last executing test programs:

1m31.400526691s ago: executing program 0 (id=1209):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b000000000000"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x18)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'tunl0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0x8}, {0xffff, 0xffff}, {0x1, 0x10}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_RATE_ENABLE={0x8, 0x5, 0xffffffff}]}}]}, 0x38}}, 0x0)

1m31.399647061s ago: executing program 0 (id=1211):
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./file0\x00', 0x8802, 0x0, 0x1, 0x0, 0x0)
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10)
write$P9_RVERSION(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff018000"], 0x15)
r4 = dup(r1)
write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000002c0), 0x4000, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r4])
chdir(&(0x7f0000000100)='./file0\x00')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='rdma.current\x00', 0x275a, 0x0)

1m30.163116965s ago: executing program 0 (id=1216):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x83000000}, {0x85, 0x0, 0x0, 0x71}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fsopen(0x0, 0x0)
r4 = socket(0x10, 0x803, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100))
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x40, 0x0, 0x0, r6}, [@IFA_FLAGS={0x8, 0x8, 0x702}, @IFA_ADDRESS={0x14, 0x1, @loopback={0xff00000000000000}}]}, 0x34}}, 0x0)
clock_nanosleep(0x6, 0x1, 0x0, 0x0)

1m29.279181642s ago: executing program 0 (id=1225):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000180)='./file0\x00', 0x20044e, &(0x7f0000000300)={[{@auto_da_alloc_val}, {@test_dummy_encryption_v1}, {@init_itable_val={'init_itable', 0x3d, 0x5c}}, {@noblock_validity}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6}}]}, 0x3, 0x45c, &(0x7f00000003c0)="$eJzs3MtvG0UYAPBv7Til9JFQyqMPIFAQEY+kaQv0wAEQSByKhAQHOEZJWpW6DWqCRKuIpgiVE0JI3BFH/gVOcEGIExJXuKNKFcqlLReM1t5NbMd283BqiH8/aduZ3dnOfJ4de3bHbgB9ayT9I4nYHRG/R8RQLdtYYKT2162lhanbSwtTSVQq7/yVVMvdXFqYyovm5+3KMqM7IuKzJA61qHfu0uVzk+XyzMUsPz5//sPxuUuXnz97fvLMzJmZC8dOnjxxfOKlF4+90JU40zbdPPjJ7OEDb77/1VunvmiIvymOLhnpdPCpSqXL1fXWnrp0MtDDhrAuxYhIu6tUHf9DUYyVzhuKNz7taeOALVWpVCq72h9erADbWBKNeUMe+kX+QZ/e/+Zb8yTgla2bfvTcjVdrN0Bp3LeyrXZkIApZmVLT/W03jUTEe4t/f5NuUe2Hvd1+DgEA0OCHdP7zXKv5XyEerCu3N1sbGo6I+yJiX0TcHxH7I+KBiGrZhyLi4XXW37xIsnr+Wbi+ocDWKJ3/vZytbTXO//LZXwwXs9yeavyl5PTZ8szR7DUZjdKOND/RoY4fX//ty3bH6ud/6ZbWn88Fs3ZcH9jReM705PzkZmKud+NqxMGBVvEnyysBSUQciIiDG6zj7DPfHW537M7xd9CFdabKtxFP1/p/MZrizyWd1yfH74nyzNHx/KpY7Zdfr73douZ/YrPxd0Ha//e2vP6X4x9O6tdr59Zfx7U/Pm97T7Om6/9K4znp9T+YvFtND2b7Pp6cn784ETGYnKo1un7/sZVz83xePo1/9Ejr8b8vVl6JQxGRXsSPRMSjEfFY1vbHI+KJiDjSIf6fX3vyg43Hv7XS+KfX1f8ricFo3tM6UTz30/cNlQ6viv925/e/E9XUaLZnLe9/a2nXxq5mAAAA+P8pRMTuSApjy+lCYWys9n35/RGF8uzc/LOnZz+6MF37jcBwlAr5k66huuehE9ltfS1/NSJqXy3Ijx/Pnht/XdxZzY9NzZanex089LldbcZ/6s9ir1sHbDm/14L+ZfxD/zL+oX8Z/9C/Woz/nb1oB3D3tfr8v9KDdgB3X9P4t+wHfcT9P/SvtuN/O//PP0CVz3/oS3M7484/ku+YyP+lDZ6+bRNR+k80Y/OJStKyc6PQ64ZJbGWit+9LAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3fJvAAAA//+KNeJZ")
mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x40, 0x0)

1m28.726041083s ago: executing program 0 (id=1229):
signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x2]}, 0x8, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x8)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r1, &(0x7f00000021c0)={0x2020, 0x0, <r2=>0x0}, 0x2020)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x44800)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_FLAG_CMD(r0, 0x8982, &(0x7f0000000200)={0x7, 'bridge_slave_0\x00', {0xdcfe}, 0xa})
write$FUSE_INIT(r1, &(0x7f0000000040)={0x50, 0x0, r2, {0x7, 0x1f, 0x0, 0xc92480, 0x2, 0x0, 0xd, 0x0, 0x0, 0x0, 0x10, 0x5}}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
syz_fuse_handle_req(r1, &(0x7f000000e3c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r1, &(0x7f0000004200)="793ee8124cae238514b8c25ae999ed25fc14bf8b7b98a25a245fcba38072b1fedc29513a368f3753c8cd311777db79f9a772985bc9efa1243c41f1eeb4e1a07e2b57a390d4913acd4034182074ab783d616673714d72e8a273101c78ddc61411334318894a156cd2cc34f3f42052dd7e79c5c9c1ca3f59ee651bd294bf4d262b31cbe8f8f23a5504a804a083084d5519637e97e94880f549394676c0edec1af036823ea8c423a7792330b8491a5a4a01deb4660d6b420b1e394fb1cb9cde473f2000fe3c4acd591851c258cf231df8c46dd18cc78dbb72189af635ce08b35374c567aebce0303b716c9cacffb6f60e102f9172e0e1a91760c558b580a3c56b5682ade32ad42e7df55faa4e056f3568abf5dea4415018c211637c362ec3c40afa47a2960a2bb4b6936a83223898564e2667bbc1fb774199c99701a726073070c0e19f57a63f4a38d1b03a0c98f8fd20666abd5e66768182c4df12343bce3e617f62d29f2faa1d5fa831a0a582f4708b547aac5129985fa32b345a82aa89958370c1d331935b304a8ad2eeff24f520e667a37b7c0d8f93d35546b8300ec3dfebb32933938e32bfa54d563ef22bfeb6aa8f16765a3f4788e03477fe9236e3d5869335ec18058779c5e63ff5877369898fab14e58cd0608f6f4d423eb1bf09a6eff87d999fc9e7be28390d471acde8543d571246138da540956867a32f3bb1d2d91931dbcfb8ade5cc313dc54f64ad96b7ada7ff63ba1702576d2bc48a1c6cc4cec815e0b8aee9c31d5c5cb119952b8d321181c1a14793266df2cab56d161111caf86d4a7eafd42c2622a63862533d1ddbec5fdaa888d0a03240bb08476198ba789aa552d0ab149a07977da16d1ed4bc635d94225d1ac84c788407fd4425f5a56f687dcbe688b9d0b26cf86671f985028e2ae3592ffb82fd5587ccc3dcb406969e11be470b519eca6114895fd8a4b93b1c4d1a9ca4e0001a62185e72b6cff213c7ded22effa555b45aad686bf2b388c0530058feade244e0672b02128946c190b4c076fcde7e0bb6941852e2c2b90d5ebf53771583e749dc07627f840808ba034474da51eed8b04cbab8981fed4a96fbd4b7ce98e93afab9040581ee91eb42f5d5d8ada63cae87711aa82f8493ae3a64883b99a1a8466a5bdcb753927f22487f01f7782f7e8278ce98da8e76b5230d1f21fa89e02a5f59ec8ceb7b5bb90518a8745d9a43047cb74e9591ea0a0db79601656e784a9321c3d7ab6a14b3d030e3deb7aaff2a2c89cf7ee0e2072936dc7b43ccd6233fc75eca52994a6e9f8c7929f6c370c93aff6f46bbcf05c1d85cd5b126fc08cf1cad82d3218f4127be9aa6e21bba7f1fb9cc4ffe5fc293b903f5ab407d67418a24579704f9df8e08ea157c480b3115d48a9109138f6b391901367e66a7f7573bf20a6d12de0bdad082f08599f912e8860aa4b6a6ef2a5ea071af07be64925bea34913660918032b72b55d01f1d8e09a4e79d70b4bf9f43fa0862fa75d1a0eabe3a769d3df7bf5ce7e0449d54295c06d5396a8f049294e9ff6d60687786d7143e8cbd23c30e36ff7dbeb266f6e63952d65998d844251dcab1cac0669bd0561b5dfefd1c7e0ebbc1567526797b64c97a4f31f87de4e034071b2d48fcbd15ef386ca172c0af3d71aa98744047ee463b3a20a1ef9b8bf1753f83d0f3ca9604e2234a71c3d00f78fb8a0d093af48f2ac0a15ba0c7c21ddab80ce394dc6e6245784ea17dd3949b76e3ca91fd29ea51afe5e50d71ac1067b665d8f57ae49a7fd635146e04861406681637fcf6b53c1404b9b69f4743a93874f2953aa827aac1b5462c852beba5d1080889d05741a11b86436589e9d9e6ebbb3fe89da9dede91731ee70851c9e1501beaa155844f238b299216e69cb88153d20f113faa9a51fc147dd31c5820b46c0cf5136d08761a6cbbfab1652c656d6f7dc7ce1e6a084962ca9e07ebbf949392482b9fb942b6025b71a903c199ac858d99b7eb46e92360de03a0631bf77763d8c098879a9b50907bbf0d6868ea23eb8e471700214d984d661040c51a4b01488718dcf09b3cd50c720b627d664fee7a1ea50ae6951bc0d0f6f59839ebefc18b99c844ccbfb3c4c04d19f07879ce06a3137b59ebf4c7daa52e1d850924d4cf76630101d37881f30e914346ff4f6e73cdcfd56dd81058cb6763110d88d34cca16cbc7b51953d44e09c57b3565e6527aea04949cc28dc502811e82c8cd8ae181dedfca4a47d3b22626eac388f272995add71bb5504a38c03b5ca8381ce09f10acb5f5fade0942f30334a0ffd03dec00fc7a4976a95851d0f347fff16e5e6f663c5feefaf7efa743b2766f1d442ef882f4852318c25a81b3d2bd4fb5b683e3837ea7d4df69fcb8a87788a3a0a759c86877cf56caa98f5fa04c71652d44bf5250ee6f9c54794bed3b48e33a063161eb324456da5e28ebb5ba271dcc826bf7b646b6c89da67605cbb953c35c070e76be46ca66ccdd060fa07af82d53c525c19eb8eb6e08426f160340ec8ec6a57a5aa146f5b67d84184a46b4b8a1373669070123f8346cb607be14a4d5b9124b369289b0ee7f184d498ae3043b14f3ecad6e2b9e71661e85e2dc0b6b053300468d53e36f1e99545a33fc1b84da6fc20d8f7f7f9ae614588f351fa59c818ba833920164d9b434052f4e788bbdaf1e9913c822fca65e0cfad203bedc6be2abac264a0cec0dd4e813dd84d28d853cd9b85d9dc94b96a80643dd3e2aaf73ec85566124204f7b98abc8c5e354a66dc838c080d26cebd3bf388eb8018a06b15708311043a785a937e63c09465ffc71d1658d2a84ed6b346b68e98459cd0725efde386cce85928eaf90641c5ad4a7f1c733fd5238bdfe348456704546afc4a982b42e3a5bb473cd71dfef785473ff88175d92d2f72f1ac5cf77344c8dcc07a78be9575f1cde05e8c5e2950b1f597a21b4351295e9f59e926a8b03551934c73f090ca3fb644a4e95dfa91bad452f59a5cde71b50e8da90ead55ea96181cc1b5c6deea431f27666bc67d36b26004aac6c02c29c80c0d6de163660bf56c48bbd7c5a06d1ef622d5aab46a746b6fad00ef47ddad8290ee81509ebc19cb85acff4ffe3d9123774b76ef96db3cb942776eadad084bd7351c340fc219ea696df3657a992792890bece7dd84e08af3800535b0a0946f9af6ea30dc20916e133f8eda3aef83082c1497d606fb99e81bbeedb70d9d32f93fee0a2090136746fde09038d1f8a7ae494ac012665f3db1119c49650012ae7e172f9be15622d0e2458c431bf386b5163c444e2515f1c99d56d2843863eb5487bb346d324bcb163891b10db02cde5003c111c984c690927580964b9afcf6c6cd1d9ccf30339f3d7fb8ac348604634848c85bb9a11969152d2b1bbd870c3fd95251d38f39a5ee0d48962e414ef7225150dd3134a87cc954eadf8e1a78ff8914de38f4d9dbbcc01553d2992f64b14377e21658cf2573393301bd0a46654cf5fb5d6a1a6f452450db63300b3dd037c5678c85f84b69cf52036bde51f6af406b82b8ce0c3bb64dbd538dab2e6ecbf4da5a57d43ac5aa0e2aa1cf466167662d088a09e109a95040865fd6bcfd68e5f6d6f3990c82f201da1bd0f4a5332bf6155584afbb70197d4e59e829312a3db47a7095c08251a7f574d4869177ab8c0a380adf87be8a1a016bcb8061e3f2a3f69661cfdb54a48e951c45d257fd3efb8dcda01d25274df0adcc0bf797caeb9296322738a972d8e40b07509e3505ffeb2c08793c75783a4c65fd11dc5af607dc3700cbd44f431eb4eec603185dfa8cc5e4693b737bae7c8b1ecf24798a3c72da8d688f5454947c99c339b752d027248ec9c08fb42df0a302ddd3c823ca1ad9cbfc2b2bdf3e7c9181da0ba1878ec434b5049163ef309892652ccd365df8d8260dce74e0d9a0aff0e1e56ab831bffc582f5d13d288dde7c3bc1548cb446d54f360b6656b99ad812d7f98e71cc21918336b1592ff22cacf28b602c4f3053a619899a5903ce80dbba757f6012ee4dbaa375fed540fe02fb66c82841606429ad00685c6fabc130b9b556020fd04b39b1fd0aab194c85a0fc95fc51ea8838ccf388e77cc85744e6770e75f570c0abd0834135192a9e1a54fd90db93b2ed733e3c2491adfb3bd9078b9c75f6157c7af332d7a3f3f2354539083b05100b9dd3ca90e073df2c2ba3f348c780151ae629afa20870dd7842f5c71f163accc6376370a7c5cab922d09d87d89aa451c47e8f54ee5d761d83b057d31120ccb26c818ea1ebc0683ad26e3b3cc62cd3be1f622203c87f39f0c5789be119589cc9ea57f0b04592bbde0a18bb59e36b6e92f4f7ccd01789b58adac60c803c8f072a4e9c280f3245604a2dbfa8ba7c21a918654c75fe48b5748d91112f5b61af65da4b355bb8f0a180254c7af66b56a7b1790afb8d589fb386db3cf84c5f41545a6a1a65ddb6f9888b5a08787626792bc609f397978310263858c2209230ad88965aeb1f533ee3271c8cc033ea128a181032e0fb469ab8e4e5453ea92444e02d4c8cb2dd7289225d070d6a0f22fa73512466d458b343ae80a950a92e0df66817d25ce5ca5fa64e5b31e3ffebdd8ce49d66fb31d01ac3d096889b30c6a7f50b7d50f422d2442ec56c10e61a41054c150c6fa922ae176e4aa82eaede99a5e6249edec0b066fac5caf6280079babdd528d2f4c0556f74f3329e7f57e6f56b8a5423894bcf87246e7db449784d88c9e459549ca7e4670504427d95a9505ca2a243a28475ebcb2c0380b9825bcb9eab3a4a7fbdcc85ce514b8e839761526508d4d782691605bf326297d5ceed21e6832462194dd8dbe6976f4a3049e48a0aa52318f49be25933eb3d9ca9b0916c90a17dfb22f8066dc95d0dd25925e1ddbe46e589523051a34514f3ab114154e0ffd9ee0a463f4c6d0e0734863d081049ffb02f906fa30eef1d15b6dc95fd71a7fe148504ee1d532d81aae2e783746c821a40db2dc03119d8b51e56e8624473c709ce339171737660add577066960031b6f7a1d871a1c6b46f678a85ece774aca728ceebdb4a3f9b6ea169cde4bc390536f71ccfb63afcaf7c8e02cc90d47a238747d341508754dba5eec12cbf3c1dd38a56bdb15161709297308f0d4aaa878078b9978cf1760a3d81ddef482baaa47d4578fb492d749a824868ea6de3a51a17a0dbefc4046156e0dd28f59ec4d5099b33e66cfa369438c7503e5c9a4aa7a779422c51154c21cf12ecf3233e3112751a29bec131d50fd434bc9825dbf528e725cd4299d9d3adb3b4d20adb4a721ec7e4d2d4f1b3254a059b24ac500cd11871098c016394b5679a696869035dd14fecf924a2eb20dab48f86270c08e19f41034a07c3cdae33e0322052f5fc74bcda7731ceb5eae50de0e3643e326f7d40d76ca124e59fd6eab80e0c40a4a1729081f2078c878f506800189b4068064f8003fc38c20fc666a525ee19b128cb0b341988868d07988b175fca82ffe8da18edce9dc1e3df170d774cf39b740d153a903497701bd71be079dd8211ad2d3a9eaaabb2402823cb8979797af079979c1355d923896e598132fc991e4e532310d0e25c5ae227d22c014400127f37a1828474a53dac446c508c3e94808cc5ad2b2ed756cf2f04dd62692db1d83019d1500d146c3e0d765b8f12ff650d0fa8f83358a761f1e54c041b134703d8c3059aa1f3106f6011b4df33f2dd738c2da81b43cdf9da65b5033c829d4f5a1a6c1cf8ea2e74fd5fdf2e751b62d138fa6672a12fad88d128872e6c958f4902a6b444b17bd24dc2dc0b9d27dfa5d11ba700de9b116ad2679c71e8d4d7de323e33f1b5ef967e87c7cb1ddccfc1a36ab7c27a6b969751307b55f9237040afa34ec6d45f575841afee0053b985b889ae3e016202fe93012104e13e99e9c2f62bb978f0b217fb1f5ae4b1e93845f381c47529f77f7b642ce8cffdabd1429bd1b95174c33c144fd00cff2fe538e5837d62b593a9afc7aecd2efc25b565dbf9420348d20169b4f556d87cd415a7002690ddc8332099043f34b32e83dfe9651f94745645ea379d97f82eb1fc24ccb9ff51a880ca28016235ec9ab7e9a23d05f48013ad867920cb5974e06ef48e73c46e57ad248ed70442d3e0575b232c21c84eef0f84edcc714deca1cc4fb6fb5b201fbbd94e9dcb6094bd4cebbecc690d00bb940c6c840f69e1f9e2babe60c014d3f5b292c2c45bfdbed136c08a11d2e1aa7df5839cd7156f670a542ca8ad23ae0e564e8f87b30407cfd498191b902539585ca241bd4a4106a4712383140c6ec6283a2bf74454b959b8677c23561c73f9feac98a7b28fda204a87984570558ab269cdb23184d374ab172d3d9faac113c450f2faca565007b7c5013f02c66c408c81bc731f8559802fa452a0028bbcfc387389a00958b9adb83517940dd6b8f1386b971b2d92a4980e486d7954889323f6f8ba4452ba0002c984e6aa91d7642e0f8e92321494394b264cfa30cbaf9df96bd62d9b098554a8a8554fe84c95699a87b0da4e541d9395c5a4a69302bd3503ff763467beb111a3650287cebc4cd0804841f3990899992d2aacaff2bc1f7464fd9670450cad2ee153e8ed45331f694048fc0c4e2e7d034ab69e159226542fdb90449da050363bf7b683a2215bf5272d4c18fd2ebee8bd29dc180f448b1f85f4429d066c692a350aa9f036ee43ee74f942bba2164f692cfa70b79cb8149a6a79fbf3197101f75933cb0458dc2b9ffd7a987cd9a139cbb853064bc62343e305052a4f77e72c98760b972ac3ac84b374f4422bf44d15334f38291c61ff630a818a34d33d516da256e1ad5e187a79846dcc087a761df9e664afc9785115a6b78dca0908d0957be795a3001ca2d3ad9fc544f992660b643da5edade7890217d07452ffa7454fa59907cb325c9dd445fee201bcffc8dce888da13059bee2286a5ef0e863dc107478f12baf983209060b1aee7286bee1e699b84332327c845a1574b8a0897eb1cd31b4a7498a33fe1e2dc4f8afcafff76eeee019c8c73cf8de0285e342e08ad0a9a43f7260bd5fbc903ebe099c73850982e2e8533c97a26f67855c155a3bfb025b2277e9b627a0bc860c1be18875241a9f8b4fc61039f9d71f7bbc537d2f51f1a5e840dbff7786f4a374f51cb2e657a6f2c8052cfc3ffa7e603a1266df3eec49c00a40d6f82b1b4a670b99534f401866ed6401602f8da9bb7243a97321cfb7540734aee1b75cab753db13f81a4bc67bf01bd467c44852bca45e699bfeb783326f631deb5d22c47b97d9d0c2adbe97c373e149321613a0d6f25dd822d8fa76431b97e88aa397eb467ffaead4fe9c196fd69b81db3906f3b4eb40fdaa19bd5607f7a3bd442c88731014da0af1d33be3e63f3967b00f193e37419f18df4f013017bd280091679e14428cdab0a8a77522a2b6a3337021d3bbc8b7e8774fdd2f387d5d455d10d91bb7c05a15e2950a51b00edea2b5723539770d321c8f9d4e5d24f291e033acb2e4a5c1f8671fe91150d023dd031cadead806bcfa69bc44946935d1e49a628bfcbffaedebd5789a6828950414052d9f7d261e69c841da3291270d7387662f74e20651b6c75722b530aef69cae0c2c9ef5663bedfa37e0192369c3aea78991e0ffef0bff4157d25edd29acd148a3b255157a84c4dfa25b5af681fbe93015382bdf742c1a5076caa52b5370943d02fb98531be900ed3687b4dd076daeebbd3025db56a8c7628a0542a4ac23626b3549abf114127627e44f5df17a81328bd84132e36cb6127c4081199b4fca0dff46021396038c37c832c9bf2fe43729ea45b6ee6aa5f34b2869965f78481d56e6f8ca913301e4fc61b2616c9ea23dcce1f9ec2a0ad97959f00e6c1a99fe5c9be180e1d03826b433a120c654171afedabd20fa42b8bfd3d0bfe64a560cccb9cd001220965576e6f1664097cd3e28d9bbb63c84c801f832e7ca8afff3bae368b66b3b62907881a3c3ae821d5a8725cd11fb3219eb956dd586254a88ab4788e432da28db60a4fe97f203e27d4052cbee48d2edb022d8c72e2a3499378f4ef7076abf712c3a24ba10e43f8b0efdc226c8b10788f0160d1ed23ddc002ea200a4825dc9bf25f56d2d134d25cb2603fa28df93c58820a7ceb690a950f7a6fd1b893ef414d50b57468343a96f55625a141293e6a4e8d0a6aa824a0c31b206c75b48540dc46b20f0f55e5adf8c2514b01ccf4f15faa43df71aa711f8d76ba335a881887c0648aafc434810bbf808eebc1cc9161ac4e111496e4d68400d52c96dc93abdb47ef1901b1674888bb836362786444916135e22f9b10d37400748d6a11fee36b75e6caeba02790665045a274e50ded6fa969fe715751d429c2ace6c2faa5848ab1417e003c49c29d0efe18f1d157c5ac8cd3db4d7209fec82c77b7de669e8d0034eff8c2e49f731f76b0fccc9b65b6a8ed1efe50e407570d73c61403eabb8c376bd3326e57d490bcd74bc1a520cc4522ae65aa025e4782d54a4f82a042da6f9273678de3621527a6f4bab529c7e17726e094d00eacb739e931f3afa8dad84a6d1e89f8024c194833742b967e4cfc8f63fcbf591fb469e25bc6a9267b85d4031bb4b434f2f0b2c1e38dd27c894b029b41455477b8d69f95b8dfb7a22890ce7d71660c6f4a84dfb843172d711f9520063a7f935dffbc10abfb0f44f95af6fa49b2f0fdeef56fa960a98f369b574435cbb18b14b96b8937cd2f6737075c04dad79b77b786f203b2951e4bdf1228449a83306cb0e5a98c3976ce8b63a389be9ce4a5adaedd30a4e069152c35e49bb0e42a3873fd3c88e277cdefb816b0286ad1f12d6ca33805e90e4391f5a59bbc86479c9bea9d71fbc5253cf3017fd6862daf0f72d52c2bb44247b6a303722387cd01cefcb14e79bb6fd507daf09833aa094868132df358725a4db57dd1e2e37bcb37536ad59d8b68e4293d15f38715c68885126c0fff1eafe295aeb4a88919561e03cd4f7436cea1ee69bd66e308425e41eee1dc9e9609ec211aca2cae25ed4369c9fcd7bfe316c9f2b9707b6e3789f6c41a70e28121a26d5591ce94cd60900b27ebfb995d34cd509fd0c8fe204969e5ef6ccd9c1605c47da01a437cbfe612d928a63c83d998dc2de6ea4695f36865febbe065db2f75c2a700c4b23251fec61bedf33e45eb8fde785178647999b9a0069aa45fa01f4ed8ecb072de1e256a8b95365831aa975b249f57bd38064edc6886620ad24ddd589dbe3587c23bf12a71a7edf34b8c46a079adbe410fe32abb408a264a01f3ecaa115e4ad2e47e9bed54df1fcff145222c544c89b15b2943e5e6ce37477ecf4e17fbe33d74e60461c52c3682cdb7b0d1ba016cf7756ae9042b296c308da630b7021a20c71600b21198221a3fb905c2716ea4b6a35af3fc204dceb81bb4270b51a7f552e33aecf4a704b5c6e3538e7d91da4166d747ed854de3dc15ef3b07a04d9237ce0351b446c09cd2b4e87aae02e08dceab1d35c31334520eb3979617928048d3510d9f3d5db36477fb1ec21ad57e7d757eb7accfb1875b59bd1627b62f33ca853e11b211f3a02500e43c5655dac4c8ba62247da245453cb690700de3b9521e5d2841fcdb73d550f4ad20f53b3f0ec2f229e7bc564daf94a42044c2a8f93b13d11e9e27562c290f47017e507275f12932f3c608b2ac955c15cfa100fd5df86a223d4acd4350dedfa26d15c3e3595cb003b1187a77f784385b59e582308cecfd6e53a4be286e6b27b2e66dff8a578f30bd89f5cee1014a55423b5297dc23c5d9e0fef458d8c5df03c989ff7f1f0ca8ed10e97c1040e07bcccb3e4bf5cf8e6ca08a23fc75fc861e6749fa29ac8a8be70c341627b0b8a75f02eb1493ca574c98fa69efb5d76261391195687d947dc785a712d61a7e1a9b954d5b4c159fb4ac0710eacb0086419d12176681a911c10364011b151edaa0323d1a1ae040f9f26be099465a8c67fa522b6805df36ac81cd422e4c34028882ceec4b4fb08d86c05aa4c16a02fe99eea84c75a0821373188489198c2296f290efd5c905e1a5ce0091b4da05e376a416d80720e14c17d2bb84b91cf989fa72c3822d37661467e811b0b1fa6e4948dab66911f5e0394d211e773d66ab2c94a4a14329abb1e9307ff36701908ef85cea4d8ceeaf24520b53ed0e401a166aa05f821cbbc5d1f0d16e4e5d14a4d04e5e5224a2b5a7f34dfc03b691487e1d7199675f00b137c37a87cfed418e013d0b3c3862da3f812d2adda99cc8ab4da10d3ab9d392bef7c9b11ca49fcf7f7af9f6010772b1a04b143eaf940d56865887b202fe0b8f70fe2d45bcb0c20e95abdf2e76d32160df1fcef36aff0ce2e9af3453904f7b2eb43a1bad754e3f1216258f49d34fe6462354366e82a86c4ed81a4021afce5b66039622c6b9c9a24c5f0e57ade4b8e64104e6bd4237fb98c55a6f3c2a5128e96c14bdb1615a0b9c0da306454b76d5f698e321d48719a3171083b41455f59f28560dc616250be61a598b1e753943ead0ca5270bd2039b2f5e480349455011f86d2d8f46ec562f8b1e57872576127f3a050fc6e32e7c4c4c7ab1d2855e8c8d649b8eb00f1d8d02c80a39eb6c1b23fb1d5ba28742e217a02276c724b8b32ca2d39bd3f71cc7fc2a9dd52a28c4ca566038fa2967881c9303ba138bc8054761651e7ee7e6b8960346f227a07007c74280f8419e6baf856e2473cb91ad9c206df2f7a8073ca3462cdb23ba5dd538efa2af2b0b43049a29931e315c4c9290b99c7edeb7b938ea05bfe3744735fb2e550a7e15b7d7d6a17dbd87add165d7a13668884fb235b1fd70e4c3a67895ea0c9b8824b8b14d41a9ce80debc8ee3bef4a57d40994d2d422e2621dd9fdcbe1edb712ffe43774cbbe5839a8146a936317310c3be4daa693685262ee3a44aabe86281b0927e78df3ca4086a81e8d7af261fc51d3eb75cd8852729adfd68579958b61aec37f4f6bbecb4a3f09eea3ce0a49d35666d1050f65da5d5e917d79390d0133e81d07aa285c53d3c7d3bfb82d7cb8e6ecf4f8203b78787963277e98c5dd8cdeb2d83b049d9671b98563eb006ae8148215eb87004551aa357016cf88caba47d4fe3f4209ba0190f5020c5a8ae6e37e60c9a3fe856fbbfa0acf3dd1a2953fb31f0c913a9f8bc6a7bd4feffb8dcacbd764f84eb370cc7baaafd48c9a8972b22c989a49b9f5ca332a1331fd591d412892f45a080d6a3f5effc802364d0ddf03cb391d97ba4fc8371a91650a8a28c5e6221f66d15b4a4b0afe7502034a60c9a1bab525b51225ef9d40ba9a5e870faf19fab07933f2840c4ba52b9a82442c207147bd7327da8468ff6ce98c3de6f7092db9e1673dfbd54d31c4f0462524483edc8f73274137ab5770230a87118751f97d915644f793da732cbb2936c08595209fc42a1ee095591ca9ab503e27ff19b5ee3375a79921f3ffae984a89b1e49eaf21a9d6c1d7c14138b97fdbbf824e3bfb06457aaf1b78ff393bde10b7bbd9bd2d632013d6dd33a12be84dc33afaef1a6f259439356e89290de74007e1bf127594db485b9d07c2dd67876401922bc943a45c743377c", 0x2000, &(0x7f0000000c80)={&(0x7f00000000c0)={0x50, 0x0, 0x1, {0x7, 0x29, 0x1, 0x800, 0xbe2, 0x200, 0xffff, 0x12800, 0x0, 0x0, 0x1, 0x7f}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20c01, 0x0)
syz_clone3(&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000240)=[0x0], 0x1}, 0x58)

1m28.592377236s ago: executing program 0 (id=1231):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = syz_clone(0x0, 0x0, 0x9, 0x0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r2}, 0x10)
socket(0x10, 0x3, 0x0)
ptrace(0x10, r0)
ptrace$getregset(0x4204, r0, 0x201, &(0x7f0000000440)={0x0})

1m28.255514262s ago: executing program 32 (id=1231):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = syz_clone(0x0, 0x0, 0x9, 0x0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r2}, 0x10)
socket(0x10, 0x3, 0x0)
ptrace(0x10, r0)
ptrace$getregset(0x4204, r0, 0x201, &(0x7f0000000440)={0x0})

4.66503286s ago: executing program 4 (id=1680):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x19, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r0}, 0x18)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r1}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0a00000001010000ff7f0000cc"], 0x50)

4.605571641s ago: executing program 4 (id=1682):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000de0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10)
syz_clone(0x80842111, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
wait4(0x0, 0x0, 0x40000000, 0x0)
sendmmsg$unix(r0, &(0x7f00000bd000), 0x318, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=@newsa={0x13c, 0x10, 0x713, 0x70bd2a, 0x0, {{@in6=@mcast2, @in6=@dev={0xfe, 0x80, '\x00', 0x38}, 0x0, 0x8, 0x0, 0x2, 0x2, 0x0, 0x0, 0x3b, 0x0, 0xee00}, {@in=@loopback, 0x4d2, 0x32}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, {0x2, 0x0, 0x0, 0x1, 0x0, 0x1c00000000000}, {0x11df, 0x0, 0x0, 0xffffffffffffffff}, {}, 0x70bd29, 0x0, 0xa, 0x1, 0x0, 0x7e}, [@algo_aead={0x4c, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0x0, 0x60}}]}, 0x13c}}, 0x0)
r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
poll(0x0, 0x0, 0x2)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f0000000280)={0x0, 0x108000, 0x1000, 0x7}, 0x20)

4.328733566s ago: executing program 3 (id=1688):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000000001000001"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
pipe2$9p(&(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r4 = dup(r3)
write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r4, &(0x7f00000012c0)=ANY=[@ANYBLOB="b0"], 0xb0)
getresuid(&(0x7f0000000440), &(0x7f0000000400), &(0x7f00000004c0)=<r5=>0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r4, @ANYBLOB=',privport,access=', @ANYRESDEC=r5])
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f00000001c0)=@known='trusted.overlay.redirect\x00', 0x0, 0xc300)

4.306561926s ago: executing program 3 (id=1690):
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000200)={0x0, 0x22, 0xf, {[@global=@item_012={0x0, 0x1, 0xa}, @local=@item_4={0x3, 0x2, 0x5, "45501821"}, @global=@item_012={0x1, 0x1, 0x9, "f5"}, @global=@item_012={0x1, 0x1, 0x7, "84"}, @main=@item_4={0x3, 0x0, 0xb, "9e3ce0b2"}]}}, 0x0}, 0x0)
syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_pidfd_open(r1, 0x0)
socket(0x10, 0x80002, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0xfffffffffffffffd, 0x3, 0xfffffffffffffffd, 0xc}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0xfffffffffffffff8, 0x9, 0x0, 0x0, 0x7ffffffd, 0x7ff}, 0x0, 0x0)

3.749225187s ago: executing program 4 (id=1703):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x804810, &(0x7f0000000a40), 0x26, 0x75c, &(0x7f0000000b00)="$eJzs3M1rHGUYAPBnJtmkTaMbQfDjIEILFko3SXNpT40Xb4VCwWsNySSETLIhu6ndWLD1LNTmoiCIePboVSj1D/AmBQXvgmiNB/GyMptNatNsum3Srqa/H0z3eefjfd6nO7zsQN4J4Ln1ZvFPEjEcERcjotzen0bEQCs6EnF987yNe9emiy2JZvPSb0lxWWw0y9t9Je3PY9G6JF6NiDuliFMfPZy31lhbmMrzbKXdHq0vLo/WGmtD84tTc9lctjQ+cW7s7MTE2bGJR9bwSpe1nnj33NFb37+zvv7DN/Wbb/SfTmKyVXe0a+uym8ey+X9Siskd+5eeRrIeSno9AAAAulL8zu+LiP7Wr9Ry9LUiAAAA4DBpDjYBAACAQy+JPQ4e2esgAAAA8P+w9XcAW2t7n9Y62E5+fTsiRnbL399aQxxxJEoRMbSRPLAyIdm8DPbl+o2IuD258/77qrjDru+z77Ed7QfXSA/ss3cOwu1i/pncbf5Jt+ef2GX+6d96d8I+dZ7/7ufv6zD/Xewyx7dfvFbqmP9GxOv9u+VPtvMnHfK/12X+m+sf33rUObvl/3eurfdDnH74/RCTs/P5nq8fuPP3ybudjhX1D3XK3+q1c/3LXdRe+GDjj4VOc0mR/+Txvb//3fIX98Qn7XGkEXGr/Vm013fkOL7443d71T8T0XyS7//LLuv/+evBq12eCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC1pRAxHkla24zStVCKORcTLMZTm1Vr91Gx1dWmmOBYxEqV0dj7PxiKivNlOivZ4K77fPrOjPRERL/10dDPpfJ5Vpqv5TK+LBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYNuxiBiOJK1ERBoRf5bTtFKJ6O/i2sFnMD4AAADggIz0egAAAADAU+f5HwAAAA6/J33+Tw54HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMChdvHChWJrbty7Nl20Z640VheqV07PZLWFyuLqdGW6urJcmatW5/KsMl1dfFR/ebW6PH4uVq+O1rNafbTWWLu8WF1dql+eX5yayy5npWdSFQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI9ruLUlaSUi0lacppVKxAsRMRKlZHY+z8Yi4sWIuFsuDRbt8V4PGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgANXa6wtTOV5tiIQCJ5Z8GFE/AeGsUfQ65kJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBeqDXWFqbyPFup9XokAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9Fb6SxIRxfZW+cTwjoN9A8lf5SIYiIj3P7/06dWpen1lPGIg+X17f/2z9v4zPSkAAAAAngfnH+fkref0red4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAbtUaawtTeZ6t7C84H421ZtLhnF7XCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPJl/AgAA///CK8Nb")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x1)
r1 = openat(0xffffffffffffff9c, 0x0, 0x2d41, 0xd5)
setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000074"], 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r5, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x18)
r7 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000404000000002e"], 0x0, 0x37}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0900000004000000040000000a00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=r7, @ANYBLOB="020000000100"/28], 0x48)
socket$nl_xfrm(0x10, 0x3, 0x6)
pwrite64(r0, 0x0, 0x0, 0x8000c61)

3.639581529s ago: executing program 4 (id=1706):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000e80)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffe66, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001400)={{r0}, 0x0, &(0x7f00000013c0)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x10)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x200008c2)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
io_submit(0x0, 0x0, 0x0)

2.853434485s ago: executing program 1 (id=1713):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x6)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000c00)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
bpf$MAP_CREATE(0xb00000000000000, &(0x7f0000000440)=@base={0x8, 0x4, 0x4, 0xbf22, 0x0, 0xffffffffffffffff, 0xffffffff, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x50)
r4 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TCSETS(r4, 0x5402, &(0x7f0000000000)={0x13d, 0x7fff, 0xfffffffc, 0xffff, 0xc, "737b0a9fd860000020000000000000008000"})
r5 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_FD_FRAMES(r5, 0x65, 0x5, 0x0, 0x0)
socket$packet(0x11, 0x2, 0x300)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000))
socket$unix(0x1, 0x1, 0x0)

2.794345016s ago: executing program 3 (id=1714):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000030000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
socket$inet_tcp(0x2, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7040000010000008500000078000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r3}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r1}, 0x10)
pselect6(0x40, &(0x7f00000001c0)={0x2, 0x0, 0x3, 0xfffffffffffffffd, 0x3, 0x0, 0x0, 0xe}, 0x0, &(0x7f0000000300)={0x3ff, 0x7e7, 0x0, 0x9, 0x4, 0x0, 0x7fffffff, 0x3f8}, 0x0, 0x0)

2.741438856s ago: executing program 5 (id=1715):
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x7c, 0x7c, 0x2, [@var, @func_proto={0x0, 0x6, 0x0, 0xd, 0x0, [{}, {0x2}, {}, {}, {0x1}, {}]}, @fwd, @volatile, @volatile, @volatile={0x0, 0x0, 0x0, 0x9, 0x6}]}}, 0x0, 0x96}, 0x28)
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000002000000"], 0x0, 0x26}, 0x28)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x7, &(0x7f0000000180)=@framed={{}, [@func={0x85, 0x0, 0x1, 0x0, 0x3}, @map_val, @exit]}, &(0x7f0000000280)='GPL\x00', 0x5, 0xe2, &(0x7f00000002c0)=""/226, 0x0, 0x0, '\x00', 0x0, 0x25, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0), 0x2}, 0x80)

2.721651337s ago: executing program 3 (id=1716):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x804810, &(0x7f0000000a40), 0x26, 0x75c, &(0x7f0000000b00)="$eJzs3M1rHGUYAPBnJtmkTaMbQfDjIEILFko3SXNpT40Xb4VCwWsNySSETLIhu6ndWLD1LNTmoiCIePboVSj1D/AmBQXvgmiNB/GyMptNatNsum3Srqa/H0z3eefjfd6nO7zsQN4J4Ln1ZvFPEjEcERcjotzen0bEQCs6EnF987yNe9emiy2JZvPSb0lxWWw0y9t9Je3PY9G6JF6NiDuliFMfPZy31lhbmMrzbKXdHq0vLo/WGmtD84tTc9lctjQ+cW7s7MTE2bGJR9bwSpe1nnj33NFb37+zvv7DN/Wbb/SfTmKyVXe0a+uym8ey+X9Siskd+5eeRrIeSno9AAAAulL8zu+LiP7Wr9Ry9LUiAAAA4DBpDjYBAACAQy+JPQ4e2esgAAAA8P+w9XcAW2t7n9Y62E5+fTsiRnbL399aQxxxJEoRMbSRPLAyIdm8DPbl+o2IuD258/77qrjDru+z77Ed7QfXSA/ss3cOwu1i/pncbf5Jt+ef2GX+6d96d8I+dZ7/7ufv6zD/Xewyx7dfvFbqmP9GxOv9u+VPtvMnHfK/12X+m+sf33rUObvl/3eurfdDnH74/RCTs/P5nq8fuPP3ybudjhX1D3XK3+q1c/3LXdRe+GDjj4VOc0mR/+Txvb//3fIX98Qn7XGkEXGr/Vm013fkOL7443d71T8T0XyS7//LLuv/+evBq12eCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC1pRAxHkla24zStVCKORcTLMZTm1Vr91Gx1dWmmOBYxEqV0dj7PxiKivNlOivZ4K77fPrOjPRERL/10dDPpfJ5Vpqv5TK+LBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYNuxiBiOJK1ERBoRf5bTtFKJ6O/i2sFnMD4AAADggIz0egAAAADAU+f5HwAAAA6/J33+Tw54HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMChdvHChWJrbty7Nl20Z640VheqV07PZLWFyuLqdGW6urJcmatW5/KsMl1dfFR/ebW6PH4uVq+O1rNafbTWWLu8WF1dql+eX5yayy5npWdSFQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI9ruLUlaSUi0lacppVKxAsRMRKlZHY+z8Yi4sWIuFsuDRbt8V4PGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgANXa6wtTOV5tiIQCJ5Z8GFE/AeGsUfQ65kJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBeqDXWFqbyPFup9XokAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9Fb6SxIRxfZW+cTwjoN9A8lf5SIYiIj3P7/06dWpen1lPGIg+X17f/2z9v4zPSkAAAAAngfnH+fkref0red4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAbtUaawtTeZ6t7C84H421ZtLhnF7XCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPJl/AgAA///CK8Nb")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x1)
r1 = openat(0xffffffffffffff9c, 0x0, 0x2d41, 0xd5)
setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000074"], 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r5, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x18)
r7 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000404000000002e"], 0x0, 0x37}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0900000004000000040000000a00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=r7, @ANYBLOB="020000000100"/28], 0x48)
socket$nl_xfrm(0x10, 0x3, 0x6)
pwrite64(r0, 0x0, 0x0, 0x8000c61)

2.715921207s ago: executing program 5 (id=1717):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
openat$selinux_policy(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000f0000000000000c00000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000200b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10)
add_key$keyring(&(0x7f0000000540), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x8, &(0x7f0000000080)={[{@sb={'sb', 0x3d, 0x1}}, {@nodioread_nolock}]}, 0x2, 0x53a, &(0x7f0000000c80)="$eJzs3c9vI1cdAPDvOPHmR7NNCj0AArqUwoJW6yTeNqp6YXsBoaoSouLEYRsSN4pir6PYK5qwh+yReyVW4gT8B9w4IPXEgRs3kDj0Ug5IC6xADRIHoxlPEjexE7dJ7ST+fKTJzHszO9/34n3veV5kvwBG1o2I2I2IaxHxdkTM5vlJvsXd9pZe99HThyt7Tx+uJNFqvfXPJDuf5kXHv0k9k99zMiJ++L2InyTH4za2dzaWq9XKVp6eb9Y25xvbO7fXC3lOeWlxaeHVO6+Uz62uL9R+++S762/86Pe/+8qHf9r99s/SYs38/Hp2rrMeh4pnjpnk95npyBuPiDfOfOeLYzz//8Plk7a2z0XEi1n7n42x7NUEAK6yVms2WrOdaQDgqkuf/2ciKZTyuYCZKBRKpfYc3vMxXajWG81bs/UH91cjm8Oai2LhnfVqZSGfK5yLYpKmF7Pjw3T5Y+n3Knci4rmIeG9iKjtfWqlXV4f5xgcARtgzR8b//0y0x/9OZ/8rGABw4UwOuwAAwMB1jP9zwywHADA4nv8BYPR8gvHfpwMB4Irw/A8Ao8f4DwCj59Tx/9FgygEADMQP3nwz3Vp77e+/3v+m7turlcZGqfZgpbRS39osrdXra9VKaaXVOu1+1Xp9c/Hlg2Rje+derf7gfvPeem15rXKv4rsEAGD4nnvh/b+kg/7ua1PZFh1rORir4WorDLsAwNCMDbsAwND4PA+Mrj6e8U0DwBXXZYnetnyCIOl1wWOLv8JldfOL5v9hVJ1l/t/cAVxun27+/zvnXg5g8IzhMLparcSa/wAwYszxAz3//p/r+RUhj/u4+d1PXh4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4DGayLSmUsrXAd9OfhVIp4npEzEUxeWe9WlmIiGcj4s8TxYk0vTjsQgMAZ1T4e5Kv/3Vz9qWZo2evJf+dyPYR8dNfvvWLd5ebza3FNP9fB/nNx2n+VHOrfG0YFQAAOu2vu/nBYVY2fpfzfceD/EdPH67sb4Ms4pPXI2JyKou/l2/tM+Mxnu0noxgR0/9O8nRb+n5l7Bzi7z6KiC/s138y3u2IMJPNgbRXPj0aP419/dzjd/7+j8YvfKy+hexcui9mv4vPx5HCAad6//V2P5m3vbSJ5+2vEDeyfff2P5n1UGeX9n9pc9071v8VDvq/sWPxk6zN3zhIn1ySJy//4fvHMluz7XOPIr403i1+chA/6d7/Fl/qs44ffPmrL/Y61/pVxM2u9d9fkbqWdbPzzdrmfGN75/Z6bXmtsla5Xy4vLS4tvHrnlfJ8Nkfd/vnHbjH+8dqtZ3vFT+s/3SP+5Mn1j2/0Wf9f/+/tH3/thPjf+nr31//5E+KnY+I3+4y/PH235/LdafzVHvU/5fWPW33G//BvO6t9XgoADEBje2djuVqtbJ1ykL7XPO0aB/0fpM/2F6AY2UHsRpzXDbNJiYjoek36jvpiVPmzOkiGFv03533DYfdMwGftsNH3vuavgywQAAAAAAAAAAAAAABwTGN7Z2Oi+6e1zu1g2HUEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg6vp/AAAA//9W1cZQ")
open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x389b0d52417bb201)

2.005312641s ago: executing program 4 (id=1719):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000003b00)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10)
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c6261636b67726f756e645f67633d6f6e2c6e6f757365725f78617474722c6e6f71756f74612c64697361626c655f726f6c6c5f666f72776172642c67635f6d657267652c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c646973636172645f756e69743d73656374696f6e2c636865636b706f696e743d64697361626c652c6e6f696e6c696e655f64656e7472792c00ec6da92d1c80a6c720380e3c2c55bf27596d2776ce408c4bb19b149757508e1c7e919c6c2047023baa412d14fa75c8cac6e5f103e13ea52708af0a7c5da8af4ecb6612"], 0x2, 0x5512, &(0x7f000000e0c0)="$eJzs3M1rI2UYAPAn7Xa3++FaxIO3HViEFjah6ceit6q7+IFdyqoHT5omachukilNmtaePHgUD/4nouDJo3+DB8/exIPiTVAyM9XWD/zYtLHb3w8mz7xv33nmmVACz0xIAOfWXPLj96W4HpcjYjoirkVk+6Viy6zl4ZmIuBERU0e2UjH/68TFiLgSEddHyfOcpeJPH98a3lz97rUfvvjq0oWrn3z+9eSuGpi0ZyOiu53v73XzmLby+GD7yOfPaN3KsIj5Ad2HxTjN415zM8uwVztcV8vicitfn27v9kdxq1Orj2KrvZXNb/fyE/aHrcM82QEPajvZuNHczGK7n2axdZDXs3+Qf7Yd9Ad5nkaR770sfQwGhzGfb+43s1jbfpjFem9QzOd500ZzfxSHRSxOF/W008jq2PzPb/P/3uvt3u5+Mmzu9NtpL1mtVJ+rVG+XqztpozlorpRr3cbtlWS+1RktKw+ate5aK01bnWalnnYXkvlWvV6uVpP5O83Ndq2XVKuV5cpieXWh2LuVvHzvraTTSOZH8cV2b3fQ7vSTrXQnyY9YSJYqy88vJDeryRvrG8nG/bt31zfefOfO2/deWH/1pWLRH8pK5pcWl5bK1cXyUnXhHF3/B0XRY7x+eCSlSRcAcPbo/4FJ+Lv+f6Q2bGfx3/X/O/cjTr7/D/3/WJyp/ve89/8ncP3wSPT/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADn1jczn76S7czl46vF/BPF1FPFuBQRUxHx85+YjovHck4XeWb+Yv3M72r4shRZhtE5LhXblYhYK7afnjzpdwEAAAAeX5+9f+OjvFvPX+YmXRCnKb9pM3Xt3THlm42Imblvx5RtavTy9JiSZf/fF2J/TNmyG1izY0qW33K7MK5s/8j0sTB7JJTyMHWq5QAAAKfieCdwul0IAAAAp+nDSRfAZJTi8FHm4bPg7Jv3vz0QvHxsBAAAAJxBpUkXAAAAAJy4rP/3+38AAADweMt//w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5h535uEweiOAA/G7yw/7RotfdtZW9Qxpawxz1GFJAmKCAH0kIaoAZySwkRRHgcAhGHSB7bSvR9kjMZy/x4g+AwM9IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXbqv1ovbq9/XbXN2+3byjAYAAAC4ZFutF/U/s9T/2tz/3tz62fSLiCgj4tLcfRSfzjJHTU718vzN6fPVqxruIuqEw3tMmutLRPxprscfXX8KAAAA8HFtlqt5mq2nP7OhC6JPadGm/PY3U14REdXsIVNaecj7lSms/n6P43+mtHoBa5opLC25jXOlvUn9cz+u2k1PmiI15cWXHYvMNnYAAKBHo7Om31kIAAAAffo3dAEMo4jnrczjVuAkNc323uezHgAAAPAOFUMXAAAAAHSunv/3dP7f3vl/AAAAMIx0/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABd2lbrxWa5mrfN2e3byTMaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4YmdeTgCEwSAMrm+9if0XKwvmagUzEPj4FwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB/pu9lHrE07iRrr42t5yfJ3qlxdGqcnRvX+AMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXvbnHgVCIAjCaO36n8nc/7BSoAcwMnkPBj666WAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCl3/3yf2JqnEnmThtLxyPJ2lVj66qx96Bx9GB8/RsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+/eNm4oDAP5sn6+UH+II6IYgBBIDLPR6LS3dEAMoYuBPQIrSawm98qPNQKsKkYUNZe6CYEQICRS2/g+dW6lL2DLcECRmkH12zvkBOaCxL8nnIz2/7zmO3/fZUpSvnxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA0uidSZxkm844jot9D7buLGX9w1195t7ao/msZXFUZ9JHw0vVD1G3uUQAAAA4OZKyvg8hbKTrC1kfd/L6Py2PyWr+754Zx2U9v7vuL/uy9s/ar79svrA9UGc8TnbSK8vDwdm9qbQOb5az7dkDj2jlVz5/9pLkNyR+f/X5UZpfz+ib+/ffbefhqTqyBQD+izNlXwTl70NZ328yMQBOjFal8C7r/6TTbE4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdRithqfKOAohzLcmcebh1p2l/fp7a4/my3bx7t218NXknNkp0hDCleXh4Gyts5ltN2/dvrY4HA5u1B+8HEL4h2Pa4RBHf7uY/rUPh8NBesDBITRyfQSPKYiLmz0r+RyNoMEfSgAAHEtp0bK6fiNdX8j2RXMh/Pn9zvr/tUocpqz/Nz+6+KA6VrX+79c2w9nXW7n+We/mrdtvLF9fvDq4OvjkzXP9t/rnL124cKmXPyvpeWICAADA/9MuWrX+j+f2rv/HlThMWf9//m3/y+pYifp/X5NFv6YzAQAAONmee+WP36N99kftdvhicWXlRn+83f58brxtINV/7VTRqvV/Mtd0VgAAAEAdRqvRjvX/y5U4TLn+//QPL/5UPWcSQjhdrP+fWfp0eLm+6cy0Ov6cuOk5AgAAUIf4b79yumjV9f80f/8/jqrf/fqr47j4N4BT1f/Je1//WB2r+v7/+cOY5hESd8fXI++7IbS6TWcEAADAcfZE0bJi/7d0feHjn5/8oO39fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC6/RUAAP//iYg75g==")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0)
write$cgroup_int(r2, &(0x7f0000000200), 0x43451)

1.425469242s ago: executing program 1 (id=1720):
r0 = syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000180)={0x24, &(0x7f0000000000)={0x40, 0x5, 0xc, {0xc, 0xf, "54b24f90fa1a9f306bae"}}, 0x0, 0x0, 0x0}, 0x0)

1.343356754s ago: executing program 2 (id=1721):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x50}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x1d64, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000002000000000000000000018190000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10)
ustat(0x3, &(0x7f0000000000))

1.342903144s ago: executing program 3 (id=1722):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000001000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f00000004c0), 0xfe, 0x269, &(0x7f0000000200)="$eJzs3b1rJGUcB/Df7EvWmBCiNja+gIhoIMRCEGy0UQhIEBFBhYiIlSRCTNqslY2FvUoqmyB2RkuxCTb3B+TuUuSaa8IVF+7grthjZnaPzWZDXvZljsznA7szz87ztrDfZyeQmQ2gtGYj4t2IqEbEXETUIyLprvBy/phtF7cmd5cjWq2P7yRZvbyc67SbiohmRLwdUesc29j5/ODe3gev/bRef/X3nc8mx/X+uh0e7H949NvSj38tvrlRab823d52v49hSvq8Vksinh3FYE+IpFb0DDifP6+nuX8uIl7J8l+PSjuyP69N/FePN37t327iaLzzBEah1aqn34HNFlA6lewcOKnMR0S+X6nMz+fn8DeqSXy7uvb93Der6ytfF71SAUOQNPO/e/ff/6fx91RP/m9X8/yfy1sjnikwEmn+P/lo+2a6f1QtejbAWLyQb9L8z325+XrIP5SO/EN5yT+Ul/zDFXDJ7Mo/lJf8Q3nJP1xh9c5Os+/hwfN/v/0fhJefIjBuM9mz738or578F3I9LlCM7vwDAOXSahR8ATJQmKLXHwAAAAAAAAAAAAAAAAAA4KStyd3lzmNcY/7/S8ThexFROz5+IztazX6POOKp7Pnpu0la7bEkbzaQL14asIMB/THkq6+XGherP3NruONf1LUXR9PvD8eLp97bbnMloplWXqjVTn7+k/bn70yn9v/MGQ3rX51vgGFJesrvfDre8Xs93C52/MW9iH/T9Weh3/pXieezbf/1Z7r7FsuX9N2DATsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgbB4FAAD//1eqcO0=")
r0 = creat(&(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x10)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r0, 0xc0096616, 0x0)

1.223312256s ago: executing program 2 (id=1723):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000d00000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x54, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x18)
setreuid(0x0, 0x0)

1.126727778s ago: executing program 2 (id=1724):
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000200)={0x0, 0x22, 0xf, {[@global=@item_012={0x0, 0x1, 0xa}, @local=@item_4={0x3, 0x2, 0x5, "45501821"}, @global=@item_012={0x1, 0x1, 0x9, "f5"}, @global=@item_012={0x1, 0x1, 0x7, "84"}, @main=@item_4={0x3, 0x0, 0xb, "9e3ce0b2"}]}}, 0x0}, 0x0)
syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_pidfd_open(r0, 0x0)
socket(0x10, 0x80002, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0xfffffffffffffffd, 0x3, 0xfffffffffffffffd, 0xc}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0xfffffffffffffff8, 0x9, 0x0, 0x0, 0x7ffffffd, 0x7ff}, 0x0, 0x0)

1.126361118s ago: executing program 1 (id=1725):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={0x0, 0x0}, 0x28)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000004c0)={<r0=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r0, 0x1, 0x2a, &(0x7f0000000100), 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, &(0x7f00000004c0)=@nat={'nat\x00', 0x670, 0x5, 0x408, 0xb, 0x6, 0xfeffffff, 0xf0, 0x218, 0x3c0, 0x3c0, 0xffffffff, 0x3c0, 0x3c0, 0x5, 0x0, {[{{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, 0x0, 0x0, 'veth0_to_bond\x00', 'veth1_to_team\x00', {}, {}, 0x6}, 0x0, 0x98, 0xc0, 0x0, {}, [@common=@inet=@socket2={{0x28}}]}, @common=@inet=@TCPMSS={0x28}}, {{@uncond, 0x0, 0xf0, 0x128, 0x0, {}, [@common=@set={{0x40}}, @common=@set={{0x40}}]}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x0, @broadcast, @remote, @icmp_id}}}}, {{@ip={@loopback, @rand_addr, 0x0, 0x0, 'lo\x00', 'ip6tnl0\x00'}, 0x0, 0x98, 0xd0, 0x0, {}, [@common=@ttl={{0x28}}]}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x0, @remote, @initdev={0xac, 0x1e, 0x0, 0x0}, @icmp_id}}}}, {{@ip={@remote, @broadcast, 0x0, 0x0, 'pim6reg0\x00', 'wlan0\x00'}, 0x0, 0x70, 0xb8}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x0, @ipv6=@private2, @ipv4=@dev}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x468)

1.079583909s ago: executing program 5 (id=1726):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000030000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
socket$inet_tcp(0x2, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7040000010000008500000078000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r3}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r1}, 0x10)
pselect6(0x40, &(0x7f00000001c0)={0x2, 0x0, 0x3, 0xfffffffffffffffd, 0x3, 0x0, 0x0, 0xe}, 0x0, &(0x7f0000000300)={0x3ff, 0x7e7, 0x0, 0x9, 0x4, 0x0, 0x7fffffff, 0x3f8}, 0x0, 0x0)

1.02013807s ago: executing program 5 (id=1727):
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000000001000001"], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x18)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f00000012c0)=ANY=[@ANYBLOB="b0"], 0xb0)
getresuid(&(0x7f0000000440), &(0x7f0000000400), &(0x7f00000004c0)=<r3=>0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',privport,access=', @ANYRESDEC=r3])
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f00000001c0)=@known='trusted.overlay.redirect\x00', 0x0, 0xc300)

985.404391ms ago: executing program 5 (id=1728):
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000480)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000440)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_INIT(r2, &(0x7f0000000380)={0x50, 0x0, 0x0, {0x7, 0x2b, 0x0, 0x10000, 0x0, 0xfffd, 0x5, 0x7fff, 0x0, 0x0, 0x8}}, 0x50)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='kmem_cache_free\x00', r3}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}})
statx(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x20, 0x0)

910.642092ms ago: executing program 3 (id=1729):
r0 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, 0x0, 0x0, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000280)='./file0\x00', 0x88a, &(0x7f00000001c0)={[{@usrquota}, {@usrjquota, 0x22}, {@data_ordered}, {@noload}, {@grpid}, {@grpjquota, 0x22}, {@init_itable}, {@jqfmt_vfsold}, {@noblock_validity}]}, 0xfe, 0x44e, &(0x7f0000000900)="$eJzs3M1vG0UbAPDHdpw0bfMmbykfDS0ECiLiI2nSD3rgUgQSB5CQ4FDEKSRpFeo2qAkSrSIIHMIRVeKOOCLxF3ChXBBwQuIKd4QUoVwonIzW3k3dxE7ixIlL/ftJm8x4xpp5dnfs8azXAXSsoeRPLuJgRPwaEf3V7J0Vhqr/bq0sTP69sjCZi3L5jT9zlXp/rSxMZlWz5x2oZsrlDdpdejtiolSavprmR+cvvzc6d+36czOXJy5OX5y+Mn727KmTx7rPjJ9uSZx9SV8HP5w9euSVt268Nnn+xjs/fp3092BaXhtHqwxV925dT7a6sTbrq0nnutrYEZpSiIjkcBUr478/CtG7WtYfL3/S1s4Bu6pczpd7GhcvloF7WDJRBzpR9kaffP7Ntj2aetwVls/F6jrGrXSrlnRFPq1TTD8j7YahiDi/+M8XyRa7tA4BAFDr5rmIeLbe/C8fD9TU+196bWggIv4fEYci4r6IOBwR90dU6j4YEQ812f7aKyTr5z/l/m0FtkXJ/O+F9NrWnfO/bPYXA4U011eJv5i7MFOaPpHuk+Eo9iT5sQ3a+O6lXz5rVFY7/0u2pP1sLpj244+uNQt0UxPzEzuJudbyxxGDXfXiz63OeZP58ZGIGNxmGzNPf3W0Udnm8W+gBZPy8pcRT1WP/2KsiT+Ta3h9cuz5M+OnR/dFafrEaHZWrPfTz0uvN2p/R/G3wPLNcuyve/6vxj+Q2xcxd+36pcr12rnm21j67dOGn2m2e/53596spLvTxz6YmJ+/OhbRnXt1/ePjt5+b5bP6yfk/fLz++D8Ut/fEwxGRnMTHIuKRiHg07ftjEfF4RBzfIP4fXnzi3ebj32BVvoWS+Kc2O/5Re/ybTxQuff9N8/FnkuN/qpIaTh/ZyuvfVju4k30HAAAA/xX5ynfgc/mR1XQ+PzJS/Q7/4difL83OzT9zYfb9K1PV78oPRDGfrXT116yHjqVrw1l+fE3+ZLpu/Hmht5IfmZwtTbU7eOhwBxqM/8TvhXb3Dth17teCzmX8Q+cy/qFzGf/QuYx/6Fz1xv9HbegHsPc2ef/v3at+AHvP/B86l/EPncv4h47U8N74/I5u+ZdoU+Lb7p39VsPWE5G/S0K+ZxLFqFvUteUfs9hmoqduUbtfmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFrj3wAAAP//j57jFA==")
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)=ANY=[@ANYRES32=0x0, @ANYBLOB="842700000000000008001b0000"], 0x40}, 0x1, 0x0, 0x0, 0x20000084}, 0x4800)

860.747333ms ago: executing program 5 (id=1730):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x181040, 0x0)
socket$key(0xf, 0x3, 0x2)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r1 = getpid()
setitimer(0x2, &(0x7f0000000000)={{0x0, 0xea60}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="01000000040000000400000008"], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x13, 0x13, 0x0, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
socket$nl_audit(0x10, 0x3, 0x9)
r6 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000080)={'bridge0\x00', &(0x7f0000000040)=@ethtool_link_settings={0x4c, 0x0, 0x3, 0x2, 0x8, 0x0, 0x9, 0x0, 0x0, 0x3, [0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x9, 0xffffffc0]}})
r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000a80)=[@cpuid={0x14, 0x18, {0xc, 0x9}}, @rdmsr={0x32, 0x18, {0xb6d}}, @rdmsr={0x32, 0x18, {0x82d}}, @code={0xa, 0x64, {"4d0fc7ac847500000066baf80cb89473bf81ef66bafc0cedb9800000c00f3235000800000f30440f20c0350f000000440f22c0c462dd9374de00430f3566430fc7b0474a008b0f790cbc66ba4300ed360f20a7"}}, @cpuid={0x14, 0x18, {0x9, 0x7}}, @uexit={0x0, 0x18, 0xb}, @uexit={0x0, 0x18, 0xbff}, @wr_crn={0x46, 0x20, {0x8, 0x7eb9}}, @wr_crn={0x46, 0x20, {0x2, 0x2}}, @uexit={0x0, 0x18, 0xb7bc}, @wr_crn={0x46, 0x20, {0x4, 0xfffffffffffffff9}}, @cpuid={0x14, 0x18, {0x6, 0x5}}, @wr_crn={0x46, 0x20, {0x4, 0x8000}}, @wrmsr={0x1e, 0x20, {0x295, 0x1}}], 0x1c4})

770.735055ms ago: executing program 4 (id=1731):
mkdir(0x0, 0x50)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x11, 0x5, &(0x7f0000000680)=ANY=[@ANYBLOB="18080000000000000000000000000002850000000f00000085", @ANYRESDEC, @ANYRES64], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
connect$netlink(r1, &(0x7f0000000280)=@kern={0x10, 0x0, 0x0, 0x40000000}, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7)
fsmount(0xffffffffffffffff, 0x0, 0xa)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
syz_open_dev$loop(0x0, 0x6, 0x2)
r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'bridge0\x00'})
socket$netlink(0x10, 0x3, 0x0)
r7 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000300)={&(0x7f0000000080), 0xc, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c00000020000f0000f901000000000002"], 0x1c}}, 0x0)
pwritev(r7, &(0x7f0000000340), 0x0, 0x2, 0x0)

741.592445ms ago: executing program 1 (id=1732):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000200)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70200001400ffd9b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000d00)={&(0x7f0000000cc0)='mm_page_alloc\x00', r3}, 0x10)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)

403.364102ms ago: executing program 1 (id=1733):
clock_nanosleep(0xfe, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x10)
mount$incfs(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000040), 0x0, 0x0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80)
r1 = bpf$ITER_CREATE(0xb, &(0x7f00000004c0)={r0}, 0x8)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000bc0)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000090000000000000000000000c50000000ea20000850000000e00000095"], &(0x7f0000000b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x44)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r2}, 0x10)
r3 = syz_mount_image$fuse(0x0, 0x0, 0x3000009, 0x0, 0x1, 0x0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f0000000380)={'erspan0\x00', &(0x7f0000000600)={'erspan0\x00', <r4=>0x0, 0x7, 0x7, 0x7ff, 0x7ff, {{0x14, 0x4, 0x3, 0x34, 0x50, 0x68, 0x0, 0x2, 0x29, 0x0, @empty, @multicast2, {[@timestamp_prespec={0x44, 0x3c, 0xda, 0x3, 0x4, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0x1}, {@local, 0x8}, {@local, 0x3}, {@dev={0xac, 0x14, 0x14, 0x1e}, 0xb}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x3ff}, {@loopback, 0x4}, {@multicast1, 0xc}]}]}}}}})
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000007c0)=@bpf_tracing={0x1a, 0x11, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000050000ce000000000400f9ff17110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000010000008500000082000000151750000100000018640000050000000000000001000000182a0000", @ANYRES32=r1, @ANYBLOB="000000000700000095000000"], &(0x7f0000000180)='GPL\x00', 0x8, 0x0, 0x0, 0x60680, 0x20, '\x00', r4, 0x17, r1, 0x8, &(0x7f0000000680)={0x8, 0x5}, 0x8, 0x10, &(0x7f00000006c0)={0x5, 0x3, 0x4, 0x8}, 0x10, 0x1d45a, r2, 0x6, &(0x7f0000000700)=[r1, r1, r3, r1, r1, r1, r1], &(0x7f0000000740)=[{0x3, 0x2, 0x9, 0xb}, {0x3, 0x1, 0xa, 0x6}, {0x4, 0x3, 0x8, 0x8}, {0x3, 0x2, 0xf}, {0x2, 0x1, 0x8}, {0x5, 0x5, 0xb, 0x4}], 0x10, 0x207d}, 0x94)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/profiling', 0xa0042, 0x0)
write$tcp_mem(r5, &(0x7f0000000280)={0x11, 0x2d, 0x0, 0x3a, 0xfffffffffffffffe, 0x2c}, 0x48)

403.091322ms ago: executing program 2 (id=1734):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1100})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000001c0)={0x73622a85, 0x1200})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000480)={0x4c, 0x0, &(0x7f00000002c0)=[@acquire, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

289.841814ms ago: executing program 1 (id=1735):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0xffffffffffffffc1)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x10)
write$selinux_user(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB='system_u::bject_r:auth_cache_t r'], 0x27)

8.15854ms ago: executing program 2 (id=1736):
ustat(0x3, &(0x7f0000000000))

0s ago: executing program 2 (id=1737):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000030000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
socket$inet_tcp(0x2, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r2}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r1}, 0x10)
pselect6(0x40, &(0x7f00000001c0)={0x2, 0x0, 0x3, 0xfffffffffffffffd, 0x3, 0x0, 0x0, 0xe}, 0x0, &(0x7f0000000300)={0x3ff, 0x7e7, 0x0, 0x9, 0x4, 0x0, 0x7fffffff, 0x3f8}, 0x0, 0x0)

kernel console output (not intermixed with test programs):

0 entered promiscuous mode
[  245.991652][ T3764] device veth1_to_batadv entered promiscuous mode
[  245.999074][ T3764] device batadv_slave_1 entered promiscuous mode
[  246.010269][ T3764] device xfrm0 entered promiscuous mode
[  246.016939][ T3764] device veth0_to_hsr entered promiscuous mode
[  246.032856][ T3764] device hsr_slave_0 entered promiscuous mode
[  246.037701][   T24] usb 5-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= a.00
[  246.048305][ T3764] device veth1_to_hsr entered promiscuous mode
[  246.052069][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  246.062575][ T3764] device hsr_slave_1 entered promiscuous mode
[  246.064146][   T24] usb 5-1: config 0 descriptor??
[  246.073872][ T3764] device veth1_virt_wifi entered promiscuous mode
[  246.082188][ T3764] device veth0_virt_wifi entered promiscuous mode
[  246.089528][ T3764] device veth1_vlan entered promiscuous mode
[  246.098959][ T3764] device vlan0 entered promiscuous mode
[  246.104646][ T3764] device vlan1 entered promiscuous mode
[  246.111448][ T3764] device veth0_macvtap entered promiscuous mode
[  246.118722][ T3764] device macsec0 entered promiscuous mode
[  246.125353][ T3764] device erspan1 entered promiscuous mode
[  246.131506][ T3772] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[  246.140948][ T3772] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[  246.172121][  T283] EXT4-fs (loop0): unmounting filesystem.
[  246.273383][ T3792] loop0: detected capacity change from 0 to 512
[  246.409078][ T3792] ext2: Unknown parameter 'quota"errors'
[  246.463068][  T336] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  246.521670][   T24] hid-multitouch 0003:1FD2:6007.0009: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.4-1/input0
[  246.989827][   T24] usb 5-1: USB disconnect, device number 9
[  247.415866][ T3806] loop0: detected capacity change from 0 to 4096
[  247.526187][ T3806] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  247.571656][ T3806] overlayfs: missing 'lowerdir'
[  248.071166][  T283] EXT4-fs (loop0): unmounting filesystem.
[  248.158923][ T3824] loop4: detected capacity change from 0 to 512
[  248.182757][ T3824] EXT4-fs: Ignoring removed i_version option
[  248.184603][ T3809] loop3: detected capacity change from 0 to 40427
[  249.148795][ T3824] EXT4-fs: Ignoring removed bh option
[  249.362768][ T3824] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  249.389470][ T3809] F2FS-fs (loop3): Small segment_count (9 < 1 * 24)
[  249.400851][   T28] audit: type=1326 audit(1756884263.016:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3839 comm="syz.2.1062" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05bff8ebe9 code=0x7ffc0000
[  249.421639][ T3835] loop0: detected capacity change from 0 to 4096
[  249.430932][ T3824] ext4 filesystem being mounted at /214/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  249.435431][ T3809] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  249.467399][ T3835] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  249.470073][   T28] audit: type=1326 audit(1756884263.036:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3839 comm="syz.2.1062" exe="/root/syz-executor" sig=0 arch=c000003e syscall=155 compat=0 ip=0x7f05bff8ebe9 code=0x7ffc0000
[  249.495230][ T3835] overlayfs: missing 'lowerdir'
[  249.503251][  T286] EXT4-fs (loop4): unmounting filesystem.
[  249.505478][   T28] audit: type=1326 audit(1756884263.036:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3839 comm="syz.2.1062" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f05bff8ebe9 code=0x7ffc0000
[  249.556887][ T3809] F2FS-fs (loop3): Found nat_bits in checkpoint
[  249.684593][ T3851] loop2: detected capacity change from 0 to 512
[  250.895417][ T3851] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2
[  250.903589][ T3851] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2
[  250.914345][ T3851] EXT4-fs (loop2): 1 truncate cleaned up
[  250.920149][ T3851] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  251.017547][ T3809] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  251.232754][ T3809] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  251.545763][  T284] EXT4-fs (loop2): unmounting filesystem.
[  252.161707][ T3868] loop3: detected capacity change from 0 to 40427
[  252.176707][ T3868] F2FS-fs (loop3): Unrecognized mount option "whint_mode=user-based" or missing value
[  252.241204][  T283] EXT4-fs (loop0): unmounting filesystem.
[  252.255279][ T3877] tmpfs: Unknown parameter 'nolazytimeÿÿ'
[  252.383710][   T28] audit: type=1326 audit(1756884265.996:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3883 comm="syz.0.1075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67a318ebe9 code=0x7ffc0000
[  252.407794][ T3884] syz.0.1075 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  252.775758][   T28] audit: type=1326 audit(1756884266.026:353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3883 comm="syz.0.1075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=38 compat=0 ip=0x7f67a318ebe9 code=0x7ffc0000
[  252.801979][ T3889] loop4: detected capacity change from 0 to 512
[  252.815743][ T3889] EXT4-fs: Ignoring removed i_version option
[  252.819023][   T28] audit: type=1400 audit(1756884266.096:354): avc:  denied  { connect } for  pid=3879 comm="syz.3.1074" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  252.831035][ T3889] EXT4-fs: Ignoring removed bh option
[  252.842534][   T28] audit: type=1400 audit(1756884266.106:355): avc:  denied  { write } for  pid=3879 comm="syz.3.1074" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  252.867788][   T28] audit: type=1326 audit(1756884266.396:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3883 comm="syz.0.1075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67a318ebe9 code=0x7ffc0000
[  252.915780][ T3893] binder: 3892:3893 ioctl 40046205 0 returned -22
[  252.925949][   T28] audit: type=1326 audit(1756884266.396:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3883 comm="syz.0.1075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67a318ebe9 code=0x7ffc0000
[  252.927224][ T3889] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  252.971260][ T3889] ext4 filesystem being mounted at /216/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  252.996676][  T286] EXT4-fs (loop4): unmounting filesystem.
[  253.105707][ T3907] loop1: detected capacity change from 0 to 4096
[  253.117574][ T3907] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  253.481445][ T3907] overlayfs: missing 'lowerdir'
[  255.410292][ T3942] syz.2.1090[3942] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  255.410381][ T3942] syz.2.1090[3942] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  255.424128][ T3942] loop2: detected capacity change from 0 to 128
[  255.515110][   T24] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  255.729683][   T24] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  255.740477][  T285] EXT4-fs (loop1): unmounting filesystem.
[  255.745100][   T24] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4
[  255.776119][   T24] usb 4-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[  255.793538][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  255.812065][   T24] usb 4-1: Product: syz
[  255.815530][ T3947] syz.1.1096[3947] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  255.816463][ T3947] syz.1.1096[3947] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  255.821527][   T24] usb 4-1: Manufacturer: syz
[  255.852286][ T3947] loop1: detected capacity change from 0 to 512
[  255.862279][   T24] usb 4-1: SerialNumber: syz
[  255.872333][   T24] usb 4-1: config 0 descriptor??
[  255.884698][   T24] usb-storage 4-1:0.0: USB Mass Storage device detected
[  255.886693][ T3947] EXT4-fs: Ignoring removed mblk_io_submit option
[  255.898835][ T3947] EXT4-fs: Ignoring removed mblk_io_submit option
[  255.907567][ T3947] EXT4-fs (loop1): Test dummy encryption mode enabled
[  255.914437][ T3947] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  255.914777][   T24] usb-storage 4-1:0.0: Quirks match for vid 1908 pid 1315: 20000
[  255.928126][ T3947] EXT4-fs (loop1): 1 truncate cleaned up
[  255.938100][ T3947] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  255.963027][ T3947] fscrypt: AES-256-XTS using blk-crypto-fallback
[  256.457270][   T24] usb 4-1: USB disconnect, device number 8
[  256.681393][  T285] EXT4-fs (loop1): unmounting filesystem.
[  257.185039][  T352] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  257.615069][  T352] usb 5-1: Using ep0 maxpacket: 16
[  257.626053][   T28] audit: type=1400 audit(1756884271.246:358): avc:  denied  { read } for  pid=3977 comm="syz.1.1105" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=26941 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  257.626141][  T352] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  257.661584][  T352] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  258.024024][  T352] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  258.037048][  T352] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  258.046431][  T352] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  258.053098][ T3974] loop2: detected capacity change from 0 to 40427
[  258.060825][  T352] usb 5-1: config 0 descriptor??
[  258.061626][ T3974] F2FS-fs (loop2): Small segment_count (9 < 1 * 24)
[  258.075531][ T3974] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  258.099204][ T3985] loop0: detected capacity change from 0 to 2048
[  258.107894][ T3974] F2FS-fs (loop2): Found nat_bits in checkpoint
[  258.122572][ T3985] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  258.131399][ T3985] ext4 filesystem being mounted at /248/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  258.153882][ T3974] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  258.161087][ T3974] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  258.528731][ T3992] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1103'.
[  258.541349][  T352] usbhid 5-1:0.0: can't add hid device: -71
[  258.555806][  T352] usbhid: probe of 5-1:0.0 failed with error -71
[  258.564146][  T352] usb 5-1: USB disconnect, device number 10
[  259.005182][  T283] EXT4-fs (loop0): unmounting filesystem.
[  259.082774][ T4006] loop2: detected capacity change from 0 to 512
[  259.090300][ T4006] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  259.100005][ T4006] EXT4-fs (loop2): orphan cleanup on readonly fs
[  259.107757][ T4006] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.1112: bg 0: block 248: padding at end of block bitmap is not set
[  259.122430][ T4006] Quota error (device loop2): write_blk: dquota write failed
[  259.129989][ T4006] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[  259.139963][ T4006] EXT4-fs error (device loop2): ext4_acquire_dquot:6801: comm syz.2.1112: Failed to acquire dquot type 1
[  259.151737][ T4006] EXT4-fs (loop2): 1 truncate cleaned up
[  259.157645][ T4006] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  259.175796][ T4006] EXT4-fs error (device loop2): ext4_lookup:1862: inode #2: comm syz.2.1112: deleted inode referenced: 12
[  259.191734][  T284] EXT4-fs (loop2): unmounting filesystem.
[  260.412210][ T4039] loop3: detected capacity change from 0 to 512
[  260.718970][ T4039] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  260.789435][ T4039] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c802e02c, mo2=0002]
[  260.830777][ T4039] EXT4-fs (loop3): orphan cleanup on readonly fs
[  260.868290][ T4039] EXT4-fs error (device loop3): ext4_orphan_get:1426: comm syz.3.1125: bad orphan inode 267
[  260.922235][ T4039] EXT4-fs (loop3): Remounting filesystem read-only
[  260.928893][ T4039] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  260.979926][ T4035] loop0: detected capacity change from 0 to 40427
[  260.987006][ T4035] F2FS-fs (loop0): Small segment_count (9 < 1 * 24)
[  260.993692][ T4035] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  261.004341][ T4035] F2FS-fs (loop0): Found nat_bits in checkpoint
[  261.025892][ T4035] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  261.033001][ T4035] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  261.200213][ T4048] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1123'.
[  261.215101][   T24] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  261.395105][   T24] usb 4-1: Using ep0 maxpacket: 32
[  261.402112][   T24] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  261.554528][   T24] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  261.585417][   T24] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  261.595095][   T24] usb 4-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  261.604561][   T24] usb 4-1: Product: syz
[  261.609146][   T24] usb 4-1: Manufacturer: syz
[  261.697685][   T24] hub 4-1:4.0: USB hub found
[  261.890993][   T24] hub 4-1:4.0: config failed, hub has too many ports! (err -19)
[  262.060668][ T4062] loop1: detected capacity change from 0 to 512
[  262.107738][ T4062] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  262.121137][ T4062] ext4 filesystem being mounted at /210/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  262.161804][   T28] audit: type=1400 audit(1756884275.776:359): avc:  denied  { write } for  pid=4068 comm="syz.4.1132" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  262.182455][  T285] EXT4-fs (loop1): unmounting filesystem.
[  262.196538][ T4060] loop0: detected capacity change from 0 to 40427
[  262.211862][ T4060] F2FS-fs (loop0): Unrecognized mount option "whint_mode=user-based" or missing value
[  262.225185][  T352] usb 4-1: USB disconnect, device number 9
[  262.236125][ T4072] loop1: detected capacity change from 0 to 128
[  262.269548][ T4073] loop4: detected capacity change from 0 to 4096
[  262.286704][ T4073] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[  262.311166][ T4077] loop1: detected capacity change from 0 to 4096
[  262.326604][ T4077] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  262.343316][ T4077] overlayfs: missing 'lowerdir'
[  263.601216][  T287] EXT4-fs (loop3): unmounting filesystem.
[  263.635283][ T4088] pit: kvm: requested 9219 ns i8254 timer period limited to 200000 ns
[  263.761290][  T285] EXT4-fs (loop1): unmounting filesystem.
[  263.818167][   T28] audit: type=1400 audit(1756884277.436:360): avc:  denied  { read } for  pid=4099 comm="syz.4.1143" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  263.823913][ T4102] loop1: detected capacity change from 0 to 512
[  263.881133][ T4081] loop2: detected capacity change from 0 to 40427
[  263.889483][ T4102] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  263.898637][ T4102] ext4 filesystem being mounted at /214/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  263.923878][ T4081] F2FS-fs (loop2): Wrong segment_count / block_count (64 > 16384)
[  263.943545][ T4081] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  263.974609][ T4092] loop3: detected capacity change from 0 to 40427
[  263.982174][ T4081] F2FS-fs (loop2): Found nat_bits in checkpoint
[  263.998081][ T4092] F2FS-fs (loop3): Small segment_count (9 < 1 * 24)
[  264.020705][ T4092] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  264.053357][  T285] EXT4-fs (loop1): unmounting filesystem.
[  264.085097][   T24] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  264.146994][ T4081] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  264.160248][ T4081] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  264.175734][ T4092] F2FS-fs (loop3): Found nat_bits in checkpoint
[  264.265113][   T24] usb 1-1: Using ep0 maxpacket: 16
[  264.281788][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  264.296666][ T4092] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  264.308587][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  264.318802][ T4092] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  264.327432][   T24] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  264.341978][  T284] syz-executor: attempt to access beyond end of device
[  264.341978][  T284] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  264.350693][   T24] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  264.365376][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  264.379610][   T24] usb 1-1: config 0 descriptor??
[  264.517315][ T4120] tmpfs: Unknown parameter 'nolazytimeÿÿ'
[  264.523450][ T4118] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1139'.
[  264.558646][ T4117] loop1: detected capacity change from 0 to 40427
[  264.565756][ T4117] F2FS-fs (loop1): Unrecognized mount option "whint_mode=user-based" or missing value
[  264.591287][ T4124] loop1: detected capacity change from 0 to 256
[  264.607855][ T4124] FAT-fs (loop1): Directory bread(block 64) failed
[  264.614482][ T4124] FAT-fs (loop1): Directory bread(block 65) failed
[  264.621311][ T4124] FAT-fs (loop1): Directory bread(block 66) failed
[  264.629052][ T4124] FAT-fs (loop1): Directory bread(block 67) failed
[  264.635830][ T4124] FAT-fs (loop1): Directory bread(block 68) failed
[  264.642941][ T4124] FAT-fs (loop1): Directory bread(block 69) failed
[  264.649837][ T4124] FAT-fs (loop1): Directory bread(block 70) failed
[  264.656784][ T4124] FAT-fs (loop1): Directory bread(block 71) failed
[  264.663474][ T4124] FAT-fs (loop1): Directory bread(block 72) failed
[  264.670260][ T4124] FAT-fs (loop1): Directory bread(block 73) failed
[  264.796356][   T24] usbhid 1-1:0.0: can't add hid device: -71
[  264.812525][   T24] usbhid: probe of 1-1:0.0 failed with error -71
[  264.825176][  T352] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  264.835629][ T4128] loop4: detected capacity change from 0 to 4096
[  264.836248][   T24] usb 1-1: USB disconnect, device number 13
[  264.869498][ T4128] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  264.883427][ T4128] overlayfs: missing 'lowerdir'
[  266.104515][ T4139] pit: kvm: requested 9219 ns i8254 timer period limited to 200000 ns
[  266.116171][  T352] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  266.128379][  T352] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  266.147858][  T352] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  266.161444][  T352] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  266.172049][  T352] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  266.185744][  T352] usb 3-1: config 0 descriptor??
[  266.214534][ T4148] loop1: detected capacity change from 0 to 512
[  266.225393][ T4148] EXT4-fs error (device loop1): ext4_orphan_get:1400: inode #15: comm syz.1.1156: casefold flag without casefold feature
[  266.238879][ T4148] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.1156: couldn't read orphan inode 15 (err -117)
[  266.252613][ T4148] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  266.332396][  T286] EXT4-fs (loop4): unmounting filesystem.
[  267.009626][  T352] plantronics 0003:047F:FFFF.000A: No inputs registered, leaving
[  267.022854][  T352] plantronics 0003:047F:FFFF.000A: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  267.086775][  T285] EXT4-fs (loop1): unmounting filesystem.
[  267.517120][  T469] usb 3-1: USB disconnect, device number 4
[  267.545063][   T24] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  267.579523][ T4163] loop4: detected capacity change from 0 to 40427
[  267.590334][ T4163] F2FS-fs (loop4): Unrecognized mount option "whint_mode=user-based" or missing value
[  267.735106][   T24] usb 4-1: Using ep0 maxpacket: 16
[  267.741464][   T24] usb 4-1: config 0 has an invalid interface number: 105 but max is 0
[  267.750085][   T24] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  267.784039][   T24] usb 4-1: config 0 has no interface number 0
[  267.797910][   T24] usb 4-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  267.815100][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  267.835515][   T24] usb 4-1: Product: syz
[  267.840900][   T24] usb 4-1: Manufacturer: syz
[  267.845851][   T24] usb 4-1: SerialNumber: syz
[  267.856079][   T24] usb 4-1: config 0 descriptor??
[  267.863820][   T24] usb 4-1: Found UVC 0.00 device syz (046d:08f3)
[  267.870520][   T24] usb 4-1: No valid video chain found.
[  268.125193][   T24] usb 4-1: USB disconnect, device number 10
[  268.345048][  T352] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  268.464745][ T4200] loop1: detected capacity change from 0 to 128
[  268.535074][  T352] usb 3-1: Using ep0 maxpacket: 16
[  268.552486][  T352] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  268.563504][  T352] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  268.573860][  T352] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  268.586739][  T352] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  268.595875][  T352] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  268.615172][  T352] usb 3-1: config 0 descriptor??
[  268.732363][ T4209] loop4: detected capacity change from 0 to 40427
[  268.776964][ T4209] F2FS-fs (loop4): Unrecognized mount option "whint_mode=user-based" or missing value
[  269.172007][  T352] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0
[  269.179442][  T352] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0
[  269.186923][  T352] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0
[  269.194184][  T352] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0
[  269.201697][  T352] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0
[  269.209229][  T352] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0
[  269.216628][  T352] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0
[  269.223888][  T352] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0
[  269.231379][  T352] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0
[  269.231836][ T4229] loop0: detected capacity change from 0 to 128
[  269.238828][  T352] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0
[  269.252524][  T288] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  269.265141][  T352] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0
[  269.272402][  T352] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0
[  269.279867][  T352] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0
[  269.287312][  T352] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0
[  269.294553][  T352] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0
[  269.301862][  T352] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0
[  269.309310][  T352] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0
[  269.317081][  T352] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0
[  269.324312][  T352] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0
[  269.347462][  T352] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0
[  269.354745][  T352] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0
[  269.362477][  T352] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0
[  269.370056][  T352] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0
[  269.381551][  T352] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0
[  269.389549][  T352] microsoft 0003:045E:07DA.000B: No inputs registered, leaving
[  269.398546][  T352] microsoft 0003:045E:07DA.000B: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0
[  269.410320][  T352] microsoft 0003:045E:07DA.000B: no inputs found
[  269.416917][  T352] microsoft 0003:045E:07DA.000B: could not initialize ff, continuing anyway
[  269.437452][  T352] usb 3-1: USB disconnect, device number 5
[  269.446233][  T288] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  269.465578][  T288] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  269.482461][ T4240] fido_id[4240]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  269.496836][  T288] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  269.512668][  T288] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  269.523282][  T288] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  269.532623][  T288] usb 2-1: config 0 descriptor??
[  269.601097][ T4242] loop3: detected capacity change from 0 to 512
[  269.665458][ T4242] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.1189: bg 0: block 393: padding at end of block bitmap is not set
[  269.695379][ T4242] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6170: Corrupt filesystem
[  269.713745][ T4242] EXT4-fs (loop3): 2 truncates cleaned up
[  269.726994][ T4242] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  269.763050][ T4242] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  269.775161][ T4242] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  269.802317][ T4242] EXT4-fs (loop3): re-mounted. Quota mode: writeback.
[  269.821475][  T287] EXT4-fs (loop3): unmounting filesystem.
[  269.920110][ T4250] loop0: detected capacity change from 0 to 40427
[  269.931874][   T28] audit: type=1326 audit(1756884283.546:361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4255 comm="syz.3.1194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b6dd8ebe9 code=0x7ffc0000
[  269.932103][ T4250] F2FS-fs (loop0): Unrecognized mount option "whint_mode=user-based" or missing value
[  269.966344][  T288] plantronics 0003:047F:FFFF.000C: No inputs registered, leaving
[  269.994427][   T28] audit: type=1326 audit(1756884283.546:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4255 comm="syz.3.1194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b6dd8ebe9 code=0x7ffc0000
[  270.034475][   T28] audit: type=1326 audit(1756884283.586:363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4255 comm="syz.3.1194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f5b6dd8ebe9 code=0x7ffc0000
[  270.239732][   T28] audit: type=1326 audit(1756884283.586:364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4255 comm="syz.3.1194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b6dd8ebe9 code=0x7ffc0000
[  270.264299][  T288] plantronics 0003:047F:FFFF.000C: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  270.292168][   T28] audit: type=1326 audit(1756884283.586:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4255 comm="syz.3.1194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b6dd8ebe9 code=0x7ffc0000
[  270.316582][   T28] audit: type=1326 audit(1756884283.676:366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4255 comm="syz.3.1194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f5b6dd8ebe9 code=0x7ffc0000
[  270.348952][   T28] audit: type=1326 audit(1756884283.676:367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4255 comm="syz.3.1194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b6dd8ebe9 code=0x7ffc0000
[  270.349860][ T4266] loop0: detected capacity change from 0 to 128
[  270.372586][   T28] audit: type=1326 audit(1756884283.676:368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4255 comm="syz.3.1194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b6dd8ebe9 code=0x7ffc0000
[  270.402140][   T28] audit: type=1326 audit(1756884283.676:369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4255 comm="syz.3.1194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f5b6dd8ebe9 code=0x7ffc0000
[  270.425689][   T28] audit: type=1326 audit(1756884283.676:370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4255 comm="syz.3.1194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b6dd8ebe9 code=0x7ffc0000
[  270.429780][   T24] usb 2-1: USB disconnect, device number 11
[  271.752369][ T4298] loop2: detected capacity change from 0 to 128
[  273.064026][ T4322] loop1: detected capacity change from 0 to 256
[  273.101392][ T4322] FAT-fs (loop1): Directory bread(block 64) failed
[  273.110413][ T4322] FAT-fs (loop1): Directory bread(block 65) failed
[  273.117317][ T4322] FAT-fs (loop1): Directory bread(block 66) failed
[  273.127090][ T4322] FAT-fs (loop1): Directory bread(block 67) failed
[  273.133881][ T4322] FAT-fs (loop1): Directory bread(block 68) failed
[  273.140781][ T4322] FAT-fs (loop1): Directory bread(block 69) failed
[  273.150985][ T4322] FAT-fs (loop1): Directory bread(block 70) failed
[  273.157900][ T4322] FAT-fs (loop1): Directory bread(block 71) failed
[  273.164633][ T4322] FAT-fs (loop1): Directory bread(block 72) failed
[  273.171487][ T4322] FAT-fs (loop1): Directory bread(block 73) failed
[  273.273511][ T4330] xt_hashlimit: max too large, truncated to 1048576
[  273.786191][ T4342] loop4: detected capacity change from 0 to 512
[  273.811287][ T4342] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  273.826574][ T4342] ext4 filesystem being mounted at /247/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  273.889392][ T4348] loop0: detected capacity change from 0 to 512
[  273.919374][ T4342] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3354154791 (6708309582 ns) > initial count (4455734788 ns). Using initial count to start timer.
[  273.952283][ T4348] EXT4-fs (loop0): Test dummy encryption mode enabled
[  273.966977][ T4348] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  273.977044][ T4343] loop3: detected capacity change from 0 to 40427
[  273.981859][ T4348] EXT4-fs (loop0): 1 truncate cleaned up
[  273.989672][ T4348] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  273.997911][ T4343] F2FS-fs (loop3): invalid crc value
[  274.150373][ T4343] F2FS-fs (loop3): Found nat_bits in checkpoint
[  274.157581][ T4348] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni"
[  274.383706][ T4343] F2FS-fs (loop3): Start checkpoint disabled!
[  274.390710][  T286] EXT4-fs (loop4): unmounting filesystem.
[  274.391381][ T4358] loop1: detected capacity change from 0 to 2048
[  274.403255][ T4343] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  274.435194][ T4358] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  274.456857][ T4358] ext4 filesystem being mounted at /238/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  274.459397][ T4343] syz.3.1223: attempt to access beyond end of device
[  274.459397][ T4343] loop3: rw=2049, sector=53248, nr_sectors = 544 limit=40427
[  274.480882][ T4365] loop4: detected capacity change from 0 to 256
[  274.503458][  T283] EXT4-fs (loop0): unmounting filesystem.
[  274.517589][ T4365] FAT-fs (loop4): Directory bread(block 64) failed
[  274.524281][ T4365] FAT-fs (loop4): Directory bread(block 65) failed
[  274.532167][ T4365] FAT-fs (loop4): Directory bread(block 66) failed
[  274.538903][ T4365] FAT-fs (loop4): Directory bread(block 67) failed
[  274.568472][ T4365] FAT-fs (loop4): Directory bread(block 68) failed
[  274.577062][ T4343] syz.3.1223: attempt to access beyond end of device
[  274.577062][ T4343] loop3: rw=2049, sector=53248, nr_sectors = 544 limit=40427
[  274.591284][ T4365] FAT-fs (loop4): Directory bread(block 69) failed
[  274.598311][ T4365] FAT-fs (loop4): Directory bread(block 70) failed
[  274.735950][ T4365] FAT-fs (loop4): Directory bread(block 71) failed
[  274.890323][ T4365] FAT-fs (loop4): Directory bread(block 72) failed
[  274.899589][ T4365] FAT-fs (loop4): Directory bread(block 73) failed
[  274.932583][    T8] kworker/u4:0: attempt to access beyond end of device
[  274.932583][    T8] loop3: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  275.075220][   T28] kauditd_printk_skb: 120 callbacks suppressed
[  275.075256][   T28] audit: type=1400 audit(1756884288.666:491): avc:  denied  { mounton } for  pid=4372 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  275.285484][  T285] EXT4-fs (loop1): unmounting filesystem.
[  275.437144][ T4372] bridge0: port 1(bridge_slave_0) entered blocking state
[  275.449925][ T4372] bridge0: port 1(bridge_slave_0) entered disabled state
[  275.462381][ T4372] device bridge_slave_0 entered promiscuous mode
[  275.469632][ T4372] bridge0: port 2(bridge_slave_1) entered blocking state
[  275.477102][ T4372] bridge0: port 2(bridge_slave_1) entered disabled state
[  275.484621][ T4372] device bridge_slave_1 entered promiscuous mode
[  275.491851][ T3063] bridge0: port 2(bridge_slave_1) entered disabled state
[  275.499879][ T3063] bridge0: port 1(bridge_slave_0) entered disabled state
[  276.022502][ T4397] loop4: detected capacity change from 0 to 40427
[  276.037985][ T4397] F2FS-fs (loop4): Unrecognized mount option "whint_mode=user-based" or missing value
[  276.409435][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  276.431519][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  276.457057][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  276.468077][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  276.542448][ T4418] loop3: detected capacity change from 0 to 1024
[  276.549644][ T4418] EXT4-fs: Ignoring removed bh option
[  276.555759][   T24] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  276.557754][  T349] bridge0: port 1(bridge_slave_0) entered blocking state
[  276.570855][  T349] bridge0: port 1(bridge_slave_0) entered forwarding state
[  276.651703][ T4422] syz.1.1247[4422] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  276.651789][ T4422] syz.1.1247[4422] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  276.771283][ T4418] EXT4-fs error (device loop3): ext4_map_blocks:635: inode #3: block 2: comm syz.3.1246: lblock 2 mapped to illegal pblock 2 (length 1)
[  276.810204][ T4418] Quota error (device loop3): qtree_write_dquot: dquota write failed
[  276.818543][ T4418] EXT4-fs error (device loop3): ext4_map_blocks:635: inode #3: block 48: comm syz.3.1246: lblock 0 mapped to illegal pblock 48 (length 1)
[  276.856326][ T4418] Quota error (device loop3): v2_write_file_info: Can't write info structure
[  276.880331][ T4418] EXT4-fs error (device loop3): ext4_acquire_dquot:6801: comm syz.3.1246: Failed to acquire dquot type 0
[  276.924294][ T4418] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5917: Corrupt filesystem
[  276.940529][ T4418] EXT4-fs error (device loop3): ext4_evict_inode:279: inode #11: comm syz.3.1246: mark_inode_dirty error
[  276.957220][ T4418] EXT4-fs warning (device loop3): ext4_evict_inode:282: couldn't mark inode dirty (err -117)
[  276.967929][ T4418] EXT4-fs (loop3): 1 orphan inode deleted
[  276.973767][ T4418] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  277.035067][  T335] EXT4-fs error (device loop3): ext4_map_blocks:635: inode #3: block 1: comm kworker/u4:3: lblock 1 mapped to illegal pblock 1 (length 1)
[  278.392687][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  278.398161][  T335] Quota error (device loop3): remove_tree: Can't read quota data block 1
[  278.410053][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  278.420806][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  278.429927][  T349] bridge0: port 2(bridge_slave_1) entered blocking state
[  278.437016][  T349] bridge0: port 2(bridge_slave_1) entered forwarding state
[  278.437828][  T335] EXT4-fs error (device loop3): ext4_release_dquot:6837: comm kworker/u4:3: Failed to release dquot type 0
[  278.482205][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  278.534615][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  278.573417][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  278.603653][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  278.686510][   T24] usb 3-1: New USB device found, idVendor=07fd, idProduct=0004, bcdDevice=26.50
[  278.703757][ T4372] device veth0_vlan entered promiscuous mode
[  278.709888][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  278.718147][   T24] usb 3-1: Product: syz
[  278.722318][   T24] usb 3-1: Manufacturer: syz
[  279.062629][ T4372] device veth1_macvtap entered promiscuous mode
[  279.069338][   T24] usb 3-1: SerialNumber: syz
[  279.074779][   T24] usb 3-1: config 0 descriptor??
[  279.085316][   T24] usb 3-1: can't set config #0, error -71
[  279.094972][   T24] usb 3-1: USB disconnect, device number 6
[  279.165097][   T28] audit: type=1400 audit(1756884292.776:492): avc:  denied  { mounton } for  pid=4372 comm="syz-executor" path="/root/syzkaller.DF6EXo/syz-tmp" dev="sda1" ino=2047 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[  279.207307][   T28] audit: type=1400 audit(1756884292.776:493): avc:  denied  { mounton } for  pid=4372 comm="syz-executor" path="/root/syzkaller.DF6EXo/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  279.246637][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  279.246846][   T28] audit: type=1400 audit(1756884292.776:494): avc:  denied  { mounton } for  pid=4372 comm="syz-executor" path="/root/syzkaller.DF6EXo/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=29166 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  279.273633][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  279.282829][   T28] audit: type=1400 audit(1756884292.776:495): avc:  denied  { mounton } for  pid=4372 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=570 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  279.293917][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  279.325615][   T28] audit: type=1400 audit(1756884292.776:496): avc:  denied  { mounton } for  pid=4372 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  279.327374][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  279.357371][   T28] audit: type=1400 audit(1756884292.856:497): avc:  denied  { write } for  pid=4441 comm="syz.5.1232" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  279.377545][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  279.386108][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  279.394507][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  279.402526][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  279.412163][  T287] EXT4-fs (loop3): unmounting filesystem.
[  279.418003][  T287] EXT4-fs error (device loop3): __ext4_get_inode_loc:4509: comm syz-executor: Invalid inode table block 1 in block_group 0
[  279.431559][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  279.434041][ T4446] loop5: detected capacity change from 0 to 4096
[  279.440192][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  279.463436][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  279.473155][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  279.480770][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  279.488655][  T287] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5917: Corrupt filesystem
[  279.502607][  T287] EXT4-fs error (device loop3): ext4_quota_off:7107: inode #3: comm syz-executor: mark_inode_dirty error
[  279.524694][ T4446] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  279.586871][ T4446] overlayfs: missing 'lowerdir'
[  279.738384][ T4448] loop1: detected capacity change from 0 to 40427
[  279.745719][ T4448] F2FS-fs (loop1): Unrecognized mount option "whint_mode=user-based" or missing value
[  280.026466][ T4466] loop2: detected capacity change from 0 to 128
[  280.056620][ T4466] EXT4-fs (loop2): Test dummy encryption mode enabled
[  280.072130][ T4466] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  280.081112][ T4466] ext4 filesystem being mounted at /242/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  280.928263][ T4372] EXT4-fs (loop5): unmounting filesystem.
[  281.004595][ T4473] loop4: detected capacity change from 0 to 1024
[  281.016694][ T4473] EXT4-fs: Ignoring removed i_version option
[  281.037740][   T28] audit: type=1400 audit(1756884294.656:498): avc:  denied  { write } for  pid=4474 comm="syz.5.1262" path="socket:[29964]" dev="sockfs" ino=29964 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  281.061269][ T4473] EXT4-fs (loop4): Test dummy encryption mode enabled
[  281.062110][  T284] EXT4-fs (loop2): unmounting filesystem.
[  281.104635][ T4473] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  281.917253][  T286] EXT4-fs (loop4): unmounting filesystem.
[  282.063428][  T467] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  282.123023][ T4491] loop1: detected capacity change from 0 to 1024
[  282.178945][ T4491] EXT4-fs: Ignoring removed bh option
[  282.223992][ T4491] EXT4-fs error (device loop1): ext4_map_blocks:635: inode #3: block 2: comm syz.1.1267: lblock 2 mapped to illegal pblock 2 (length 1)
[  282.246675][  T467] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  282.265214][  T467] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  282.295088][  T467] usb 6-1: New USB device found, idVendor=06cb, idProduct=73f6, bcdDevice= 0.00
[  282.323700][ T4491] Quota error (device loop1): qtree_write_dquot: dquota write failed
[  282.342014][  T467] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  282.355036][  T352] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  282.381361][ T4491] EXT4-fs error (device loop1): ext4_map_blocks:635: inode #3: block 48: comm syz.1.1267: lblock 0 mapped to illegal pblock 48 (length 1)
[  282.396083][  T467] usb 6-1: config 0 descriptor??
[  282.460827][ T4491] Quota error (device loop1): v2_write_file_info: Can't write info structure
[  282.510635][ T4491] EXT4-fs error (device loop1): ext4_acquire_dquot:6801: comm syz.1.1267: Failed to acquire dquot type 0
[  282.539994][ T4491] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5917: Corrupt filesystem
[  282.550782][  T352] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  282.568342][ T4500] binder: BINDER_SET_CONTEXT_MGR already set
[  282.575030][ T4491] EXT4-fs error (device loop1): ext4_evict_inode:279: inode #11: comm syz.1.1267: mark_inode_dirty error
[  282.586373][ T4500] binder: 4499:4500 ioctl 4018620d 2000000001c0 returned -16
[  282.589468][ T4497] loop4: detected capacity change from 0 to 40427
[  282.600812][ T4491] EXT4-fs warning (device loop1): ext4_evict_inode:282: couldn't mark inode dirty (err -117)
[  282.601037][  T352] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  282.620887][ T4491] EXT4-fs (loop1): 1 orphan inode deleted
[  282.623497][ T4497] F2FS-fs (loop4): Unrecognized mount option "whint_mode=user-based" or missing value
[  282.636423][ T4491] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  282.637038][  T352] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  282.665058][  T352] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  282.674881][  T352] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  282.704309][ T3063] EXT4-fs error (device loop1): ext4_map_blocks:635: inode #3: block 1: comm kworker/u4:9: lblock 1 mapped to illegal pblock 1 (length 1)
[  282.718687][  T288] usb 6-1: USB disconnect, device number 2
[  282.726527][  T352] usb 4-1: config 0 descriptor??
[  282.744392][ T3063] Quota error (device loop1): remove_tree: Can't read quota data block 1
[  282.760816][ T3063] EXT4-fs error (device loop1): ext4_release_dquot:6837: comm kworker/u4:9: Failed to release dquot type 0
[  282.806342][ T4502] loop4: detected capacity change from 0 to 4096
[  282.826918][ T4502] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  283.129315][ T4502] overlayfs: missing 'lowerdir'
[  283.333386][  T352] plantronics 0003:047F:FFFF.000D: No inputs registered, leaving
[  283.349942][  T352] plantronics 0003:047F:FFFF.000D: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  283.597487][   T28] audit: type=1400 audit(1756884297.216:499): avc:  denied  { map } for  pid=4516 comm="syz.2.1275" path="socket:[29274]" dev="sockfs" ino=29274 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  283.657856][   T28] audit: type=1400 audit(1756884297.246:500): avc:  denied  { read accept } for  pid=4516 comm="syz.2.1275" path="socket:[29274]" dev="sockfs" ino=29274 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  283.762139][  T286] EXT4-fs (loop4): unmounting filesystem.
[  283.781018][  T469] usb 4-1: USB disconnect, device number 11
[  284.149204][   T28] audit: type=1326 audit(1756884297.696:501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4527 comm="syz.4.1279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a6278ebe9 code=0x7ffc0000
[  284.570316][   T28] audit: type=1326 audit(1756884297.696:502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4527 comm="syz.4.1279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a6278ebe9 code=0x7ffc0000
[  284.779302][   T28] audit: type=1326 audit(1756884297.706:503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4527 comm="syz.4.1279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f2a6278ebe9 code=0x7ffc0000
[  284.839533][   T28] audit: type=1326 audit(1756884297.706:504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4527 comm="syz.4.1279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a6278ebe9 code=0x7ffc0000
[  285.049224][ T4541] binder: 4540:4541 ioctl 40046205 0 returned -22
[  285.178372][  T285] EXT4-fs (loop1): unmounting filesystem.
[  285.184267][  T285] EXT4-fs error (device loop1): __ext4_get_inode_loc:4509: comm syz-executor: Invalid inode table block 1 in block_group 0
[  285.197471][  T285] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5917: Corrupt filesystem
[  285.207499][ T4536] loop4: detected capacity change from 0 to 40427
[  285.211830][  T285] EXT4-fs error (device loop1): ext4_quota_off:7107: inode #3: comm syz-executor: mark_inode_dirty error
[  285.242882][ T4536] F2FS-fs (loop4): Unrecognized mount option "whint_mode=user-based" or missing value
[  285.258178][ T4551] loop1: detected capacity change from 0 to 128
[  285.272529][ T4550] loop3: detected capacity change from 0 to 4096
[  285.289032][ T4551] EXT4-fs (loop1): Test dummy encryption mode enabled
[  285.305550][ T4550] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  285.317575][ T4551] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  285.327000][ T4550] overlayfs: missing 'lowerdir'
[  285.341042][ T4551] ext4 filesystem being mounted at /246/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  285.438866][  T285] EXT4-fs (loop1): unmounting filesystem.
[  285.485074][   T24] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  285.836975][   T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  285.867938][   T24] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4
[  285.964684][   T24] usb 3-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[  285.974501][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  285.982659][   T24] usb 3-1: Product: syz
[  285.987007][   T24] usb 3-1: Manufacturer: syz
[  285.991620][   T24] usb 3-1: SerialNumber: syz
[  285.997093][   T24] usb 3-1: config 0 descriptor??
[  286.002734][   T24] usb-storage 3-1:0.0: USB Mass Storage device detected
[  286.010249][   T24] usb-storage 3-1:0.0: Quirks match for vid 1908 pid 1315: 20000
[  286.088746][  T287] EXT4-fs (loop3): unmounting filesystem.
[  286.205418][   T24] usb 3-1: USB disconnect, device number 7
[  286.793647][ T4598] binder: 4597:4598 ioctl 40046205 0 returned -22
[  286.802952][ T4589] loop4: detected capacity change from 0 to 40427
[  286.813192][ T4589] F2FS-fs (loop4): Unrecognized mount option "whint_mode=user-based" or missing value
[  287.212194][ T4610] loop5: detected capacity change from 0 to 1024
[  287.232491][ T4608] loop4: detected capacity change from 0 to 4096
[  287.256624][ T4608] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  287.257050][ T4610] EXT4-fs: Ignoring removed orlov option
[  287.271784][ T4610] EXT4-fs: Ignoring removed nomblk_io_submit option
[  287.272666][ T4617] tmpfs: Unknown parameter 'nolazytimeÿÿ'
[  287.281124][ T4608] overlayfs: missing 'lowerdir'
[  287.337679][ T4610] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  287.369191][   T28] kauditd_printk_skb: 43 callbacks suppressed
[  287.369209][   T28] audit: type=1400 audit(1756884300.986:548): avc:  denied  { shutdown } for  pid=4622 comm="syz.2.1313" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  287.407502][ T4372] EXT4-fs (loop5): unmounting filesystem.
[  287.435305][ T4623] process 'syz.2.1313' launched './file0' with NULL argv: empty string added
[  287.750987][ T4630] binder: 4629:4630 ioctl 40046205 0 returned -22
[  287.796477][ T4639] loop2: detected capacity change from 0 to 256
[  287.807944][ T4639] exFAT-fs (loop2): failed to load upcase table (idx : 0x00011d5f, chksum : 0x09863542, utbl_chksum : 0x000cd30d)
[  287.871258][   T28] audit: type=1400 audit(1756884301.486:549): avc:  denied  { read write } for  pid=4638 comm="syz.2.1319" name="file2" dev="loop2" ino=1048667 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  287.885363][ T4641] loop5: detected capacity change from 0 to 512
[  287.938557][   T28] audit: type=1400 audit(1756884301.546:550): avc:  denied  { open } for  pid=4638 comm="syz.2.1319" path="/258/file2/file2" dev="loop2" ino=1048667 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  287.959799][ T4641] EXT4-fs error (device loop5): ext4_orphan_get:1400: inode #15: comm syz.5.1314: casefold flag without casefold feature
[  287.992210][ T4641] EXT4-fs error (device loop5): ext4_orphan_get:1405: comm syz.5.1314: couldn't read orphan inode 15 (err -117)
[  288.004782][ T4641] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  288.074931][  T286] EXT4-fs (loop4): unmounting filesystem.
[  289.650873][ T4651] tmpfs: Unknown parameter 'nolazytimeÿÿ'
[  290.153370][ T4372] EXT4-fs (loop5): unmounting filesystem.
[  290.175084][   T24] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  290.387808][   T24] usb 2-1: New USB device found, idVendor=07fd, idProduct=0004, bcdDevice=26.50
[  290.397002][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  290.405358][   T24] usb 2-1: Product: syz
[  290.409605][   T24] usb 2-1: Manufacturer: syz
[  290.414329][   T24] usb 2-1: SerialNumber: syz
[  290.448880][   T24] usb 2-1: config 0 descriptor??
[  290.615157][  T288] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  290.669170][ T2042] usb 2-1: USB disconnect, device number 12
[  290.806200][  T288] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  290.816411][  T288] usb 6-1: config 0 interface 0 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  290.856126][  T288] usb 6-1: config 0 interface 0 has no altsetting 0
[  290.862843][  T288] usb 6-1: New USB device found, idVendor=06cb, idProduct=73f6, bcdDevice= 0.00
[  290.872154][  T288] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  290.884091][  T288] usb 6-1: config 0 descriptor??
[  290.891463][  T288] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[  290.932922][ T4686] loop3: detected capacity change from 0 to 512
[  290.943771][ T4686] EXT4-fs error (device loop3): ext4_orphan_get:1400: inode #15: comm syz.3.1336: casefold flag without casefold feature
[  290.956785][ T4686] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.1336: couldn't read orphan inode 15 (err -117)
[  290.968858][ T4686] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  291.113129][ T2042] usb 6-1: USB disconnect, device number 3
[  291.356791][  T287] EXT4-fs (loop3): unmounting filesystem.
[  292.441253][ T4708] loop4: detected capacity change from 0 to 4096
[  292.449329][ T4708] EXT4-fs: Ignoring removed mblk_io_submit option
[  292.486392][ T4708] EXT4-fs (loop4): Test dummy encryption mode enabled
[  292.608576][ T4708] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  293.546438][ T4716] loop1: detected capacity change from 0 to 1024
[  293.553344][ T4716] EXT4-fs: Ignoring removed orlov option
[  293.594776][ T4716] EXT4-fs: Ignoring removed nomblk_io_submit option
[  293.622307][ T4716] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  293.709466][  T286] EXT4-fs (loop4): unmounting filesystem.
[  294.117505][  T285] EXT4-fs (loop1): unmounting filesystem.
[  294.187244][ T4737] loop1: detected capacity change from 0 to 128
[  294.282243][ T4742] syz.3.1350[4742] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  294.282495][ T4742] syz.3.1350[4742] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  294.667384][   T28] audit: type=1400 audit(1756884308.286:551): avc:  denied  { ioctl } for  pid=4745 comm="syz.2.1353" path="socket:[29632]" dev="sockfs" ino=29632 ioctlcmd=0x8983 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  294.705643][  T288] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  294.722894][ T4748] loop2: detected capacity change from 0 to 4096
[  294.746678][ T4748] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  294.820615][ T4748] overlayfs: missing 'lowerdir'
[  294.897718][  T288] usb 5-1: New USB device found, idVendor=07fd, idProduct=0004, bcdDevice=26.50
[  294.915343][  T288] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  294.923637][  T288] usb 5-1: Product: syz
[  294.928170][  T288] usb 5-1: Manufacturer: syz
[  294.932838][  T288] usb 5-1: SerialNumber: syz
[  294.939198][  T288] usb 5-1: config 0 descriptor??
[  295.114878][ T4753] loop5: detected capacity change from 0 to 4096
[  295.139289][ T4753] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  295.147099][   T24] usb 5-1: USB disconnect, device number 11
[  295.156952][ T4753] overlayfs: missing 'lowerdir'
[  295.806142][  T284] EXT4-fs (loop2): unmounting filesystem.
[  296.793494][ T4769] loop2: detected capacity change from 0 to 4096
[  296.800296][ T4769] EXT4-fs: Ignoring removed mblk_io_submit option
[  296.966445][ T4769] EXT4-fs (loop2): Test dummy encryption mode enabled
[  297.001440][ T4372] EXT4-fs (loop5): unmounting filesystem.
[  297.114767][ T4769] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  298.734048][  T284] EXT4-fs (loop2): unmounting filesystem.
[  299.052733][ T2042] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  299.248137][ T2042] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  299.283905][ T2042] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  299.300332][ T2042] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  299.317824][ T2042] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  299.327337][ T2042] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  299.336923][ T2042] usb 2-1: config 0 descriptor??
[  299.400226][ T4802] loop4: detected capacity change from 0 to 4096
[  299.414875][ T4802] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  299.426534][ T4802] overlayfs: missing 'lowerdir'
[  299.701339][ T4810] loop5: detected capacity change from 0 to 4096
[  299.710419][ T4810] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  299.736858][ T4810] overlayfs: missing 'lowerdir'
[  299.745813][ T2042] plantronics 0003:047F:FFFF.000E: No inputs registered, leaving
[  299.821757][ T2042] plantronics 0003:047F:FFFF.000E: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  300.224706][ T2042] usb 2-1: USB disconnect, device number 13
[  300.265942][  T286] EXT4-fs (loop4): unmounting filesystem.
[  300.538762][ T4372] EXT4-fs (loop5): unmounting filesystem.
[  300.555100][  T469] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  300.776174][  T469] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  300.793721][  T469] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4
[  300.836466][  T469] usb 5-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[  300.854916][  T469] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  300.863177][  T469] usb 5-1: Product: syz
[  300.873366][  T469] usb 5-1: Manufacturer: syz
[  300.890265][  T469] usb 5-1: SerialNumber: syz
[  300.898951][  T469] usb 5-1: config 0 descriptor??
[  300.907230][  T469] usb-storage 5-1:0.0: USB Mass Storage device detected
[  301.291716][ T4849] loop3: detected capacity change from 0 to 512
[  301.303103][  T469] usb-storage 5-1:0.0: Quirks match for vid 1908 pid 1315: 20000
[  301.376534][  T469] usb 5-1: USB disconnect, device number 12
[  301.401305][ T4849] EXT4-fs error (device loop3): ext4_get_branch:178: inode #13: block 33619980: comm syz.3.1380: invalid block
[  301.433142][ T4849] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:477: comm syz.3.1380: Invalid block bitmap block 0 in block_group 0
[  301.452565][ T4849] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6170: Corrupt filesystem
[  301.464324][ T4849] EXT4-fs error (device loop3): ext4_clear_blocks:883: inode #13: comm syz.3.1380: attempt to clear invalid blocks 983261 len 1
[  301.468320][ T4857] loop5: detected capacity change from 0 to 4096
[  301.478293][ T4849] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.1380: invalid indirect mapped block 2683928664 (level 0)
[  301.498795][ T4849] EXT4-fs error (device loop3): __ext4_get_inode_loc:4509: comm syz.3.1380: Invalid inode table block 0 in block_group 0
[  301.512068][ T4849] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5917: Corrupt filesystem
[  301.518854][ T4857] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  301.522646][ T4849] EXT4-fs error (device loop3) in ext4_orphan_del:305: Corrupt filesystem
[  301.547338][ T4857] overlayfs: missing 'lowerdir'
[  301.547809][ T4849] EXT4-fs error (device loop3): __ext4_get_inode_loc:4509: comm syz.3.1380: Invalid inode table block 0 in block_group 0
[  301.567429][ T4849] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5917: Corrupt filesystem
[  301.577187][ T4849] EXT4-fs error (device loop3): ext4_truncate:4314: inode #13: comm syz.3.1380: mark_inode_dirty error
[  301.598156][ T4849] EXT4-fs error (device loop3) in ext4_process_orphan:347: Corrupt filesystem
[  301.607274][ T4849] EXT4-fs error (device loop3): __ext4_get_inode_loc:4509: comm syz.3.1380: Invalid inode table block 0 in block_group 0
[  301.620335][ T4849] EXT4-fs (loop3): 1 truncate cleaned up
[  301.631900][ T4849] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  301.712334][ T4862] loop2: detected capacity change from 0 to 4096
[  301.777085][ T4862] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  301.809410][ T4862] overlayfs: missing 'lowerdir'
[  302.121608][   T24] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  302.137072][  T287] EXT4-fs (loop3): unmounting filesystem.
[  302.316595][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  302.342796][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  302.369698][   T24] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  302.398369][ T4372] EXT4-fs (loop5): unmounting filesystem.
[  302.404329][   T24] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  302.413781][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  302.441764][   T24] usb 5-1: config 0 descriptor??
[  302.578165][  T284] EXT4-fs (loop2): unmounting filesystem.
[  302.934015][   T24] plantronics 0003:047F:FFFF.000F: No inputs registered, leaving
[  302.967052][    T6] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  303.110828][   T24] plantronics 0003:047F:FFFF.000F: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  303.197855][    T6] usb 2-1: config 0 interface 0 altsetting 1 has an invalid endpoint with address 0x0, skipping
[  303.313880][    T6] usb 2-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  303.424857][   T24] usb 5-1: USB disconnect, device number 13
[  303.858569][ T4903] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1400'.
[  303.899325][    T6] usb 2-1: config 0 interface 0 has no altsetting 0
[  303.911598][    T6] usb 2-1: New USB device found, idVendor=06cb, idProduct=73f6, bcdDevice= 0.00
[  303.920999][    T6] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  303.942038][    T6] usb 2-1: config 0 descriptor??
[  303.950193][ T4904] fido_id[4904]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  303.965455][    T6] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  303.978150][ T4913] loop5: detected capacity change from 0 to 4096
[  305.170250][    T6] usb 2-1: USB disconnect, device number 14
[  305.222813][ T4913] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  305.250840][ T4913] overlayfs: missing 'lowerdir'
[  305.313797][   T28] audit: type=1400 audit(1756884318.926:552): avc:  denied  { setattr } for  pid=4921 comm="syz.3.1406" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  307.685026][ T4372] EXT4-fs (loop5): unmounting filesystem.
[  308.462139][ T4960] syz.1.1417[4960] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  308.462225][ T4960] syz.1.1417[4960] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  309.187811][ T4946] loop2: detected capacity change from 0 to 40427
[  309.237454][ T4946] F2FS-fs (loop2): invalid crc value
[  309.252799][ T4946] F2FS-fs (loop2): Found nat_bits in checkpoint
[  309.350106][ T4946] F2FS-fs (loop2): Start checkpoint disabled!
[  309.409985][ T4946] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  309.450417][ T4980] loop4: detected capacity change from 0 to 128
[  310.895092][ T2042] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  311.107371][ T2042] usb 4-1: config 0 interface 0 altsetting 1 has an invalid endpoint with address 0x0, skipping
[  311.118245][   T24] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  311.161912][ T2042] usb 4-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  311.183851][ T5012] loop2: detected capacity change from 0 to 512
[  311.197901][ T2042] usb 4-1: config 0 interface 0 has no altsetting 0
[  311.204660][ T2042] usb 4-1: New USB device found, idVendor=06cb, idProduct=73f6, bcdDevice= 0.00
[  311.206166][ T5012] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  311.214297][ T2042] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  311.246456][ T5012] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002]
[  311.254658][ T5012] System zones: 0-2, 18-18, 34-34
[  311.261706][ T5012] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  311.271077][ T5012] ext4 filesystem being mounted at /287/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  311.294321][   T28] audit: type=1400 audit(1756884324.906:553): avc:  denied  { rename } for  pid=5011 comm="syz.2.1436" name="file0" dev="loop2" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  311.304759][ T2042] usb 4-1: config 0 descriptor??
[  311.317037][   T28] audit: type=1400 audit(1756884324.916:554): avc:  denied  { unlink } for  pid=5011 comm="syz.2.1436" name="file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  311.331823][ T2042] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  311.352395][   T24] usb 6-1: Using ep0 maxpacket: 16
[  311.367854][  T284] EXT4-fs (loop2): unmounting filesystem.
[  311.374392][   T28] audit: type=1400 audit(1756884324.916:555): avc:  denied  { rename } for  pid=5011 comm="syz.2.1436" name="file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  311.423026][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  311.470369][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  311.482621][   T24] usb 6-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= a.00
[  311.494854][   T28] audit: type=1400 audit(1756884324.916:556): avc:  denied  { unlink } for  pid=5011 comm="syz.2.1436" name="file0" dev="loop2" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  311.519116][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  311.552592][   T24] usb 6-1: config 0 descriptor??
[  311.553445][    T6] usb 4-1: USB disconnect, device number 12
[  311.818613][ T5030] loop1: detected capacity change from 0 to 512
[  311.827258][ T5030] EXT4-fs: Ignoring removed orlov option
[  311.982580][   T24] hid-multitouch 0003:1FD2:6007.0010: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.5-1/input0
[  312.029200][ T5030] EXT4-fs (loop1): 1 orphan inode deleted
[  312.035114][ T5030] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  312.049975][ T5030] ext4 filesystem being mounted at /274/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  312.378864][   T24] usb 6-1: USB disconnect, device number 4
[  312.651681][ T5035] fido_id[5035]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[  312.771524][ T3063] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  312.809400][ T3063] EXT4-fs error (device loop1): ext4_release_dquot:6837: comm kworker/u4:9: Failed to release dquot type 1
[  312.837001][  T285] EXT4-fs (loop1): unmounting filesystem.
[  313.040556][ T5063] loop4: detected capacity change from 0 to 512
[  313.066882][ T5063] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  313.076372][ T5063] ext4 filesystem being mounted at /296/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  314.457358][ T5063] EXT4-fs (loop4): unmounting filesystem.
[  315.197402][ T5076] loop3: detected capacity change from 0 to 512
[  315.204041][ T5076] EXT4-fs: Ignoring removed orlov option
[  315.285084][   T24] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  315.365891][ T5076] EXT4-fs (loop3): 1 orphan inode deleted
[  315.371743][ T5076] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  315.382619][ T5076] ext4 filesystem being mounted at /265/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  315.517098][   T24] usb 2-1: config 0 interface 0 altsetting 1 has an invalid endpoint with address 0x0, skipping
[  315.613095][   T24] usb 2-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  315.626849][   T24] usb 2-1: config 0 interface 0 has no altsetting 0
[  315.633472][   T24] usb 2-1: New USB device found, idVendor=06cb, idProduct=73f6, bcdDevice= 0.00
[  315.642995][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  315.656093][   T24] usb 2-1: config 0 descriptor??
[  315.663318][   T24] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  315.865025][   T24] usb 2-1: USB disconnect, device number 15
[  315.916074][  T436] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  315.929629][  T436] EXT4-fs error (device loop3): ext4_release_dquot:6837: comm kworker/u4:5: Failed to release dquot type 1
[  316.065250][  T287] EXT4-fs (loop3): unmounting filesystem.
[  316.147215][ T5088] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1459'.
[  316.764924][ T5103] loop5: detected capacity change from 0 to 8192
[  317.189640][  T288] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  317.208493][ T5113] kernel profiling enabled (shift: 17)
[  317.230253][ T5113] device xfrm0 left promiscuous mode
[  317.300643][ T5119] loop2: detected capacity change from 0 to 2048
[  317.357788][ T5119] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  317.367488][ T5119] ext4 filesystem being mounted at /298/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  317.419053][ T5123] loop5: detected capacity change from 0 to 512
[  317.427560][ T5123] EXT4-fs: Ignoring removed orlov option
[  317.580011][  T288] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  318.203193][  T284] EXT4-fs (loop2): unmounting filesystem.
[  318.313823][ T5123] EXT4-fs (loop5): 1 orphan inode deleted
[  318.319701][ T5123] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  318.332196][ T5123] ext4 filesystem being mounted at /45/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  318.741605][ T5130] syz.4.1471[5130] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  318.741689][ T5130] syz.4.1471[5130] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  318.807525][  T288] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  318.829455][  T288] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  318.842604][  T288] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  318.852224][  T288] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  318.861237][    T8] Quota error (device loop5): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  318.861385][  T288] usb 4-1: config 0 descriptor??
[  318.876306][    T8] EXT4-fs error (device loop5): ext4_release_dquot:6837: comm kworker/u4:0: Failed to release dquot type 1
[  318.878801][ T5134] loop1: detected capacity change from 0 to 512
[  318.889791][ T4372] EXT4-fs (loop5): unmounting filesystem.
[  318.924209][ T5134] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  318.937544][ T5134] ext4 filesystem being mounted at /279/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  318.966948][  T285] EXT4-fs (loop1): unmounting filesystem.
[  318.984310][ T5141] kvm [5140]: vcpu0, guest rIP: 0x9114 disabled perfctr wrmsr: 0xc2 data 0x0
[  318.993478][ T5141] kvm [5140]: vcpu0, guest rIP: 0x9114 disabled perfctr wrmsr: 0xc1 data 0x0
[  319.439313][    T6] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  319.448728][  T288] plantronics 0003:047F:FFFF.0011: No inputs registered, leaving
[  319.493893][ T5141] kvm [5140]: vcpu0, guest rIP: 0x9114 disabled perfctr wrmsr: 0x187 data 0xedd4
[  319.503797][  T288] plantronics 0003:047F:FFFF.0011: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  319.516665][ T5141] kvm [5140]: vcpu0, guest rIP: 0x9114 disabled perfctr wrmsr: 0x186 data 0xed8d
[  319.532868][ T5141] kvm [5140]: vcpu0, guest rIP: 0x9114 ignored wrmsr: 0x11e data 0xec2d
[  319.545123][ T5141] kvm [5140]: vcpu0, guest rIP: 0x9114 disabled perfctr wrmsr: 0xc2 data 0xebe7
[  319.554570][ T5141] kvm [5140]: vcpu0, guest rIP: 0x9114 disabled perfctr wrmsr: 0xc1 data 0xeba0
[  320.497298][    T6] usb 2-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  320.508403][    T6] usb 2-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0
[  320.518242][    T6] usb 2-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  320.531574][    T6] usb 2-1: config 0 interface 0 has no altsetting 0
[  320.541635][    T6] usb 2-1: New USB device found, idVendor=06cb, idProduct=73f6, bcdDevice= 0.00
[  320.551310][    T6] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  320.571179][    T6] usb 2-1: config 0 descriptor??
[  320.573980][   T24] usb 4-1: USB disconnect, device number 13
[  321.206104][    T6] usbhid 2-1:0.0: can't add hid device: -71
[  321.218523][    T6] usbhid: probe of 2-1:0.0 failed with error -71
[  321.233636][    T6] usb 2-1: USB disconnect, device number 16
[  321.326095][ T5174] loop5: detected capacity change from 0 to 512
[  321.333148][ T5174] EXT4-fs: Ignoring removed orlov option
[  321.602980][ T5174] EXT4-fs (loop5): 1 orphan inode deleted
[  321.608928][ T5174] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  321.620984][ T5174] ext4 filesystem being mounted at /48/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  322.144850][ T5186] loop1: detected capacity change from 0 to 4096
[  322.291251][ T5189] syz.2.1488[5189] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  322.291340][ T5189] syz.2.1488[5189] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  322.305547][ T5189] loop2: detected capacity change from 0 to 128
[  322.578676][ T5186] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  322.722528][ T5186] overlayfs: missing 'lowerdir'
[  322.917232][ T3063] Quota error (device loop5): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  322.927547][ T3063] EXT4-fs error (device loop5): ext4_release_dquot:6837: comm kworker/u4:9: Failed to release dquot type 1
[  322.940023][ T4372] EXT4-fs (loop5): unmounting filesystem.
[  324.400690][ T5209] loop5: detected capacity change from 0 to 512
[  324.580373][ T5209] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  324.589901][ T5209] ext4 filesystem being mounted at /50/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  324.846834][  T285] EXT4-fs (loop1): unmounting filesystem.
[  325.458529][ T5214] loop4: detected capacity change from 0 to 2048
[  325.500464][ T5214] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  325.509153][ T5214] ext4 filesystem being mounted at /307/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  326.652351][ T4372] EXT4-fs (loop5): unmounting filesystem.
[  326.700825][ T5227] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1498'.
[  326.711750][   T28] audit: type=1400 audit(1756884340.326:557): avc:  denied  { bind } for  pid=5228 comm="syz.3.1500" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  327.669199][   T28] audit: type=1400 audit(1756884341.026:558): avc:  denied  { listen } for  pid=5228 comm="syz.3.1500" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  327.686845][ T5238] loop2: detected capacity change from 0 to 512
[  327.695752][   T28] audit: type=1400 audit(1756884341.036:559): avc:  denied  { accept } for  pid=5228 comm="syz.3.1500" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  327.719733][ T5239] loop5: detected capacity change from 0 to 512
[  327.728222][ T5238] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  327.743509][  T286] EXT4-fs (loop4): unmounting filesystem.
[  327.751288][ T5238] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c802e02c, mo2=0002]
[  327.812460][ T5239] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  327.821657][ T5239] ext4 filesystem being mounted at /52/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  327.850627][ T5238] EXT4-fs (loop2): orphan cleanup on readonly fs
[  327.857515][ T5238] EXT4-fs error (device loop2): ext4_orphan_get:1426: comm syz.2.1502: bad orphan inode 267
[  327.870328][ T5238] EXT4-fs (loop2): Remounting filesystem read-only
[  327.883705][ T5238] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  328.195300][ T5254] loop4: detected capacity change from 0 to 512
[  328.216460][ T5254] EXT4-fs: Ignoring removed orlov option
[  329.278755][ T4372] EXT4-fs (loop5): unmounting filesystem.
[  329.295114][   T28] audit: type=1400 audit(1756884342.886:560): avc:  denied  { unmount } for  pid=4372 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  329.395088][ T2042] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  329.520575][ T5254] EXT4-fs (loop4): 1 orphan inode deleted
[  329.526711][ T5254] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  329.538116][ T5254] ext4 filesystem being mounted at /308/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  329.775128][ T2042] usb 3-1: Using ep0 maxpacket: 32
[  329.782300][ T2042] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  329.813598][   T28] audit: type=1400 audit(1756884342.966:561): avc:  denied  { read write } for  pid=4372 comm="syz-executor" name="loop5" dev="devtmpfs" ino=123 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  329.859919][ T2042] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  329.940156][ T5262] loop5: detected capacity change from 0 to 4096
[  329.967684][ T2042] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  329.985059][ T5262] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  330.199930][   T28] audit: type=1400 audit(1756884342.966:562): avc:  denied  { open } for  pid=4372 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=123 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  330.228188][   T28] audit: type=1400 audit(1756884342.966:563): avc:  denied  { ioctl } for  pid=4372 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=123 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  330.232581][  T335] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  330.253751][   T28] audit: type=1400 audit(1756884343.156:564): avc:  denied  { mount } for  pid=5247 comm="syz.4.1504" name="/" dev="loop4" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  330.263523][ T2042] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  330.286109][  T335] EXT4-fs error (device loop4): ext4_release_dquot:6837: comm kworker/u4:3: Failed to release dquot type 1
[  330.306128][   T28] audit: type=1400 audit(1756884343.176:565): avc:  denied  { bpf } for  pid=5247 comm="syz.4.1504" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  330.308068][ T2042] usb 3-1: Product: syz
[  330.333424][ T5262] overlayfs: missing 'lowerdir'
[  330.338429][ T2042] usb 3-1: Manufacturer: syz
[  330.339227][  T286] EXT4-fs (loop4): unmounting filesystem.
[  330.384697][ T2042] hub 3-1:4.0: USB hub found
[  330.557658][ T2042] hub 3-1:4.0: config failed, hub has too many ports! (err -19)
[  330.774374][ T4372] EXT4-fs (loop5): unmounting filesystem.
[  330.935180][  T467] usb 3-1: USB disconnect, device number 8
[  330.937080][ T5298] binfmt_misc: register: failed to install interpreter file ./file0
[  330.975410][ T5299] loop3: detected capacity change from 0 to 1024
[  330.982111][ T5299] EXT4-fs: Ignoring removed bh option
[  331.003492][ T5299] EXT4-fs error (device loop3): ext4_map_blocks:635: inode #3: block 2: comm syz.3.1520: lblock 2 mapped to illegal pblock 2 (length 1)
[  331.017739][ T5299] EXT4-fs error (device loop3): ext4_map_blocks:635: inode #3: block 48: comm syz.3.1520: lblock 0 mapped to illegal pblock 48 (length 1)
[  331.032901][ T5299] EXT4-fs error (device loop3): ext4_acquire_dquot:6801: comm syz.3.1520: Failed to acquire dquot type 0
[  331.044538][ T5299] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5917: Corrupt filesystem
[  331.055041][ T5299] EXT4-fs error (device loop3): ext4_evict_inode:279: inode #11: comm syz.3.1520: mark_inode_dirty error
[  331.069126][ T5299] EXT4-fs warning (device loop3): ext4_evict_inode:282: couldn't mark inode dirty (err -117)
[  331.079459][ T5299] EXT4-fs (loop3): 1 orphan inode deleted
[  331.085340][ T5299] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  331.098378][ T3063] EXT4-fs error (device loop3): ext4_map_blocks:635: inode #3: block 1: comm kworker/u4:9: lblock 1 mapped to illegal pblock 1 (length 1)
[  331.121801][ T3063] EXT4-fs error (device loop3): ext4_release_dquot:6837: comm kworker/u4:9: Failed to release dquot type 0
[  331.320651][  T284] EXT4-fs (loop2): unmounting filesystem.
[  331.408964][ T5312] loop4: detected capacity change from 0 to 4096
[  331.470406][ T5312] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  331.496362][ T5306] loop1: detected capacity change from 0 to 40427
[  331.500325][ T5312] overlayfs: missing 'lowerdir'
[  331.508121][ T5306] F2FS-fs (loop1): Small segment_count (9 < 1 * 24)
[  331.574940][ T5317] loop2: detected capacity change from 0 to 512
[  331.597173][ T5317] EXT4-fs: Ignoring removed orlov option
[  331.920592][ T5306] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  332.037295][  T287] EXT4-fs (loop3): unmounting filesystem.
[  332.043201][  T287] EXT4-fs error (device loop3): __ext4_get_inode_loc:4509: comm syz-executor: Invalid inode table block 1 in block_group 0
[  332.110111][  T287] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5917: Corrupt filesystem
[  332.136985][ T5317] EXT4-fs (loop2): 1 orphan inode deleted
[  332.142813][ T5317] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  332.153578][ T5317] ext4 filesystem being mounted at /310/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  332.183616][  T335] __quota_error: 40 callbacks suppressed
[  332.183642][  T335] Quota error (device loop2): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  332.208082][  T287] EXT4-fs error (device loop3): ext4_quota_off:7107: inode #3: comm syz-executor: mark_inode_dirty error
[  332.215572][ T5306] F2FS-fs (loop1): Found nat_bits in checkpoint
[  332.383492][  T335] EXT4-fs error (device loop2): ext4_release_dquot:6837: comm kworker/u4:3: Failed to release dquot type 1
[  332.447528][  T286] EXT4-fs (loop4): unmounting filesystem.
[  332.499853][ T5306] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  332.507069][   T28] audit: type=1400 audit(1756884346.096:603): avc:  denied  { set_context_mgr } for  pid=5331 comm="syz.3.1531" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  332.533361][ T5335] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1532'.
[  332.542823][ T5306] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  332.550770][   T28] audit: type=1400 audit(1756884346.096:604): avc:  denied  { map } for  pid=5331 comm="syz.3.1531" path="/dev/binderfs/binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  332.629401][ T5338] usb usb8: usbfs: interface 0 claimed by hub while 'syz.3.1533' resets device
[  332.647171][   T28] audit: type=1400 audit(1756884346.096:605): avc:  denied  { call } for  pid=5331 comm="syz.3.1531" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  332.666938][  T284] EXT4-fs (loop2): unmounting filesystem.
[  332.685107][   T28] audit: type=1400 audit(1756884346.236:606): avc:  denied  { create } for  pid=5305 comm="syz.1.1523" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  332.705853][   T28] audit: type=1400 audit(1756884346.236:607): avc:  denied  { write } for  pid=5337 comm="syz.3.1533" name="001" dev="devtmpfs" ino=185 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  332.728911][   T28] audit: type=1400 audit(1756884346.246:608): avc:  denied  { create } for  pid=5337 comm="syz.3.1533" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  332.749118][   T28] audit: type=1400 audit(1756884346.246:609): avc:  denied  { write } for  pid=5337 comm="syz.3.1533" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  334.271392][ T5350] loop4: detected capacity change from 0 to 512
[  334.492422][ T5350] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  334.501728][ T5350] ext4 filesystem being mounted at /312/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  334.540598][   T28] audit: type=1400 audit(1756884348.136:610): avc:  denied  { write } for  pid=5339 comm="syz.4.1529" name="/" dev="loop4" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  334.751413][   T28] audit: type=1400 audit(1756884348.136:611): avc:  denied  { add_name } for  pid=5339 comm="syz.4.1529" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  334.834252][ T5361] loop3: detected capacity change from 0 to 1024
[  334.841058][ T5361] EXT4-fs: Ignoring removed bh option
[  334.910026][ T5361] EXT4-fs error (device loop3): ext4_map_blocks:635: inode #3: block 2: comm syz.3.1538: lblock 2 mapped to illegal pblock 2 (length 1)
[  334.924778][ T5361] EXT4-fs error (device loop3): ext4_map_blocks:635: inode #3: block 48: comm syz.3.1538: lblock 0 mapped to illegal pblock 48 (length 1)
[  334.939291][ T5361] EXT4-fs error (device loop3): ext4_acquire_dquot:6801: comm syz.3.1538: Failed to acquire dquot type 0
[  334.952024][ T5361] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5917: Corrupt filesystem
[  334.961769][ T5361] EXT4-fs error (device loop3): ext4_evict_inode:279: inode #11: comm syz.3.1538: mark_inode_dirty error
[  334.973219][ T5361] EXT4-fs warning (device loop3): ext4_evict_inode:282: couldn't mark inode dirty (err -117)
[  334.983560][ T5361] EXT4-fs (loop3): 1 orphan inode deleted
[  334.989411][ T5361] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  335.053365][  T349] EXT4-fs error (device loop3): ext4_map_blocks:635: inode #3: block 1: comm kworker/u4:4: lblock 1 mapped to illegal pblock 1 (length 1)
[  335.068367][ T5363] loop5: detected capacity change from 0 to 4096
[  335.083158][ T5363] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  335.103591][ T5363] overlayfs: missing 'lowerdir'
[  335.114475][  T349] EXT4-fs error (device loop3): ext4_release_dquot:6837: comm kworker/u4:4: Failed to release dquot type 0
[  335.209605][  T286] EXT4-fs (loop4): unmounting filesystem.
[  335.661362][  T287] EXT4-fs (loop3): unmounting filesystem.
[  335.684857][  T287] EXT4-fs error (device loop3): __ext4_get_inode_loc:4509: comm syz-executor: Invalid inode table block 1 in block_group 0
[  335.768305][  T287] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5917: Corrupt filesystem
[  335.784390][ T4372] EXT4-fs (loop5): unmounting filesystem.
[  335.790534][  T287] EXT4-fs error (device loop3): ext4_quota_off:7107: inode #3: comm syz-executor: mark_inode_dirty error
[  335.904055][ T5385] loop3: detected capacity change from 0 to 128
[  336.298796][ T5374] loop4: detected capacity change from 0 to 40427
[  336.315689][ T5374] F2FS-fs (loop4): invalid crc value
[  336.342257][ T5374] F2FS-fs (loop4): Found nat_bits in checkpoint
[  336.397101][ T5374] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  336.507183][ T5374] syz.4.1542: attempt to access beyond end of device
[  336.507183][ T5374] loop4: rw=2049, sector=77824, nr_sectors = 136 limit=40427
[  336.599691][ T5402] 9pnet_fd: Insufficient options for proto=fd
[  336.620655][  T286] syz-executor: attempt to access beyond end of device
[  336.620655][  T286] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  337.933474][   T28] kauditd_printk_skb: 18 callbacks suppressed
[  337.933491][   T28] audit: type=1400 audit(1756884351.546:627): avc:  denied  { map } for  pid=5418 comm="syz.3.1558" path="socket:[33085]" dev="sockfs" ino=33085 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[  337.974565][ T5417] loop5: detected capacity change from 0 to 4096
[  338.072383][ T5417] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  338.099486][ T5431] loop4: detected capacity change from 0 to 1024
[  338.106347][ T5431] EXT4-fs: Ignoring removed bh option
[  338.146999][ T5431] EXT4-fs error (device loop4): ext4_map_blocks:635: inode #3: block 2: comm syz.4.1553: lblock 2 mapped to illegal pblock 2 (length 1)
[  338.161476][ T5431] Quota error (device loop4): qtree_write_dquot: dquota write failed
[  338.169833][ T5431] EXT4-fs error (device loop4): ext4_map_blocks:635: inode #3: block 48: comm syz.4.1553: lblock 0 mapped to illegal pblock 48 (length 1)
[  338.183227][ T5417] overlayfs: missing 'lowerdir'
[  338.191308][ T5431] Quota error (device loop4): v2_write_file_info: Can't write info structure
[  338.201064][ T5431] EXT4-fs error (device loop4): ext4_acquire_dquot:6801: comm syz.4.1553: Failed to acquire dquot type 0
[  338.213334][ T5431] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5917: Corrupt filesystem
[  338.223584][ T5431] EXT4-fs error (device loop4): ext4_evict_inode:279: inode #11: comm syz.4.1553: mark_inode_dirty error
[  338.236461][ T5431] EXT4-fs warning (device loop4): ext4_evict_inode:282: couldn't mark inode dirty (err -117)
[  339.710219][ T5431] EXT4-fs (loop4): 1 orphan inode deleted
[  339.716023][ T5431] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  339.789266][ T2415] EXT4-fs error (device loop4): ext4_map_blocks:635: inode #3: block 1: comm kworker/u4:8: lblock 1 mapped to illegal pblock 1 (length 1)
[  339.794251][   T28] audit: type=1400 audit(1756884353.406:628): avc:  denied  { read write } for  pid=5441 comm="syz.1.1565" name="fuse" dev="devtmpfs" ino=93 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[  339.804304][ T2415] Quota error (device loop4): remove_tree: Can't read quota data block 1
[  339.835435][ T2415] EXT4-fs error (device loop4): ext4_release_dquot:6837: comm kworker/u4:8: Failed to release dquot type 0
[  339.847595][   T28] audit: type=1400 audit(1756884353.426:629): avc:  denied  { open } for  pid=5441 comm="syz.1.1565" path="/dev/fuse" dev="devtmpfs" ino=93 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[  339.871703][ T4372] EXT4-fs (loop5): unmounting filesystem.
[  339.871811][   T28] audit: type=1400 audit(1756884353.446:630): avc:  denied  { mount } for  pid=5441 comm="syz.1.1565" name="/" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[  339.931572][ T5445] loop2: detected capacity change from 0 to 8192
[  339.961262][  T286] EXT4-fs (loop4): unmounting filesystem.
[  339.981439][  T286] EXT4-fs error (device loop4): __ext4_get_inode_loc:4509: comm syz-executor: Invalid inode table block 1 in block_group 0
[  340.008597][  T286] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5917: Corrupt filesystem
[  340.019689][  T286] EXT4-fs error (device loop4): ext4_quota_off:7107: inode #3: comm syz-executor: mark_inode_dirty error
[  340.073363][   T28] audit: type=1400 audit(1756884353.686:631): avc:  denied  { read write } for  pid=5452 comm="syz.5.1569" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  340.113030][   T28] audit: type=1400 audit(1756884353.686:632): avc:  denied  { open } for  pid=5452 comm="syz.5.1569" path="/dev/raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  340.345032][ T2042] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  340.535045][ T2042] usb 6-1: Using ep0 maxpacket: 8
[  340.542635][ T2042] usb 6-1: config 179 has an invalid interface number: 65 but max is 0
[  340.569696][ T5469] overlayfs: failed to resolve './file0': -2
[  340.576426][ T2042] usb 6-1: config 179 has no interface number 0
[  340.595107][   T28] audit: type=1400 audit(1756884354.186:633): avc:  denied  { unlink } for  pid=5460 comm="syz.4.1573" name="#d" dev="tmpfs" ino=1770 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  340.639887][ T2042] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  340.797527][ T2042] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  340.809057][ T2042] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  340.820414][ T2042] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  340.832105][ T2042] usb 6-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  340.845600][ T2042] usb 6-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  340.854919][ T2042] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  340.870353][ T5453] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  341.503553][ T5498] loop4: detected capacity change from 0 to 8192
[  341.514591][    C1] xpad 6-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  341.514593][  T467] usb 6-1: USB disconnect, device number 5
[  341.514626][    C1] xpad 6-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  342.094688][ T5512] binder_alloc: 5511: binder_alloc_buf, no vma
[  342.204182][ T5520] loop3: detected capacity change from 0 to 8192
[  342.349053][ T5514] loop5: detected capacity change from 0 to 40427
[  342.362951][ T5514] F2FS-fs (loop5): invalid crc value
[  342.371518][ T5514] F2FS-fs (loop5): Found nat_bits in checkpoint
[  342.403038][ T5514] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  342.429920][ T5514] syz.5.1591: attempt to access beyond end of device
[  342.429920][ T5514] loop5: rw=2049, sector=77824, nr_sectors = 136 limit=40427
[  342.442771][ T5535] loop2: detected capacity change from 0 to 2048
[  342.460114][ T4372] syz-executor: attempt to access beyond end of device
[  342.460114][ T4372] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  342.505577][ T5535] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  342.520403][ T5535] ext4 filesystem being mounted at /321/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  342.555026][  T467] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  342.749167][  T467] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  342.760521][  T467] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4
[  342.779633][  T467] usb 5-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[  342.788988][  T467] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  342.797231][  T467] usb 5-1: Product: syz
[  342.801637][  T467] usb 5-1: Manufacturer: syz
[  342.806461][  T467] usb 5-1: SerialNumber: syz
[  342.812678][  T467] usb 5-1: config 0 descriptor??
[  342.819640][  T467] usb-storage 5-1:0.0: USB Mass Storage device detected
[  342.831815][  T467] usb-storage 5-1:0.0: Quirks match for vid 1908 pid 1315: 20000
[  343.105308][  T339] usb 5-1: USB disconnect, device number 14
[  343.292774][  T284] EXT4-fs (loop2): unmounting filesystem.
[  343.337350][ T5570] device pim6reg1 entered promiscuous mode
[  343.408905][ T5572] loop3: detected capacity change from 0 to 1024
[  343.418011][ T5572] EXT4-fs: Ignoring removed nobh option
[  343.423747][ T5572] EXT4-fs: Ignoring removed bh option
[  343.430408][ T5572] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  343.446885][ T5572] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  343.461167][   T28] kauditd_printk_skb: 15 callbacks suppressed
[  343.461184][   T28] audit: type=1400 audit(1756884357.076:649): avc:  denied  { create } for  pid=5571 comm="syz.3.1611" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[  343.464798][ T5572] overlayfs: statfs failed on './file0'
[  343.467790][   T28] audit: type=1400 audit(1756884357.076:650): avc:  denied  { mounton } for  pid=5571 comm="syz.3.1611" path="/301/file1/bus" dev="loop3" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[  343.515969][   T28] audit: type=1400 audit(1756884357.076:651): avc:  denied  { getattr } for  pid=5571 comm="syz.3.1611" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  343.563925][  T287] EXT4-fs (loop3): unmounting filesystem.
[  343.945187][   T28] audit: type=1400 audit(1756884357.556:652): avc:  denied  { create } for  pid=5586 comm="syz.3.1616" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  344.201005][   T28] audit: type=1400 audit(1756884357.556:653): avc:  denied  { setopt } for  pid=5586 comm="syz.3.1616" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  344.275332][ T5599] loop1: detected capacity change from 0 to 2048
[  344.440519][ T5599] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  344.464704][ T5599] ext4 filesystem being mounted at /307/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  345.169847][  T285] EXT4-fs (loop1): unmounting filesystem.
[  345.187533][ T5608] loop5: detected capacity change from 0 to 4096
[  345.219749][ T5608] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  345.272090][ T5617] loop3: detected capacity change from 0 to 1024
[  345.278891][ T5617] EXT4-fs: Ignoring removed bh option
[  345.316120][ T5608] overlayfs: missing 'lowerdir'
[  345.322605][ T5617] EXT4-fs error (device loop3): ext4_map_blocks:635: inode #3: block 2: comm syz.3.1624: lblock 2 mapped to illegal pblock 2 (length 1)
[  345.336788][ T5617] Quota error (device loop3): qtree_write_dquot: dquota write failed
[  345.345081][ T5617] EXT4-fs error (device loop3): ext4_map_blocks:635: inode #3: block 48: comm syz.3.1624: lblock 0 mapped to illegal pblock 48 (length 1)
[  345.430174][ T5617] Quota error (device loop3): v2_write_file_info: Can't write info structure
[  345.439252][ T5617] EXT4-fs error (device loop3): ext4_acquire_dquot:6801: comm syz.3.1624: Failed to acquire dquot type 0
[  345.452435][ T5617] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5917: Corrupt filesystem
[  345.462678][ T5617] EXT4-fs error (device loop3): ext4_evict_inode:279: inode #11: comm syz.3.1624: mark_inode_dirty error
[  345.474639][ T5617] EXT4-fs warning (device loop3): ext4_evict_inode:282: couldn't mark inode dirty (err -117)
[  345.486241][ T5617] EXT4-fs (loop3): 1 orphan inode deleted
[  345.492833][ T5617] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  345.769601][  T335] EXT4-fs error (device loop3): ext4_map_blocks:635: inode #3: block 1: comm kworker/u4:3: lblock 1 mapped to illegal pblock 1 (length 1)
[  345.925228][  T339] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  345.933254][ T2042] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  345.985275][  T335] Quota error (device loop3): remove_tree: Can't read quota data block 1
[  345.993946][  T335] EXT4-fs error (device loop3): ext4_release_dquot:6837: comm kworker/u4:3: Failed to release dquot type 0
[  346.009474][ T4372] EXT4-fs (loop5): unmounting filesystem.
[  346.155066][ T2042] usb 5-1: Using ep0 maxpacket: 32
[  346.162013][ T2042] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  346.173242][  T339] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  346.190517][  T287] EXT4-fs (loop3): unmounting filesystem.
[  346.197616][  T287] EXT4-fs error (device loop3): __ext4_get_inode_loc:4509: comm syz-executor: Invalid inode table block 1 in block_group 0
[  346.211835][  T339] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4
[  346.225271][ T2042] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  346.235568][  T287] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5917: Corrupt filesystem
[  346.245194][ T2042] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  346.254703][  T287] EXT4-fs error (device loop3): ext4_quota_off:7107: inode #3: comm syz-executor: mark_inode_dirty error
[  346.266942][ T2042] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  346.281738][  T339] usb 2-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[  346.304811][ T2042] usb 5-1: config 0 descriptor??
[  346.309992][  T339] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  346.321189][   T28] audit: type=1400 audit(1756884359.936:654): avc:  denied  { create } for  pid=5632 comm="syz.5.1631" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  346.345377][  T339] usb 2-1: Product: syz
[  346.351245][ T2042] hub 5-1:0.0: USB hub found
[  346.361163][  T339] usb 2-1: Manufacturer: syz
[  346.371193][  T339] usb 2-1: SerialNumber: syz
[  346.470835][  T339] usb 2-1: config 0 descriptor??
[  346.488247][  T339] usb-storage 2-1:0.0: USB Mass Storage device detected
[  346.525570][  T339] usb-storage 2-1:0.0: Quirks match for vid 1908 pid 1315: 20000
[  346.558518][ T2042] hub 5-1:0.0: 1 port detected
[  346.782608][   T28] audit: type=1400 audit(1756884360.396:655): avc:  denied  { create } for  pid=5632 comm="syz.5.1631" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  346.790861][  T288] usb 2-1: USB disconnect, device number 17
[  346.802326][ T2042] hub 5-1:0.0: hub_hub_status failed (err = -71)
[  346.820751][ T2042] hub 5-1:0.0: config failed, can't get hub status (err -71)
[  346.850800][ T2042] usbhid 5-1:0.0: can't add hid device: -71
[  346.869878][ T2042] usbhid: probe of 5-1:0.0 failed with error -71
[  346.915568][ T2042] usb 5-1: USB disconnect, device number 15
[  347.709471][ T5657] loop5: detected capacity change from 0 to 8192
[  347.732411][ T5652] loop1: detected capacity change from 0 to 512
[  347.735642][ T5660] loop4: detected capacity change from 0 to 2048
[  347.762511][ T5652] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  347.771680][ T5652] ext4 filesystem being mounted at /309/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  347.777236][ T5660] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  347.790878][ T5660] ext4 filesystem being mounted at /333/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  347.807469][  T285] EXT4-fs (loop1): unmounting filesystem.
[  348.786657][  T286] EXT4-fs (loop4): unmounting filesystem.
[  349.265006][  T288] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  349.425055][  T288] usb 5-1: device descriptor read/64, error -71
[  349.650324][ T5698] loop1: detected capacity change from 0 to 512
[  349.674212][ T5698] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  349.683515][ T5698] ext4 filesystem being mounted at /313/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  349.695016][  T288] usb 5-1: device descriptor read/64, error -71
[  349.712022][  T285] EXT4-fs (loop1): unmounting filesystem.
[  349.715387][ T5702] loop5: detected capacity change from 0 to 128
[  349.879230][ T5710] loop3: detected capacity change from 0 to 2048
[  349.896566][ T5710] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  349.905566][ T5710] ext4 filesystem being mounted at /313/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  350.145156][  T288] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  350.475017][  T288] usb 5-1: device descriptor read/64, error -71
[  350.658406][ T5723] loop1: detected capacity change from 0 to 512
[  350.700208][ T5723] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[  350.708306][ T5723] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -2
[  350.723833][ T5723] EXT4-fs (loop1): 1 truncate cleaned up
[  350.730211][ T5723] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  350.740857][ T5723] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1655'.
[  350.750421][  T288] usb 5-1: device descriptor read/64, error -71
[  350.754657][ T5725] loop5: detected capacity change from 0 to 1024
[  350.759294][  T287] EXT4-fs (loop3): unmounting filesystem.
[  350.771983][ T5725] EXT4-fs: Ignoring removed bh option
[  350.780138][ T5727] loop2: detected capacity change from 0 to 128
[  350.805272][ T5725] EXT4-fs error (device loop5): ext4_map_blocks:635: inode #3: block 2: comm syz.5.1654: lblock 2 mapped to illegal pblock 2 (length 1)
[  350.865531][ T5727] EXT4-fs: Ignoring removed nobh option
[  350.871706][ T5725] __quota_error: 7 callbacks suppressed
[  350.871724][ T5725] Quota error (device loop5): qtree_write_dquot: dquota write failed
[  350.894224][  T288] usb usb5-port1: attempt power cycle
[  350.906334][ T5725] EXT4-fs error (device loop5): ext4_map_blocks:635: inode #3: block 48: comm syz.5.1654: lblock 0 mapped to illegal pblock 48 (length 1)
[  350.921850][ T5727] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  350.931098][ T5725] Quota error (device loop5): v2_write_file_info: Can't write info structure
[  350.940927][ T5727] ext4 filesystem being mounted at /329/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  350.952173][ T5725] EXT4-fs error (device loop5): ext4_acquire_dquot:6801: comm syz.5.1654: Failed to acquire dquot type 0
[  350.986649][ T5725] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5917: Corrupt filesystem
[  351.021432][  T284] EXT4-fs (loop2): unmounting filesystem.
[  351.041554][ T5725] EXT4-fs error (device loop5): ext4_evict_inode:279: inode #11: comm syz.5.1654: mark_inode_dirty error
[  351.077616][ T5725] EXT4-fs warning (device loop5): ext4_evict_inode:282: couldn't mark inode dirty (err -117)
[  351.107659][ T5725] EXT4-fs (loop5): 1 orphan inode deleted
[  351.118553][ T5736] loop2: detected capacity change from 0 to 1024
[  351.125157][ T2415] EXT4-fs error (device loop5): ext4_map_blocks:635: inode #3: block 1: comm kworker/u4:8: lblock 1 mapped to illegal pblock 1 (length 1)
[  351.139513][ T5725] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  351.156811][ T2415] Quota error (device loop5): remove_tree: Can't read quota data block 1
[  351.157057][ T5736] EXT4-fs: Ignoring removed nobh option
[  351.170489][ T2415] EXT4-fs error (device loop5): ext4_release_dquot:6837: comm kworker/u4:8: Failed to release dquot type 0
[  351.182922][ T5736] EXT4-fs: Ignoring removed bh option
[  351.188906][ T5736] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  351.222406][ T5736] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  351.265796][  T284] EXT4-fs (loop2): unmounting filesystem.
[  351.315013][  T288] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  351.327498][   T28] audit: type=1400 audit(1756884364.946:663): avc:  denied  { getopt } for  pid=5741 comm="syz.2.1660" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  351.356168][  T288] usb 5-1: device descriptor read/8, error -71
[  351.442408][  T285] EXT4-fs (loop1): unmounting filesystem.
[  351.517019][  T288] usb 5-1: device descriptor read/8, error -71
[  352.279536][ T5756] loop4: detected capacity change from 0 to 128
[  355.535817][ T5773] loop3: detected capacity change from 0 to 512
[  355.773942][ T5773] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  355.783279][ T5773] ext4 filesystem being mounted at /317/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  355.987234][ T2042] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  356.024565][ T4372] EXT4-fs (loop5): unmounting filesystem.
[  356.105090][ T4372] EXT4-fs error (device loop5): __ext4_get_inode_loc:4509: comm syz-executor: Invalid inode table block 1 in block_group 0
[  356.128439][ T4372] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5917: Corrupt filesystem
[  356.138099][ T4372] EXT4-fs error (device loop5): ext4_quota_off:7107: inode #3: comm syz-executor: mark_inode_dirty error
[  357.534359][  T287] EXT4-fs (loop3): unmounting filesystem.
[  357.581712][ T5792] loop5: detected capacity change from 0 to 2048
[  357.599170][ T2042] usb 3-1: Using ep0 maxpacket: 32
[  357.610709][ T2042] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  357.626063][ T2042] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  357.636176][ T2042] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  357.645480][ T2042] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  357.665601][ T2042] usb 3-1: config 0 descriptor??
[  357.672224][ T2042] hub 3-1:0.0: USB hub found
[  357.676917][ T5792] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  357.676990][ T5792] ext4 filesystem being mounted at /83/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  357.835643][ T4372] EXT4-fs (loop5): unmounting filesystem.
[  357.865049][  T339] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  357.875327][ T2042] hub 3-1:0.0: 1 port detected
[  358.077521][  T339] usb 2-1: New USB device found, idVendor=07fd, idProduct=0004, bcdDevice=26.50
[  358.089001][ T2042] hub 3-1:0.0: hub_hub_status failed (err = -71)
[  358.101631][  T339] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  358.109776][ T2042] hub 3-1:0.0: config failed, can't get hub status (err -71)
[  358.123861][  T339] usb 2-1: Product: syz
[  358.131144][ T2042] usbhid 3-1:0.0: can't add hid device: -71
[  358.140538][  T339] usb 2-1: Manufacturer: syz
[  358.147298][ T2042] usbhid: probe of 3-1:0.0 failed with error -71
[  358.154712][  T339] usb 2-1: SerialNumber: syz
[  358.172290][  T339] usb 2-1: config 0 descriptor??
[  358.195367][ T2042] usb 3-1: USB disconnect, device number 9
[  358.559132][   T28] audit: type=1326 audit(1756884372.176:664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5812 comm="syz.4.1682" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a6278ebe9 code=0x7ffc0000
[  358.582577][   T28] audit: type=1326 audit(1756884372.176:665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5812 comm="syz.4.1682" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a6278ebe9 code=0x7ffc0000
[  358.620138][   T28] audit: type=1326 audit(1756884372.176:666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5812 comm="syz.4.1682" exe="/root/syz-executor" sig=0 arch=c000003e syscall=61 compat=0 ip=0x7f2a6278ebe9 code=0x7ffc0000
[  358.711532][   T28] audit: type=1326 audit(1756884372.326:667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5812 comm="syz.4.1682" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2a6272adb9 code=0x7ffc0000
[  358.756630][   T28] audit: type=1326 audit(1756884372.356:668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5812 comm="syz.4.1682" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a6278ebe9 code=0x7ffc0000
[  358.783320][   T28] audit: type=1326 audit(1756884372.356:669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5812 comm="syz.4.1682" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a6278ebe9 code=0x7ffc0000
[  358.868087][ T5838] loop5: detected capacity change from 0 to 2048
[  358.886121][ T5838] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  358.894637][ T5838] ext4 filesystem being mounted at /85/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  358.917699][ T5841] loop2: detected capacity change from 0 to 512
[  358.919115][ T4372] EXT4-fs (loop5): unmounting filesystem.
[  358.931701][ T5841] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2
[  358.939857][ T5841] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2
[  358.948555][ T5841] EXT4-fs (loop2): 1 truncate cleaned up
[  358.954227][ T5841] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  358.961178][ T5844] netlink: 96 bytes leftover after parsing attributes in process `syz.5.1692'.
[  358.973285][ T5841] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1689'.
[  359.115028][  T288] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  359.296098][  T288] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  359.307302][  T288] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  359.317467][  T288] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  359.330612][  T288] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  359.340668][  T288] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  359.356569][  T288] usb 4-1: config 0 descriptor??
[  359.420352][ T5868] loop4: detected capacity change from 0 to 2048
[  359.449981][    T6] usb 2-1: USB disconnect, device number 18
[  359.461226][ T5870] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1704'.
[  359.472690][ T5868] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  359.481748][ T5868] ext4 filesystem being mounted at /341/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  359.511288][  T286] EXT4-fs (loop4): unmounting filesystem.
[  359.692226][  T284] EXT4-fs (loop2): unmounting filesystem.
[  359.765035][   T28] audit: type=1400 audit(1756884373.376:670): avc:  denied  { create } for  pid=5833 comm="syz.3.1690" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  359.796309][ T5874] loop1: detected capacity change from 0 to 40427
[  359.824645][ T5874] F2FS-fs (loop1): invalid crc value
[  359.847234][ T5874] F2FS-fs (loop1): Found nat_bits in checkpoint
[  359.935038][ T5874] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  359.960320][  T288] usbhid 4-1:0.0: can't add hid device: -71
[  359.969977][  T288] usbhid: probe of 4-1:0.0 failed with error -71
[  359.985777][  T285] syz-executor: attempt to access beyond end of device
[  359.985777][  T285] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  360.000642][  T288] usb 4-1: USB disconnect, device number 14
[  360.045194][ T5883] loop2: detected capacity change from 0 to 40427
[  360.065430][ T5883] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  360.083733][ T5883] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  360.151014][ T5883] F2FS-fs (loop2): Found nat_bits in checkpoint
[  360.272955][ T5883] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  360.281943][ T5883] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  360.452336][ T5909] loop3: detected capacity change from 0 to 2048
[  361.124319][   T28] audit: type=1400 audit(1756884374.736:671): avc:  denied  { create } for  pid=5901 comm="syz.1.1713" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  361.144482][   T28] audit: type=1400 audit(1756884374.736:672): avc:  denied  { setopt } for  pid=5901 comm="syz.1.1713" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  361.218269][ T5919] loop5: detected capacity change from 0 to 512
[  361.464613][ T5919] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  361.473892][ T5919] ext4 filesystem being mounted at /100/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  361.503983][ T5909] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  361.570288][ T5909] ext4 filesystem being mounted at /325/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  361.809259][  T287] EXT4-fs (loop3): unmounting filesystem.
[  361.886377][ T5929] syz.2.1721[5929] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  361.886465][ T5929] syz.2.1721[5929] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  362.050154][ T5923] loop4: detected capacity change from 0 to 40427
[  362.069398][ T4372] EXT4-fs (loop5): unmounting filesystem.
[  362.110862][ T5940] loop3: detected capacity change from 0 to 128
[  362.118947][ T5923] F2FS-fs (loop4): invalid crc value
[  362.136940][ T5940] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  362.154790][ T5923] F2FS-fs (loop4): Found nat_bits in checkpoint
[  362.170279][ T5940] ext4 filesystem being mounted at /326/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  362.231438][ T5923] F2FS-fs (loop4): Start checkpoint disabled!
[  362.239743][  T287] EXT4-fs (loop3): unmounting filesystem.
[  362.277483][ T5923] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  362.326910][ T5923] syz.4.1719: attempt to access beyond end of device
[  362.326910][ T5923] loop4: rw=2049, sector=53248, nr_sectors = 544 limit=40427
[  362.346437][ T5953] loop3: detected capacity change from 0 to 512
[  362.367056][   T28] audit: type=1400 audit(1756884375.936:673): avc:  denied  { append } for  pid=5918 comm="syz.4.1719" path="/343/file0/memory.events" dev="loop4" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  362.379103][ T5953] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2
[  362.398886][ T5953] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -2
[  362.408231][ T5953] EXT4-fs (loop3): 1 truncate cleaned up
[  362.413905][ T5953] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  362.430046][ T2415] kworker/u4:8: attempt to access beyond end of device
[  362.430046][ T2415] loop4: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  362.769036][  T285] ------------[ cut here ]------------
[  362.774589][  T285] WARNING: CPU: 0 PID: 285 at fs/inode.c:332 drop_nlink+0xc5/0x110
[  362.782669][  T285] Modules linked in:
[  362.786609][  T285] CPU: 0 PID: 285 Comm: syz-executor Not tainted syzkaller #0
[  362.794090][  T285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  362.804309][  T285] RIP: 0010:drop_nlink+0xc5/0x110
[  362.809400][  T285] Code: 1b 48 8d bb b8 04 00 00 be 08 00 00 00 e8 03 ea f0 ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 9b 82 ac ff <0f> 0b eb 86 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 5e ff ff ff 4c
[  362.829316][  T285] RSP: 0018:ffffc9000d34fab8 EFLAGS: 00010293
[  362.835402][  T285] RAX: ffffffff81c386c5 RBX: ffff888120588fa0 RCX: ffff8881231e9440
[  362.843369][  T285] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  362.851368][  T285] RBP: ffffc9000d34fae0 R08: 0000000000000004 R09: 0000000000000003
[  362.859564][  T285] R10: fffff52001a69f48 R11: 1ffff92001a69f48 R12: dffffc0000000000
[  362.867743][  T285] R13: 1ffff110240b11fd R14: ffff888120588fe8 R15: 0000000000000000
[  362.875756][  T285] FS:  0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[  362.884684][  T285] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  362.891289][  T285] CR2: 0000000000000000 CR3: 0000000120802000 CR4: 00000000003526b0
[  362.899288][  T285] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  362.907261][  T285] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  362.915349][  T285] Call Trace:
[  362.918613][  T285]  <TASK>
[  362.921541][  T285]  shmem_rmdir+0x5b/0x90
[  362.925790][  T285]  vfs_rmdir+0x393/0x500
[  362.930033][  T285]  incfs_kill_sb+0x105/0x220
[  362.934623][  T285]  deactivate_locked_super+0xb5/0x120
[  362.940014][  T285]  deactivate_super+0xaf/0xe0
[  362.944680][  T285]  cleanup_mnt+0x45f/0x4e0
[  362.949099][  T285]  ? __kasan_slab_free+0x11/0x20
[  362.954031][  T285]  __cleanup_mnt+0x19/0x20
[  362.958460][  T285]  task_work_run+0x1db/0x240
[  362.963049][  T285]  ? __cfi_task_work_run+0x10/0x10
[  362.968185][  T285]  ? free_nsproxy+0x21f/0x270
[  362.972911][  T285]  do_exit+0xa25/0x2650
[  362.977203][  T285]  ? __cfi_do_exit+0x10/0x10
[  362.981792][  T285]  ? __kasan_check_write+0x14/0x20
[  362.986933][  T285]  ? _raw_spin_lock_irq+0x8f/0xe0
[  362.991979][  T285]  ? __cfi__raw_spin_lock_irq+0x10/0x10
[  362.997553][  T285]  ? ksys_write+0x1da/0x240
[  363.002060][  T285]  ? zap_other_threads+0x2c1/0x2f0
[  363.007185][  T285]  do_group_exit+0x210/0x2d0
[  363.011776][  T285]  __x64_sys_exit_group+0x3f/0x40
[  363.016820][  T285]  x64_sys_call+0x7b4/0x9a0
[  363.021325][  T285]  do_syscall_64+0x4c/0xa0
[  363.025766][  T285]  ? clear_bhb_loop+0x30/0x80
[  363.030457][  T285]  ? clear_bhb_loop+0x30/0x80
[  363.035140][  T285]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  363.041030][  T285] RIP: 0033:0x7f368b18ebe9
[  363.045445][  T285] Code: Unable to access opcode bytes at 0x7f368b18ebbf.
[  363.052475][  T285] RSP: 002b:00007fffeaeeb108 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  363.060901][  T285] RAX: ffffffffffffffda RBX: 00007f368b211c77 RCX: 00007f368b18ebe9
[  363.068988][  T285] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  363.076976][  T285] RBP: 0000000000000016 R08: 00007fffeaee8ea6 R09: 00007fffeaeec3c0
[  363.084962][  T285] R10: 000000000000000a R11: 0000000000000246 R12: 00007fffeaeec3c0
[  363.092922][  T285] R13: 00007f368b211c05 R14: 000055558daec4a8 R15: 00007fffeaeee580
[  363.101030][  T285]  </TASK>
[  363.104054][  T285] ---[ end trace 0000000000000000 ]---
[  363.109611][ T5965] binder: BINDER_SET_CONTEXT_MGR already set
[  363.115622][ T5965] binder: 5962:5965 ioctl 4018620d 200000000100 returned -16
[  363.116986][  T285] ==================================================================
[  363.131084][  T285] BUG: KASAN: null-ptr-deref in ihold+0x20/0x60
[  363.137352][  T285] Write of size 4 at addr 0000000000000170 by task syz-executor/285
[  363.145353][  T285] 
[  363.147690][  T285] CPU: 1 PID: 285 Comm: syz-executor Tainted: G        W          syzkaller #0
[  363.156987][  T285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  363.167060][  T285] Call Trace:
[  363.170350][  T285]  <TASK>
[  363.173284][  T285]  __dump_stack+0x21/0x24
[  363.177621][  T285]  dump_stack_lvl+0xee/0x150
[  363.182226][  T285]  ? __cfi_dump_stack_lvl+0x8/0x8
[  363.187257][  T285]  ? ihold+0x20/0x60
[  363.191242][  T285]  ? ihold+0x20/0x60
[  363.195390][  T285]  print_report+0x3d/0x60
[  363.199723][  T285]  kasan_report+0x122/0x150
[  363.204228][  T285]  ? ihold+0x20/0x60
[  363.208149][  T285]  kasan_check_range+0x280/0x290
[  363.213091][  T285]  __kasan_check_write+0x14/0x20
[  363.218033][  T285]  ihold+0x20/0x60
[  363.221759][  T285]  vfs_rmdir+0x25f/0x500
[  363.226024][  T285]  incfs_kill_sb+0x105/0x220
[  363.230617][  T285]  deactivate_locked_super+0xb5/0x120
[  363.235988][  T285]  deactivate_super+0xaf/0xe0
[  363.240669][  T285]  cleanup_mnt+0x45f/0x4e0
[  363.245089][  T285]  ? __kasan_slab_free+0x11/0x20
[  363.250032][  T285]  __cleanup_mnt+0x19/0x20
[  363.254460][  T285]  task_work_run+0x1db/0x240
[  363.259082][  T285]  ? __cfi_task_work_run+0x10/0x10
[  363.264210][  T285]  ? free_nsproxy+0x21f/0x270
[  363.268892][  T285]  do_exit+0xa25/0x2650
[  363.273057][  T285]  ? __cfi_do_exit+0x10/0x10
[  363.277651][  T285]  ? __kasan_check_write+0x14/0x20
[  363.282763][  T285]  ? _raw_spin_lock_irq+0x8f/0xe0
[  363.287800][  T285]  ? __cfi__raw_spin_lock_irq+0x10/0x10
[  363.293353][  T285]  ? ksys_write+0x1da/0x240
[  363.297855][  T285]  ? zap_other_threads+0x2c1/0x2f0
[  363.302968][  T285]  do_group_exit+0x210/0x2d0
[  363.307562][  T285]  __x64_sys_exit_group+0x3f/0x40
[  363.312589][  T285]  x64_sys_call+0x7b4/0x9a0
[  363.317105][  T285]  do_syscall_64+0x4c/0xa0
[  363.321517][  T285]  ? clear_bhb_loop+0x30/0x80
[  363.326194][  T285]  ? clear_bhb_loop+0x30/0x80
[  363.330869][  T285]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  363.336761][  T285] RIP: 0033:0x7f368b18ebe9
[  363.341178][  T285] Code: Unable to access opcode bytes at 0x7f368b18ebbf.
[  363.348187][  T285] RSP: 002b:00007fffeaeeb108 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  363.356597][  T285] RAX: ffffffffffffffda RBX: 00007f368b211c77 RCX: 00007f368b18ebe9
[  363.364565][  T285] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  363.372538][  T285] RBP: 0000000000000016 R08: 00007fffeaee8ea6 R09: 00007fffeaeec3c0
[  363.380522][  T285] R10: 000000000000000a R11: 0000000000000246 R12: 00007fffeaeec3c0
[  363.388486][  T285] R13: 00007f368b211c05 R14: 000055558daec4a8 R15: 00007fffeaeee580
[  363.396461][  T285]  </TASK>
[  363.399476][  T285] ==================================================================
[  364.129960][   T28] audit: type=1400 audit(1756884377.286:674): avc:  denied  { ioctl } for  pid=5966 comm="syz.4.1731" path="socket:[35144]" dev="sockfs" ino=35144 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  364.166751][  T287] EXT4-fs (loop3): unmounting filesystem.
[  364.176016][  T285] Disabling lock debugging due to kernel taint
[  364.201471][  T285] BUG: kernel NULL pointer dereference, address: 0000000000000170
[  364.209329][  T285] #PF: supervisor write access in kernel mode
[  364.215419][  T285] #PF: error_code(0x0002) - not-present page
[  364.221427][  T285] PGD 0 P4D 0 
[  364.224799][  T285] Oops: 0002 [#1] PREEMPT SMP KASAN
[  364.230009][  T285] CPU: 0 PID: 285 Comm: syz-executor Tainted: G    B   W          syzkaller #0
[  364.238944][  T285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  364.249081][  T285] RIP: 0010:ihold+0x26/0x60
[  364.253572][  T285] Code: 33 36 7c df 55 48 89 e5 41 56 53 48 89 fb e8 01 7a ac ff 48 8d bb 70 01 00 00 be 04 00 00 00 e8 40 e1 f0 ff 41 be 01 00 00 00 <f0> 44 0f c1 b3 70 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 f1
[  364.273177][  T285] RSP: 0018:ffffc9000d34faf8 EFLAGS: 00010246
[  364.279258][  T285] RAX: ffff8881231e9400 RBX: 0000000000000000 RCX: ffff8881231e9440
[  364.287227][  T285] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  364.295178][  T285] RBP: ffffc9000d34fb08 R08: dffffc0000000000 R09: fffffbfff0f2d6fd
[  364.303157][  T285] R10: fffffbfff0f2d6fd R11: 1ffffffff0f2d6fc R12: ffff888120588fac
[  364.311119][  T285] R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000000000000
[  364.319080][  T285] FS:  0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[  364.327984][  T285] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  364.334543][  T285] CR2: 0000000000000170 CR3: 0000000006e0f000 CR4: 00000000003526b0
[  364.342493][  T285] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  364.350526][  T285] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  364.358473][  T285] Call Trace:
[  364.361731][  T285]  <TASK>
[  364.364644][  T285]  vfs_rmdir+0x25f/0x500
[  364.368883][  T285]  incfs_kill_sb+0x105/0x220
[  364.373459][  T285]  deactivate_locked_super+0xb5/0x120
[  364.378827][  T285]  deactivate_super+0xaf/0xe0
[  364.383482][  T285]  cleanup_mnt+0x45f/0x4e0
[  364.387894][  T285]  ? __kasan_slab_free+0x11/0x20
[  364.392823][  T285]  __cleanup_mnt+0x19/0x20
[  364.397302][  T285]  task_work_run+0x1db/0x240
[  364.401878][  T285]  ? __cfi_task_work_run+0x10/0x10
[  364.407003][  T285]  ? free_nsproxy+0x21f/0x270
[  364.411673][  T285]  do_exit+0xa25/0x2650
[  364.415828][  T285]  ? __cfi_do_exit+0x10/0x10
[  364.420395][  T285]  ? __kasan_check_write+0x14/0x20
[  364.425586][  T285]  ? _raw_spin_lock_irq+0x8f/0xe0
[  364.430591][  T285]  ? __cfi__raw_spin_lock_irq+0x10/0x10
[  364.436118][  T285]  ? ksys_write+0x1da/0x240
[  364.440613][  T285]  ? zap_other_threads+0x2c1/0x2f0
[  364.445716][  T285]  do_group_exit+0x210/0x2d0
[  364.450384][  T285]  __x64_sys_exit_group+0x3f/0x40
[  364.455388][  T285]  x64_sys_call+0x7b4/0x9a0
[  364.459877][  T285]  do_syscall_64+0x4c/0xa0
[  364.464286][  T285]  ? clear_bhb_loop+0x30/0x80
[  364.468954][  T285]  ? clear_bhb_loop+0x30/0x80
[  364.473616][  T285]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  364.479506][  T285] RIP: 0033:0x7f368b18ebe9
[  364.483913][  T285] Code: Unable to access opcode bytes at 0x7f368b18ebbf.
[  364.490919][  T285] RSP: 002b:00007fffeaeeb108 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  364.499321][  T285] RAX: ffffffffffffffda RBX: 00007f368b211c77 RCX: 00007f368b18ebe9
[  364.507290][  T285] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  364.515263][  T285] RBP: 0000000000000016 R08: 00007fffeaee8ea6 R09: 00007fffeaeec3c0
[  364.523238][  T285] R10: 000000000000000a R11: 0000000000000246 R12: 00007fffeaeec3c0
[  364.531206][  T285] R13: 00007f368b211c05 R14: 000055558daec4a8 R15: 00007fffeaeee580
[  364.539339][  T285]  </TASK>
[  364.542337][  T285] Modules linked in:
[  364.546214][  T285] CR2: 0000000000000170
[  364.550343][  T285] ---[ end trace 0000000000000000 ]---
[  364.555776][  T285] RIP: 0010:ihold+0x26/0x60
[  364.560266][  T285] Code: 33 36 7c df 55 48 89 e5 41 56 53 48 89 fb e8 01 7a ac ff 48 8d bb 70 01 00 00 be 04 00 00 00 e8 40 e1 f0 ff 41 be 01 00 00 00 <f0> 44 0f c1 b3 70 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 f1
[  364.579853][  T285] RSP: 0018:ffffc9000d34faf8 EFLAGS: 00010246
[  364.585912][  T285] RAX: ffff8881231e9400 RBX: 0000000000000000 RCX: ffff8881231e9440
[  364.593880][  T285] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  364.601885][  T285] RBP: ffffc9000d34fb08 R08: dffffc0000000000 R09: fffffbfff0f2d6fd
[  364.609854][  T285] R10: fffffbfff0f2d6fd R11: 1ffffffff0f2d6fc R12: ffff888120588fac
[  364.617801][  T285] R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000000000000
[  364.625749][  T285] FS:  0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[  364.634670][  T285] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  364.641231][  T285] CR2: 0000000000000170 CR3: 0000000006e0f000 CR4: 00000000003526b0
[  364.649185][  T285] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  364.657139][  T285] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  364.665182][  T285] Kernel panic - not syncing: Fatal exception
[  364.671461][  T285] Kernel Offset: disabled
[  364.675769][  T285] Rebooting in 86400 seconds..