last executing test programs:

4.27404952s ago: executing program 3 (id=1391):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000107000000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x0, 0x4, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x7a)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
rt_tgsigqueueinfo(r2, r2, 0x6, &(0x7f0000000300)={0x2, 0x0, 0x3})
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x30, '\x00', 0x0, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0xfebe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}, 0xfffffffffffffe45)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_inet_SIOCSIFBRDADDR(r4, 0x891a, &(0x7f0000000180)={'veth0_virt_wifi\x00', {0x2, 0x4e23, @multicast2}})
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, &(0x7f0000000100)='GPL\x00'}, 0x90)
write$UHID_CREATE(r1, &(0x7f0000001500)={0x0, {'syz1\x00', 'syz0\x00', 'syz0\x00', &(0x7f00000013c0)=""/111, 0x6f, 0xfde6, 0x1f, 0x9, 0x6, 0x2}}, 0x120)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, &(0x7f0000000000)=0x1)
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000001a80)={0x48, 0x0, &(0x7f0000001900)=[@enter_looper, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, &(0x7f0000001a40)})
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000380)='X'})
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000080)={0x4, 0x0, &(0x7f0000000040)=[@register_looper], 0x0, 0x0, 0x0})
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000100000000000000000000000700"/28], 0x1c}}, 0x0)
sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h', @ANYRES16=r6, @ANYBLOB="01040300000000000000010000000000000008410000004c0018000098d2149ac6e402c8636173742d6c696e6b00"/99], 0x68}}, 0x0)

3.404110585s ago: executing program 3 (id=1396):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000200), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000040))
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
io_submit(0x0, 0x1, &(0x7f0000000700)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000040)}])
r1 = openat$incfs(r0, &(0x7f0000000080)='.pending_reads\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xc0386723, 0x20000000)

3.386168387s ago: executing program 3 (id=1397):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000003c0)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
keyctl$restrict_keyring(0x1d, 0xfffffffffffffffe, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000880)='net/dev\x00')
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
read$FUSE(r3, &(0x7f00000022c0)={0x2020}, 0x2020)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000480)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000040), 0x208e24b)
fdatasync(r4)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = openat$cgroup_int(r5, &(0x7f0000000200)='cpuset.mems\x00', 0x2, 0x0)
write$cgroup_pressure(r6, 0x0, 0x0)

3.331560766s ago: executing program 4 (id=1399):
syz_emit_ethernet(0x2a, &(0x7f0000000340)={@link_local, @random="08c57b86cde0", @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x2, @random="61b88105e0b4", @initdev={0xac, 0x1e, 0x0, 0x0}, @link_local, @loopback}}}}, 0x0)

3.242087279s ago: executing program 4 (id=1402):
r0 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r1, &(0x7f0000001040)={0x0, 0x0, &(0x7f0000001000)={&(0x7f0000000fc0)={0x30, r0, 0x71b1474519ec09c3, 0x0, 0x0, {{}, {}, {0x14, 0x19, {0x0, 0x1, 0x1, 0x3f}}}}, 0x30}}, 0x0)

2.006564761s ago: executing program 4 (id=1403):
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x101c08a, &(0x7f0000000440)=ANY=[@ANYBLOB='shortname=mixed,iocharset=cp737,uni_xlate=0,uni_xlate=1,uni_xlate=0,utf8=0,utf8=0,shortname=mixed,iocharset=macinuit,check=strict,shortname=mixed,utf8=0,discard,codepage=863,umask=00000000000000000000001,rodir,dmask=00000000000000000100000,func=POLICY_CHECK,func=POLICY_CHECK,smackfsroot=uni_xlate=1,fscontext=sysadm_u,fsuuid=40a6c3b2-05bd-c78c-06c8-f62d9bcd,smackfsfloor=uni_xlate=1,permit_directio,uid=', @ANYRESDEC, @ANYBLOB="3e755fe310f5f2a653befb166477ffe9c2a63a5f5b03446d2d168dbc5295b27b70234d288a555f421a4686a87c17263ec8448abf71f9498977d8c361dbf0f5f0d70450876f02f411db3f5dbef1bd4da87768c9bf368d0567d2d473e28fac366accb10895a429f097b7b9faa6842e2525668dcf19df534e737388d412371501a0935d7e92aa2415eaeb472fd4025b26afdeb6f42f696b40cd71746bc2a0b54a4c68cc3a7c8bfcd163c9cbd73c4b37d330fb0c9e0cc1acbec6cd31ac22e2cf11f93ac9095219442b2c041776d57cf43d00", @ANYRESDEC, @ANYBLOB='J\x00'], 0x6, 0x2cc, &(0x7f0000001040)="$eJzs3T9rJGUYAPBnksnMnhabwkoEB7SwOi7X2myQC4ipPFKohQbvDiQbhDsI+AfXq2xtLCz8BILgB7HxGwi2gp0nHLwyszPM5G53vT3dBc/fr8mT932feZ+ZvCSTIk8+eOn87FYVd+5//kuMRlnsTGISD7JyP3ai82VcMvk6AID/sgcpxe9pbp28LCJGmysLANig5T//q0Gc9+GPWysNANiQm++8+9bh8fGNt6tqFEfnX12c1L/Z1x/n84d34qOYxu24FuN4GNG8KOxF87ZQh0cppVle1fbj1fPZxUmdef7+T+31D3+LaPIPYhz7zVBKKe+CdPTm8Y2Dam6QP6vreK7df1LnX49xvNDuX9bJff71BflxUsRrrwzqvxrj+PnD+DimcavZu8//4qCq3kjf/PHZe3VVdX42uzgpm3W9tLvVLwwAAAAAAAAAAAAAAAAAAAAAAM+0q23vnDKa/j31UNt/Z/dh/cleVJ39y/15iiY/6y407A+UUpql+K7rr3OtqqrULuzz83gxHzYWBAAAAAAAAAAAAAAAAAAAgP+ve598enY6nd6++9TBlehHum4AeUT8eTPiaa88GYy8HE2QLyu1bPc8nU532vDymnw4ErvdmixiZRn1TfyDx7JOcOWxmtvg+x/WveDo79fsLd7r3wy603V2mi1+hmV0I6P2kHxbxOAgFfGEexXLplKsc/yKhVPjte+9eL4JZivWRLaqsNd/nT+5diR79C6K5qkuTN9rg0H6I2fjic5zjObpj3+vyHTrAAAAAAAAAAAAAAAAAACAjer/+nfB5P2VqTup3FhZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALBV/f//XyOYtckLpqq4PFLE3XvL9i63d5sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA84/4KAAD//8sBUn4=")
mount$bpf(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000240), 0x0, 0x0)
chdir(&(0x7f0000000000)='./file0\x00')
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000000700000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='ext4_es_lookup_extent_enter\x00', r0}, 0x10)
bpf$OBJ_PIN_PROG(0x6, &(0x7f00000000c0)=@generic={&(0x7f0000000080)='./file0\x00', r1}, 0x18)

1.955179158s ago: executing program 3 (id=1407):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.sectors\x00', 0x26e1, 0x0)
close(r0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a1282, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x20001400)
write$cgroup_subtree(r0, 0x0, 0x20000009)

1.770385997s ago: executing program 4 (id=1414):
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
mount$tmpfs(0x0, 0x0, 0x0, 0x40, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, <r0=>0x0}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setresuid(0x0, r3, 0x0)
bind$bt_hci(r1, &(0x7f0000000100)={0x1f, 0xffff}, 0x6)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x0, &(0x7f0000000240)=0xa5b)
pipe(&(0x7f0000000040))
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
shutdown(r4, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280))
r5 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
dup(r5)
r6 = getpid()
sched_setscheduler(r6, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{}, &(0x7f0000000540), 0x0}, 0x20)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00')
pread64(r9, &(0x7f000001a240)=""/102400, 0x19000, 0x100008)
setuid(r0)

1.665798373s ago: executing program 3 (id=1418):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000003c0)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
keyctl$restrict_keyring(0x1d, 0xfffffffffffffffe, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000880)='net/dev\x00')
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
read$FUSE(r3, &(0x7f00000022c0)={0x2020}, 0x2020)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000480)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000040), 0x208e24b)
fdatasync(r4)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = openat$cgroup_int(r5, &(0x7f0000000200)='cpuset.mems\x00', 0x2, 0x0)
write$cgroup_pressure(r6, 0x0, 0x0)

1.627866719s ago: executing program 2 (id=1419):
r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
r2 = socket$unix(0x1, 0x2, 0x0)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r3=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(0xee01, r3, 0xffffffffffffffff)
sendfile(r0, r1, 0x0, 0xf0)

1.537393032s ago: executing program 2 (id=1420):
r0 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x800)
ioctl$MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f00000000c0)={0x0})

1.514834666s ago: executing program 0 (id=1421):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0xd, 0x0, 0x0, 0x0, 0x61, 0x10, 0x65}, [@ldst={0x4}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)

1.451397686s ago: executing program 0 (id=1422):
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, &(0x7f0000000ac0)="0f01c80f07662e660f3882bf070000000f01c3660f3a424915839a540000000101642fc7442400d28c97c9c744240254000000c7442406000000000f0114240f01d1b9800000c00f3235004000000f30", 0x50}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_NMI(r3, 0xae9a)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

887.797253ms ago: executing program 2 (id=1423):
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080), 0x1c0002, 0x0)
write$vga_arbiter(r0, &(0x7f0000000000)=@other={'lock', ' ', 'io+mem'}, 0xc)
write$vga_arbiter(r0, &(0x7f0000000400)=@other={'lock', ' ', 'io+mem'}, 0xc)
close(r0)

800.307627ms ago: executing program 3 (id=1424):
open(&(0x7f0000000000)='./bus\x00', 0x4c37e, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0}, 0x0, &(0x7f0000000040)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
syz_mount_image$f2fs(&(0x7f00000004c0), &(0x7f0000000080)='./file0\x00', 0x450, &(0x7f0000005f80)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000000000000003b814e50a959736d65720f73ecea54b5e5be45ace9a88f723cb005aeff24212c651baef614d442ae89412ad3dcd0b7586d02002a6d6d65cacd4fc5002207ce994dda65c4b1d23a9bd5ba0f4ce5e0b5a5718c6aa918080002223d2753a5cac974110144cd0a1e368652324a41b31e1eb3b32dccbdf8f68bd96a45a75427a5f789d267fd92f6a5540200b81d5b9fa9b40fe4d7fbd50a6afc3a989c6d60045663c59cbdc4c700000000bc7f6b22df0191acf5912afdcc1c061835177068c40f757dd123d2600b1c544f1525aa8d00000000000000000000002e8b5c733d362417c17f527c0bfebec112d57fc69fabb9b31ef97b2147931ff60cdf666c25244218b1f1a6010000000100000020563b835d0e8e9a09070ef1691fcb2f37bda5d4e3d9d7a2d0ac82b45a53001057f321acc45d5e065a461de90100000077d200000000000040b78f0dd3836f5ab2f6a1a5b798bb7752f192c6b48e568973a59cd9c74bd9a14721856c5499cd8f93f8beaa9cf76718ce7244c84268030000000000000208886b313bd01a22d576e414011a4f0a897515329f86d4585fa0ea17068f8af349696da4a2b3e24310ca52ec51bc23b57897cb55a2d513e6a00765ee3f58b471c54dd57f0af584afe4a21f92b515d7f2fa6fbb273ca0f751e684584320534667aea39ad7222c8ef531f514939177a47395e94c1723abb3fd44fd64fde4b45cc2f55f4ae05ff48648a4c998257856bcdcf2fa02010000001f54fb936570450e91c8d55abad76a7b7a000016f81ec9da9ccc1191c211632266d907e4d9b23496ae19bac24dc23c43f514f1b4af19988bbe61ee29a368a999435d6872d01b79c7821e875859dfbf3c57e4f1fb0be46cb5f7a0fa13516c0926d19dd2d5862085e1e4cb8279be17cba17ee4d06ad97b4ca282e73ea142b01b4a742fa11c0927ba811dd60903d575db449d775021b542db617086b3ed42e6e60fe043cff79b0c067c584bbf82657974c3736912b4b522052b9467d0da116ccc1652d861a420f09aaf67d3e9f6160100000001000000ae6335ad9896abd3cc00413638cb9bc62ab8054325d72e9144cf4f88702f586507e3147198e0bc4060a7c8f4dce73b653177ecf8228e6e6fae02510000000000000000000000000000f43739fdd2d24e50e0233acfe1c8639070fe00f40b0d01f8a0a35fcfe3ea10faf9c24b8488ed4ed83fb06a9a7c57442ede9e1fc2853b8f4d2241cff61d0125b7750e3fdae6a4ab9c776a191ed8098a780ea2bbaa64978cd3a6458fcc6b949bcbca0dceb7361f66e46731eba4f3aed335e7c8c541e82453218a19d39489e1525466ac93759787e767f601931d94c9c426489b741a6bc8abf475e4bf859e1ce7f7227069e9f51e25fa3d1b18dc565180a1af464a1dd697db85e2b27b90f6bd7cf1b6bc0bcd8ba552ced3d3cfbf9c9bc04f65b6f83cb40173b4bdc393d47e5da95b63a40ac18daf11e8d0706b47795fbe2b56d0ea7ffc5a59ede88621a08b25ca6ebe041317b62373a60951af33eb7954a9731aaa125add0913ed2435a207439e9122512d77096747a4b404459cebc8faff8f7a31758e630c75a1ff90402754d339dc21cf6b8e04e1aedf14df0b4aaf0e03194df3eb41ba066bc343b323a3162d7e7ba687633c2faa8f28b42364b72e3a457476fd6b2a54e670ba798172c44c4390f73fdab743a4cac88b2bd0545b8483f2e2f9846b138a4d8a7332978da70e9050417087c5ae034a735e8b448dd9701404", @ANYRES32], 0x2, 0x5558, &(0x7f0000000a00)="$eJzs3EtvG9UXAPBju2n/ff4jxIJdR6qQEqm26vQh2BVoxUO0qngsWIFju5Zb2xPFrhOyQoIlYsE3QSCxQmLDZ2DBmh1iAWKHBPLMmBLCo5XdOGl/P2l85t65PnPvyEp0ZiwH8MRaTn75qRRn4nhEVCLiVCmy/VKxZa7m4ZmIOBsR5T9tpaL/j46jEXEiIs5Mkkd8PczHTA59en587vKPr/381bfHjpz87MvvFrdqYNGejYj+Rr6/1c9j2snjnaK/Me5msX9pXMT8QP9u0U7zuNVezzJsNabjGlm82MnHpxv3hpN4u9doTmKnezvr3xjkJxyOO9M82RvuNDazdqu9nsXuMM1iZyef1/ZO/vdyZzjK87SKfO9n6WM0msa8v73dztezcTeLzcGo6M/zpq329iSOi1icLpppr5XNY32WK32wvd4d3NtOxu3NYTcdJJdr9edq9SvV+mbaao/al6qNfuvKpWSl05sMq47ajf7VTpp2eu1aM+2vJiudZrNarycr19rr3cYgqddrF2sXqpdXi73zycs33056rWRlEl/sDu4d7faGye10M8nfsZqs1S4+v5qcqydv3riV3Hrj+vUbt95699o7N1+48epLxaA900pW1i6srVXrF6pr9dUDsP7J/90HXP9olvV/VEz6IdZfmu3ywL/zAQN4aHvq/5hv/V8J9T+w12Gv/2Oe9f+kpFL//3f9W569/p+p/j2o9f8hXj/MRP0PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDE+n7p81eyneW8fbLoP110PVW0SxFRjojf/kYlju7KWSnyLP3D+KW/zOGbUmQZJuc4VmwnIuJqsf36/0d9FQAAAODx9cUHZz/Jq/X8ZXnRE2I/5Tdtyqfem1O+UkQsLf8wp2zlycvTc0qWfb6PxPacsmU3sP43p2T5Lbcj88r2QCrT8OHp+53Zgkp5KO/rdAAAgH1R2RX2twoBAABgP3286AmwGKWYPsqcPgvOvnl//9Hm8V3HAAAAgEOotOgJAAAAAI9cVv/7/T8AAAB4vOW//wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPzOzv3kpg1EcQB+NhjoPxVV3fcq3cExeoQuuywcoJfgCPQKuQBnILvss4kgwh4hOQIpCuNYoO+TbDM2+s0MsHljYQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjSfbWe///749+lObv9ZfLMBgAAADhlW63n9Ytp0/6Uzn9Jp76ldhERZUScqt0HMWplDlJOdeb91Ysx3EXUCYc+xmn7GBE/0/b0tetPAQAAAG7XZrmaNdV6s5v2PSDeU7NoU37+lSmviIhq+pAprTzsvmcKq3/fw/iTKa1ewJpkCmuW3Ianr41yddI2aB3STCaL+kusW2U3/QIAAH1qVwJnqhAAAABuwO++B0A/iuPueJ9x3BzSDcEPrRYAAABwhYq+BwAAAAB0rq7/r+H5f4/+lgAAAABv1jz/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC5tq/V8s1zNzl1fvDJnt79MvhkBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8sz/3KBACYQxAs4u/ncz9DysRLa1t3oOBkDDFBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8OZ3v/yfcDVHkqltw9x6JFk6NaydGrbODXs/jK+vAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABO9uclBUIgCKJgzvjfSd//sJKgZxAhAhoeVdSiAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC+6He//J+YGmeSudPG0vFIsnbV2Lpq7D1oHD0Yb/8GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudu6fN24yDAD4c77z9Q8gQkAZAqhIDLDQ5FpaOsIAihj4CEhReimBK4U2A60iUBaYUOYuCEaEkEBh63fo3EhdytYhQ5CYQfbZV7e90qM09tH8ftJ773O2877P67OiPLETAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKO2+Ey8lRdzOXmaGcbntxt7GStbv3NNnrm3dnM9aFrceNtE3bz/+5Kfby9U3x+Yqb76qPxkAAAAOhnZZ30fErXR7KeuTmbz+T8tjspr/+2eGcVnP31v37+xtHC52zZf1/2+/3n5hNNHMcJ5s0NW1QX/x/lQ6+7TEqffsQ4/o5Gc+/91LO/9Akvc3n99N8/PZ+vb69Xe7eXiojmwBgEdxvOyLoPx5KOt7TSYGwIHRqRTeZf3fnmk2JwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA67G7GU2Xcioj5zp04s7O3sTKuv7Z1c75sp69e3aqOmQ2RRsTq2qCf1riWaXfp8pVPlgeD/sWxQcQDd/334FhE7M/IDwhizK4PJ/jyiH8+prg8o55V/LugNR1pNBokxedTbOnWe9Xtb1Bee49/5Ia+IQEA8MRKi5bV9bfS7aVsW2s24q8f7q7/X6vEMWH9f/uj0zeqc1Xr/15tK5x+C+vnP1u4dPnKG2vnl8/1z/U/ffNE763eyTOnTp1ZyM7V4sJqJP3FptMEAADgf6xbtGr9n8zef///aCWOCev/z7/rfVmdq63+H+vOTb+mMwEAADiIuqPouVf+/KM15ohWtxtfLK+vX+wNX0fvTwxfa033ER0qWrX+b882nRUAAABQh93N1l33/89W4pjw/v/TP774c3XMdkQcibgQEf3jKxcGZ+tbzlSr4w+V84m6Ta8UAACAphwpWvX+f5o//5+MHnlIIuL1V4dx+b+uJqn/2+99/VN1rurz/yfrW+JUSuaG5yPv5yI6c01nBAAAwJPscNGyYv/3dHvp41+OftD1/D8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA3f4OAAD//1AjNPw=")
ioctl$F2FS_IOC_SET_PIN_FILE(0xffffffffffffffff, 0x4004f50d, &(0x7f0000000180)=0xfffffff9)
r2 = creat(&(0x7f0000000140)='./file0\x00', 0x0)
fallocate(r2, 0x0, 0x0, 0x2000402)
open(&(0x7f00009e1000)='./file0\x00', 0x0, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000580)=ANY=[@ANYBLOB="8c3d6d84ebf2307b77d9e8a8176b0ae40a4d6951f32d5ce342081f0e2611f35d8b0bb82747a5e2e89b6d24f99bb384b560ffd0edd864b9a2bbcd666bcf789837badcbc9925d75a749d77"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)

772.669261ms ago: executing program 0 (id=1425):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_VENDOR(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001b40)={&(0x7f0000000180)={0x24, r1, 0x62c21a4ade68aba1, 0x0, 0x0, {{0x32}, {@val={0x8, 0x117}, @val={0x8}, @void}}}, 0x24}}, 0x0)

762.576923ms ago: executing program 2 (id=1426):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffed850000006d000000a50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = socket(0x10, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f00000000c0)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}, @dev}})
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f0000000480)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}})

717.54074ms ago: executing program 0 (id=1427):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000005c0)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040))
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000800)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000880)={@flat=@handle={0x73682a85, 0x0, 0x1}, @ptr={0x70742a85, 0x0, 0x0, 0x1f}, @fda={0x66646185, 0x3, 0x1}}, &(0x7f0000000240)={0x0, 0x18, 0x40}}, 0x400}], 0x0, 0x0, 0x0})

717.13228ms ago: executing program 2 (id=1428):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000340)='./file0\x00', 0x0, &(0x7f00000001c0), 0x81, 0x79e, &(0x7f00000018c0)="$eJzs3ctrXGUbAPDnTG5N2u9LPvhA6yogaKB0YmpsFVxUXIhgoaBr2zCZhjaTTMlMShMCbRHBjaDFhaCb7gQvdefWy1b/CxfSUmwajLiQkTOZaSfNTDppbo35/eC07zvnTJ73OZf3vDPnMCeAfWsw/ScTcTgiPkoi+muvJxHRVS11RpxcWW55cSGXTklUKm//nlSXWVpcyEXDe1IHa5WnI+LH9yOOZNbGLc3NT44VCvmZWn24PHVxuDQ3f/T81NhEfiI/fXxkdPTYiZdOHN+6XP/4Zf7Q7Y/feP6bk3+999TND39K4mQcqs1rzGOrDMZgbZ10patwlde3OtguS9aZd2AH28HGpIdmx8pRHoejPzqqpRZ6d7JlAMB2uRIRFQBgn0mc/wFgn6l/D7C0uJCrT+t8XbDOxYG96c5rKxeolmrXNpfv599Zu2Z3oHodtG8pWZV8EhEDWxB/MCI+/+7dr9Iptuk6JEAzV69FxNmBwbX9f7LmnoWNeqGNZQYfqjf0f92bDA88wvfp+OflZuO/zP3xTzQZ//Q0OXYfxzrHf03m1haEaSkd/73acG/bckP+NQMdtdp/qmO+ruTc+UI+7dv+GxFD0dWT1kfWiTF07+97reY1jv/uXr+Q9nm5u9cvfPlgicytzp7V7xkfK49tJudGd65FPNPZLP96/79yD1uz8e/pNmO8+coHn7Wal+af5luf0vir899elRsRzzXd/g/uaEvWvT9xuLo7DNd3iia+/fXTvlbxG7d/OqXx658FdkK6/fvWz38gabxfs7TxGD/f6P+h1bxH5998/+9O3qmW64OEy2Pl8sxIRHfy1trXjz14b71eXz7Nf+jZ7qbHf73/a7b/p58Jz7aZf+fta18/fv7bK81/fEPbf+OFm8uTHa3it7f9R6ulodor7fR/7TZwM+sOAAAAAAAAAAAAAAAAAAAAAAAAANqViYhDkWSy98uZTDa78gzv/0dfplAslY+cK85Oj0f1WdkD0ZWp/9Rlf8PvoY7Ufg+/Xj/2UP3FiPhfRHzS01utZ3PFwvhuJw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANQdbPP8/9VvPbrcOANg2B3a7AQDAjnP+B4D9Z2Pn/95tawcAsHN8/geA/cf5HwD2H+d/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAttnpU6fSqfLn4kIurY9fmpudLF46Op4vTWanZnPZXHHmYnaiWJwo5LO54lTLP3R15b9CsXhxNKZnLw+X86XycGlu/sxUcXa6fOb81NhE/ky+a8cyAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID2lebmJ8cKhfzMnilUKpUrT0Az/g2FjtpO8KS0Z88VMptYdV/sduMfUWjsJXp3p3MCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AP+CQAA//+qiiUU")
open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1081000, 0x0)
r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600016, 0x15)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x181102, 0x0)
ioctl$BLKDISCARD(r1, 0x1277, &(0x7f00000000c0))

678.580265ms ago: executing program 0 (id=1429):
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f000000e3c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20c01, 0x0)
ioctl$TUNSETOFFLOAD(r2, 0x400454d0, 0xff0f6003af7f0000)

506.327982ms ago: executing program 4 (id=1430):
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000000)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x1e0, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x3, 0x4}, 0x48)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0), 0x40, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r0, &(0x7f0000000080)="1166879533120664589df8642034a8af4882754a85927212f944af78f239f788cdcbbf8d973d", &(0x7f0000000140)=@udp=r1, 0x1}, 0x20)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_buf(r2, 0x0, 0x20, &(0x7f0000000000)="ea0749f97f9248c113050d35", 0xc)
r3 = socket$inet6(0xa, 0x3, 0x8000000003c)
setsockopt$inet6_int(r3, 0x29, 0x38, 0x0, 0x0)
madvise(&(0x7f0000997000/0x3000)=nil, 0xffffffffdf668fff, 0x14)
bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x16, 0x0, 0x30000, 0x1}, 0x48)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x3, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r4}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r5}, 0xc)

505.762592ms ago: executing program 0 (id=1431):
r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
r2 = epoll_create1(0x0)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f00000000c0)={0xe000001a})
epoll_ctl$EPOLL_CTL_MOD(r2, 0x3, r3, &(0x7f0000000000))
sendmsg$NL80211_CMD_SET_COALESCE(r3, &(0x7f0000000540)={&(0x7f00000003c0), 0xc, &(0x7f0000000500)={0x0, 0x1210}, 0x1, 0x0, 0x0, 0x10}, 0x20048000)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000300)={0x80, 0x0, 0x400, 0x70bd27, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x0, 0x2b}}}}, [@NL80211_ATTR_USE_RRM={0x4}, @NL80211_ATTR_IE={0x57, 0x2a, [@perr={0x84, 0x2, {0xff}}, @mesh_chsw={0x76, 0x6, {0x3, 0x1, 0x14, 0x1000}}, @ibss={0x6, 0x2, 0x5}, @ext_channel_switch={0x3c, 0x4, {0x1, 0x81, 0x30, 0x4}}, @preq={0x82, 0x3b, {{0x1, 0x0, 0x1}, 0x0, 0x5, 0x1, @device_b, 0xf120, @void, 0x4, 0x7, 0x3, [{{0x1, 0x0, 0x1}, @device_b, 0x8}, {{0x1}, @device_b, 0x8b2}, {{}, @broadcast, 0x9}]}}]}, @NL80211_ATTR_BSS_SELECT={0x4}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000001}, 0x4004)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r1, &(0x7f0000006380)={0x2020, 0x0, <r4=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f0000000040)={0x50, 0x0, r4, {0x7, 0x1f, 0x0, 0x90c20}}, 0x50)
syz_fuse_handle_req(r1, &(0x7f000000e3c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20c01, 0x0)
write$binfmt_elf32(r5, 0x0, 0x58)
io_setup(0x1fe, &(0x7f0000000200)=<r6=>0x0)
io_submit(r6, 0x1, &(0x7f0000000700)=[&(0x7f0000000440)={0x18, 0x7000000, 0x4, 0x1, 0x0, r5, 0x0}])
r7 = open(&(0x7f0000000040)='./cgroup.cpu/cpuset.cpus\x00', 0x121342, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
write$tcp_mem(r7, &(0x7f0000000100)={0x0, 0x2d, 0x40000004, 0xa, 0xcc60, 0x2c}, 0x48)

251.411041ms ago: executing program 4 (id=1432):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15)
r2 = dup(r1)
write$P9_RLERRORu(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="530000000700004600f592f44480423c774a9a8afe7b8a50e0b9"], 0x53)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[], [], 0x6b}})

201.582569ms ago: executing program 1 (id=1433):
r0 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x800)
ioctl$MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f00000000c0)={0x0})

193.51941ms ago: executing program 1 (id=1434):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, &(0x7f0000000000)=0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000002000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_NESTED_STATE(r2, 0x4080aebf, &(0x7f0000003680)={{0x0, 0x0, 0x80}, "cb31455c9ea4288a70a2a6bb8068fd95dd041cf5b177a3bffe992dfbbdf959487337b92336ce1de32e7695c411c0bf9f852d2d71192f33001fd51f5b396a55cb98699a09d21648c4cb30d9d7e3e397c7a3c041c76c72385a46c48c5302848c3696facce956952c2a85822ddf20434ccee5806294ed563ff3a972cddf6ef16ddace933d8a5adea40cd3ad40c9873c29368838e815ff59723519154856b2d5cd9cd79a97dc2fa08dada1175817886e5f9e7aa3dca783a44c667a4806826570ec6acb57d65efc313a384e11fb633dee17ee600145f2cb3103384606140021be766fcb7fa029f0513bbb466177ca1068192550bbf4e6f5694aec747a16e27688a988fa595bca1761b8e88a7dbcaeaf97a8b7b53058b1faf880dd6f1b6eb4c7beb0582b4007f1a67db1352407adbe1456bf762c94fd825b9419d74f63cdeb6c6976de1890d773f0c8088d2bd48a838cf5b87f5ddf926352960fb978874b0f175acfa55ddfe84de3fc9f75b58bf7a35f33d3c43ed5e3224e92751fa1b43f94f64b681163ef1360a3f3bb7403afc67a188b2104b45c5814aaa9e218552498bf85f4b221d9acc32a331f5f8c109cc9f335ff4e418ab30b54b99d5376cd928c431fc8211fcbaf64716afdc4b6d0417e04d5723e4675d282b36bef3a3a19e855029ec7c33830a6df19332b63e9d8a0f22d96ac230c67657a4e7f7afab91dc0ce751b68980e5a4f6d9d6d9b9f802ba9d8576640eea61b8c308a1745df61560e56108bececa3016d93246fdc8b768634e8319b1ffde103c07378f8f4927baba05e992a4b5af0958a7e495e7ce53f7917451d15a963cd14f5cdc4563775688b6533a4b97e0f84b0a33c30077b20805c1f42cc7815efada97ad59ac486bc9e0ee386b49cb97b47fbf8f919f06c75a49636795054b5ebee3e91602c90d7f4db49220affe56d56b96e4f662b2bf36dae482ffc7ba21cbc55e21b73309d6b7aa5509defcb77c236e43b579c61eae5c8d8f8fa71ad876b96069f2e4352c8aaf16e299d21edf5434c0cd9b25cdc9210fb0de759b1dd3fc7fe4c7118bbde72a5617dff21f7a5036448fba7fe41aaee0c289cd076d757e47b0713b236f6f141ba0112c9312b3ec853aabafdf1eb2cbb517d2d7352725f557214d27d9a340af0128fc960a4ea64c933b0d8dd226b6e024471aaac8a7074b2a8695ab990fabba5bf315d246fbfe4260f1fffe54814e33b6235c5b4095437298858909bcbd40a8a286d1bedb06b7b1775bce0a5bca19b0a5c2fa8dbf87b55ae0a43c5086422e5bacb94047e150451f5996420b0d4a697f59decb49900b2b9c13aade536933e14d672c21a35cb68572c3de02f3147414eff4b8674b91f7aebf35f056a8d388f67f8ef7cfaf6b28fe745831ef41def1839791647016932c70685752851327f1837d2f1e9d8f93443eefed2317119c8152ca451a5d3aeb253fb484283f52e5db9f61f0d9ad3c217a860ee0571d254483501b00699208c7fa5571cf58b9715c954115bc2db0af28361938bb95ced7370c8cbb6141ef62fdbf369dfc4eccd98ab9886d79a52cbf91a27dd0f4b29940492e860fb94654dea54fad6290570760e3b59a0cf28053732472dc313b5fedfc583fc702a880971dc61286370aaf167810455cce7654dc4325a41d9d1944abcdc4d81378f1e96a8f94cd95b886a01f086e379601504219d579531ba34e1ba0905785fb629c61f6b940a652cdee9dbef12b7fcde087b92816db3386a5769049ba00788e31de4ddbb8b56de1fbe3a5e671728effda7cfd0b650cf5df2faf22470812efbbb548e47cbf36c64e05a785d820f08948ceedb35e12a4a143ee0101a7bf0a00a4062b50c39020669700adf739a6f75352a45fd1373d3e85c3867170373f0c7a794d8590f4c22ae62d438ec365b0f6a15cb2ffe0fc6f57185e1760761bd4370027c01dfad0502f00b6898115df3c530d0b0b4a64e623fd580b528a733e4c881cf5843a975a97f92a7833527887c79fa8eec82b9526a15c6c5f2972083ce8aec735810580ffa4ea2cef4823aee044dd70927f7c07bba18b930006aa86ae7399ac6b4c24bc9d6a6ab0c5b428d7255d4d983eadf97e10c1b00867da29ac981acb453073a37236e7ae808e7759b2e0cffc3ec43afb1e95cd090a7d4b9225a0e3cbebfe49b93846ab603891e2da7d85a04bf42d12d16a97c965bc4911d3ba7a9ca505794d8744fef00a436089de67aa8b480070230dfb002eb91edaff428d4908a87afae418dff7ca59aefe1ad8f6935f309fe7985c2310881659c60a66a5e50242497ba1cd5d2bd79496ccd23f9fd901afc6622829cb3701caa50f96e09e3b23bfa3181b74ec7dae2e42c9caab43e49ae1d922a1a1eb3682de026323d9215fcec42c54401a1af81450830a4b784ed1c7922734bf3632409147680dd3fabcef296353705bb5c0e650e12905a05db1e7923923a96ddc783fc1ed46e2010416c37dfd149ad73e808bd6e4464f62893024a8501803b6c88fc55c8bbc1da7cbf580b5a81fb7c61455ae3a8aaec303fba12e0f2b51ed5e8bd31db40e8bdbd00e7b1ddd364766c974d813d86fc88a27bf82bba60c62e5f0f6af6bda3390f8e72a2811baf3d6325e70d9a3b59cab1abe95290ecb87985567e1243504c038de9d4d100ea64eec45208cd8d2474e646f7d81eed6d59b8b0859552b6fc088d874cde3e75ee30243dc9d88ed5b577851a5bd9e2a453287025777fcac19ac33e1c94b4ad272f1055b16b842a6bd6168fb45f1f74ed2467020df5431068a5f2cbeaa6ac1841308c7c9f752aa06927f91fdf18ef9d9e942367e5ecac0abf4d3b8fc7b80238c0e7faf2ea7d3f5271028fc558a44799bde63168becc67c5531e843336fb16ab618d37f95a91937b824bf896b044146bc3a5e264a8f2729cd9aa56d9a9a24b7ab96ae021b193d8874d43ff4b723d86b7564e550378599c3e0c7a2b3d447ad76eb4cd699733d970a5ab21842da1af81df9c8013d6d16a6bcb019f6ace4461cdaa785d20ea027cfa53d521bb91ad2c04aaa6c0f268b14924803977633280c7b7beb14c88fae542b7a13e96253259e7296e37276da88891c14664340e84ae732edbd71e67047e476735b220ca231de31a380ece372db632ec3cb3ef5ac97ec41148febd2acb15cde1ee5e990ea0aaa95c2df39e2111dd1185d14a194e22d34fda8f54e99d3a73e5a231682c726d40816e048c1d059bf3bb9ee2b5f895365d95aa28f6adbf6e16469926b4d8ee7f04c7dbafaa444df5b88596c17874f0efe35e5ada1a69634f4b430f852d33b032f823c5deb54f47a7a4adb1adf56d5440b7a917580004c13e0b36c8e0a203a2be3f8fffd9efef3af19389a12c67859d4381ac0a02da18e25931b41216b731de25e1245482c84d45de1cddbce2109322a3428bff692012573fe9efd02109dbf35c5d3a287dec105cf3f1a2e5f0b1cc08c7b4759766d25d0f7b42c3ea8bf8101e61159a2ba7602e9c7947cf936ac39bf59b24084709fd61d704bbdba7d282aac778b7ec1dcaf984527c8112d56e75ab774d1598d9816abc77b0e693880beca5f330c626774ab5cb6967fb0ea8e14efce120947092c3b6f8a22f07cad22e971418092481fcad36ecf0cfd6bc3864115b8507c13554584f1f6fee5ee07eb6a091638d8e7781c1c006166e0f987f9f4de535e9f3df1db8c9328e9a19a73c76059ab4edfe9eda7f16cc6b869229bafb179d194e20ccc6f9338183b673de8138ddab9a0907278f6eaacc55bf59a450ebc10e0b88c82d9f0deca86ff771f46509250fde94e0c94256b77616d099862ddc9b341838d634a9dc4b55a88fcc6248901135f6aa76365433e7e534e0e5ae8eec2a63df62c3e244a40481189ff54122698c7e2da2c829b2eec9efc9894ee05be04ae6dd48406eaace17827e38bf38b414059aded0343e0711a8d864ff41a8d9ed40fb2aa1a3f4014f691cd0e8af62445a021820ff03afa8a192ee255862f306851df1de96ce36cafb6a60b7069db7aa96fd1ffb2fb01e6247f770304dffe4b1c8d0eeb336dd6806d6ab5d418953b1cae7cbbf53766b61e4aad5cfce8255b78af26f9bd11283a9c7d12cd63b82cd2b506fd4061d1e16fc7c713d80763c3b0aa0faadcd9b7d676101aad80e1ca00369297e1f714003ab8d0b545c335014a522a25a767950963ef821425b79b521076166d0df3ef358c7d60d99cc85463c186e8faf16af79785680382e4cc93f6594f8c4461e0988c08717640df24a5f357db22432fcae21702dc792d201212fb3791e0164bb3d433a8268ec96df73766fdba42965e00e619246cba5d96eb853a7c22c34d2fe5e5d3f3ccf9c627d069517b743cd07f6f7b444074bb9a50269f2e03309c58930e56a9583eb00c37fbcdd391972261f41756c10c8899fcd036e2017e088ef9e6ec31f795d55b3bba214c53c98fc9318e4ade0e7e6fd259aa277fed54c27e5210787a5f6937f56fdbe1da5113f059061ca590ddf536a55cb91ac6ed41cb9c0418b115b29f5e823c1b0ee7c2b3982087763545b34e2c945d587ebce69bbe299a7f52b674f351977370fc700474bc15d7e6ef98c14258ecf401a4f3bba1a9aa76c5ab0b8819fe6efe3fba1899909e5e48554299150ee272451b56142d12ae2bb4942db430239701d494917f2c939a6fb9d98d4751a6f2c4537ec870342d223343a9bd7b8d8c99aff8cbfa298395551185f35dec120228073a1e496a58b59d9ac5986249a7c6db9398395cbf341c08ee910700e2daa042dba1846fef59c72ce872bba2046a14fcf9a47a5686d62bfba76309a9865c26e5fa41dd872fc749fdc57953105ace4978f9eb788c8d061c853ad0313e51e732c5d7bc05e752443c8e99b8e81c688befdb5b14c3cc2f96eb8ce8290303e483992fcbece1ff278d0dc036ad437b6cbc695c7741ba4556e242146d40843c73deaf8fceba40e4a4acd739b3031848b17a210a1ff0dc1908b77c4bb94543af52e1fe2a090c8f217428d02336303f7952c3ddefa7c81850676e7f4cc3d32c3937281fa5ab279c3fe39f92ba077dadb8c2c3df17cc511bd33c41cb161d24aea154f0f5902c94b56fe072d321a983668bd9f4838878e66ec44cb233d7d0ca908a794c844ff8b3ba4c57f6c5fc2f3a54db448b013f0c4998bbc6ed0409b3368391cb28c6df4a909fff90f308ff38c758ff7d8a2920bc221236d89b3b76de44e8ce649b32f5135a0217ba9036a8edddee97d7ba15f2c21fb7d3cae3eb6ef09dd03eed650489c83b5ba5dd9daf7a86cf0544fb8a58e46b860e3e42e10cd6f1c4f81179eb2c3ba611793a32abb4c0768db90e8bdd1694efaa9c2b45c89d203fdfb8b926b6a0d666d91b93065a83184fc2065961f2308056241b66f427c0f0aabc75852c90f0624cf036d537032ca8d73325d2ae2a79a7292c240c34584bb881fe5d468a051cbc0bde061f9eddfb758cd2dfba296eef549e5c4ede097111216a0ec60f90e8d6f5dd843c82e15f505f8c74e854ba9cd386249d552978eb8135a5f8c79c3ceb8dd5828b0218ffe40f375d6cf3ff2f47c276c8169ab98336582a852c1535018fb2306aca6b8c9f9e38d64c66a722762b76c69d4ca6c14bd6992549e4eec17287fce194467f972d9200c3d1ac4fd4a8f2620e2e4281d28c099946ed90789ba122705326390d3e058ceed24044e542efb36416272eadf6304f30efa0b7bc1ae5be92fe50e591ee6f725726e917ec113506920beb2aa53b39f1d76b31500", "cfb220c7d481332f3f1f8079dfe27e23185fd67a407358db7892789f96b7fa9b14daa48617a10d8a99b820ecbaa470ec0bb1f3cbce7f70ec70b19a4cad082229c2788f8611d7dc306d9a45761a97828c36ed87ebde5d4a3e1609c1422a8ae2f7cca428ebdb0dd38b90b9598a353b18a600bf35a369e6e3e5abb0a1c5c0c0e48e014e7ef1b7d768b3c5657f1adfbb7ff2985082b16c99eb83ec3660990dcf1106efa6b7f8a4798fec811c2c85faec0235c83b7093b3d02367421abc40a554e0b0d7fc1bcaece4222c594f8d20e368fe625ca433c75486fe5c94103cd17291349ee12b877602936688666f82ecd8f4f83d50bb1650e08b96cd25ad147c4c956c98649806a3736d072c8d97c6e3a46a7c18535df8d828b86662400d8e9cc861fa1dd5dc193892d3168396c499e07b279fb76c7e289f2fd955691363bc1de74536dc571817615c88b0d594a136966c129e424ccb7ef1c7c7461eac7ca5f03d72ea4c9c3d1156ee4cb1bb70e097357588b5c49f6716bbae1bd118104b42786f09a3b9f7cb80f383cadfd0c462096ff2bb637b7cf79764b6a4b7ffc5d87c1f063fb48e7f08ad5af534c70079f12f28e8921abbd4280801cdf6101ea494768b1274afd0eea5939843d56022a83590920fe446d52dfe699c33977d5592dbf7e0e236b8175d7faae06e0c50f7402174023ce4b996564e945c416fa823f2f9c3213ac50b20bd1fd55bb8d9fe70ee31ea2f404ae0fcbf857bebcc9196c8c622059fea2e248e4058905b69fb98be312d3193ea1d8ff653173e8c2371371b77a5bea45b3cd6fba19b6336f94ec04c8f86d24e9ca959874577d7ca0baf3c4ff30b554bc3ccc06df46d925373fbf7863e2cf684d3bc9603ab72b851ca4728294de87f2dec6f23ca9e43ed2e5cbba662d13137fc1ce0f6ae6aeb974f72f4b750825fafb67715e425f40c7da83b92d4249a0a4e96b789cceb7b07f38cb83f72dd093a345ab3cb8ae760fc14e40ea182a0d7fe1facc62a1ab0902349fd7e27bb0cd349fb5053f4734823abf020739b4b43bb11f5d69b61295068df31177959903c2ea1bb82d24eeaa93d0d4738d5d15b2a401e7ebe0d3cfbd45b2db2882cdb41408aaa718f8320fbb7f9da4f68d0eebeef175442e807e9908132731fe5e268582dcf6dffa4251ebb7121db8e412089fa9d8af9919799547a26b6b8eb44c28f1ce5f9a3021fe30841be204c1b4b3813dccae6baeef9b53fe413cbec46bb0cd95d3793cdc9bfe6cdd96ce0c4aa4a25e1cbbeeee6c9fa558b279048c7e31d07b125bac68d4e1f4253bd4dc7824cf3d722c94cf2b8f61bc8155731f072fd447082b181a13ffb8c08a1d568298c5de2d969fae2bea070a9e2688f294e76b8c200dfb993ec19778eb56ae3127c1116ccc85ef8806fdcb9ee0cb66ff03fbb0fa6c52b9b101b3830fc1650efa859163a264b4059092e5dc9a415ec09bfd1460f142fe5ef00beb6aa9032bd0de97aefc6f65e8cfeea761b3d8174caf528b6627682ff4d4450cb0f34251fc000ed01dd538ef13260984f44703b89dfb511bfb538d0b1c8aded964e1bcc5ca57437468b14a31ec0000a17e4d24369c40500449c37e7dccedba3eceb59d827dace246b5c48afb6a5988e64c560b3dc76c32d831f51cdbc5cfc4364ac8b25372b87c92bacfedc6bc8feb44098dbebc89cda03c59e4c58a31372bd574704b9e788834b9f83c6703f6709efad97c4ce499ea580dae1de282a019247cb3dce5c1906322e6d3ca5157ea6428bc42416936fac194efe136089c07faf7adf1e923003f1dc63fcbc634b389a4f351a6acee785e23c6bb04ca2f265be1e634362b87c6f9fd369bbe62a1db6b286c7ffde6370bb4d6e9e0cc3ec451e1a99d134726c9075e71319d3a683e91e4b900061c0e6d086481069cd32f4cde7816f8e3a0ac6428a7488f31f06ee0da10df3ed0c150d29085879d064f914407f60018bb588735663647bfeda930407d69abef3f72fd461c2b85b00988b412a180fd267fc646a86d297e7e40912607157b6fa873df6442579b1523d8117f0c06c87adf75843b8bff30a5bfb4fe1e9846b7fdd58774641baf9cc9c4e38e53ed24a9d9e9dbc7657aa9b220a8545852b0409f5c0812e953823e841967bf55059acc7a4600818134359e72cfae0d04a0738ac8acca133d6395a455b22cdd6f901d4cdea1cf17415f7d7895a4b65f80d2f7c5c60a0dc04b40c9ae5ffc922e074a82afd704673e1766d19db9f60eab0238fb4a3169a08aded607847e5d752d4e24c4914b95bac3892bcfc2076f16a7f07583f0d418b9dec03afdb2e93335a392e1b1ef2910eb2a4b6a63fe61641f3c02bef73cd7e4a77a6f30ae821598c3160511603541bea89022b54f321c2a55cdeeb19335d78a821ab6ca0f36588a9a79a41e2123905a491d658c2a1caeee998c995bb0f816c92c5dc2b862183f80b9f9786c9c5524723c944d11f6894c7f008ab8194f577e22c03631d2a33205f508ea49653e7600639242dbaba704f700ac227f32dc575c559a0a1f4fe0cf6c22fbf7e1ca2ab4b1e4724e8379021e3c9a7c1509c6a413bd7d9c98938e440762eda2546d636597defa86c1ad31126a1182d365f858927d140fb0a97f80adcc5f4ed5efe11ac503453917a263f1d64692348d30f382e85e464ef7616067a42df5de1a1b622fabefe2ca4ceffa4801f7a02fdef40644cd1d079590d900727628d54b44db7ac700d8d664f7eea12837fcf347360d8e43a354fe51b4c49e8fcda3c322b738ed2b800b5cc06e22c72af2a67ee7bc8ae894e841f2cf2b0a7e381caf944bf4e91ded63b6f82f7474e4f81e986fff7e5339b8e9f60103a1af81833e120f0c88893ecabac044a4a2867cda4fdcb084459a00507aa9e5a8e761a72df3322a1ae8cd918b4994c23bdb1e459b4f21651bd7fa067a00e2a2877bf6b29f289ed8018e0a78f8f4ed0b27cedd1c5e37f6381b320ab72da404f3d70d60152f6fa6738932387b83250cb3148141edb52f109bfd4bda8054959db01f4c550609a63c08cf01ecd110cfc6f0055638c0dde039d2ac2daafe59e561f9f08a8830c3f661e4325de63e98f4a4216ec3b83fd200201ed3f647147611424286ffc6c4a8aca64a6874743242d4feeaa9153de06e51c512d9cab7ae712c6424069f3e5db4ddebe9b48b5f6caa741162edf97674d2368e03a387f798151a4b9b9fa9e3a5838a343133158364a9fe3bb4b9a3c464c0c54a4c64ca774ad200925ac6bf59508c10a8574afde9b821741af43ec64cedc13aa220b39772195283506dfe899dd6a7b37eb21f154056a2df3564ef2bb918a928651de88c3613b84e7960bddd7b46b1304deb30f57b6fe5a3b4788629e91bcc2456a72fabb16b47da71624d2e9081de748b3387f52da4bb094782326dcfde0827e2d674e41bb375247d349cade9c704e5431785009b0e53f1b45c70b237c9432e07e4c7a8464ed11608a3d2184338dd9e6f6ef4b3d751e979667b6a3eead7a978071a912b3de21a85a5849c57933cf53cd74a610f3e60f699766fbc7e0bb8a891a429c77bb6f3b6f9f8eb0b1bd9588ef2ce98fdf0a0838e4b0bed807d8b673093c717feec8d697e32542274887d039db7a2daed5d52c8e9767443229f8003c5d67e907376ea2f393484fa70deee159cb56f8d097b8fe2736e95f540137e20725f0940a8d049068ead4c46bb3771a671bb00de88931e03445a55868de0c220db05cbda9f996d5fe7c1070efe5e718fed4d4cb4ecacad3d6b643bc0ffe9a71b720ba7b5adbbdefe29106ef6a6ffe4547f5d02bec312147df0abe80efb2d5e598fc7c8b268e58b59e0d75728e9a18126f013c963ddc92d251405f857fe3a5cbacf443be7772975b7bf4f6d7ed6f80dfcc47a88c6d19120942adb5385be6ef3c0d7e396bcac5affc8f9276d6cd1a0b069aed72a98cde8ea7aabe6cc091b19efcfaf9368dfeb3087a05a42e3b893dae5ffeb72e6ac06e995a2a75ea0b5f7876247bb4c38cf3f0153f1f7473b522f1c440b632270e2b1d654d3a5ae16cb788482760d34ca79c8951b29c628e21029715683a3e6f8f77c5d89ecdae37e0190f79c4c1dbc9d0160e359cd6c94d6662ed53bb01a83374ff593c823acc59241b11f020902069fc0054a9b26cb320bef4fb1f8cc5bd8ae76eb029afab731b9876bc4e8708a8315512823cff1f9375d284ce66e53d4efad6c76d17bb532fc938b8f80c13ce86b5ba3e540164bc5a5d47cd321c241d8740f453ef95bd3878d578561ad6ce20877ffbd44062dce8df1d048d8d5e4045be647886108cbb1f0b26a8b74b66858afedb830a161bb02bde4c46a688a0ea3a7018ce24666aab0f422ede2f78ea29f77e28d87c744cba0285ce33d0d9ac45774829699de6d725a9b6db6e7d03ad4ec9d075c386e68ca0bcd9e9911d741ed0168cbddb87a7918a964d206629da4e887277b0ef7d3f9c7082f3f15f29a0dfb39f3b0877a5ec3ac4343e0d808f5aee8f1869923aab6dfc3016821c013109f34aece6183994b853d0e9561375c02cdd26b1b55194757341929a8038864cedd6b5a3b8b51ade44637044c4ebddb190f173969a0ca4cf5d42153763a0b91da0110ae7a25204850927d81b00176d4568a3d444d8029bd010df784e3f673fe855601ec4f1b26b2df58841e6a65f0db66373f63cc14a8b07dfc52ac9957eb542d05ed687c79519609de96df18b63cb294b534ddf7d2e8f41bcc1e5a006191c4db057b6709f0a96f18e7e8f67b8be2a19c015b9c4b0b3f42e4de366b71f8da8888809473c3c7a02a1158e375f29997a43bc7118ca4d1abb8f8f21972fc589aaa3d73a4d40a1e1705e169ac6e56cff50d89fc45b6863c8fc67bb2b5939a7f33072539ba4c24077be5711ba368bf7efd4897931531d388eb5c2e56bef337777150dd59518652145c9594e110e41d2615196c6b197916c88cc2814e13a3a922b4ecb044bf31cc90e0bfe0ce07de29188bbcb0ec1a12b509f52582fbb948c3cbe0c6964f46991cec0704bfac08aec6ad8ddfc36dc68c7f547c5ee6af4a8d55c79e3dc1c49b045379811f81e9a185a92cd37ae4ee32c5d3c82d36d6202a6c84fd231fe467071d42072827fd77afa5d757e6f37247f783ef09bdfd7536b666e84bc4bb878005b7829293a04ba090272dec844f4ef0e934617c08518bdc6b915ac6f3f03e4a6ab88e21c3f21f93b31d95ea3b9228e0031cb69795de5abd19c4cb4a0cf2984e53ca391cc66e33ee0d510151670331fa264753704fea5e4b1760f74890c49a74a47e0da13155c5470013d53dea0f05b5e088f1511c209f5be940232318af2757951d399e32eb862d915784713baa8ba93645caf04ba78fa3cf600ff92b9c5be58ad87438a340bac00a5ea9fb17e39478ba61fe36335e48d8c5a0b25f024cbd2ec7f217d0f260951da396dc13a2a74cd90df4b52db686e3b34d27cfa4cebd7bf59cbcfaf4007dc943a1da6e0bd1799a21ab449d7bb42935e50c839c5b567c59742436af15bc8d46095520dcd9273ae2b6f3c1cc2b4311ac9e5d297f0940b1552c5955adb302022022bb7457978998b56328629b7725dfbe3dedb37f37af0697a4471d1d6ff6bec633a38540adeba903f3eaaec5785fbb3c6a598f49dbd9ff93c67dea1ef39a614331b119fa8efccc8bac01595fb95a2a57eec9fc6c6fe82782aa89ea971866fd9a3bca4010182092ab6d1e2b49b964be9e3bb13bd6b77850e435f55a5d46e5bcb3330c7edefd31c33f61275e51600"})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000080)="660f3881ae64409fc483b17e35e661c286000f08c4a28c03f30f0966420fc7b573000000430f1a7c01cb01cbf9341cd50d0000000f792fd536420f01c5", 0x3d}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

153.790667ms ago: executing program 1 (id=1435):
openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
mknod(0x0, 0x0, 0x0)
r0 = open(0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vxcan1\x00', <r1=>0x0})
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@bloom_filter={0x1e, 0x9, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', r1, r0, 0x0, 0x0, 0x2, 0x6}, 0x48)
openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r2, 0x29, 0x19, &(0x7f0000000400)=0xa4, 0x4)
syz_emit_ethernet(0x6e, &(0x7f00000002c0)={@multicast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "828bf7", 0x38, 0x3a, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, @mcast2, {[], @time_exceed={0x2, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "fd9063", 0x0, 0x3a, 0x0, @private1, @rand_addr=' \x01\x00', [], "1e520b4c951ee12e"}}}}}}}, 0x0)
recvmmsg(r2, &(0x7f0000002780)=[{{0x0, 0xfffffffffffffde1, 0x0}}], 0x1, 0x2140, 0x0)

101.742355ms ago: executing program 1 (id=1436):
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, &(0x7f0000000ac0)="0f01c80f07662e660f3882bf070000000f01c3660f3a424915839a540000000101642fc7442400d28c97c9c744240254000000c7442406000000000f0114240f01d1b9800000c00f3235004000000f30", 0x50}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_NMI(r3, 0xae9a)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

101.491315ms ago: executing program 2 (id=1437):
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080), 0x1c0002, 0x0)
write$vga_arbiter(r0, &(0x7f0000000000)=@other={'lock', ' ', 'io+mem'}, 0xc)
write$vga_arbiter(r0, &(0x7f0000000400)=@other={'lock', ' ', 'io+mem'}, 0xc)
close(r0)

13.265648ms ago: executing program 1 (id=1438):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_VENDOR(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001b40)={&(0x7f0000000180)={0x24, r1, 0x62c21a4ade68aba1, 0x0, 0x0, {{0x32}, {@val={0x8, 0x117}, @val={0x8}, @void}}}, 0x24}}, 0x0)

0s ago: executing program 1 (id=1439):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffed850000006d000000a50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = socket(0x10, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f00000000c0)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}, @dev}})
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f0000000480)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}})

kernel console output (not intermixed with test programs):

719644222.920:1165): avc:  denied  { block_suspend } for  pid=2312 comm="syz.0.649" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   83.468213][ T2315] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[   83.536543][ T2315] ext4 filesystem being mounted at /root/syzkaller.da3iiO/46/file1 supports timestamps until 2038 (0x7fffffff)
[   83.575864][ T2296] bridge0: port 2(bridge_slave_1) entered blocking state
[   83.582718][ T2296] bridge0: port 2(bridge_slave_1) entered forwarding state
[   83.589870][ T2296] bridge0: port 1(bridge_slave_0) entered blocking state
[   83.596708][ T2296] bridge0: port 1(bridge_slave_0) entered forwarding state
[   83.605770][ T2096] device bridge_slave_1 left promiscuous mode
[   83.611715][ T2096] bridge0: port 2(bridge_slave_1) entered disabled state
[   83.626011][ T2096] device bridge_slave_0 left promiscuous mode
[   83.632656][ T2096] bridge0: port 1(bridge_slave_0) entered disabled state
[   83.827708][ T1719] bridge0: port 1(bridge_slave_0) entered disabled state
[   83.840188][ T1719] bridge0: port 2(bridge_slave_1) entered disabled state
[   83.872364][ T1719] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   83.881631][ T1719] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   83.897382][ T1250] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   83.905598][ T1250] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   83.913836][ T1250] bridge0: port 1(bridge_slave_0) entered blocking state
[   83.920689][ T1250] bridge0: port 1(bridge_slave_0) entered forwarding state
[   83.930980][  T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   83.944643][  T372] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   83.952807][  T372] bridge0: port 2(bridge_slave_1) entered blocking state
[   83.959654][  T372] bridge0: port 2(bridge_slave_1) entered forwarding state
[   83.994158][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   84.004177][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   84.163692][  T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   84.173261][  T372] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   84.190011][  T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   84.199871][  T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   84.208146][  T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   84.217315][  T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   84.295672][ T2360] erofs: (device loop2): check_layout_compatibility: unidentified incompatible feature 8, please upgrade kernel version
[   84.322122][ T1745] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   84.331089][   T23] audit: type=1400 audit(1719644223.816:1166): avc:  denied  { nlmsg_write } for  pid=2367 comm="syz.0.670" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[   84.336614][ T1745] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   84.440539][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   84.448715][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   84.496198][ T2350] bridge0: port 1(bridge_slave_0) entered blocking state
[   84.520298][ T2350] bridge0: port 1(bridge_slave_0) entered disabled state
[   84.538283][ T2350] device bridge_slave_0 entered promiscuous mode
[   84.562774][  T372] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   84.581223][  T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   84.597886][ T2350] bridge0: port 2(bridge_slave_1) entered blocking state
[   84.610426][ T2350] bridge0: port 2(bridge_slave_1) entered disabled state
[   84.617842][ T2350] device bridge_slave_1 entered promiscuous mode
[   84.800762][ T2350] bridge0: port 2(bridge_slave_1) entered blocking state
[   84.807632][ T2350] bridge0: port 2(bridge_slave_1) entered forwarding state
[   84.814856][ T2350] bridge0: port 1(bridge_slave_0) entered blocking state
[   84.821685][ T2350] bridge0: port 1(bridge_slave_0) entered forwarding state
[   84.839702][ T2390] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
[   84.883607][ T1745] bridge0: port 1(bridge_slave_0) entered disabled state
[   84.891125][ T1745] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.000616][ T2398] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[   85.010721][ T2401] netlink: 'syz.3.642': attribute type 4 has an invalid length.
[   85.037736][ T2398] EXT4-fs (loop4): warning: checktime reached, running e2fsck is recommended
[   85.057678][ T2398] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a802c01c, mo2=0002]
[   85.082865][ T2398] System zones: 0-2, 18-18, 34-34
[   85.086312][  T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   85.095147][ T2398] EXT4-fs warning (device loop4): ext4_update_dynamic_rev:864: updating to rev 1 because of new feature flag, running e2fsck is recommended
[   85.105398][  T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   85.109894][ T2398] EXT4-fs (loop4): 1 truncate cleaned up
[   85.122256][ T2398] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[   85.147245][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   85.155680][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   85.228094][   T18] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.234954][   T18] bridge0: port 1(bridge_slave_0) entered forwarding state
[   85.263081][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   85.276206][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   85.285688][   T18] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.292511][   T18] bridge0: port 2(bridge_slave_1) entered forwarding state
[   85.310612][  T179] EXT4-fs error (device loop3): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   85.369011][ T2409] EXT4-fs error (device loop4): ext4_generic_delete_entry:2620: inode #2: block 3: comm syz.4.680: bad entry in directory: inode out of bounds - offset=0, inode=63, rec_len=12, size=4096 fake=1
[   85.389124][ T2409] EXT4-fs error (device loop4) in ext4_delete_entry:2679: Corrupt filesystem
[   85.398170][ T2409] EXT4-fs warning (device loop4): ext4_rename_delete:3787: inode #2: comm syz.4.680: Deleting old file: nlink 4, error=-117
[   85.485190][  T179] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 6 with error 28
[   85.552247][  T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   85.560516][  T357] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   85.561926][  T179] EXT4-fs (loop3): This should not happen!! Data will be lost
[   85.561926][  T179] 
[   85.608381][  T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   85.608682][  T179] EXT4-fs (loop3): Total free blocks count 0
[   85.622415][  T357] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   85.645660][  T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   85.653049][  T179] EXT4-fs (loop3): Free/Dirty block details
[   85.653931][  T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   85.670797][  T179] EXT4-fs (loop3): free_blocks=2415919104
[   85.685834][  T179] EXT4-fs (loop3): dirty_blocks=16
[   85.699126][  T179] EXT4-fs (loop3): Block reservation details
[   85.706910][  T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   85.714657][  T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   85.715960][  T179] EXT4-fs (loop3): i_reserved_data_blocks=1
[   85.742783][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   85.751307][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   85.817335][ T2096] device bridge_slave_1 left promiscuous mode
[   85.823270][ T2096] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.839443][ T2096] device bridge_slave_0 left promiscuous mode
[   85.845575][ T2096] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.947141][ T1745] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   85.955274][ T1745] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   86.035239][ T1745] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   86.043665][ T1745] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   86.308977][   T23] audit: type=1400 audit(1719644225.667:1167): avc:  denied  { transition } for  pid=2416 comm="syz.2.688" path="/root/syzkaller.41vC3N/111/file2" dev="sda1" ino=2006 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process permissive=1
[   86.349384][ T2434] netlink: 56 bytes leftover after parsing attributes in process `syz.3.690'.
[   86.363396][   T23] audit: type=1400 audit(1719644225.667:1168): avc:  denied  { entrypoint } for  pid=2416 comm="syz.2.688" path="/root/syzkaller.41vC3N/111/file2" dev="sda1" ino=2006 scontext=system_u:object_r:hugetlbfs_t tcontext=root:object_r:user_home_t tclass=file permissive=1
[   86.474455][   T23] audit: type=1400 audit(1719644225.667:1169): avc:  denied  { noatsecure } for  pid=2416 comm="syz.2.688" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process permissive=1
[   86.569958][   T23] audit: type=1400 audit(1719644225.686:1170): avc:  denied  { create } for  pid=2416 comm="syz.2.688" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[   86.597410][ T2443] FAT-fs (loop4): Unrecognized mount option "shortnaqe=lower" or missing value
[   86.611596][ T2449] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[   86.625030][ T2449] EXT4-fs (loop3): warning: checktime reached, running e2fsck is recommended
[   86.633811][ T2449] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a802c01c, mo2=0002]
[   86.884549][ T2449] System zones: 0-2, 18-18, 34-34
[   86.890180][ T2449] EXT4-fs warning (device loop3): ext4_update_dynamic_rev:864: updating to rev 1 because of new feature flag, running e2fsck is recommended
[   86.905153][ T2449] EXT4-fs (loop3): 1 truncate cleaned up
[   86.910629][ T2449] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
[   87.204655][ T2459] erofs: (device loop4): mounted with opts: , root inode @ nid 36.
[   87.212458][ T2459] SELinux: (dev loop4, type erofs) getxattr errno 117
[   87.223790][ T2461] EXT4-fs error (device loop3): ext4_generic_delete_entry:2620: inode #2: block 3: comm syz.3.697: bad entry in directory: inode out of bounds - offset=0, inode=63, rec_len=12, size=4096 fake=1
[   87.243344][ T2461] EXT4-fs error (device loop3) in ext4_delete_entry:2679: Corrupt filesystem
[   87.252534][ T2461] EXT4-fs warning (device loop3): ext4_rename_delete:3787: inode #2: comm syz.3.697: Deleting old file: nlink 4, error=-117
[   87.689953][ T2455] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[   88.178570][ T2476] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[   88.418675][ T2498] FAT-fs (loop0): Directory bread(block 64) failed
[   88.425058][ T2498] FAT-fs (loop0): Directory bread(block 65) failed
[   88.433883][ T2498] FAT-fs (loop0): Directory bread(block 66) failed
[   88.441163][ T2498] FAT-fs (loop0): Directory bread(block 67) failed
[   88.447624][ T2498] FAT-fs (loop0): Directory bread(block 68) failed
[   88.454424][ T2498] FAT-fs (loop0): Directory bread(block 69) failed
[   88.470104][ T2498] FAT-fs (loop0): Directory bread(block 70) failed
[   88.477044][ T2498] FAT-fs (loop0): Directory bread(block 71) failed
[   88.484082][ T2498] FAT-fs (loop0): Directory bread(block 72) failed
[   88.491083][ T2498] FAT-fs (loop0): Directory bread(block 73) failed
[   88.515235][ T2504] FAT-fs (loop1): Unrecognized mount option "shortnaqe=lower" or missing value
[   88.572718][ T2509] netlink: 'syz.4.703': attribute type 4 has an invalid length.
[   88.755470][  T179] EXT4-fs error (device loop4): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   88.770300][  T179] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 6 with error 28
[   88.782639][  T179] EXT4-fs (loop4): This should not happen!! Data will be lost
[   88.782639][  T179] 
[   88.811484][  T179] EXT4-fs (loop4): Total free blocks count 0
[   88.823442][  T179] EXT4-fs (loop4): Free/Dirty block details
[   88.835341][  T179] EXT4-fs (loop4): free_blocks=2415919104
[   88.847118][  T179] EXT4-fs (loop4): dirty_blocks=16
[   88.857237][  T179] EXT4-fs (loop4): Block reservation details
[   88.869259][  T179] EXT4-fs (loop4): i_reserved_data_blocks=1
[   88.952848][ T2511] erofs: (device loop1): mounted with opts: , root inode @ nid 36.
[   88.960563][ T2511] SELinux: (dev loop1, type erofs) getxattr errno 117
[   89.258646][ T2514] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
[   89.344350][   T23] kauditd_printk_skb: 4 callbacks suppressed
[   89.344361][   T23] audit: type=1400 audit(1719644228.811:1175): avc:  denied  { create } for  pid=2525 comm="syz.4.719" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[   89.588850][   T23] audit: type=1400 audit(1719644229.050:1176): avc:  denied  { accept } for  pid=2544 comm="syz.3.726" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   89.705230][ T1250] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[   90.056828][ T1745] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[   90.147315][ T1250] usb 2-1: Using ep0 maxpacket: 8
[   90.268002][ T1250] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   90.287963][ T1250] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   90.307686][ T1250] usb 2-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00
[   90.318039][ T1745] usb 5-1: Using ep0 maxpacket: 16
[   90.327829][ T1250] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   90.342802][ T1250] usb 2-1: config 0 descriptor??
[   90.468826][ T1745] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   90.482879][ T1745] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   90.508388][ T1745] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[   90.522900][ T1745] usb 5-1: New USB device found, idVendor=5543, idProduct=0064, bcdDevice= 0.00
[   90.533474][ T1745] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   90.542439][ T1745] usb 5-1: config 0 descriptor??
[   90.675271][ T2530] F2FS-fs (loop0): Found nat_bits in checkpoint
[   90.715799][ T2530] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   90.806760][   T23] audit: type=1400 audit(1719644230.265:1177): avc:  denied  { read } for  pid=2529 comm="syz.0.721" name="file0" dev="loop0" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   90.835226][   T23] audit: type=1400 audit(1719644230.265:1178): avc:  denied  { open } for  pid=2529 comm="syz.0.721" path="/root/syzkaller.0L4fGN/24/file0/file0/file0" dev="loop0" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   90.872728][ T1250] smartjoyplus 0003:6666:8804.0009: hidraw0: USB HID v0.00 Device [HID 6666:8804] on usb-dummy_hcd.1-1/input0
[   90.886466][ T1250] smartjoyplus 0003:6666:8804.0009: no output reports found
[   90.899938][   T23] audit: type=1400 audit(1719644230.354:1179): avc:  denied  { create } for  pid=2592 comm="syz.3.747" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   90.954904][   T23] audit: type=1400 audit(1719644230.404:1180): avc:  denied  { bind } for  pid=2597 comm="syz.3.749" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   90.999786][ T2602] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[   91.041523][ T1745] uclogic 0003:5543:0064.000A: No inputs registered, leaving
[   91.050151][ T1745] uclogic 0003:5543:0064.000A: hidraw1: USB HID v0.00 Device [HID 5543:0064] on usb-dummy_hcd.4-1/input0
[   91.345395][ T1250] usb 5-1: USB disconnect, device number 6
[   91.469765][ T1719] usb 2-1: USB disconnect, device number 8
[   92.238744][ T2637] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[   92.368178][ T2653] FAT-fs (loop4): Unrecognized mount option "utf8=1" or missing value
[   92.667384][ T2651] netlink: 20 bytes leftover after parsing attributes in process `syz.4.768'.
[   92.716035][ T2624] F2FS-fs (loop0): Found nat_bits in checkpoint
[   92.723496][   T23] audit: type=1400 audit(1719644232.166:1181): avc:  denied  { setopt } for  pid=2666 comm="syz.4.772" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   92.864388][ T2624] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   93.512122][ T2696] EXT4-fs (loop4): orphan cleanup on readonly fs
[   93.518942][ T2696] Quota error (device loop4): v2_read_file_info: Free block number too big (0 >= 0).
[   93.529733][ T2696] EXT4-fs warning (device loop4): ext4_enable_quotas:6100: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix.
[   93.553346][ T2696] EXT4-fs (loop4): Cannot turn on quotas: error -117
[   93.563113][ T2696] EXT4-fs error (device loop4): ext4_orphan_get:1260: comm syz.4.782: bad orphan inode 16
[   93.785438][ T2696] EXT4-fs (loop4): Remounting filesystem read-only
[   93.799379][ T2696] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,nobarrier,max_batch_time=0x0000000000000c23,noquota,max_batch_time=0x0000000000009c52,resgid=0x000000000000ee01,barrier,stripe=0x000000007768e9ec,stripe=0x0000000000000009,nogrpid,grpjquota=,noauto_da_alloc
[   93.852969][ T2696] EXT4-fs error (device loop4): ext4_lookup:1806: inode #2: comm syz.4.782: bad inode number: 12
[   93.879957][ T2696] EXT4-fs error (device loop4): ext4_lookup:1806: inode #2: comm syz.4.782: bad inode number: 12
[   93.945189][ T2696] EXT4-fs error (device loop4): ext4_lookup:1806: inode #2: comm syz.4.782: bad inode number: 12
[   93.990746][ T2696] EXT4-fs error (device loop4): ext4_lookup:1806: inode #2: comm syz.4.782: bad inode number: 12
[   94.638374][   T23] audit: type=1400 audit(1719644234.077:1182): avc:  denied  { connect } for  pid=2739 comm="syz.2.797" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   94.674306][   T23] audit: type=1400 audit(1719644234.097:1183): avc:  denied  { write } for  pid=2739 comm="syz.2.797" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   95.102630][ T2750] EXT4-fs (loop2): orphan cleanup on readonly fs
[   95.109523][ T2750] Quota error (device loop2): v2_read_file_info: Free block number too big (0 >= 0).
[   95.118851][ T2750] EXT4-fs warning (device loop2): ext4_enable_quotas:6100: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix.
[   95.133271][ T2750] EXT4-fs (loop2): Cannot turn on quotas: error -117
[   95.139954][ T2750] EXT4-fs error (device loop2): ext4_orphan_get:1260: comm syz.2.803: bad orphan inode 16
[   95.142669][ T2754] FAT-fs (loop4): Unrecognized mount option "utf8=1" or missing value
[   95.152805][ T2750] EXT4-fs (loop2): Remounting filesystem read-only
[   95.184947][ T2750] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,nobarrier,max_batch_time=0x0000000000000c23,noquota,max_batch_time=0x0000000000009c52,resgid=0x000000000000ee01,barrier,stripe=0x000000007768e9ec,stripe=0x0000000000000009,nogrpid,grpjquota=,noauto_da_alloc
[   95.186596][ T2712] F2FS-fs (loop3): Found nat_bits in checkpoint
[   95.238787][ T2746] netlink: 20 bytes leftover after parsing attributes in process `syz.4.800'.
[   95.277459][ T2750] EXT4-fs error (device loop2): ext4_lookup:1806: inode #2: comm syz.2.803: bad inode number: 12
[   95.288510][ T2750] EXT4-fs error (device loop2): ext4_lookup:1806: inode #2: comm syz.2.803: bad inode number: 12
[   95.299739][ T2750] EXT4-fs error (device loop2): ext4_lookup:1806: inode #2: comm syz.2.803: bad inode number: 12
[   95.310600][ T2712] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   95.311162][ T2750] EXT4-fs error (device loop2): ext4_lookup:1806: inode #2: comm syz.2.803: bad inode number: 12
[   95.426546][ T2768] EXT4-fs (loop1): mounted filesystem without journal. Opts: commit=0x0000000000000005,,errors=continue
[   95.464574][   T23] audit: type=1326 audit(1719644234.904:1184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2783 comm="syz.2.812" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc1f701bb99 code=0x0
[   95.511355][   T23] audit: type=1400 audit(1719644234.954:1185): avc:  denied  { write } for  pid=2767 comm="syz.1.806" name="file2" dev="loop1" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   96.182054][ T2811] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
[   96.194634][ T2811] EXT4-fs (loop1): group descriptors corrupted!
[   96.205849][ T2814] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
[   96.216002][ T2814] ext4 filesystem being mounted at /root/syzkaller.6c3hEw/27/file0 supports timestamps until 2038 (0x7fffffff)
[   96.513988][ T2831] F2FS-fs (loop0): Invalid Fs Meta Ino: node(0) meta(2) root(0)
[   96.521636][ T2831] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[   96.534490][ T2831] F2FS-fs (loop0): invalid crc value
[   96.555796][ T2831] F2FS-fs (loop0): Found nat_bits in checkpoint
[   96.595332][ T2861] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   96.612027][ T2857] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[   96.627762][ T2831] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[   96.631935][ T2857] ext4 filesystem being mounted at /root/syzkaller.UZn8Kv/37/file0 supports timestamps until 2038 (0x7fffffff)
[   96.634679][ T2831] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[   96.674108][   T23] audit: type=1326 audit(1719644236.099:1186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2870 comm="syz.3.843" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f50d5b99b99 code=0x0
[   96.697774][ T2110] attempt to access beyond end of device
[   96.697774][ T2110] loop0: rw=2049, want=45104, limit=40427
[   96.736298][ T1250] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[   96.756379][ T1745] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[   97.017459][ T1250] usb 3-1: Using ep0 maxpacket: 8
[   97.158557][ T1250] usb 3-1: config 17 has an invalid descriptor of length 0, skipping remainder of the config
[   97.258889][ T1250] usb 3-1: config 17 has an invalid descriptor of length 0, skipping remainder of the config
[   97.278753][ T1745] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   97.288783][ T1745] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[   97.297408][ T1745] usb 5-1: Duplicate descriptor for config 1 interface 0 altsetting 0, skipping
[   97.348879][ T1250] usb 3-1: config 17 has an invalid descriptor of length 0, skipping remainder of the config
[   97.439292][ T1250] usb 3-1: config 17 has an invalid descriptor of length 0, skipping remainder of the config
[   97.459407][ T1745] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   97.468288][ T1745] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   97.476114][ T1745] usb 5-1: Product: syz
[   97.480084][ T1745] usb 5-1: Manufacturer: syz
[   97.484458][ T1745] usb 5-1: SerialNumber: syz
[   97.539740][ T1250] usb 3-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d
[   97.548685][ T1250] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105
[   97.556951][ T1250] usb 3-1: SerialNumber: syz
[   97.601351][ T1250] uvcvideo: Found UVC 0.00 device <unnamed> (05ac:8501)
[   97.608190][ T1250] uvcvideo: No valid video chain found.
[   97.950222][ T1719] usb 3-1: USB disconnect, device number 9
[   97.951464][ T1745] usb 5-1: 0:2 : does not exist
[   97.967369][ T1745] usb 5-1: USB disconnect, device number 7
[   98.466244][   T23] audit: type=1326 audit(1719644237.891:1187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2915 comm="syz.1.858" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9e14404b99 code=0x0
[   98.994161][ T2944] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   99.002968][ T2944] ext4 filesystem being mounted at /root/syzkaller.0L4fGN/49/file0 supports timestamps until 2038 (0x7fffffff)
[   99.137440][   T23] audit: type=1400 audit(1719644238.549:1188): avc:  denied  { shutdown } for  pid=2950 comm="syz.0.869" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   99.159072][   T23] audit: type=1400 audit(1719644238.549:1189): avc:  denied  { read } for  pid=2950 comm="syz.0.869" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   99.321980][   T23] audit: type=1400 audit(1719644238.738:1190): avc:  denied  { read } for  pid=2958 comm="syz.1.872" path="socket:[29252]" dev="sockfs" ino=29252 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   99.487581][   T18] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[   99.577031][ T2977] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
[   99.592303][ T2977] ext4 filesystem being mounted at /root/syzkaller.6c3hEw/38/file0 supports timestamps until 2038 (0x7fffffff)
[   99.635729][ T2966] EXT4-fs (loop1): mounted filesystem without journal. Opts: commit=0x0000000000000005,,errors=continue
[   99.702157][   T23] kauditd_printk_skb: 3 callbacks suppressed
[   99.702169][   T23] audit: type=1326 audit(1719644239.116:1194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2989 comm="syz.3.882" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f50d5b99b99 code=0x0
[   99.869134][   T18] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   99.889142][   T18] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[   99.907921][   T18] usb 3-1: Duplicate descriptor for config 1 interface 0 altsetting 0, skipping
[  100.250704][   T18] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  100.259595][   T18] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  100.267367][   T18] usb 3-1: Product: syz
[  100.271570][   T18] usb 3-1: Manufacturer: syz
[  100.275904][   T18] usb 3-1: SerialNumber: syz
[  100.558553][  T372] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  100.566726][  T372] hid-generic 0000:0000:0000.000B: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  100.603557][   T18] usb 3-1: 0:2 : does not exist
[  100.621387][   T18] usb 3-1: USB disconnect, device number 10
[  100.664215][ T3020] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[  100.673211][ T3020] ext4 filesystem being mounted at /root/syzkaller.UZn8Kv/49/file0 supports timestamps until 2038 (0x7fffffff)
[  100.852960][  T372] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  100.934634][ T3025] EXT4-fs (loop1): mounted filesystem without journal. Opts: commit=0x0000000000000005,,errors=continue
[  100.967053][ T3036] FAT-fs (loop4): Unrecognized mount option "shortnaqe=lower" or missing value
[  101.093172][   T23] audit: type=1326 audit(1719644240.501:1195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3046 comm="syz.2.900" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc1f701bb99 code=0x0
[  101.132535][   T23] audit: type=1400 audit(1719644240.531:1196): avc:  denied  { create } for  pid=3042 comm="syz.1.899" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=blk_file permissive=1
[  101.161756][   T23] audit: type=1400 audit(1719644240.551:1197): avc:  denied  { write } for  pid=3042 comm="syz.1.899" name="file0" dev="sda1" ino=2008 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=blk_file permissive=1
[  101.186170][   T23] audit: type=1400 audit(1719644240.551:1198): avc:  denied  { open } for  pid=3042 comm="syz.1.899" path="/root/syzkaller.UZn8Kv/51/file0" dev="sda1" ino=2008 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=blk_file permissive=1
[  101.265163][  T372] usb 4-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config
[  101.278432][  T372] usb 4-1: config 9 has 0 interfaces, different from the descriptor's value: 1
[  101.294930][  T372] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  101.303945][   T23] audit: type=1400 audit(1719644240.551:1199): avc:  denied  { ioctl } for  pid=3042 comm="syz.1.899" path="/root/syzkaller.UZn8Kv/51/file0" dev="sda1" ino=2008 ioctlcmd=0x70cb scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=blk_file permissive=1
[  101.331886][  T372] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  101.336403][   T23] audit: type=1400 audit(1719644240.561:1200): avc:  denied  { unlink } for  pid=2350 comm="syz-executor" name="file0" dev="sda1" ino=2008 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=blk_file permissive=1
[  101.410105][ T3054] erofs: (device loop4): mounted with opts: , root inode @ nid 36.
[  101.417882][ T3054] SELinux: (dev loop4, type erofs) getxattr errno 117
[  101.421539][ T3057] SELinux:  Context � is not valid (left unmapped).
[  101.469468][ T1250] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[  101.479238][ T1250] hid-generic 0000:0000:0000.000C: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  101.836835][  T372] usb 4-1: string descriptor 0 read error: -32
[  101.943979][   T23] audit: type=1400 audit(1719644241.348:1201): avc:  denied  { ioctl } for  pid=3075 comm="syz.4.910" path="/dev/fuse" dev="devtmpfs" ino=9185 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[  101.972969][   T23] audit: type=1400 audit(1719644241.358:1202): avc:  denied  { write } for  pid=3078 comm="syz.2.911" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  101.995349][   T23] audit: type=1400 audit(1719644241.358:1203): avc:  denied  { add_name } for  pid=3078 comm="syz.2.911" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  102.267947][ T3094] netlink: 'syz.1.915': attribute type 27 has an invalid length.
[  102.307892][ T3094] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.314987][ T3094] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.409014][ T1250] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  102.463300][  T107] usb 4-1: USB disconnect, device number 12
[  102.561186][ T3100] FAT-fs (loop3): Unrecognized mount option "shortnaqe=lower" or missing value
[  102.770448][ T1250] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  102.781323][ T1250] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  102.797807][ T3104] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a802c018, mo2=0002]
[  102.806473][ T3104] System zones: 0-1, 3-12
[  102.811435][ T3104] EXT4-fs (loop2): mounted filesystem without journal. Opts: init_itable=0x0000000000000000,debug,,errors=continue
[  102.869368][ T3113] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3113 comm=syz.0.921
[  103.026975][  T846] EXT4-fs error (device loop2): ext4_readdir:260: inode #11: block 32: comm syz-executor: path /root/syzkaller.41vC3N/157/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  103.051677][ T3110] erofs: (device loop3): mounted with opts: , root inode @ nid 36.
[  103.059384][ T3110] SELinux: (dev loop3, type erofs) getxattr errno 117
[  103.066352][ T1250] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  103.076465][  T846] EXT4-fs error (device loop2): ext4_empty_dir:3002: inode #11: block 32: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  103.096393][ T1250] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  103.101965][  T846] EXT4-fs warning (device loop2): ext4_empty_dir:3004: inode #11: comm syz-executor: directory missing '.'
[  103.104558][ T1250] usb 5-1: Product: syz
[  103.119562][ T1250] usb 5-1: Manufacturer: syz
[  103.124555][ T1250] usb 5-1: SerialNumber: syz
[  103.126173][  T846] SELinux: inode_doinit_use_xattr:  getxattr returned 12 for dev=loop2 ino=12
[  103.138215][  T846] SELinux: inode_doinit_use_xattr:  getxattr returned 12 for dev=loop2 ino=12
[  103.151286][  T846] SELinux: inode_doinit_use_xattr:  getxattr returned 12 for dev=loop2 ino=12
[  103.160047][  T846] SELinux: inode_doinit_use_xattr:  getxattr returned 12 for dev=loop2 ino=12
[  103.168753][  T846] SELinux: inode_doinit_use_xattr:  getxattr returned 12 for dev=loop2 ino=12
[  103.177508][  T846] SELinux: inode_doinit_use_xattr:  getxattr returned 12 for dev=loop2 ino=12
[  103.186232][  T846] SELinux: inode_doinit_use_xattr:  getxattr returned 12 for dev=loop2 ino=12
[  103.195172][  T846] SELinux: inode_doinit_use_xattr:  getxattr returned 12 for dev=loop2 ino=12
[  103.203961][  T846] SELinux: inode_doinit_use_xattr:  getxattr returned 12 for dev=loop2 ino=12
[  103.212715][  T846] SELinux: inode_doinit_use_xattr:  getxattr returned 12 for dev=loop2 ino=12
[  103.221473][  T846] SELinux: inode_doinit_use_xattr:  getxattr returned 12 for dev=loop2 ino=12
[  103.230610][  T846] SELinux: inode_doinit_use_xattr:  getxattr returned 12 for dev=loop2 ino=12
[  103.239564][  T846] SELinux: inode_doinit_use_xattr:  getxattr returned 12 for dev=loop2 ino=12
[  103.248360][  T846] SELinux: inode_doinit_use_xattr:  getxattr returned 12 for dev=loop2 ino=12
[  103.257104][  T846] SELinux: inode_doinit_use_xattr:  getxattr returned 12 for dev=loop2 ino=12
[  103.265836][  T846] SELinux: inode_doinit_use_xattr:  getxattr returned 12 for dev=loop2 ino=12
[  103.274917][  T846] SELinux: inode_doinit_use_xattr:  getxattr returned 12 for dev=loop2 ino=12
[  103.284047][  T846] SELinux: inode_doinit_use_xattr:  getxattr returned 12 for dev=loop2 ino=12
[  103.293032][  T846] EXT4-fs warning (device loop2): ext4_evict_inode:321: xattr delete (err -12)
[  104.065307][  T683] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  104.429575][ T3153] netlink: 'syz.1.933': attribute type 27 has an invalid length.
[  104.476914][  T683] usb 1-1: config 0 has no interfaces?
[  104.529115][  T683] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  104.538834][  T683] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  104.551788][  T683] usb 1-1: config 0 descriptor??
[  104.560510][ T1719] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  104.677585][ T1250] cdc_ncm 5-1:1.0: bind() failure
[  104.697699][ T1250] cdc_ncm: probe of 5-1:1.1 failed with error -71
[  104.727755][ T1250] cdc_mbim: probe of 5-1:1.1 failed with error -71
[  104.737000][ T1250] usb 5-1: USB disconnect, device number 8
[  104.773688][ T3172] device wg1 entered promiscuous mode
[  104.786397][ T3172] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check.
[  104.863071][ T3126] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  104.889986][   T23] kauditd_printk_skb: 11 callbacks suppressed
[  104.889998][   T23] audit: type=1400 audit(1719644244.287:1215): avc:  denied  { read } for  pid=3175 comm="syz.3.943" name="usbmon0" dev="devtmpfs" ino=848 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  104.899209][ T3176] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability
[  104.919276][   T23] audit: type=1400 audit(1719644244.287:1216): avc:  denied  { open } for  pid=3175 comm="syz.3.943" path="/dev/usbmon0" dev="devtmpfs" ino=848 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  104.952291][ T1250] usb 1-1: USB disconnect, device number 9
[  104.972191][   T23] audit: type=1400 audit(1719644244.366:1217): avc:  denied  { setopt } for  pid=3175 comm="syz.3.943" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  105.302018][ T3183] overlayfs: workdir and upperdir must reside under the same mount
[  105.470242][ T3187] 
[  105.472503][ T3187] **********************************************************
[  105.479678][ T3187] **   NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE   **
[  105.487847][ T3187] **                                                      **
[  105.495780][ T3187] ** trace_printk() being used. Allocating extra memory.  **
[  105.503152][ T3187] **                                                      **
[  105.510401][ T3187] ** This means that this is a DEBUG kernel and it is     **
[  105.523959][ T3187] ** unsafe for production use.                           **
[  105.531392][ T3187] **                                                      **
[  105.538614][ T3187] ** If you see this message and you are not debugging    **
[  105.546041][ T3187] ** the kernel, report this immediately to your vendor!  **
[  105.553383][ T3187] **                                                      **
[  105.560596][ T3187] **   NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE   **
[  105.561219][ T3195] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3195 comm=syz.1.950
[  105.568068][ T3187] **********************************************************
[  105.616713][   T23] audit: type=1326 audit(1719644245.014:1218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3186 comm="syz.4.946" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f678debab99 code=0x0
[  105.803597][ T3211] FAT-fs (loop3): Unrecognized mount option "shortnaqe=lower" or missing value
[  105.847006][ T3210] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.853983][ T3210] bridge0: port 1(bridge_slave_0) entered disabled state
[  105.861465][ T3210] device bridge_slave_0 entered promiscuous mode
[  105.881932][ T1250] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  105.903065][ T3210] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.910283][ T3210] bridge0: port 2(bridge_slave_1) entered disabled state
[  105.918146][ T3210] device bridge_slave_1 entered promiscuous mode
[  105.996318][ T3210] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.003188][ T3210] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.010295][ T3210] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.017066][ T3210] bridge0: port 1(bridge_slave_0) entered forwarding state
[  106.071060][  T534] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  106.079717][  T534] bridge0: port 1(bridge_slave_0) entered disabled state
[  106.087298][  T534] bridge0: port 2(bridge_slave_1) entered disabled state
[  106.103307][  T534] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  106.111413][  T534] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.118250][  T534] bridge0: port 1(bridge_slave_0) entered forwarding state
[  106.126543][  T534] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  106.137498][ T3218] erofs: (device loop3): mounted with opts: , root inode @ nid 36.
[  106.145322][ T3218] SELinux: (dev loop3, type erofs) getxattr errno 117
[  106.161177][  T534] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.168022][  T534] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.180597][ T1719] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  106.193221][  T534] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  106.224605][  T534] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  106.244554][  T534] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  106.267716][ T1745] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  106.276683][ T1745] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  106.285496][ T1745] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  106.313526][ T1250] usb 2-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config
[  106.325542][ T1250] usb 2-1: config 9 has 0 interfaces, different from the descriptor's value: 1
[  106.334528][   T23] audit: type=1400 audit(1719644245.721:1219): avc:  denied  { map } for  pid=3229 comm="syz.0.957" path="/dev/ashmem" dev="devtmpfs" ino=9263 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  106.358130][ T1250] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  106.369956][ T1250] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  106.371916][ T3226] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  106.392186][ T3226] EXT4-fs (loop2): Unsupported blocksize for fs encryption
[  106.414720][ T2096] device bridge_slave_1 left promiscuous mode
[  106.421126][ T2096] bridge0: port 2(bridge_slave_1) entered disabled state
[  106.428853][ T2096] device bridge_slave_0 left promiscuous mode
[  106.440773][ T2096] bridge0: port 1(bridge_slave_0) entered disabled state
[  106.715201][ T1745] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  106.815275][  T372] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  106.828289][ T3247] F2FS-fs (loop3): invalid crc value
[  106.836599][ T3247] F2FS-fs (loop3): Found nat_bits in checkpoint
[  106.855665][ T1250] usb 2-1: string descriptor 0 read error: -32
[  106.870185][ T3247] F2FS-fs (loop3): Cannot turn on quotas: -2 on 0
[  106.876816][ T3247] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  106.899744][ T3247] attempt to access beyond end of device
[  106.899744][ T3247] loop3: rw=2049, want=45112, limit=40427
[  107.076329][ T1745] usb 5-1: config 0 has no interfaces?
[  107.081691][ T1745] usb 5-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  107.090741][ T1745] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  107.100267][ T1745] usb 5-1: config 0 descriptor??
[  107.128894][ T3258] IPv6: Can't replace route, no match found
[  107.186131][   T23] audit: type=1326 audit(1719644246.568:1220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3265 comm="syz.3.975" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f50d5b99b99 code=0x0
[  107.209029][  T372] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  107.218033][  T372] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  107.227719][  T372] usb 3-1: config 0 descriptor??
[  107.342547][ T1250] usb 2-1: USB disconnect, device number 9
[  107.394752][ T3238] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  107.441844][  T683] usb 5-1: USB disconnect, device number 9
[  108.175602][ T3286] IPv6: Can't replace route, no match found
[  108.402034][ T3307] syz.1.991[3307] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  108.402105][ T3307] syz.1.991[3307] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  108.443034][ T3304] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
[  108.481090][ T3282] F2FS-fs (loop4): invalid crc value
[  108.495079][ T3282] F2FS-fs (loop4): Found nat_bits in checkpoint
[  108.593295][ T3282] F2FS-fs (loop4): Cannot turn on quotas: -2 on 0
[  108.601383][ T3282] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  108.651749][ T1250] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  108.677740][ T3282] attempt to access beyond end of device
[  108.677740][ T3282] loop4: rw=2049, want=45112, limit=40427
[  108.903132][ T1250] usb 1-1: Using ep0 maxpacket: 8
[  109.023664][ T1250] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  109.053119][   T23] audit: type=1400 audit(1719644248.422:1221): avc:  denied  { read } for  pid=3350 comm="syz.1.1006" path="socket:[31892]" dev="sockfs" ino=31892 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  109.083357][ T1250] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  109.099993][ T1250] usb 1-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00
[  109.110391][ T1250] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  109.119601][ T1250] usb 1-1: config 0 descriptor??
[  109.185067][ T3352] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[  109.222941][ T3342] F2FS-fs (loop3): invalid crc value
[  109.240564][ T3342] F2FS-fs (loop3): Found nat_bits in checkpoint
[  109.348480][ T3342] F2FS-fs (loop3): Cannot turn on quotas: -2 on 0
[  109.356047][ T3342] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  109.405788][  T683] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  109.417717][ T3342] attempt to access beyond end of device
[  109.417717][ T3342] loop3: rw=2049, want=45112, limit=40427
[  109.607070][ T1250] smartjoyplus 0003:6666:8804.000D: hidraw0: USB HID v0.00 Device [HID 6666:8804] on usb-dummy_hcd.0-1/input0
[  109.619074][ T1250] smartjoyplus 0003:6666:8804.000D: no output reports found
[  109.775721][  T683] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  109.791719][  T683] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  109.827076][ T3383] EXT4-fs (loop3): mounted filesystem without journal. Opts: nouid32,stripe=0x00000000000002ea,nouid32,,errors=continue
[  109.850318][ T3383] ext4 filesystem being mounted at /root/syzkaller.6c3hEw/75/file0 supports timestamps until 2038 (0x7fffffff)
[  109.947371][ T1250] usb 1-1: USB disconnect, device number 10
[  109.968242][  T683] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  109.969826][   T23] audit: type=1400 audit(1719644249.349:1222): avc:  denied  { nlmsg_write } for  pid=3392 comm="syz.3.1018" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[  109.977366][  T683] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  110.033464][   T23] audit: type=1400 audit(1719644249.378:1223): avc:  denied  { nlmsg_read } for  pid=3392 comm="syz.3.1018" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[  110.107993][ T3394] netlink: 'syz.4.1017': attribute type 27 has an invalid length.
[  110.152091][ T3394] bridge0: port 2(bridge_slave_1) entered disabled state
[  110.159171][ T3394] bridge0: port 1(bridge_slave_0) entered disabled state
[  110.207970][  T683] usb 2-1: Product: syz
[  110.212148][  T683] usb 2-1: Manufacturer: syz
[  110.216741][  T683] usb 2-1: SerialNumber: syz
[  110.228391][  T372] usb 3-1: Cannot set autoneg
[  110.232941][  T372] MOSCHIP usb-ethernet driver: probe of 3-1:0.0 failed with error -71
[  110.245009][  T372] usb 3-1: USB disconnect, device number 11
[  110.425063][ T3397] F2FS-fs (loop3): invalid crc value
[  110.435672][ T3397] F2FS-fs (loop3): Found nat_bits in checkpoint
[  110.466936][ T3397] F2FS-fs (loop3): Cannot turn on quotas: -2 on 0
[  110.474336][ T3397] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  110.494652][ T3397] attempt to access beyond end of device
[  110.494652][ T3397] loop3: rw=2049, want=45112, limit=40427
[  110.852528][   T23] audit: type=1400 audit(1719644250.226:1224): avc:  denied  { mount } for  pid=3422 comm="syz.2.1029" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  110.853069][ T3423] capability: warning: `syz.2.1029' uses 32-bit capabilities (legacy support in use)
[  110.884201][ T3421] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1028'.
[  111.167332][ T3444] netlink: 'syz.3.1034': attribute type 27 has an invalid length.
[  111.210711][  T372] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  111.461447][  T372] usb 1-1: Using ep0 maxpacket: 8
[  111.471457][ T1250] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  111.551645][  T683] cdc_ncm 2-1:1.0: bind() failure
[  111.571720][  T683] cdc_ncm: probe of 2-1:1.1 failed with error -71
[  111.581734][  T372] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  111.600230][  T372] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  111.602079][  T683] cdc_mbim: probe of 2-1:1.1 failed with error -71
[  111.610296][  T372] usb 1-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00
[  111.618980][  T683] usb 2-1: USB disconnect, device number 10
[  111.627352][  T372] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  111.643217][  T372] usb 1-1: config 0 descriptor??
[  111.827508][ T3444] bridge0: port 2(bridge_slave_1) entered disabled state
[  111.834536][ T3444] bridge0: port 1(bridge_slave_0) entered disabled state
[  111.842854][ T1250] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  111.851818][ T1250] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  111.864507][ T1250] usb 3-1: config 0 descriptor??
[  111.996773][ T3444] device wg1 left promiscuous mode
[  112.125932][  T372] smartjoyplus 0003:6666:8804.000E: hidraw0: USB HID v0.00 Device [HID 6666:8804] on usb-dummy_hcd.0-1/input0
[  112.147415][  T372] smartjoyplus 0003:6666:8804.000E: no output reports found
[  112.525414][  T107] usb 1-1: USB disconnect, device number 11
[  113.068128][ T3463] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1043'.
[  113.128378][   T23] audit: type=1400 audit(1719644252.498:1225): avc:  denied  { lock } for  pid=3466 comm="syz.3.1045" path="socket:[33207]" dev="sockfs" ino=33207 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[  113.152330][   T23] audit: type=1400 audit(1719644252.498:1226): avc:  denied  { connect } for  pid=3466 comm="syz.3.1045" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  113.223142][ T3467] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  113.233924][ T3467] EXT4-fs (loop3): orphan cleanup on readonly fs
[  113.240807][ T3467] EXT4-fs error (device loop3): ext4_orphan_get:1236: inode #16: comm syz.3.1045: iget: immutable or append flags not allowed on symlinks
[  113.256721][ T3467] EXT4-fs error (device loop3): ext4_orphan_get:1240: comm syz.3.1045: couldn't read orphan inode 16 (err -117)
[  113.269104][ T3467] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
[  113.279253][   T23] audit: type=1400 audit(1719644252.648:1227): avc:  denied  { nlmsg_read } for  pid=3466 comm="syz.3.1045" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  113.279277][ T3467] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1045'.
[  113.347463][  T372] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  113.360832][ T3475] FAT-fs (loop0): Unrecognized mount option "�����<�앳� ��#3�ƺiM�" or missing value
[  113.370524][  T107] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  113.588265][  T372] usb 5-1: Using ep0 maxpacket: 16
[  113.679330][ T3486] EXT4-fs (loop0): mounted filesystem without journal. Opts: user_xattr,resuid=0x0000000000000000,sysvgroups,norecovery,errors=continue,abort,quota,noauto_da_alloc,lazytime,,errors=continue
[  113.879234][  T372] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  113.888104][  T372] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  113.896264][  T372] usb 5-1: Product: syz
[  113.899280][  T107] usb 2-1: config 0 has no interfaces?
[  113.900725][  T372] usb 5-1: Manufacturer: syz
[  113.908043][  T107] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  113.910708][  T372] usb 5-1: SerialNumber: syz
[  113.919947][  T107] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  113.924839][  T372] usb 5-1: config 0 descriptor??
[  113.937749][  T107] usb 2-1: config 0 descriptor??
[  114.017589][ T3501] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1056'.
[  114.061596][ T3503] EXT4-fs (loop0): mounted filesystem without journal. Opts: nouid32,stripe=0x00000000000002ea,nouid32,,errors=continue
[  114.074282][ T3503] ext4 filesystem being mounted at /root/syzkaller.nPH6JA/19/file0 supports timestamps until 2038 (0x7fffffff)
[  114.229518][ T3469] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  114.258208][ T3510] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  114.266792][ T3465] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[  114.276042][ T3510] EXT4-fs (loop0): orphan cleanup on readonly fs
[  114.290901][ T3510] EXT4-fs error (device loop0): ext4_orphan_get:1236: inode #16: comm syz.0.1059: iget: immutable or append flags not allowed on symlinks
[  114.328803][   T18] usb 2-1: USB disconnect, device number 11
[  114.347109][ T3510] EXT4-fs error (device loop0): ext4_orphan_get:1240: comm syz.0.1059: couldn't read orphan inode 16 (err -117)
[  114.359006][ T3465] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6099: Corrupt filesystem
[  114.364733][ T3520] FAT-fs (loop3): Unrecognized mount option "�����<�앳� ��#3�ƺiM�" or missing value
[  114.378693][ T3510] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[  114.391971][  T372] r8152 5-1:0.0: Unknown version 0x0000
[  114.401188][  T372] usb 5-1: USB disconnect, device number 10
[  114.441335][ T3510] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1059'.
[  114.562734][ T3530] EXT4-fs (loop0): mounted filesystem without journal. Opts: user_xattr,resuid=0x0000000000000000,sysvgroups,norecovery,errors=continue,abort,quota,noauto_da_alloc,lazytime,,errors=continue
[  114.742017][ T1250] usb 3-1: Cannot set autoneg
[  114.746577][ T1250] MOSCHIP usb-ethernet driver: probe of 3-1:0.0 failed with error -71
[  114.755340][ T1250] usb 3-1: USB disconnect, device number 12
[  114.903152][ T1154] EXT4-fs error (device loop4): ext4_map_blocks:617: inode #2: block 16: comm syz-executor: lblock 0 mapped to illegal pblock 16 (length 1)
[  114.917547][ T1154] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6099: Corrupt filesystem
[  114.926876][  T107] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  114.961555][ T3538] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1067'.
[  115.173282][  T107] usb 1-1: Using ep0 maxpacket: 16
[  115.394128][  T107] usb 1-1: config 1 interface 0 altsetting 8 bulk endpoint 0x1 has invalid maxpacket 1023
[  115.400751][ T3548] bridge0: port 1(bridge_slave_0) entered blocking state
[  115.403924][  T107] usb 1-1: config 1 interface 0 altsetting 8 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  115.423378][ T3548] bridge0: port 1(bridge_slave_0) entered disabled state
[  115.423437][  T107] usb 1-1: config 1 interface 0 has no altsetting 0
[  115.439070][ T3551] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  115.451584][ T3548] device bridge_slave_0 entered promiscuous mode
[  115.458391][ T3551] EXT4-fs (loop2): orphan cleanup on readonly fs
[  115.465033][ T3551] EXT4-fs error (device loop2): ext4_orphan_get:1236: inode #16: comm syz.2.1073: iget: immutable or append flags not allowed on symlinks
[  115.479132][ T3551] EXT4-fs error (device loop2): ext4_orphan_get:1240: comm syz.2.1073: couldn't read orphan inode 16 (err -117)
[  115.491629][ T3551] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  115.498371][ T3548] bridge0: port 2(bridge_slave_1) entered blocking state
[  115.508449][ T3551] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1073'.
[  115.515281][ T3548] bridge0: port 2(bridge_slave_1) entered disabled state
[  115.526311][ T3548] device bridge_slave_1 entered promiscuous mode
[  115.570735][ T3566] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1078'.
[  115.604894][  T107] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  115.614159][  T107] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  115.622262][  T107] usb 1-1: Product: syz
[  115.626281][  T107] usb 1-1: Manufacturer: 䀁
[  115.630341][ T3548] bridge0: port 2(bridge_slave_1) entered blocking state
[  115.630699][  T107] usb 1-1: SerialNumber: syz
[  115.637549][ T3548] bridge0: port 2(bridge_slave_1) entered forwarding state
[  115.649092][ T3548] bridge0: port 1(bridge_slave_0) entered blocking state
[  115.655849][ T3548] bridge0: port 1(bridge_slave_0) entered forwarding state
[  115.655910][ T3536] raw-gadget gadget: fail, usb_ep_enable returned -22
[  115.670196][ T3536] raw-gadget gadget: fail, usb_ep_enable returned -22
[  115.702098][ T1250] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  115.712760][ T1250] bridge0: port 1(bridge_slave_0) entered disabled state
[  115.720689][ T1250] bridge0: port 2(bridge_slave_1) entered disabled state
[  115.735807][  T683] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  115.744154][  T683] bridge0: port 1(bridge_slave_0) entered blocking state
[  115.751019][  T683] bridge0: port 1(bridge_slave_0) entered forwarding state
[  115.756490][ T3573] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  115.758552][  T683] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  115.774918][  T683] bridge0: port 2(bridge_slave_1) entered blocking state
[  115.781760][  T683] bridge0: port 2(bridge_slave_1) entered forwarding state
[  115.804693][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  115.808741][ T3573] EXT4-fs error (device loop2): ext4_xattr_ibody_get:601: inode #15: comm syz.2.1081: corrupted in-inode xattr
[  115.825353][ T1719] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  115.826251][ T3573] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2221: inode #15: comm syz.2.1081: corrupted in-inode xattr
[  115.845492][ T3573] attempt to access beyond end of device
[  115.845492][ T3573] loop2: rw=2049, want=3606377192, limit=1024
[  115.857217][ T3573] EXT4-fs warning (device loop2): ext4_end_bio:317: I/O error 10 writing to inode 15 (offset 0 size 0 starting block 1803188595)
[  115.866804][  T683] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  115.871170][ T3573] Buffer I/O error on device loop2, logical block 1803188595
[  115.886334][ T3573] attempt to access beyond end of device
[  115.886334][ T3573] loop2: rw=2049, want=3403208900, limit=1024
[  115.898963][ T3573] EXT4-fs warning (device loop2): ext4_end_bio:317: I/O error 10 writing to inode 15 (offset 0 size 0 starting block 1701604449)
[  115.913422][ T3573] Buffer I/O error on device loop2, logical block 1701604449
[  115.920728][ T3573] attempt to access beyond end of device
[  115.920728][ T3573] loop2: rw=2049, want=59110, limit=1024
[  115.921294][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  115.931742][ T3573] EXT4-fs warning (device loop2): ext4_end_bio:317: I/O error 10 writing to inode 15 (offset 0 size 0 starting block 29554)
[  115.931750][ T3573] Buffer I/O error on device loop2, logical block 29554
[  115.967366][  T846] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /root/syzkaller.41vC3N/176/bus: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[  115.989681][ T2096] device bridge_slave_1 left promiscuous mode
[  115.995626][ T2096] bridge0: port 2(bridge_slave_1) entered disabled state
[  116.003823][  T846] EXT4-fs (loop2): Inode 15 (ffff8881d85a6940): i_reserved_data_blocks (1) not cleared!
[  116.013758][ T2096] device bridge_slave_0 left promiscuous mode
[  116.020961][ T2096] bridge0: port 1(bridge_slave_0) entered disabled state
[  116.024227][  T107] usb 1-1: USB disconnect, device number 12
[  116.070335][ T1250] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  116.077973][ T1719] usb 4-1: Using ep0 maxpacket: 16
[  116.090873][  T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  116.099247][  T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  116.113324][ T1250] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  116.122104][ T1250] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  116.136269][ T1250] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  116.144821][ T1250] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  116.207823][   T18] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  116.288635][ T3585] bridge0: port 1(bridge_slave_0) entered blocking state
[  116.295523][ T3585] bridge0: port 1(bridge_slave_0) entered disabled state
[  116.303954][ T3585] device bridge_slave_0 entered promiscuous mode
[  116.311226][ T3585] bridge0: port 2(bridge_slave_1) entered blocking state
[  116.316629][ T3588] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  116.318630][ T3585] bridge0: port 2(bridge_slave_1) entered disabled state
[  116.333226][ T3588] EXT4-fs (loop4): orphan cleanup on readonly fs
[  116.333417][ T3585] device bridge_slave_1 entered promiscuous mode
[  116.339995][ T3588] EXT4-fs error (device loop4): ext4_orphan_get:1236: inode #16: comm syz.4.1088: iget: immutable or append flags not allowed on symlinks
[  116.357320][ T1719] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  116.377023][ T1719] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  116.384063][ T3588] EXT4-fs error (device loop4): ext4_orphan_get:1240: comm syz.4.1088: couldn't read orphan inode 16 (err -117)
[  116.395024][ T1719] usb 4-1: Product: syz
[  116.401128][ T3588] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[  116.402016][ T1719] usb 4-1: Manufacturer: syz
[  116.424955][ T1719] usb 4-1: SerialNumber: syz
[  116.430500][ T1719] usb 4-1: config 0 descriptor??
[  116.442261][ T3588] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1088'.
[  116.461921][ T3585] bridge0: port 2(bridge_slave_1) entered blocking state
[  116.468873][ T3585] bridge0: port 2(bridge_slave_1) entered forwarding state
[  116.476053][ T3585] bridge0: port 1(bridge_slave_0) entered blocking state
[  116.482862][ T3585] bridge0: port 1(bridge_slave_0) entered forwarding state
[  116.527049][ T1745] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  116.535204][   T23] audit: type=1400 audit(1719644255.887:1228): avc:  denied  { setopt } for  pid=3596 comm="syz.0.1090" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  116.535247][ T1745] bridge0: port 1(bridge_slave_0) entered disabled state
[  116.562293][ T1745] bridge0: port 2(bridge_slave_1) entered disabled state
[  116.578909][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  116.587197][  T107] bridge0: port 1(bridge_slave_0) entered blocking state
[  116.594055][  T107] bridge0: port 1(bridge_slave_0) entered forwarding state
[  116.607374][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  116.615492][  T107] bridge0: port 2(bridge_slave_1) entered blocking state
[  116.622353][  T107] bridge0: port 2(bridge_slave_1) entered forwarding state
[  116.627817][   T18] usb 2-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  116.651831][   T18] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  116.687790][  T534] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  116.697382][  T534] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  116.815903][  T534] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  116.882018][   T18] usb 2-1: config 0 descriptor??
[  116.909652][ T3562] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
[  116.915014][  T534] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  116.951215][ T1745] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  116.960761][ T3607] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[  116.977828][ T1745] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  116.995370][  T534] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  117.034721][ T3562] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6099: Corrupt filesystem
[  117.064936][   T23] audit: type=1400 audit(1719644256.416:1229): avc:  denied  { map } for  pid=3616 comm="syz.2.1094" path="/dev/usbmon0" dev="devtmpfs" ino=848 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  117.068416][ T3607] EXT4-fs error (device loop4): ext4_xattr_ibody_get:601: inode #15: comm syz.4.1093: corrupted in-inode xattr
[  117.088610][ T1719] r8152 4-1:0.0: Unknown version 0x0000
[  117.101216][   T23] audit: type=1400 audit(1719644256.456:1230): avc:  denied  { execute } for  pid=3616 comm="syz.2.1094" path="/dev/usbmon0" dev="devtmpfs" ino=848 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  117.122200][ T3607] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2221: inode #15: comm syz.4.1093: corrupted in-inode xattr
[  117.142069][ T3619] SELinux: security_context_str_to_sid(unconfined_u) failed for (dev sda1, type ext4) errno=-22
[  117.145823][ T1719] usb 4-1: USB disconnect, device number 13
[  117.170141][ T3607] attempt to access beyond end of device
[  117.170141][ T3607] loop4: rw=2049, want=3606377192, limit=1024
[  117.181695][ T3607] EXT4-fs warning (device loop4): ext4_end_bio:317: I/O error 10 writing to inode 15 (offset 0 size 0 starting block 1803188595)
[  117.197408][ T3607] Buffer I/O error on device loop4, logical block 1803188595
[  117.204717][ T3607] attempt to access beyond end of device
[  117.204717][ T3607] loop4: rw=2049, want=3403208900, limit=1024
[  117.216364][ T3607] EXT4-fs warning (device loop4): ext4_end_bio:317: I/O error 10 writing to inode 15 (offset 0 size 0 starting block 1701604449)
[  117.229764][ T3607] Buffer I/O error on device loop4, logical block 1701604449
[  117.237030][ T3607] attempt to access beyond end of device
[  117.237030][ T3607] loop4: rw=2049, want=59110, limit=1024
[  117.248477][ T3607] EXT4-fs warning (device loop4): ext4_end_bio:317: I/O error 10 writing to inode 15 (offset 0 size 0 starting block 29554)
[  117.261318][ T3607] Buffer I/O error on device loop4, logical block 29554
[  117.286145][ T3548] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /root/syzkaller.hXqDqD/6/bus: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[  117.311023][ T3548] EXT4-fs (loop4): Inode 15 (ffff8881d04019c8): i_reserved_data_blocks (1) not cleared!
[  117.481043][ T1250] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  117.547231][ T3630] bridge0: port 1(bridge_slave_0) entered blocking state
[  117.554067][ T3630] bridge0: port 1(bridge_slave_0) entered disabled state
[  117.561500][ T3630] device bridge_slave_0 entered promiscuous mode
[  117.568147][ T3630] bridge0: port 2(bridge_slave_1) entered blocking state
[  117.574987][ T3630] bridge0: port 2(bridge_slave_1) entered disabled state
[  117.582549][ T3630] device bridge_slave_1 entered promiscuous mode
[  117.594035][   T23] audit: type=1400 audit(1719644256.954:1231): avc:  denied  { unlink } for  pid=144 comm="syslogd" name="messages.0" dev="tmpfs" ino=979 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  117.629811][ T2296] EXT4-fs error (device loop3): ext4_map_blocks:617: inode #2: block 16: comm syz-executor: lblock 0 mapped to illegal pblock 16 (length 1)
[  117.645985][ T2296] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6099: Corrupt filesystem
[  117.692595][ T3630] bridge0: port 2(bridge_slave_1) entered blocking state
[  117.699549][ T3630] bridge0: port 2(bridge_slave_1) entered forwarding state
[  117.706676][ T3630] bridge0: port 1(bridge_slave_0) entered blocking state
[  117.713427][ T3630] bridge0: port 1(bridge_slave_0) entered forwarding state
[  117.721728][  T107] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  117.744708][ T1719] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  117.752283][ T1719] bridge0: port 1(bridge_slave_0) entered disabled state
[  117.759220][ T1719] bridge0: port 2(bridge_slave_1) entered disabled state
[  117.768764][  T372] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  117.777584][  T372] bridge0: port 1(bridge_slave_0) entered blocking state
[  117.784431][  T372] bridge0: port 1(bridge_slave_0) entered forwarding state
[  117.797947][ T1719] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  117.806386][ T1250] usb 3-1: too many configurations: 65, using maximum allowed: 8
[  117.814789][ T1719] bridge0: port 2(bridge_slave_1) entered blocking state
[  117.821675][ T1719] bridge0: port 2(bridge_slave_1) entered forwarding state
[  117.852614][ T1719] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  117.860488][ T1719] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  117.892450][ T1250] usb 3-1: config 0 has no interfaces?
[  117.909459][ T1719] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  117.937289][ T3635] bridge0: port 1(bridge_slave_0) entered blocking state
[  117.944432][ T3635] bridge0: port 1(bridge_slave_0) entered disabled state
[  117.951618][ T3635] device bridge_slave_0 entered promiscuous mode
[  117.958640][ T3635] bridge0: port 2(bridge_slave_1) entered blocking state
[  117.965575][ T3635] bridge0: port 2(bridge_slave_1) entered disabled state
[  117.972831][ T3635] device bridge_slave_1 entered promiscuous mode
[  117.982066][ T1250] usb 3-1: config 0 has no interfaces?
[  117.993962][  T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  118.032520][ T1719] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  118.041344][  T179] device bridge_slave_1 left promiscuous mode
[  118.047627][  T179] bridge0: port 2(bridge_slave_1) entered disabled state
[  118.054862][  T179] device bridge_slave_0 left promiscuous mode
[  118.060777][  T179] bridge0: port 1(bridge_slave_0) entered disabled state
[  118.072384][ T1250] usb 3-1: config 0 has no interfaces?
[  118.112567][  T107] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  118.123832][  T107] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  118.148370][ T1719] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  118.156461][ T1719] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  118.164409][ T1250] usb 3-1: config 0 has no interfaces?
[  118.171313][  T534] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  118.179524][  T534] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  118.242693][ T1250] usb 3-1: config 0 has no interfaces?
[  118.243698][  T534] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  118.255639][  T534] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  118.267498][ T3642] SELinux: security_context_str_to_sid(unconfined_u) failed for (dev sda1, type ext4) errno=-22
[  118.278107][ T1745] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  118.286574][ T1745] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  118.293069][  T107] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  118.295143][ T1745] bridge0: port 1(bridge_slave_0) entered blocking state
[  118.310065][ T1745] bridge0: port 1(bridge_slave_0) entered forwarding state
[  118.313600][  T107] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  118.319303][ T1745] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  118.325286][ T1250] usb 3-1: config 0 has no interfaces?
[  118.333176][ T1745] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  118.339535][  T107] usb 1-1: Product: syz
[  118.348164][ T1745] bridge0: port 2(bridge_slave_1) entered blocking state
[  118.350336][  T107] usb 1-1: Manufacturer: syz
[  118.356772][ T1745] bridge0: port 2(bridge_slave_1) entered forwarding state
[  118.370305][  T107] usb 1-1: SerialNumber: syz
[  118.373672][ T1745] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  118.382377][ T1745] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  118.390278][ T1745] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  118.398106][ T1745] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  118.406274][ T1745] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  118.413187][ T1250] usb 3-1: config 0 has no interfaces?
[  118.428077][ T1719] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  118.439547][ T1719] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  118.462575][  T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  118.470452][  T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  118.485439][ T1719] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  118.493418][ T1250] usb 3-1: config 0 has no interfaces?
[  118.499032][ T1250] usb 3-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d
[  118.508124][ T1250] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  118.516240][  T357] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  118.525211][ T1250] usb 3-1: config 0 descriptor??
[  118.531404][  T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  118.549533][ T1719] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  118.557818][ T1719] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  118.646640][ T3652] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[  118.852432][ T1250] usb 3-1: USB disconnect, device number 13
[  118.876323][ T3666] xt_policy: output policy not valid in PREROUTING and INPUT
[  119.045335][  T179] device bridge_slave_1 left promiscuous mode
[  119.051287][  T179] bridge0: port 2(bridge_slave_1) entered disabled state
[  119.058605][  T179] device bridge_slave_0 left promiscuous mode
[  119.064525][  T179] bridge0: port 1(bridge_slave_0) entered disabled state
[  119.075182][ T1719] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  119.165623][ T1745] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  119.315830][ T1719] usb 4-1: Using ep0 maxpacket: 16
[  119.416170][ T1745] usb 5-1: Using ep0 maxpacket: 16
[  119.506453][  T107] cdc_ncm 1-1:1.0: bind() failure
[  119.526590][ T1719] usb 4-1: config 1 interface 0 altsetting 8 bulk endpoint 0x1 has invalid maxpacket 1023
[  119.536297][ T1719] usb 4-1: config 1 interface 0 altsetting 8 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  119.549028][  T107] cdc_ncm: probe of 1-1:1.1 failed with error -71
[  119.549305][ T1719] usb 4-1: config 1 interface 0 has no altsetting 0
[  119.566895][  T107] cdc_mbim: probe of 1-1:1.1 failed with error -71
[  119.574907][  T107] usb 1-1: USB disconnect, device number 13
[  119.706682][ T1745] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  119.715656][ T1745] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  119.723622][ T1745] usb 5-1: Product: syz
[  119.726974][ T1719] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  119.728103][   T18] usb 2-1: Cannot set autoneg
[  119.737695][ T1719] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  119.741189][ T1745] usb 5-1: Manufacturer: syz
[  119.749097][ T1719] usb 4-1: Product: syz
[  119.753300][   T18] MOSCHIP usb-ethernet driver: probe of 2-1:0.0 failed with error -71
[  119.757554][ T1719] usb 4-1: Manufacturer: 䀁
[  119.765449][ T1745] usb 5-1: SerialNumber: syz
[  119.770190][ T1719] usb 4-1: SerialNumber: syz
[  119.779143][   T18] usb 2-1: USB disconnect, device number 12
[  119.786509][ T1745] usb 5-1: config 0 descriptor??
[  119.796674][ T3664] raw-gadget gadget: fail, usb_ep_enable returned -22
[  119.804406][ T3664] raw-gadget gadget: fail, usb_ep_enable returned -22
[  120.098603][ T1719] usb 4-1: USB disconnect, device number 14
[  120.108013][ T3668] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[  120.108529][ T3676] EXT4-fs (loop0): mounted filesystem without journal. Opts: user_xattr,resuid=0x0000000000000000,sysvgroups,norecovery,errors=continue,abort,quota,noauto_da_alloc,lazytime,,errors=continue
[  120.187369][ T3668] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6099: Corrupt filesystem
[  120.206964][ T1745] r8152 5-1:0.0: Unknown version 0x0000
[  120.227134][ T1745] usb 5-1: USB disconnect, device number 11
[  120.232975][ T3683] SELinux: security_context_str_to_sid(unconfined_u) failed for (dev sda1, type ext4) errno=-22
[  120.302004][   T23] audit: type=1400 audit(1853861987.645:1232): avc:  denied  { ioctl } for  pid=3690 comm="syz.1.1120" path="socket:[35357]" dev="sockfs" ino=35357 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  120.371900][ T3697] cgroup: syz.2.1122 (3697) created nested cgroup for controller "memory" which has incomplete hierarchy support. Nested cgroups may change behavior in the future.
[  120.392753][ T3699] xt_policy: output policy not valid in PREROUTING and INPUT
[  120.397092][ T3697] cgroup: "memory" requires setting use_hierarchy to 1 on the root
[  120.497245][ T3704] EXT4-fs (loop2): mounted filesystem without journal. Opts: user_xattr,resuid=0x0000000000000000,sysvgroups,norecovery,errors=continue,abort,quota,noauto_da_alloc,lazytime,,errors=continue
[  120.593985][ T3721] tipc: Started in network mode
[  120.612392][ T3721] tipc: Own node identity e0000002, cluster identity 4711
[  120.624927][ T3721] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  120.654030][ T3728] xt_policy: output policy not valid in PREROUTING and INPUT
[  120.713907][ T3736] device syzkaller0 entered promiscuous mode
[  120.769561][ T3748] tipc: Started in network mode
[  120.774235][ T3748] tipc: Own node identity e0000002, cluster identity 4711
[  120.781430][ T3748] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  120.859326][ T3630] EXT4-fs error (device loop4): ext4_map_blocks:617: inode #2: block 16: comm syz-executor: lblock 0 mapped to illegal pblock 16 (length 1)
[  120.880397][ T3764] SELinux: security_context_str_to_sid(root) failed for (dev incremental-fs, type incremental-fs) errno=-22
[  120.885802][ T3630] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6099: Corrupt filesystem
[  120.906766][ T3756] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
[  120.983537][ T3758] EXT4-fs error (device loop2): ext4_orphan_get:1240: comm syz.2.1150: couldn't read orphan inode 26 (err -116)
[  120.995450][ T3758] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  121.004253][ T3758] ext4 filesystem being mounted at /root/syzkaller.bQq4Uf/14/file1 supports timestamps until 2038 (0x7fffffff)
[  121.066583][ T1745] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  121.182318][ T3782] device syzkaller0 entered promiscuous mode
[  121.268386][ T3790] SELinux: security_context_str_to_sid(root) failed for (dev incremental-fs, type incremental-fs) errno=-22
[  121.307926][ T3779] bridge0: port 1(bridge_slave_0) entered blocking state
[  121.314863][ T3779] bridge0: port 1(bridge_slave_0) entered disabled state
[  121.322249][ T3779] device bridge_slave_0 entered promiscuous mode
[  121.329413][ T3779] bridge0: port 2(bridge_slave_1) entered blocking state
[  121.336976][ T1745] usb 2-1: Using ep0 maxpacket: 8
[  121.343657][ T3779] bridge0: port 2(bridge_slave_1) entered disabled state
[  121.351884][ T3796] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[  121.354219][ T3779] device bridge_slave_1 entered promiscuous mode
[  121.399322][ T3800] EXT4-fs error (device loop2): ext4_orphan_get:1240: comm syz.2.1168: couldn't read orphan inode 26 (err -116)
[  121.412842][ T3800] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  121.436361][ T3800] ext4 filesystem being mounted at /root/syzkaller.bQq4Uf/18/file1 supports timestamps until 2038 (0x7fffffff)
[  121.486782][ T1745] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  121.500271][ T1745] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  121.509380][ T3816] SELinux: security_context_str_to_sid(unconfined_u) failed for (dev sda1, type ext4) errno=-22
[  121.510561][ T1745] usb 2-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00
[  121.529064][ T1745] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  121.538575][ T1745] usb 2-1: config 0 descriptor??
[  121.565914][ T3820] device syzkaller0 entered promiscuous mode
[  121.611522][ T3779] bridge0: port 2(bridge_slave_1) entered blocking state
[  121.618504][ T3779] bridge0: port 2(bridge_slave_1) entered forwarding state
[  121.625582][ T3779] bridge0: port 1(bridge_slave_0) entered blocking state
[  121.632375][ T3779] bridge0: port 1(bridge_slave_0) entered forwarding state
[  121.671349][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  121.679338][   T18] bridge0: port 1(bridge_slave_0) entered disabled state
[  121.689347][   T18] bridge0: port 2(bridge_slave_1) entered disabled state
[  121.699246][ T3829] SELinux: security_context_str_to_sid(root) failed for (dev incremental-fs, type incremental-fs) errno=-22
[  121.713119][  T372] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  121.721242][  T372] bridge0: port 1(bridge_slave_0) entered blocking state
[  121.728089][  T372] bridge0: port 1(bridge_slave_0) entered forwarding state
[  121.737818][  T372] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  121.746500][  T372] bridge0: port 2(bridge_slave_1) entered blocking state
[  121.753352][  T372] bridge0: port 2(bridge_slave_1) entered forwarding state
[  121.804425][  T534] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  121.853412][  T534] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  121.954917][ T3832] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[  121.963990][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  121.974920][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  122.040019][ T1745] steelseries_srws1 0003:1038:1410.000F: unknown main item tag 0xd
[  122.048741][ T1745] steelseries_srws1 0003:1038:1410.000F: item fetching failed at offset 6/7
[  122.057784][ T1745] steelseries_srws1 0003:1038:1410.000F: parse failed
[  122.064414][ T1745] steelseries_srws1: probe of 0003:1038:1410.000F failed with error -22
[  122.069824][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  122.081203][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  122.094003][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  122.345589][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  122.364120][    T9] device bridge_slave_1 left promiscuous mode
[  122.364793][  T107] usb 2-1: USB disconnect, device number 13
[  122.373369][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[  122.388539][    T9] device bridge_slave_0 left promiscuous mode
[  122.394515][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[  122.551064][ T1719] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  122.559697][ T1719] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  122.561263][ T3852] EXT4-fs error (device loop0): ext4_orphan_get:1240: comm syz.0.1184: couldn't read orphan inode 26 (err -116)
[  122.582776][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  122.587234][ T3852] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[  122.593078][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  122.599616][ T3852] ext4 filesystem being mounted at /root/syzkaller.nPH6JA/55/file1 supports timestamps until 2038 (0x7fffffff)
[  122.721640][ T3864] SELinux: security_context_str_to_sid(root) failed for (dev incremental-fs, type incremental-fs) errno=-22
[  122.797519][ T3870] FAT-fs (loop2): Directory bread(block 64) failed
[  122.808088][ T3870] FAT-fs (loop2): Directory bread(block 65) failed
[  122.838799][ T3870] FAT-fs (loop2): Directory bread(block 66) failed
[  122.845250][ T3870] FAT-fs (loop2): Directory bread(block 67) failed
[  122.851947][ T3870] FAT-fs (loop2): Directory bread(block 68) failed
[  122.868424][ T3870] FAT-fs (loop2): Directory bread(block 69) failed
[  122.882852][ T3870] FAT-fs (loop2): Directory bread(block 70) failed
[  122.889337][ T3870] FAT-fs (loop2): Directory bread(block 71) failed
[  122.895677][ T3870] FAT-fs (loop2): Directory bread(block 72) failed
[  122.902065][ T3870] FAT-fs (loop2): Directory bread(block 73) failed
[  122.934095][ T3876] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[  122.996781][ T3883] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
[  123.005817][ T3883] ext4 filesystem being mounted at /root/syzkaller.50L4oL/17/file0 supports timestamps until 2038 (0x7fffffff)
[  123.041646][ T3883] EXT4-fs error (device loop3) in ext4_do_update_inode:5534: error 27
[  123.061153][ T3883] EXT4-fs error (device loop3) in ext4_do_update_inode:5534: error 27
[  123.069765][ T3883] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2962: inode #18: comm syz.3.1196: mark inode dirty (error -27)
[  123.082207][ T3883] EXT4-fs warning (device loop3): ext4_evict_inode:321: xattr delete (err -27)
[  123.117629][   T23] audit: type=1400 audit(1853861990.465:1233): avc:  denied  { getopt } for  pid=3896 comm="syz.0.1199" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  123.165068][ T3901] kvm: apic: phys broadcast and lowest prio
[  123.660055][ T3915] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[  123.809564][ T3938] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[  123.818822][ T3938] ext4 filesystem being mounted at /root/syzkaller.nPH6JA/62/file0 supports timestamps until 2038 (0x7fffffff)
[  123.838210][ T3938] EXT4-fs error (device loop0) in ext4_do_update_inode:5534: error 27
[  123.916924][ T3938] EXT4-fs error (device loop0) in ext4_do_update_inode:5534: error 27
[  124.080897][   T23] audit: type=1400 audit(1853861991.425:1234): avc:  denied  { create } for  pid=3936 comm="syz.0.1213" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1
[  124.156677][  T107] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  124.172173][ T3951] xt_TPROXY: Can be used only with -p tcp or -p udp
[  124.261047][ T3958] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[  124.327715][ T3958] EXT4-fs error (device loop0): ext4_xattr_ibody_get:601: inode #15: comm syz.0.1221: corrupted in-inode xattr
[  124.339652][ T3958] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2221: inode #15: comm syz.0.1221: corrupted in-inode xattr
[  124.351906][ T3958] attempt to access beyond end of device
[  124.351906][ T3958] loop0: rw=2049, want=3606377192, limit=1024
[  124.363642][ T3958] EXT4-fs warning (device loop0): ext4_end_bio:317: I/O error 10 writing to inode 15 (offset 0 size 0 starting block 1803188595)
[  124.376785][ T3958] Buffer I/O error on device loop0, logical block 1803188595
[  124.384006][ T3958] attempt to access beyond end of device
[  124.384006][ T3958] loop0: rw=2049, want=3403208900, limit=1024
[  124.395535][ T3958] EXT4-fs warning (device loop0): ext4_end_bio:317: I/O error 10 writing to inode 15 (offset 0 size 0 starting block 1701604449)
[  124.408854][ T3958] Buffer I/O error on device loop0, logical block 1701604449
[  124.416180][ T3958] attempt to access beyond end of device
[  124.416180][ T3958] loop0: rw=2049, want=59110, limit=1024
[  124.427323][ T3958] EXT4-fs warning (device loop0): ext4_end_bio:317: I/O error 10 writing to inode 15 (offset 0 size 0 starting block 29554)
[  124.440090][ T3958] Buffer I/O error on device loop0, logical block 29554
[  124.488673][ T3210] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /root/syzkaller.nPH6JA/64/bus: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[  124.513646][ T3210] EXT4-fs (loop0): Inode 15 (ffff8881d8428000): i_reserved_data_blocks (1) not cleared!
[  124.926660][  T107] usb 5-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  124.935771][  T107] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  124.964612][  T107] usb 5-1: config 0 descriptor??
[  125.078443][ T3982] bridge0: port 1(bridge_slave_0) entered blocking state
[  125.085272][ T3982] bridge0: port 1(bridge_slave_0) entered disabled state
[  125.093029][ T3982] device bridge_slave_0 entered promiscuous mode
[  125.099960][ T3982] bridge0: port 2(bridge_slave_1) entered blocking state
[  125.106802][ T3982] bridge0: port 2(bridge_slave_1) entered disabled state
[  125.114078][ T3982] device bridge_slave_1 entered promiscuous mode
[  125.167945][ T3982] bridge0: port 2(bridge_slave_1) entered blocking state
[  125.174858][ T3982] bridge0: port 2(bridge_slave_1) entered forwarding state
[  125.182119][ T3982] bridge0: port 1(bridge_slave_0) entered blocking state
[  125.182132][ T3982] bridge0: port 1(bridge_slave_0) entered forwarding state
[  125.219521][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  125.231846][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  125.251863][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  125.307527][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  125.315700][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  125.322553][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  125.331155][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  125.339323][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  125.346146][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  125.367328][ T1719] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  125.369045][ T4001] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  125.375181][ T1719] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  125.402454][  T534] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  125.609497][ T4001] EXT4-fs error (device loop2): ext4_xattr_ibody_get:601: inode #15: comm syz.2.1237: corrupted in-inode xattr
[  125.622731][ T4001] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2221: inode #15: comm syz.2.1237: corrupted in-inode xattr
[  125.636354][ T4001] attempt to access beyond end of device
[  125.636354][ T4001] loop2: rw=2049, want=3606377192, limit=1024
[  125.655120][ T1745] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  125.664078][ T4001] EXT4-fs warning (device loop2): ext4_end_bio:317: I/O error 10 writing to inode 15 (offset 0 size 0 starting block 1803188595)
[  125.667111][  T534] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  125.678510][ T4001] Buffer I/O error on device loop2, logical block 1803188595
[  125.692656][ T4001] attempt to access beyond end of device
[  125.692656][ T4001] loop2: rw=2049, want=3403208900, limit=1024
[  125.700949][ T1745] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  125.705215][ T4001] EXT4-fs warning (device loop2): ext4_end_bio:317: I/O error 10 writing to inode 15 (offset 0 size 0 starting block 1701604449)
[  125.725085][ T4001] Buffer I/O error on device loop2, logical block 1701604449
[  125.732460][ T4001] attempt to access beyond end of device
[  125.732460][ T4001] loop2: rw=2049, want=59110, limit=1024
[  125.744041][ T4001] EXT4-fs warning (device loop2): ext4_end_bio:317: I/O error 10 writing to inode 15 (offset 0 size 0 starting block 29554)
[  125.745861][ T1719] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  125.757016][ T4001] Buffer I/O error on device loop2, logical block 29554
[  125.801872][ T3585] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /root/syzkaller.bQq4Uf/36/bus: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[  125.856685][  T107] usb 5-1: Cannot set autoneg
[  125.861280][  T107] MOSCHIP usb-ethernet driver: probe of 5-1:0.0 failed with error -71
[  125.873122][  T107] usb 5-1: USB disconnect, device number 12
[  125.885792][ T3585] EXT4-fs (loop2): Inode 15 (ffff8881d554d4a0): i_reserved_data_blocks (1) not cleared!
[  125.935402][   T23] audit: type=1400 audit(1853861993.275:1235): avc:  denied  { execute } for  pid=4020 comm="syz.0.1243" path=2F6D656D66643A1033717D329ACEAF03DF795BD9FF5238F41C0869E45ED5FDA90DAC374194A0202864656C6574656429 dev="tmpfs" ino=36629 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  127.276038][ T4058] syz.4.1256 (4058): /proc/4057/oom_adj is deprecated, please use /proc/4057/oom_score_adj instead.
[  127.529948][ T4062] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1258'.
[  127.595640][ T4052] bridge0: port 1(bridge_slave_0) entered blocking state
[  127.607778][ T4052] bridge0: port 1(bridge_slave_0) entered disabled state
[  127.619305][ T4052] device bridge_slave_0 entered promiscuous mode
[  127.690526][ T4052] bridge0: port 2(bridge_slave_1) entered blocking state
[  127.699625][ T4052] bridge0: port 2(bridge_slave_1) entered disabled state
[  127.717394][ T4052] device bridge_slave_1 entered promiscuous mode
[  128.239369][ T4052] bridge0: port 2(bridge_slave_1) entered blocking state
[  128.246220][ T4052] bridge0: port 2(bridge_slave_1) entered forwarding state
[  128.281611][  T107] bridge0: port 2(bridge_slave_1) entered disabled state
[  128.294176][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  128.302869][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  128.385298][ T4069] F2FS-fs (loop4): invalid crc value
[  128.392074][ T1719] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  128.400850][ T1719] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  128.401168][ T4069] F2FS-fs (loop4): Found nat_bits in checkpoint
[  128.408961][ T1719] bridge0: port 1(bridge_slave_0) entered blocking state
[  128.421696][ T1719] bridge0: port 1(bridge_slave_0) entered forwarding state
[  128.725996][ T1719] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  128.749299][ T1719] bridge0: port 2(bridge_slave_1) entered blocking state
[  128.750126][ T4069] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  128.756162][ T1719] bridge0: port 2(bridge_slave_1) entered forwarding state
[  128.774242][ T1719] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  128.782411][ T1719] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  128.857196][  T718] device bridge_slave_1 left promiscuous mode
[  128.863124][  T718] bridge0: port 2(bridge_slave_1) entered disabled state
[  128.870726][  T718] device bridge_slave_0 left promiscuous mode
[  128.876748][  T718] bridge0: port 1(bridge_slave_0) entered disabled state
[  129.164337][ T4091] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
[  129.180400][ T4091] ext4 filesystem being mounted at /root/syzkaller.50L4oL/31/file0 supports timestamps until 2038 (0x7fffffff)
[  129.202325][ T4091] EXT4-fs error (device loop3) in ext4_do_update_inode:5534: error 27
[  129.218412][  T534] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  129.226324][   T23] audit: type=1400 audit(1853861996.565:1236): avc:  denied  { bind } for  pid=4099 comm="syz.0.1267" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  129.246937][ T4091] EXT4-fs error (device loop3) in ext4_do_update_inode:5534: error 27
[  129.262379][  T534] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  129.266331][ T4091] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2962: inode #18: comm syz.3.1265: mark inode dirty (error -27)
[  129.287449][ T4091] EXT4-fs warning (device loop3): ext4_evict_inode:321: xattr delete (err -27)
[  129.303007][  T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  129.321533][  T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  129.331535][  T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  129.340686][  T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  129.354004][  T534] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  129.363618][  T534] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  129.374865][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  129.396164][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  129.579552][ T3779] attempt to access beyond end of device
[  129.579552][ T3779] loop4: rw=2049, want=45104, limit=40427
[  129.670838][ T4111] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  129.914373][ T4111] EXT4-fs error (device loop2): ext4_xattr_ibody_get:601: inode #15: comm syz.2.1251: corrupted in-inode xattr
[  129.926678][ T4111] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2221: inode #15: comm syz.2.1251: corrupted in-inode xattr
[  129.939059][ T4111] attempt to access beyond end of device
[  129.939059][ T4111] loop2: rw=2049, want=3606377192, limit=1024
[  129.950477][ T4111] EXT4-fs warning (device loop2): ext4_end_bio:317: I/O error 10 writing to inode 15 (offset 0 size 0 starting block 1803188595)
[  129.963618][ T4111] Buffer I/O error on device loop2, logical block 1803188595
[  129.971626][ T4111] attempt to access beyond end of device
[  129.971626][ T4111] loop2: rw=2049, want=3403208900, limit=1024
[  129.983020][ T4111] EXT4-fs warning (device loop2): ext4_end_bio:317: I/O error 10 writing to inode 15 (offset 0 size 0 starting block 1701604449)
[  129.996119][ T4111] Buffer I/O error on device loop2, logical block 1701604449
[  130.003465][ T4111] attempt to access beyond end of device
[  130.003465][ T4111] loop2: rw=2049, want=59110, limit=1024
[  130.014393][ T4111] EXT4-fs warning (device loop2): ext4_end_bio:317: I/O error 10 writing to inode 15 (offset 0 size 0 starting block 29554)
[  130.027064][ T4111] Buffer I/O error on device loop2, logical block 29554
[  130.042925][ T4052] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /root/syzkaller.w7u2aH/0/bus: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[  130.077104][ T4052] EXT4-fs (loop2): Inode 15 (ffff8881d5420000): i_reserved_data_blocks (1) not cleared!
[  130.695502][   T23] audit: type=1326 audit(1853861998.025:1237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4135 comm="syz.1.1282" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9e14404b99 code=0x0
[  130.762743][ T4130] bridge0: port 1(bridge_slave_0) entered blocking state
[  130.770277][ T4130] bridge0: port 1(bridge_slave_0) entered disabled state
[  130.777733][ T4130] device bridge_slave_0 entered promiscuous mode
[  131.038584][ T4130] bridge0: port 2(bridge_slave_1) entered blocking state
[  131.045450][ T4130] bridge0: port 2(bridge_slave_1) entered disabled state
[  131.052976][ T4130] device bridge_slave_1 entered promiscuous mode
[  131.166763][    T5] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  131.567489][  T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  131.580836][  T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  131.602803][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  131.611886][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  131.620474][   T18] bridge0: port 1(bridge_slave_0) entered blocking state
[  131.627348][   T18] bridge0: port 1(bridge_slave_0) entered forwarding state
[  131.648886][  T372] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  131.656906][  T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  131.665505][  T372] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  131.673901][  T372] bridge0: port 2(bridge_slave_1) entered blocking state
[  131.680756][  T372] bridge0: port 2(bridge_slave_1) entered forwarding state
[  131.697031][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  131.704832][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  131.712441][    T5] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  131.723226][    T5] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  131.733629][    T5] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  131.733659][ T2096] device bridge_slave_1 left promiscuous mode
[  131.744297][    T5] usb 4-1: config 1 interface 1 has no altsetting 0
[  131.757065][ T2096] bridge0: port 2(bridge_slave_1) entered disabled state
[  131.764205][ T2096] device bridge_slave_0 left promiscuous mode
[  131.770507][ T2096] bridge0: port 1(bridge_slave_0) entered disabled state
[  131.846054][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  131.857597][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  131.866710][  T357] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  131.874603][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  131.889934][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  131.900055][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  131.916999][    T5] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  131.925995][    T5] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  131.933825][    T5] usb 4-1: Product: syz
[  131.938179][    T5] usb 4-1: Manufacturer: syz
[  131.942561][    T5] usb 4-1: SerialNumber: syz
[  131.976573][  T372] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  132.010574][ T4163] xt_TPROXY: Can be used only with -p tcp or -p udp
[  132.386893][  T357] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  132.398296][  T357] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  132.407897][  T357] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  132.416770][  T357] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  132.426187][    T5] usb 4-1: 2:1 : invalid channels 0
[  132.429288][  T357] usb 1-1: config 0 descriptor??
[  132.450845][    T5] usb 4-1: USB disconnect, device number 15
[  132.460684][  T415] udevd[415]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  132.471644][ T4169] bridge0: port 1(bridge_slave_0) entered blocking state
[  132.483351][ T4169] bridge0: port 1(bridge_slave_0) entered disabled state
[  132.490959][ T4169] device bridge_slave_0 entered promiscuous mode
[  132.499359][ T4169] bridge0: port 2(bridge_slave_1) entered blocking state
[  132.506176][ T4169] bridge0: port 2(bridge_slave_1) entered disabled state
[  132.513669][ T4169] device bridge_slave_1 entered promiscuous mode
[  132.519974][  T372] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  132.531499][  T372] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  132.548509][  T372] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  132.558593][  T372] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  132.586083][ T4169] bridge0: port 2(bridge_slave_1) entered blocking state
[  132.593042][ T4169] bridge0: port 2(bridge_slave_1) entered forwarding state
[  132.600195][ T4169] bridge0: port 1(bridge_slave_0) entered blocking state
[  132.606932][ T4169] bridge0: port 1(bridge_slave_0) entered forwarding state
[  132.633262][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  132.641778][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  132.646699][  T372] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  132.657626][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  132.657695][  T372] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  132.672690][  T372] usb 2-1: Manufacturer: syz
[  132.681380][  T372] usb 2-1: config 0 descriptor??
[  132.693854][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  132.701874][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  132.708713][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  132.715995][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  132.724507][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  132.731346][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  132.741898][  T534] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  132.751327][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  132.770989][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  132.786279][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  132.801463][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  132.813258][  T534] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  132.825080][ T1250] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  132.927873][ T2096] device bridge_slave_1 left promiscuous mode
[  132.933956][ T2096] bridge0: port 2(bridge_slave_1) entered disabled state
[  132.976424][ T2096] device bridge_slave_0 left promiscuous mode
[  132.985158][ T2096] bridge0: port 1(bridge_slave_0) entered disabled state
[  133.084191][ T4186] xt_TCPMSS: Only works on TCP SYN packets
[  133.094561][   T23] audit: type=1400 audit(1853862000.435:1238): avc:  denied  { setopt } for  pid=4185 comm="syz.4.1295" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  133.124220][   T23] audit: type=1326 audit(1853862000.465:1239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4187 comm="syz.4.1296" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3d8482cb99 code=0x0
[  133.158824][  T372] appleir 0003:05AC:8243.0011: No inputs registered, leaving
[  133.169470][  T372] appleir 0003:05AC:8243.0011: hiddev96,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0
[  133.280120][ T4190] EXT4-fs (loop4): Ignoring removed mblk_io_submit option
[  133.298201][ T4190] EXT4-fs (loop4): mounted filesystem without journal. Opts: nombcache,usrjquota=,errors=remount-ro,norecovery,max_batch_time=0x0000000000000005,mblk_io_submit,minixdf,barrier=0x0000000000000000,grpjquota=,bsddf,
[  133.322527][ T4190] cgroup1: Unknown subsys name 'devices'
[  133.381529][ T4194] EXT4-fs error (device loop4): ext4_validate_block_bitmap:418: comm syz.4.1296: bg 0: block 234: padding at end of block bitmap is not set
[  133.396084][ T4194] EXT4-fs (loop4): Remounting filesystem read-only
[  133.431327][ T1745] usb 2-1: USB disconnect, device number 14
[  134.018882][  T357] uclogic 0003:256C:006D.0010: failed retrieving string descriptor #100: -71
[  134.027661][  T357] uclogic 0003:256C:006D.0010: failed retrieving pen parameters: -71
[  134.035548][  T357] uclogic 0003:256C:006D.0010: failed probing pen v1 parameters: -71
[  134.043918][  T357] uclogic 0003:256C:006D.0010: failed probing parameters: -71
[  134.051866][  T357] uclogic: probe of 0003:256C:006D.0010 failed with error -71
[  134.061517][  T357] usb 1-1: USB disconnect, device number 14
[  134.189145][ T4203] F2FS-fs (loop2): Project quota feature not enabled. Cannot enable project quota enforcement.
[  134.426623][ T1250] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  134.976792][ T1250] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  135.006634][ T1250] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  135.016380][ T1250] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  135.031019][ T1250] usb 5-1: config 1 interface 1 has no altsetting 0
[  135.080914][ T4224] F2FS-fs (loop2): Found nat_bits in checkpoint
[  135.196948][ T1250] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  135.208553][ T4224] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  135.216799][ T1250] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  135.225712][ T1250] usb 5-1: Product: syz
[  135.230288][ T1250] usb 5-1: Manufacturer: syz
[  135.236381][ T1250] usb 5-1: SerialNumber: syz
[  135.486747][  T534] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  135.748621][ T4169] attempt to access beyond end of device
[  135.748621][ T4169] loop2: rw=2049, want=45112, limit=40427
[  135.796771][ T1250] usb 5-1: 2:1 : invalid channels 0
[  135.834408][ T1250] usb 5-1: USB disconnect, device number 13
[  135.916667][  T534] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  135.936595][  T534] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  135.956276][  T534] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  135.976459][  T534] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  135.985327][  T534] usb 4-1: config 0 descriptor??
[  136.066259][ T4265] F2FS-fs (loop0): invalid crc value
[  136.095183][ T4265] F2FS-fs (loop0): Found nat_bits in checkpoint
[  136.220520][ T4265] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  136.729230][ T3982] attempt to access beyond end of device
[  136.729230][ T3982] loop0: rw=2049, want=45104, limit=40427
[  137.046375][ T4314] erofs: (device loop4): check_layout_compatibility: unidentified incompatible feature 8, please upgrade kernel version
[  137.056972][ T4305] F2FS-fs (loop2): Project quota feature not enabled. Cannot enable project quota enforcement.
[  137.346715][  T534] uclogic 0003:256C:006D.0012: failed retrieving string descriptor #100: -71
[  137.356246][  T534] uclogic 0003:256C:006D.0012: failed retrieving pen parameters: -71
[  137.364341][ T4320] FAT-fs (loop4): bogus logical sector size 0
[  137.366304][  T534] uclogic 0003:256C:006D.0012: failed probing pen v1 parameters: -71
[  137.380991][  T534] uclogic 0003:256C:006D.0012: failed probing parameters: -71
[  137.388371][ T4320] FAT-fs (loop4): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero
[  137.391397][  T534] uclogic: probe of 0003:256C:006D.0012 failed with error -71
[  137.410797][  T534] usb 4-1: USB disconnect, device number 16
[  137.417016][ T4320] FAT-fs (loop4): Can't find a valid FAT filesystem
[  137.486638][ T1250] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  137.524475][ T4334] xt_TCPMSS: Only works on TCP SYN packets
[  137.675872][ T4344] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e000e01c, mo2=0002]
[  137.688247][ T4344] System zones: 0-1, 3-12
[  137.695706][ T4344] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[  137.701926][ T4350] capability: warning: `syz.2.1351' uses deprecated v2 capabilities in a way that may be insecure
[  137.973974][ T1250] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  137.985211][ T1719] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  138.043045][ T1250] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  138.090369][ T4352] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  138.091642][ T1250] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  138.102415][ T4352] ext4 filesystem being mounted at /root/syzkaller.DId2Ka/13/bus supports timestamps until 2038 (0x7fffffff)
[  138.121357][ T1250] usb 2-1: config 1 interface 1 has no altsetting 0
[  138.139015][ T4352] fs-verity: sha512 using implementation "sha512-generic"
[  138.141476][   T23] audit: type=1400 audit(1853862005.485:1240): avc:  denied  { ioctl } for  pid=4351 comm="syz.2.1352" path="/root/syzkaller.DId2Ka/13/bus/file0/file0" dev="loop2" ino=13 ioctlcmd=0x6685 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  138.241321][ T4363] FAT-fs (loop3): bogus logical sector size 0
[  138.247874][ T4363] FAT-fs (loop3): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero
[  138.257283][ T4363] FAT-fs (loop3): Can't find a valid FAT filesystem
[  138.287571][ T1250] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  138.296750][ T1250] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  138.304560][ T1250] usb 2-1: Product: syz
[  138.308631][ T1250] usb 2-1: Manufacturer: syz
[  138.312982][ T1250] usb 2-1: SerialNumber: syz
[  138.333620][   T23] audit: type=1400 audit(1853862005.675:1241): avc:  denied  { write } for  pid=4369 comm="syz.3.1357" name="ppp" dev="devtmpfs" ino=847 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  138.356235][   T23] audit: type=1400 audit(1853862005.685:1242): avc:  denied  { ioctl } for  pid=4369 comm="syz.3.1357" path="/dev/ppp" dev="devtmpfs" ino=847 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  138.406765][ T1719] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  138.415905][ T1719] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  138.432689][ T4372] Source file dentry negative
[  138.483112][ T1719] usb 1-1: config 0 descriptor??
[  138.548753][   T23] audit: type=1400 audit(1853862005.895:1243): avc:  denied  { mounton } for  pid=4376 comm="syz.3.1360" path="/root/syzkaller.50L4oL/49/bus/bus" dev="loop3" ino=76 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=file permissive=1
[  138.589170][ T3635] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000074f)
[  138.599556][ T3635] FAT-fs (loop3): Filesystem has been set read-only
[  138.606027][ T3635] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000074f)
[  138.646819][ T1250] usb 2-1: 2:1 : invalid channels 0
[  138.672390][ T1250] usb 2-1: USB disconnect, device number 15
[  138.680160][ T1911] udevd[1911]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  138.691292][ T4386] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[  138.705637][ T4386] ext4 filesystem being mounted at /root/syzkaller.vaYsVY/39/bus supports timestamps until 2038 (0x7fffffff)
[  138.772996][   T23] audit: type=1400 audit(1853862006.125:1244): avc:  denied  { setopt } for  pid=4339 comm="syz.0.1347" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  138.815441][ T4392] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  138.838844][ T4392] EXT4-fs error (device loop4): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 18 vs 41 free clusters
[  138.852759][ T4392] Quota error (device loop4): write_blk: dquota write failed
[  138.860202][ T4392] Quota error (device loop4): find_free_dqentry: Can't write quota data block 5
[  138.874459][ T4340] EXT4-fs (loop0): blocks per group (0) and clusters per group (8192) inconsistent
[  138.880316][ T4394] bridge0: port 1(bridge_slave_0) entered blocking state
[  138.890633][ T4394] bridge0: port 1(bridge_slave_0) entered disabled state
[  138.895046][  T372] usb 1-1: USB disconnect, device number 15
[  138.898072][ T4394] device bridge_slave_0 entered promiscuous mode
[  138.906696][ T4392] Quota error (device loop4): write_blk: dquota write failed
[  138.921554][ T4392] Quota error (device loop4): qtree_write_dquot: Error -28 occurred while creating quota
[  138.922350][ T4394] bridge0: port 2(bridge_slave_1) entered blocking state
[  138.931744][ T4392] EXT4-fs (loop4): 1 truncate cleaned up
[  138.938661][ T4394] bridge0: port 2(bridge_slave_1) entered disabled state
[  138.939248][ T4394] device bridge_slave_1 entered promiscuous mode
[  138.944607][ T4392] EXT4-fs (loop4): mounted filesystem without journal. Opts: usrjquota=,noblock_validity,max_dir_size_kb=0x000000000181fffc,barrier=0x0000000000000007,journal_ioprio=0x0000000000000007,discard,nobarrier,dioread_nolock,resgid=0x000000000000ee002,errors=continue
[  139.019239][ T4394] bridge0: port 2(bridge_slave_1) entered blocking state
[  139.026099][ T4394] bridge0: port 2(bridge_slave_1) entered forwarding state
[  139.033235][ T4394] bridge0: port 1(bridge_slave_0) entered blocking state
[  139.040076][ T4394] bridge0: port 1(bridge_slave_0) entered forwarding state
[  139.066938][ T1250] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  139.075002][ T1250] bridge0: port 1(bridge_slave_0) entered disabled state
[  139.082634][ T1250] bridge0: port 2(bridge_slave_1) entered disabled state
[  139.095029][  T534] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  139.103596][  T534] bridge0: port 1(bridge_slave_0) entered blocking state
[  139.110430][  T534] bridge0: port 1(bridge_slave_0) entered forwarding state
[  139.129679][  T534] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  139.138035][  T534] bridge0: port 2(bridge_slave_1) entered blocking state
[  139.144872][  T534] bridge0: port 2(bridge_slave_1) entered forwarding state
[  139.150909][ T4406] Source file dentry negative
[  139.182752][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  139.217983][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  139.244669][ T1250] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  139.261633][ T1250] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  139.297633][  T534] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  139.326328][ T4169] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000074f)
[  139.335288][ T4169] FAT-fs (loop2): Filesystem has been set read-only
[  139.341969][ T4169] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000074f)
[  139.638377][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  139.646763][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  140.275278][ T4440] Source file dentry negative
[  140.418529][ T4443] kvm: MONITOR instruction emulated as NOP!
[  140.463731][ T4445] bridge0: port 1(bridge_slave_0) entered blocking state
[  140.483438][ T4445] bridge0: port 1(bridge_slave_0) entered disabled state
[  140.491979][ T4445] device bridge_slave_0 entered promiscuous mode
[  140.502110][ T4445] bridge0: port 2(bridge_slave_1) entered blocking state
[  140.509594][ T4445] bridge0: port 2(bridge_slave_1) entered disabled state
[  140.516911][ T4445] device bridge_slave_1 entered promiscuous mode
[  140.598350][ T4445] bridge0: port 2(bridge_slave_1) entered blocking state
[  140.605195][ T4445] bridge0: port 2(bridge_slave_1) entered forwarding state
[  140.612339][ T4445] bridge0: port 1(bridge_slave_0) entered blocking state
[  140.619096][ T4445] bridge0: port 1(bridge_slave_0) entered forwarding state
[  140.634535][ T4456] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue
[  140.645189][ T4456] ext4 filesystem being mounted at /root/syzkaller.vaYsVY/50/file0 supports timestamps until 2038 (0x7fffffff)
[  140.692149][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  140.700122][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  141.171321][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  141.188788][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  141.197078][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  141.205155][    T5] bridge0: port 2(bridge_slave_1) entered blocking state
[  141.211998][    T5] bridge0: port 2(bridge_slave_1) entered forwarding state
[  141.219370][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  141.227956][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  141.242828][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  141.251937][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  141.276918][ T4472] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  141.294544][  T534] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  141.302887][  T534] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  141.312860][ T2096] device bridge_slave_1 left promiscuous mode
[  141.318824][ T2096] bridge0: port 2(bridge_slave_1) entered disabled state
[  141.325901][ T2096] device bridge_slave_0 left promiscuous mode
[  141.332259][ T2096] bridge0: port 1(bridge_slave_0) entered disabled state
[  141.341454][ T4472] EXT4-fs error (device loop4): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 18 vs 41 free clusters
[  141.356847][ T4472] Quota error (device loop4): write_blk: dquota write failed
[  141.364423][ T4472] EXT4-fs (loop4): 1 truncate cleaned up
[  141.369998][ T4472] EXT4-fs (loop4): mounted filesystem without journal. Opts: usrjquota=,noblock_validity,max_dir_size_kb=0x000000000181fffc,barrier=0x0000000000000007,journal_ioprio=0x0000000000000007,discard,nobarrier,dioread_nolock,resgid=0x000000000000ee002,errors=continue
[  141.460555][ T4480] Source file dentry negative
[  141.471561][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  141.479416][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  141.513800][  T534] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  141.597447][  T534] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  141.618701][  T534] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  141.628636][  T534] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  141.637052][  T534] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  141.645201][  T534] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  142.973734][ T4516] Source file dentry negative
[  143.155591][   T23] kauditd_printk_skb: 7 callbacks suppressed
[  143.155601][   T23] audit: type=1400 audit(1853862010.495:1249): avc:  denied  { transfer } for  pid=4532 comm="syz.2.1416" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  143.380628][   T23] audit: type=1400 audit(1853862010.725:1250): avc:  denied  { ioctl } for  pid=4543 comm="syz.2.1420" path="/dev/usbmon0" dev="devtmpfs" ino=848 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  144.345210][   T23] audit: type=1400 audit(1853862011.685:1251): avc:  denied  { write } for  pid=4572 comm="syz.4.1430" name="net" dev="proc" ino=41676 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  144.533109][   T23] audit: type=1400 audit(1853862011.685:1252): avc:  denied  { add_name } for  pid=4572 comm="syz.4.1430" name="pfkey" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  144.581915][ T4562] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  144.608823][   T23] audit: type=1400 audit(1853862011.685:1253): avc:  denied  { create } for  pid=4572 comm="syz.4.1430" name="pfkey" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=file permissive=1
[  144.628973][   T23] audit: type=1400 audit(1853862011.685:1254): avc:  denied  { associate } for  pid=4572 comm="syz.4.1430" name="pfkey" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  144.731581][ T4566] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  144.747417][ T4592] 9pnet: p9_errstr2errno: server reported unknown error ���D�B<wJ���{�P�
[  144.754581][ T4445] EXT4-fs error (device loop2): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  144.763855][ T4566] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  144.772444][ T4445] EXT4-fs error (device loop2): __ext4_iget:5217: inode #13: block 127754: comm syz-executor: invalid block
[  144.790173][ T4445] EXT4-fs error (device loop2): __ext4_iget:5217: inode #13: block 127754: comm syz-executor: invalid block
[  144.821145][ T4566] F2FS-fs (loop3): invalid crc value
[  144.833052][ T4566] F2FS-fs (loop3): Found nat_bits in checkpoint
[  144.842783][ T4573] ------------[ cut here ]------------
[  144.848060][ T4573] kernel BUG at fs/buffer.c:3027!
[  144.858428][ T4573] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[  144.864304][ T4573] CPU: 0 PID: 4573 Comm: kmmpd-loop2 Not tainted 5.4.276-syzkaller-00020-g4275fce9fe94 #0
[  144.874010][ T4573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  144.883928][ T4573] RIP: 0010:submit_bh_wbc+0x831/0x850
[  144.889117][ T4573] Code: 10 80 e1 07 80 c1 03 38 c1 0f 8c 14 fe ff ff 48 8b 7c 24 10 e8 00 8d ea ff e9 05 fe ff ff e8 e6 a7 ba ff 0f 0b e8 df a7 ba ff <0f> 0b e8 d8 a7 ba ff 0f 0b e8 d1 a7 ba ff 0f 0b e8 ca a7 ba ff 0f
[  144.908557][ T4573] RSP: 0018:ffff8881df747bf0 EFLAGS: 00010293
[  144.914459][ T4573] RAX: ffffffff81a99121 RBX: 0000000000000000 RCX: ffff8881f0d11f80
[  144.922267][ T4573] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  144.930086][ T4573] RBP: 0000000000003800 R08: ffffffff81a98994 R09: ffffed103a08806a
[  144.937892][ T4573] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[  144.945700][ T4573] R13: ffff8881d0440348 R14: 0000000000000001 R15: 0000000000000000
[  144.953514][ T4573] FS:  0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  144.962281][ T4573] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  144.968700][ T4573] CR2: 0000001b2ed15ff8 CR3: 00000001e39bc000 CR4: 00000000003406b0
[  144.976516][ T4573] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  144.984326][ T4573] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  144.992131][ T4573] Call Trace:
[  144.995274][ T4573]  ? __die+0xb4/0x100
[  144.999081][ T4573]  ? die+0x26/0x50
[  145.002639][ T4573]  ? do_trap+0x1e7/0x340
[  145.006720][ T4573]  ? submit_bh_wbc+0x831/0x850
[  145.011319][ T4573]  ? submit_bh_wbc+0x831/0x850
[  145.015917][ T4573]  ? do_invalid_op+0xfb/0x110
[  145.020437][ T4573]  ? submit_bh_wbc+0x831/0x850
[  145.025037][ T4573]  ? invalid_op+0x1e/0x30
[  145.029199][ T4573]  ? submit_bh_wbc+0xa4/0x850
[  145.033709][ T4573]  ? submit_bh_wbc+0x831/0x850
[  145.038320][ T4573]  ? submit_bh_wbc+0x831/0x850
[  145.042913][ T4573]  ? debug_smp_processor_id+0x20/0x20
[  145.048123][ T4573]  submit_bh+0x21/0x30
[  145.052028][ T4573]  write_mmp_block+0x3ff/0x5b0
[  145.056625][ T4573]  ? console_conditional_schedule+0x10/0x10
[  145.062354][ T4573]  ? read_mmp_block+0x8a0/0x8a0
[  145.067043][ T4573]  kmmpd+0x7de/0xa10
[  145.070783][ T4573]  ? write_mmp_block+0x5b0/0x5b0
[  145.075553][ T4573]  ? __wake_up_locked+0xb7/0x110
[  145.080322][ T4573]  ? __kthread_parkme+0xb0/0x1b0
[  145.085095][ T4573]  kthread+0x2da/0x360
[  145.089002][ T4573]  ? write_mmp_block+0x5b0/0x5b0
[  145.093776][ T4573]  ? kthread_blkcg+0xd0/0xd0
[  145.098201][ T4573]  ret_from_fork+0x1f/0x30
[  145.102448][ T4573] Modules linked in:
[  145.123856][ T4573] ---[ end trace 3f1061bfe5eb07ed ]---
[  145.135801][ T4573] RIP: 0010:submit_bh_wbc+0x831/0x850
[  145.141202][ T4573] Code: 10 80 e1 07 80 c1 03 38 c1 0f 8c 14 fe ff ff 48 8b 7c 24 10 e8 00 8d ea ff e9 05 fe ff ff e8 e6 a7 ba ff 0f 0b e8 df a7 ba ff <0f> 0b e8 d8 a7 ba ff 0f 0b e8 d1 a7 ba ff 0f 0b e8 ca a7 ba ff 0f
[  145.161288][ T4573] RSP: 0018:ffff8881df747bf0 EFLAGS: 00010293
[  145.171281][ T4573] RAX: ffffffff81a99121 RBX: 0000000000000000 RCX: ffff8881f0d11f80
[  145.179452][ T4566] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  145.180327][ T4573] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  145.192494][ T4566] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  145.199023][ T4573] RBP: 0000000000003800 R08: ffffffff81a98994 R09: ffffed103a08806a
[  145.213779][ T4573] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[  145.224127][ T4573] R13: ffff8881d0440348 R14: 0000000000000001 R15: 0000000000000000
[  145.232145][ T4573] FS:  0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  145.241295][ T4573] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  145.248039][ T4573] CR2: 00007f3d84988178 CR3: 00000001dd92f000 CR4: 00000000003406b0
[  145.255814][ T4573] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  145.264005][ T4573] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  145.271862][ T4573] Kernel panic - not syncing: Fatal exception
[  145.277920][ T4573] Kernel Offset: disabled
[  145.282040][ T4573] Rebooting in 86400 seconds..