368780][T11271] xt_CT: You must specify a L4 protocol and not use inversions on it
[  818.527971][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  822.290455][T11279] No control pipe specified
[  823.219137][T10744] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  824.707134][T10744] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  825.080737][T11039] chnl_net:caif_netlink_parms(): no params data found
[  826.542134][ T5903] usb 3-1: new full-speed USB device number 9 using dummy_hcd
[  826.700298][T11302] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  826.846001][T10744] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  827.220264][ T5903] usb 3-1: device descriptor read/all, error -71
[  827.347169][T11310] mmap: syz.5.1299 (11310) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  827.469763][T11312] loop2: detected capacity change from 0 to 512
[  827.526179][T10744] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  830.326513][T11319] Cannot find add_set index 0 as target
[  830.679203][T11197] chnl_net:caif_netlink_parms(): no params data found
[  830.875684][T11039] bridge0: port 1(bridge_slave_0) entered blocking state
[  830.903046][T11039] bridge0: port 1(bridge_slave_0) entered disabled state
[  830.942348][T11039] bridge_slave_0: entered allmulticast mode
[  830.949961][T11039] bridge_slave_0: entered promiscuous mode
[  831.047928][T11039] bridge0: port 2(bridge_slave_1) entered blocking state
[  831.074338][T11039] bridge0: port 2(bridge_slave_1) entered disabled state
[  831.086312][T11039] bridge_slave_1: entered allmulticast mode
[  831.104489][T11039] bridge_slave_1: entered promiscuous mode
[  831.375593][T11209] chnl_net:caif_netlink_parms(): no params data found
[  833.242853][ T1202] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  833.283674][T11197] bridge0: port 1(bridge_slave_0) entered blocking state
[  833.290980][T11197] bridge0: port 1(bridge_slave_0) entered disabled state
[  833.312369][T11197] bridge_slave_0: entered allmulticast mode
[  833.570681][T11197] bridge_slave_0: entered promiscuous mode
[  834.584693][ T1202] usb 1-1: config 0 has an invalid interface number: 64 but max is 0
[  834.602061][ T1202] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  834.642300][ T1202] usb 1-1: config 0 has no interface number 0
[  834.706888][ T1202] usb 1-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice= 0.07
[  834.874653][T11197] bridge0: port 2(bridge_slave_1) entered blocking state
[  834.881930][T11197] bridge0: port 2(bridge_slave_1) entered disabled state
[  834.890162][ T1202] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  834.945152][ T1202] usb 1-1: Product: syz
[  834.949416][ T1202] usb 1-1: Manufacturer: syz
[  834.974137][T11197] bridge_slave_1: entered allmulticast mode
[  835.000591][ T1202] usb 1-1: SerialNumber: syz
[  835.010085][T11197] bridge_slave_1: entered promiscuous mode
[  835.031961][ T1202] usb 1-1: config 0 descriptor??
[  835.283243][ T5836] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  835.300003][ T5836] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  835.309622][ T5836] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  835.319307][ T5836] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  835.327302][ T5836] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  835.557629][T11209] bridge0: port 1(bridge_slave_0) entered blocking state
[  835.567569][T11209] bridge0: port 1(bridge_slave_0) entered disabled state
[  835.583772][T11209] bridge_slave_0: entered allmulticast mode
[  835.892302][T11209] bridge_slave_0: entered promiscuous mode
[  837.409948][ T5836] Bluetooth: hci0: command tx timeout
[  838.684194][ T1202] usb 1-1: Found UVC 0.00 device syz (046d:0823)
[  838.690738][ T1202] usb 1-1: No valid video chain found.
[  839.472653][ T5836] Bluetooth: hci0: command tx timeout
[  839.969207][ T1202] usb 1-1: USB disconnect, device number 14
[  840.031095][T11209] bridge0: port 2(bridge_slave_1) entered blocking state
[  840.062422][T11209] bridge0: port 2(bridge_slave_1) entered disabled state
[  840.115598][T11209] bridge_slave_1: entered allmulticast mode
[  840.144915][T11209] bridge_slave_1: entered promiscuous mode
[  840.258048][T11197] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  841.851840][T11209] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  841.883233][T11197] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  841.960494][ T5836] Bluetooth: hci0: command tx timeout
[  841.967440][T11380] overlayfs: failed to clone upperpath
[  842.214999][T11209] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  843.571554][T11197] team0: Port device team_slave_0 added
[  843.699275][T11209] team0: Port device team_slave_0 added
[  843.776518][T11197] team0: Port device team_slave_1 added
[  843.917051][T11209] team0: Port device team_slave_1 added
[  844.032170][ T5843] Bluetooth: hci0: command tx timeout
[  844.196644][T11197] batman_adv: batadv0: Adding interface: batadv_slave_0
[  844.211981][T11197] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  844.243139][T11197] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  844.798051][T11394] block nbd0: NBD_DISCONNECT
[  845.379641][T11209] batman_adv: batadv0: Adding interface: batadv_slave_0
[  845.387241][T11209] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  845.434874][T11209] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  845.693946][T11197] batman_adv: batadv0: Adding interface: batadv_slave_1
[  845.700940][T11197] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  845.764395][T11197] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  846.864607][T11209] batman_adv: batadv0: Adding interface: batadv_slave_1
[  846.871576][T11209] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  846.906297][T11209] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  849.071918][T11197] hsr_slave_0: entered promiscuous mode
[  849.093262][T11197] hsr_slave_1: entered promiscuous mode
[  849.380979][T11417] loop2: detected capacity change from 0 to 32768
[  849.389093][T11417] XFS: ikeep mount option is deprecated.
[  849.468378][T11417] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  849.531965][T11417] XFS (loop2): Ending clean mount
[  849.544036][T11417] XFS (loop2): Quotacheck needed: Please wait.
[  849.626108][T11420] loop0: detected capacity change from 0 to 2048
[  849.627525][T10744] bridge_slave_1: left allmulticast mode
[  849.641361][T10744] bridge_slave_1: left promiscuous mode
[  849.670452][T10744] bridge0: port 2(bridge_slave_1) entered disabled state
[  849.687347][T11417] XFS (loop2): Quotacheck: Done.
[  849.769224][T11420] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  849.781443][T10744] bridge_slave_0: left allmulticast mode
[  849.803242][T10744] bridge_slave_0: left promiscuous mode
[  849.828605][T10744] bridge0: port 1(bridge_slave_0) entered disabled state
[  851.999954][T10744] bridge_slave_1: left allmulticast mode
[  852.015004][T10744] bridge_slave_1: left promiscuous mode
[  852.020957][T10744] bridge0: port 2(bridge_slave_1) entered disabled state
[  852.133457][T10744] bridge_slave_0: left allmulticast mode
[  852.139160][T10744] bridge_slave_0: left promiscuous mode
[  852.172644][T10744] bridge0: port 1(bridge_slave_0) entered disabled state
[  852.219249][ T5830] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  853.471606][T11440] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  853.484074][T11440] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  853.837358][T11439] xt_CT: You must specify a L4 protocol and not use inversions on it
[  853.885019][T11440] loop2: detected capacity change from 0 to 40427
[  856.287183][T10744] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  856.963414][T10744] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  857.030813][T10744] bond0 (unregistering): Released all slaves
[  858.252533][T11462] block nbd2: NBD_DISCONNECT
[  860.948302][T10744] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  861.952996][T10744] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  862.003589][T10744] bond0 (unregistering): Released all slaves
[  862.368497][T11345] chnl_net:caif_netlink_parms(): no params data found
[  862.953942][   T30] audit: type=1800 audit(1748717644.380:319): pid=11476 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1336" name="dmabuf" dev="dmabuf" ino=11 res=0 errno=0
[  863.273005][T11209] hsr_slave_0: entered promiscuous mode
[  863.280686][T11209] hsr_slave_1: entered promiscuous mode
[  863.303265][T11209] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  863.310951][T11209] Cannot create hsr debugfs directory
[  863.317055][T10744] : left promiscuous mode
[  863.942412][ T5836] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  863.959007][ T5836] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  863.969720][ T5836] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  863.990058][ T5836] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  863.999144][ T5836] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  864.220175][T11345] bridge0: port 1(bridge_slave_0) entered blocking state
[  864.231157][T11345] bridge0: port 1(bridge_slave_0) entered disabled state
[  864.246193][T11345] bridge_slave_0: entered allmulticast mode
[  864.256624][T11345] bridge_slave_0: entered promiscuous mode
[  864.269257][T11345] bridge0: port 2(bridge_slave_1) entered blocking state
[  864.277222][T11345] bridge0: port 2(bridge_slave_1) entered disabled state
[  864.284753][T11345] bridge_slave_1: entered allmulticast mode
[  864.293124][T11345] bridge_slave_1: entered promiscuous mode
[  864.399537][T10744] hsr_slave_0: left promiscuous mode
[  864.405703][T10744] hsr_slave_1: left promiscuous mode
[  864.411633][T10744] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  864.419931][T10744] batman_adv: batadv0: Removing interface: batadv_slave_0
[  864.428238][T10744] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  864.440708][T10744] batman_adv: batadv0: Removing interface: batadv_slave_1
[  864.458113][T10744] hsr_slave_0: left promiscuous mode
[  864.464926][T10744] hsr_slave_1: left promiscuous mode
[  864.470903][T10744] batman_adv: batadv0: Removing interface: batadv_slave_0
[  864.486689][T10744] batman_adv: batadv0: Removing interface: batadv_slave_1
[  864.514707][T10744] veth1_macvtap: left promiscuous mode
[  864.520300][T10744] veth0_macvtap: left promiscuous mode
[  864.526213][T10744] veth1_vlan: left promiscuous mode
[  864.531589][T10744] veth0_vlan: left promiscuous mode
[  865.037683][T10744] team0 (unregistering): Port device team_slave_1 removed
[  865.079617][T10744] team0 (unregistering): Port device team_slave_0 removed
[  865.729063][ T5843] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  865.739858][ T5843] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  865.747866][ T5843] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  865.761677][ T5843] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  865.770037][ T5843] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  865.903763][T10744] team0 (unregistering): Port device team_slave_1 removed
[  865.931854][T10744] team0 (unregistering): Port device team_slave_0 removed
[  866.122244][ T5843] Bluetooth: hci2: command tx timeout
[  866.173744][T11345] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  866.202062][T11345] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  866.328696][T11345] team0: Port device team_slave_0 added
[  866.358582][T11345] team0: Port device team_slave_1 added
[  866.564877][T11345] batman_adv: batadv0: Adding interface: batadv_slave_0
[  866.571932][T11345] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  866.601769][T11345] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  866.698200][T11345] batman_adv: batadv0: Adding interface: batadv_slave_1
[  866.712700][T11345] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  866.738636][    C1] vkms_vblank_simulate: vblank timer overrun
[  866.747553][T11345] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  866.898123][T11345] hsr_slave_0: entered promiscuous mode
[  866.905035][T11345] hsr_slave_1: entered promiscuous mode
[  866.911917][T11345] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  866.920629][T11345] Cannot create hsr debugfs directory
[  867.199986][T11478] chnl_net:caif_netlink_parms(): no params data found
[  867.498813][T11478] bridge0: port 1(bridge_slave_0) entered blocking state
[  867.515963][T11478] bridge0: port 1(bridge_slave_0) entered disabled state
[  867.535125][T11478] bridge_slave_0: entered allmulticast mode
[  867.545391][T11478] bridge_slave_0: entered promiscuous mode
[  867.560115][T11484] chnl_net:caif_netlink_parms(): no params data found
[  867.591757][T11478] bridge0: port 2(bridge_slave_1) entered blocking state
[  867.599359][T11478] bridge0: port 2(bridge_slave_1) entered disabled state
[  867.607025][T11478] bridge_slave_1: entered allmulticast mode
[  867.615811][T11478] bridge_slave_1: entered promiscuous mode
[  867.707702][T11478] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  867.774822][T11478] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  867.861709][T11478] team0: Port device team_slave_0 added
[  867.882205][ T5843] Bluetooth: hci4: command tx timeout
[  867.931645][T11478] team0: Port device team_slave_1 added
[  867.966408][T11484] bridge0: port 1(bridge_slave_0) entered blocking state
[  867.974805][T11484] bridge0: port 1(bridge_slave_0) entered disabled state
[  867.982517][T11484] bridge_slave_0: entered allmulticast mode
[  867.991837][T11484] bridge_slave_0: entered promiscuous mode
[  868.021210][T11345] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  868.033465][T11484] bridge0: port 2(bridge_slave_1) entered blocking state
[  868.040849][T11484] bridge0: port 2(bridge_slave_1) entered disabled state
[  868.049620][T11484] bridge_slave_1: entered allmulticast mode
[  868.057981][T11484] bridge_slave_1: entered promiscuous mode
[  868.083029][T11478] batman_adv: batadv0: Adding interface: batadv_slave_0
[  868.090154][T11478] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  868.117158][T11478] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  868.128905][T11345] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  868.162639][T11478] batman_adv: batadv0: Adding interface: batadv_slave_1
[  868.169593][T11478] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  868.195464][    C1] vkms_vblank_simulate: vblank timer overrun
[  868.201823][ T5843] Bluetooth: hci2: command tx timeout
[  868.202778][T11478] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  868.233017][T11345] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  868.259254][T11484] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  868.271890][T11345] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  868.299564][T11484] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  868.405322][T11484] team0: Port device team_slave_0 added
[  868.423773][T11478] hsr_slave_0: entered promiscuous mode
[  868.430267][T11478] hsr_slave_1: entered promiscuous mode
[  868.439439][T11478] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  868.448252][T11478] Cannot create hsr debugfs directory
[  868.480349][T11484] team0: Port device team_slave_1 added
[  868.636926][T11484] batman_adv: batadv0: Adding interface: batadv_slave_0
[  868.656211][T11484] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  868.695430][T11484] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  868.728223][T11484] batman_adv: batadv0: Adding interface: batadv_slave_1
[  868.740049][T11484] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  868.783387][T11484] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  868.964211][T11484] hsr_slave_0: entered promiscuous mode
[  868.971106][T11484] hsr_slave_1: entered promiscuous mode
[  868.979472][T11484] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  868.987536][T11484] Cannot create hsr debugfs directory
[  869.119887][T10744] bridge_slave_1: left allmulticast mode
[  869.128959][T10744] bridge_slave_1: left promiscuous mode
[  869.135813][T10744] bridge0: port 2(bridge_slave_1) entered disabled state
[  869.146238][T10744] bridge_slave_0: left allmulticast mode
[  869.151987][T10744] bridge_slave_0: left promiscuous mode
[  869.159500][T10744] bridge0: port 1(bridge_slave_0) entered disabled state
[  869.172977][T10744] bridge_slave_1: left allmulticast mode
[  869.178709][T10744] bridge_slave_1: left promiscuous mode
[  869.185832][T10744] bridge0: port 2(bridge_slave_1) entered disabled state
[  869.196880][T10744] bridge_slave_0: left allmulticast mode
[  869.210033][T10744] bridge_slave_0: left promiscuous mode
[  869.219425][T10744] bridge0: port 1(bridge_slave_0) entered disabled state
[  869.237544][T10744] bridge_slave_1: left allmulticast mode
[  869.244110][T10744] bridge_slave_1: left promiscuous mode
[  869.249967][T10744] bridge0: port 2(bridge_slave_1) entered disabled state
[  869.260277][T10744] bridge_slave_0: left allmulticast mode
[  869.267980][T10744] bridge_slave_0: left promiscuous mode
[  869.274776][T10744] bridge0: port 1(bridge_slave_0) entered disabled state
[  869.297088][T10744] bridge_slave_1: left allmulticast mode
[  869.302876][T10744] bridge_slave_1: left promiscuous mode
[  869.308767][T10744] bridge0: port 2(bridge_slave_1) entered disabled state
[  869.343555][T10744] bridge_slave_0: left allmulticast mode
[  869.349262][T10744] bridge_slave_0: left promiscuous mode
[  869.358890][T10744] bridge0: port 1(bridge_slave_0) entered disabled state
[  869.553042][T10744] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  869.587109][T10744] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  869.618512][T10744] bond0 (unregistering): Released all slaves
[  869.850624][T10744] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  869.881231][T10744] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  869.900990][T10744] bond0 (unregistering): Released all slaves
[  869.952325][ T5843] Bluetooth: hci4: command tx timeout
[  870.041303][T10744] bond0 (unregistering): Released all slaves
[  870.208704][T10744] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  870.240590][T10744] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  870.264540][T10744] bond0 (unregistering): Released all slaves
[  870.272524][ T5843] Bluetooth: hci2: command tx timeout
[  870.766572][T10744] hsr_slave_0: left promiscuous mode
[  870.791027][T10744] hsr_slave_1: left promiscuous mode
[  870.805200][T10744] batman_adv: batadv0: Removing interface: batadv_slave_0
[  870.826710][T10744] batman_adv: batadv0: Removing interface: batadv_slave_1
[  870.849562][T10744] hsr_slave_0: left promiscuous mode
[  870.866621][T10744] hsr_slave_1: left promiscuous mode
[  870.878820][T10744] batman_adv: batadv0: Removing interface: batadv_slave_0
[  870.888231][T10744] batman_adv: batadv0: Removing interface: batadv_slave_1
[  870.914068][T10744] hsr_slave_0: left promiscuous mode
[  870.922066][T10744] hsr_slave_1: left promiscuous mode
[  870.928042][T10744] batman_adv: batadv0: Removing interface: batadv_slave_0
[  870.947827][T10744] batman_adv: batadv0: Removing interface: batadv_slave_1
[  871.315489][T10744] team0 (unregistering): Port device team_slave_1 removed
[  871.376023][T10744] team0 (unregistering): Port device team_slave_0 removed
[  871.987722][T10744] team0 (unregistering): Port device team_slave_1 removed
[  872.043280][ T5843] Bluetooth: hci4: command tx timeout
[  872.075338][T10744] team0 (unregistering): Port device team_slave_0 removed
[  872.362779][ T5843] Bluetooth: hci2: command tx timeout
[  873.110813][T10744] team0 (unregistering): Port device team_slave_1 removed
[  873.176761][T10744] team0 (unregistering): Port device team_slave_0 removed
[  873.771652][T11345] 8021q: adding VLAN 0 to HW filter on device bond0
[  874.112449][ T5843] Bluetooth: hci4: command tx timeout
[  874.276748][T11345] 8021q: adding VLAN 0 to HW filter on device team0
[  874.366685][ T6706] bridge0: port 1(bridge_slave_0) entered blocking state
[  874.373905][ T6706] bridge0: port 1(bridge_slave_0) entered forwarding state
[  874.400683][ T6706] bridge0: port 2(bridge_slave_1) entered blocking state
[  874.407896][ T6706] bridge0: port 2(bridge_slave_1) entered forwarding state
[  874.744949][T11478] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  874.770528][T11478] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  874.842767][T11478] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  874.854586][T11478] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  875.418863][T11478] 8021q: adding VLAN 0 to HW filter on device bond0
[  875.617986][T11478] 8021q: adding VLAN 0 to HW filter on device team0
[  875.727354][T11484] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  875.760923][ T4048] bridge0: port 1(bridge_slave_0) entered blocking state
[  875.768163][ T4048] bridge0: port 1(bridge_slave_0) entered forwarding state
[  875.783472][T11484] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  875.808585][T11345] 8021q: adding VLAN 0 to HW filter on device batadv0
[  875.867816][T11484] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  875.879871][T11484] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  875.915023][   T60] bridge0: port 2(bridge_slave_1) entered blocking state
[  875.922229][   T60] bridge0: port 2(bridge_slave_1) entered forwarding state
[  876.086268][T11345] veth0_vlan: entered promiscuous mode
[  876.159546][T11345] veth1_vlan: entered promiscuous mode
[  876.277500][T11345] veth0_macvtap: entered promiscuous mode
[  876.298843][T11345] veth1_macvtap: entered promiscuous mode
[  876.334437][T11484] 8021q: adding VLAN 0 to HW filter on device bond0
[  876.406663][T11345] batman_adv: batadv0: Interface activated: batadv_slave_0
[  876.439510][T11345] batman_adv: batadv0: Interface activated: batadv_slave_1
[  876.469861][T11484] 8021q: adding VLAN 0 to HW filter on device team0
[  876.502762][T11345] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  876.511517][T11345] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  876.542469][T11345] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  876.551224][T11345] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  876.571940][ T6706] bridge0: port 1(bridge_slave_0) entered blocking state
[  876.579121][ T6706] bridge0: port 1(bridge_slave_0) entered forwarding state
[  876.655318][ T3511] bridge0: port 2(bridge_slave_1) entered blocking state
[  876.662618][ T3511] bridge0: port 2(bridge_slave_1) entered forwarding state
[  876.687511][T11478] 8021q: adding VLAN 0 to HW filter on device batadv0
[  876.891201][ T3511] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  876.929248][ T3511] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  877.026405][T11478] veth0_vlan: entered promiscuous mode
[  877.055022][ T4048] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  877.058854][T11478] veth1_vlan: entered promiscuous mode
[  877.118348][ T4048] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  877.179496][T11478] veth0_macvtap: entered promiscuous mode
[  877.196506][T11345] ==================================================================
[  877.204590][T11345] BUG: KASAN: slab-use-after-free in binder_add_device+0xa4/0xb0
[  877.212363][T11345] Write of size 8 at addr ffff88803534f808 by task syz-executor/11345
[  877.220535][T11345] 
[  877.222873][T11345] CPU: 0 UID: 0 PID: 11345 Comm: syz-executor Not tainted 6.15.0-syzkaller-09161-g0f70f5b08a47 #0 PREEMPT(full) 
[  877.222917][T11345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  877.222938][T11345] Call Trace:
[  877.222949][T11345]  <TASK>
[  877.222967][T11345]  dump_stack_lvl+0x116/0x1f0
[  877.223014][T11345]  print_report+0xcd/0x680
[  877.223068][T11345]  ? srso_alias_return_thunk+0x5/0xfbef5
[  877.223110][T11345]  ? srso_alias_return_thunk+0x5/0xfbef5
[  877.223151][T11345]  ? __phys_addr+0xe8/0x180
[  877.223206][T11345]  ? binder_add_device+0xa4/0xb0
[  877.223257][T11345]  kasan_report+0xe0/0x110
[  877.223312][T11345]  ? binder_add_device+0xa4/0xb0
[  877.223369][T11345]  binder_add_device+0xa4/0xb0
[  877.223420][T11345]  binderfs_binder_device_create.isra.0+0xa03/0xc30
[  877.223467][T11345]  binderfs_fill_super+0x8d4/0x1360
[  877.223508][T11345]  ? __pfx_binderfs_fill_super+0x10/0x10
[  877.223565][T11345]  ? shrinker_register+0x1a8/0x260
[  877.223621][T11345]  ? srso_alias_return_thunk+0x5/0xfbef5
[  877.223663][T11345]  ? sget_fc+0x808/0xc20
[  877.223710][T11345]  ? apparmor_capable+0x114/0x1d0
[  877.223765][T11345]  ? __pfx_set_anon_super_fc+0x10/0x10
[  877.223810][T11345]  ? __pfx_binderfs_fill_super+0x10/0x10
[  877.223845][T11345]  get_tree_nodev+0xdd/0x190
[  877.223896][T11345]  vfs_get_tree+0x8e/0x340
[  877.223936][T11345]  path_mount+0x14d4/0x1f70
[  877.223975][T11345]  ? srso_alias_return_thunk+0x5/0xfbef5
[  877.224016][T11345]  ? kmem_cache_free+0x2d1/0x4d0
[  877.224066][T11345]  ? __pfx_path_mount+0x10/0x10
[  877.224102][T11345]  ? srso_alias_return_thunk+0x5/0xfbef5
[  877.224144][T11345]  ? putname+0x154/0x1a0
[  877.224180][T11345]  __x64_sys_mount+0x28d/0x310
[  877.224215][T11345]  ? __pfx___x64_sys_mount+0x10/0x10
[  877.224257][T11345]  do_syscall_64+0xcd/0x4c0
[  877.224301][T11345]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  877.224336][T11345] RIP: 0033:0x7f45fbf9010a
[  877.224361][T11345] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  877.224396][T11345] RSP: 002b:00007ffd35517c48 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  877.224428][T11345] RAX: ffffffffffffffda RBX: 00007f45fc010e74 RCX: 00007f45fbf9010a
[  877.224452][T11345] RDX: 00007f45fc0208cb RSI: 00007f45fc010e74 RDI: 00007f45fc0208cb
[  877.224475][T11345] RBP: 00007f45fc0110bd R08: 0000000000000000 R09: 00007f45fc1b6738
[  877.224498][T11345] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f45fbfec1a8
[  877.224520][T11345] R13: 00007f45fbfec180 R14: 0000000000000009 R15: 0000000000000000
[  877.224555][T11345]  </TASK>
[  877.224566][T11345] 
[  877.481444][T11345] Allocated by task 11493:
[  877.485864][T11345]  kasan_save_stack+0x33/0x60
[  877.490576][T11345]  kasan_save_track+0x14/0x30
[  877.495288][T11345]  __kasan_kmalloc+0xaa/0xb0
[  877.499909][T11345]  tomoyo_find_next_domain+0xfd/0x20b0
[  877.505409][T11345]  tomoyo_bprm_check_security+0x12e/0x1d0
[  877.511168][T11345]  security_bprm_check+0x1b9/0x1e0
[  877.516323][T11345]  bprm_execve+0x810/0x1650
[  877.520854][T11345]  kernel_execve+0x2ef/0x3b0
[  877.525497][T11345]  call_usermodehelper_exec_async+0x255/0x4c0
[  877.531600][T11345]  ret_from_fork+0x5d7/0x6f0
[  877.536208][T11345]  ret_from_fork_asm+0x1a/0x30
[  877.540992][T11345] 
[  877.543313][T11345] Freed by task 11493:
[  877.547383][T11345]  kasan_save_stack+0x33/0x60
[  877.552092][T11345]  kasan_save_track+0x14/0x30
[  877.556802][T11345]  kasan_save_free_info+0x3b/0x60
[  877.561846][T11345]  __kasan_slab_free+0x51/0x70
[  877.566651][T11345]  kfree+0x2b4/0x4d0
[  877.570568][T11345]  tomoyo_find_next_domain+0x839/0x20b0
[  877.576153][T11345]  tomoyo_bprm_check_security+0x12e/0x1d0
[  877.581914][T11345]  security_bprm_check+0x1b9/0x1e0
[  877.587146][T11345]  bprm_execve+0x810/0x1650
[  877.591681][T11345]  kernel_execve+0x2ef/0x3b0
[  877.596298][T11345]  call_usermodehelper_exec_async+0x255/0x4c0
[  877.602400][T11345]  ret_from_fork+0x5d7/0x6f0
[  877.607010][T11345]  ret_from_fork_asm+0x1a/0x30
[  877.611787][T11345] 
[  877.614112][T11345] The buggy address belongs to the object at ffff88803534f800
[  877.614112][T11345]  which belongs to the cache kmalloc-512 of size 512
[  877.628179][T11345] The buggy address is located 8 bytes inside of
[  877.628179][T11345]  freed 512-byte region [ffff88803534f800, ffff88803534fa00)
[  877.641831][T11345] 
[  877.644159][T11345] The buggy address belongs to the physical page:
[  877.650571][T11345] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3534c
[  877.659356][T11345] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  877.667867][T11345] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  877.675424][T11345] page_type: f5(slab)
[  877.679423][T11345] raw: 00fff00000000040 ffff88801b441c80 ffffea0001f69000 dead000000000002
[  877.688031][T11345] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  877.696636][T11345] head: 00fff00000000040 ffff88801b441c80 ffffea0001f69000 dead000000000002
[  877.705321][T11345] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  877.714012][T11345] head: 00fff00000000002 ffffea0000d4d301 00000000ffffffff 00000000ffffffff
[  877.722737][T11345] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  877.731410][T11345] page dumped because: kasan: bad access detected
[  877.737827][T11345] page_owner tracks the page as allocated
[  877.743562][T11345] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5207, tgid 5207 (udevd), ts 48178710234, free_ts 48171804313
[  877.764351][T11345]  post_alloc_hook+0x1c0/0x230
[  877.769174][T11345]  get_page_from_freelist+0x135c/0x3950
[  877.774769][T11345]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  877.780702][T11345]  alloc_pages_mpol+0x1fb/0x550
[  877.785615][T11345]  new_slab+0x23b/0x330
[  877.789809][T11345]  ___slab_alloc+0xd9c/0x1940
[  877.794525][T11345]  __slab_alloc.constprop.0+0x56/0xb0
[  877.799937][T11345]  __kmalloc_cache_noprof+0xfb/0x3e0
[  877.805255][T11345]  kernfs_fop_open+0x244/0xda0
[  877.810049][T11345]  do_dentry_open+0x744/0x1c10
[  877.814844][T11345]  vfs_open+0x82/0x3f0
[  877.818934][T11345]  path_openat+0x1de4/0x2cb0
[  877.823569][T11345]  do_filp_open+0x20b/0x470
[  877.828104][T11345]  do_sys_openat2+0x11b/0x1d0
[  877.832795][T11345]  __x64_sys_openat+0x174/0x210
[  877.837664][T11345]  do_syscall_64+0xcd/0x4c0
[  877.842204][T11345] page last free pid 5202 tgid 5202 stack trace:
[  877.848535][T11345]  __free_frozen_pages+0x7fe/0x1180
[  877.853760][T11345]  qlist_free_all+0x4d/0x120
[  877.858376][T11345]  kasan_quarantine_reduce+0x195/0x1e0
[  877.863868][T11345]  __kasan_slab_alloc+0x69/0x90
[  877.868761][T11345]  __kmalloc_noprof+0x1d4/0x510
[  877.873646][T11345]  tomoyo_encode2+0x100/0x3e0
[  877.878347][T11345]  tomoyo_encode+0x29/0x50
[  877.882795][T11345]  tomoyo_path_perm+0x3a5/0x460
[  877.887660][T11345]  tomoyo_path_symlink+0x97/0xe0
[  877.892625][T11345]  security_path_symlink+0x152/0x2e0
[  877.897960][T11345]  do_symlinkat+0x10d/0x310
[  877.902479][T11345]  __x64_sys_symlink+0x75/0x90
[  877.907253][T11345]  do_syscall_64+0xcd/0x4c0
[  877.912042][T11345]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  877.917952][T11345] 
[  877.920284][T11345] Memory state around the buggy address:
[  877.925919][T11345]  ffff88803534f700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  877.934003][T11345]  ffff88803534f780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  877.942085][T11345] >ffff88803534f800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  877.950152][T11345]                       ^
[  877.954510][T11345]  ffff88803534f880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  877.962585][T11345]  ffff88803534f900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  877.970652][T11345] ==================================================================
[  877.995507][T11478] veth1_macvtap: entered promiscuous mode
[  878.017184][T11478] batman_adv: batadv0: Interface activated: batadv_slave_0
[  878.029960][T11478] batman_adv: batadv0: Interface activated: batadv_slave_1
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  878.041117][T11478] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  878.050020][T11478] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  878.058944][T11478] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  878.068102][T11478] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  878.598683][T11345] Kernel panic - not syncing: kasan.fault=panic_on_write set ...
[  878.606460][T11345] CPU: 1 UID: 0 PID: 11345 Comm: syz-executor Not tainted 6.15.0-syzkaller-09161-g0f70f5b08a47 #0 PREEMPT(full) 
[  878.618397][T11345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  878.628570][T11345] Call Trace:
[  878.631945][T11345]  <TASK>
[  878.634896][T11345]  dump_stack_lvl+0x3d/0x1f0
[  878.639505][T11345]  panic+0x71c/0x800
[  878.643436][T11345]  ? __pfx_panic+0x10/0x10
[  878.647867][T11345]  ? lockdep_hardirqs_on+0x7c/0x110
[  878.653079][T11345]  ? srso_alias_return_thunk+0x5/0xfbef5
[  878.658729][T11345]  ? binder_add_device+0xa4/0xb0
[  878.663697][T11345]  ? srso_alias_return_thunk+0x5/0xfbef5
[  878.669350][T11345]  ? preempt_schedule_common+0x44/0xc0
[  878.674831][T11345]  ? srso_alias_return_thunk+0x5/0xfbef5
[  878.680478][T11345]  ? preempt_schedule_thunk+0x16/0x30
[  878.685870][T11345]  ? binder_add_device+0xa4/0xb0
[  878.690836][T11345]  end_report+0x159/0x170
[  878.695207][T11345]  kasan_report+0xee/0x110
[  878.699655][T11345]  ? binder_add_device+0xa4/0xb0
[  878.704627][T11345]  binder_add_device+0xa4/0xb0
[  878.709435][T11345]  binderfs_binder_device_create.isra.0+0xa03/0xc30
[  878.716049][T11345]  binderfs_fill_super+0x8d4/0x1360
[  878.721292][T11345]  ? __pfx_binderfs_fill_super+0x10/0x10
[  878.727028][T11345]  ? shrinker_register+0x1a8/0x260
[  878.732204][T11345]  ? srso_alias_return_thunk+0x5/0xfbef5
[  878.737867][T11345]  ? sget_fc+0x808/0xc20
[  878.742155][T11345]  ? apparmor_capable+0x114/0x1d0
[  878.747205][T11345]  ? __pfx_set_anon_super_fc+0x10/0x10
[  878.752693][T11345]  ? __pfx_binderfs_fill_super+0x10/0x10
[  878.758359][T11345]  get_tree_nodev+0xdd/0x190
[  878.763009][T11345]  vfs_get_tree+0x8e/0x340
[  878.767438][T11345]  path_mount+0x14d4/0x1f70
[  878.771949][T11345]  ? srso_alias_return_thunk+0x5/0xfbef5
[  878.777598][T11345]  ? kmem_cache_free+0x2d1/0x4d0
[  878.782553][T11345]  ? __pfx_path_mount+0x10/0x10
[  878.787412][T11345]  ? srso_alias_return_thunk+0x5/0xfbef5
[  878.793073][T11345]  ? putname+0x154/0x1a0
[  878.797341][T11345]  __x64_sys_mount+0x28d/0x310
[  878.802128][T11345]  ? __pfx___x64_sys_mount+0x10/0x10
[  878.807463][T11345]  do_syscall_64+0xcd/0x4c0
[  878.812083][T11345]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  878.818009][T11345] RIP: 0033:0x7f45fbf9010a
[  878.822427][T11345] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  878.842064][T11345] RSP: 002b:00007ffd35517c48 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  878.850499][T11345] RAX: ffffffffffffffda RBX: 00007f45fc010e74 RCX: 00007f45fbf9010a
[  878.858481][T11345] RDX: 00007f45fc0208cb RSI: 00007f45fc010e74 RDI: 00007f45fc0208cb
[  878.866464][T11345] RBP: 00007f45fc0110bd R08: 0000000000000000 R09: 00007f45fc1b6738
[  878.874439][T11345] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f45fbfec1a8
[  878.882441][T11345] R13: 00007f45fbfec180 R14: 0000000000000009 R15: 0000000000000000
[  878.890459][T11345]  </TASK>
[  878.893632][T11345] Kernel Offset: disabled
[  878.897956][T11345] Rebooting in 86400 seconds..