last executing test programs:

10.671253499s ago: executing program 4 (id=4381):
r0 = timerfd_create(0x0, 0x0)
timerfd_settime(r0, 0x3, &(0x7f00000000c0)={{0x0, 0x989680}, {0x77359400}}, 0x0)
clock_settime(0x0, &(0x7f0000000100)={0x77359400})
clock_gettime(0x0, &(0x7f0000000040)={<r1=>0x0, <r2=>0x0})
timerfd_settime(r0, 0x3, &(0x7f0000000000)={{0x77359400}, {r1, r2+10000000}}, 0x0)

10.670836299s ago: executing program 4 (id=4382):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000086"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
close(r2)

10.622535091s ago: executing program 4 (id=4383):
r0 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000002c7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='erofs_lookup\x00', r2}, 0x10)
fstat(r0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, <r3=>0x0, <r4=>0x0})
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x1000801, &(0x7f0000000280)=ANY=[@ANYRES32=r4, @ANYBLOB="091e21b81dfc6fb0feb157135f914b110011504efbf790845429946409a9244bffb818fbbc5ead98aeff6a5549e74cef0600", @ANYRESOCT, @ANYRES16=r3, @ANYRESHEX=r0, @ANYRES16=r2, @ANYRESOCT=r3, @ANYRES64], 0x2, 0x1d8, &(0x7f0000000840)="$eJzsmb/L00AYx793SdNaRHFxcHGwYEWbJqlKlw4VHAWhFXUsNpZq2koboS0IFhcXRwfB1X/AwaGTg5ubqw4qCA52dI7kck3Oxhb7/oDC+3zgvXzv7rnnnruXfjMEBEEcWb5/+/31xbVq8xKA4yggK8d/akkMV+K/vHp88WXt+uu3n9986J94Ml/NxwAEwf/vbwB4X9eApydFPwj+Xl2QzyZ4rG+B44LUt8FgLmsNktUuGO7K4QeKHhyTwnPNewOvfb/ruVbY2GHjhE1F3V8HsJgxtAHk5BZMmR9Npg9bHjCMhOcuRSZY7pOa2lZsuj9RX52jplxB+P+68/zZLOybctxS7s8Ghy11BQwNqavIwjTN5EqU85/Rk/xa6vwHcMjDEKdKO1EGid0SbHUk/EHHI6cX84/pVT92pfg9CGFcAFJTn/Ked2MfmQ1pAv+MSfyJ6cB5xZ906LF/lP3eo/JoMi11e62O23H7jlO5al22rCtOWRhR1G7wv5zwp7ySP7Mm1mAGxi3fH9pjwB/acd+JWsVxG+8Gv8QaLvyPo3guysHkOyt+Ua7A5B8Xz1AVtbXFEwRBEARBEARBEARBEARBbMVZsOhDWPShKliDc1NE/wkAAP//X9JszA==")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001440)='blkio.bfq.sectors_recursive\x00', 0x275a, 0x0)

10.549528394s ago: executing program 4 (id=4384):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, 0x0, 0x0)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(r2, &(0x7f0000003000)=[{{0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000180)="fc", 0x1}], 0x1}}], 0x1, 0x0)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
getsockopt(r3, 0xff, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x0, 0x3}, 0x48)
write$binfmt_misc(r1, 0x0, 0x3a7)
sendmmsg$inet(r2, &(0x7f00000035c0)=[{{&(0x7f0000000040), 0x10, 0x0}}], 0x1, 0x20000001)
sendto$inet(r2, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, 0x1)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x6}]})
inotify_init1(0x0)
ptrace(0x10, 0x1)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10)
connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
ioctl$sock_inet_SIOCDARP(r0, 0x8953, &(0x7f0000000100)={{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x1, @random="000600000002"}, 0x0, {0x2, 0x0, @dev}, 'syz_tun\x00'})

8.155467376s ago: executing program 1 (id=4397):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
write$cgroup_int(r4, &(0x7f0000000200), 0xfdef)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r3, 0x0)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
ioctl$int_out(r2, 0x2, &(0x7f0000000380))
ioctl$KVM_RUN(r5, 0xae80, 0x0)

7.735970992s ago: executing program 1 (id=4399):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0x2, 0xc}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="1801000000bae3000000000000000000850000007b00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r3}, 0x10)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x16, 0x0, 0x8400, 0x1}, 0x48)
bpf$MAP_DELETE_ELEM(0x15, &(0x7f0000000400)={r4, 0x0, 0x20000000}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000980)='sys_exit\x00', r5}, 0x10)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000440)=@framed={{}, [@printk={@llx}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r7}, 0x10)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
write$cgroup_subtree(r8, 0x0, 0xe)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x6, 0x8, 0x1}, 0x48)
close(r9)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xd, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002a00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r10}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r9}, &(0x7f00000000c0), &(0x7f0000000140)=r10}, 0x20)
r11 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r6}, 0x8)
write$cgroup_int(r11, &(0x7f00000001c0), 0xfffffdef)
socketpair$unix(0x1, 0x0, 0x0, 0x0)

7.412687215s ago: executing program 1 (id=4401):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r0}, 0x10)
ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x891c, &(0x7f0000000000)={0x0, {0x2, 0x0, @private}, {}, {0x2, 0x0, @private}})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100000000a0000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_buf(r1, 0x0, 0x40, &(0x7f0000000000), 0x0)

7.355733257s ago: executing program 1 (id=4402):
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r0}, &(0x7f0000000040)=0x18, &(0x7f0000000140)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000540)='fib6_table_lookup\x00', r1}, 0x10)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r2, 0x29, 0x2c, &(0x7f0000000380)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108)

7.355348947s ago: executing program 1 (id=4403):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18080000000000000000000000000002850000000f000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket(0x10, 0x3, 0x0)
connect$netlink(r1, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
sendmsg$nl_route(r1, &(0x7f0000000380)={&(0x7f00000001c0)={0x10, 0x9}, 0xc, &(0x7f0000000340)={&(0x7f0000000180)=@bridge_getlink={0x34, 0x12, 0x1, 0x0, 0x0, {}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'wg0\x00'}]}, 0x34}}, 0x0)

7.302175719s ago: executing program 1 (id=4404):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0xf)
ioctl$TCFLSH(r1, 0x400455c8, 0x40000000004)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10)
bind$bt_hci(r2, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6)

1.781466831s ago: executing program 0 (id=4443):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000480), 0x208e24b)
ioctl$RTC_WKALM_SET(0xffffffffffffffff, 0x4028700f, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'syz_tun\x00'})
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f00000003c0)={'ip_vti0\x00', 0x0})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

1.629632767s ago: executing program 0 (id=4444):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa1000000000000070100000007040000f0ffffffb7020000080000001823000000000000000000000000009d7cdb2b654a9fa06af78e1a6dc94d361c7714ad175e53ca88a13002aa2aa94d837889f72ba842f06ad9b4e0eff9c3f9816c737ab51df7bd6962c5cb2569a2691abf7e74b8c767d4f10ccab6cf7ccb762f1fd69ea1a973055d5a2330b641f83f85fd6f6dcc669a055b51817fa5d4a0f766f79645391d52013c123e541473948aefbd2215b0e9eda0519c70e118e4832b358d22afdd97dc7e8614ec22fd374353eac783073984fe6648a3fad141f5cde3b6326ef2575ea32bf63c6af928cfab9810c2fa36629db8d95869780be0e54fd7ece99ed5e8c4b41a81c126eada9c96f23616ceb4261efec1c7d3892b021be689", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000690000009500000000000000"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCL_PASTESEL(r2, 0x541c, &(0x7f0000000080))
readv(r2, &(0x7f0000000400)=[{&(0x7f00000004c0)=""/233, 0xe9}], 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000980)={&(0x7f0000000900)='svcrdma_send_err\x00', r1}, 0x10)
r3 = socket$inet(0x2, 0x3, 0x8d)
setsockopt$inet_msfilter(r3, 0x0, 0x8, &(0x7f0000000440)=ANY=[@ANYBLOB='~'], 0x1)
getsockopt$inet_pktinfo(r3, 0x0, 0x8, &(0x7f0000000040)={<r4=>0x0, @local, @local}, &(0x7f0000000140)=0xc)
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000000)={@ipv4={'\x00', '\xff\xff', @loopback}, 0x0, r4})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000025e40)={0x70, 0x0, 0x1, 0x404, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_SYNPROXY={0x4, 0xe}, @CTA_MARK={0x8}]}, 0x70}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000002c0)={'erspan0\x00'})
sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00022bbd7000fddbdf25050000000800020004000000080002000400000038000680f5e605004e200000060005004e230000060005004e2200001400040000000000000000000000ffffe0000002060001000a00000008000400300e0000"], 0x64}, 0x1, 0x0, 0x0, 0x4}, 0x5)
r6 = socket$netlink(0x10, 0x3, 0x0)
writev(r6, &(0x7f00000000c0)=[{&(0x7f0000000240)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
bind$unix(0xffffffffffffffff, &(0x7f00000001c0)=@abs={0xa, 0x2}, 0x6e)
sendto$packet(0xffffffffffffffff, &(0x7f0000000840)="08733677f34fa9f60a0216a3337673189de88acdf60e13491e1469b4520dc147a3fac520e54c55e6aebfc4c68aa348da022f04850ea8a0d674b98acf8c9a10acba6e18024487c59f6b15a740a130f4ea637b3d31e810d20367dfe9285d2817a85f0ec59034c4f6df6588c4aa981149a43c63d06d0dbd", 0x76, 0x800, &(0x7f00000008c0)={0x11, 0x17, r4, 0x1, 0x3, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x17}}, 0x14)
r7 = socket(0xa, 0x1, 0x0)
ioctl(r7, 0x8916, &(0x7f0000000000))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='ext4_insert_range\x00', r1}, 0x10)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
r9 = socket$igmp(0x2, 0x3, 0x2)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000002fc0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001080)=ANY=[@ANYBLOB="2c0000001a00010000000000000000000a000000000000000000000006001c0000000000080019"], 0x2c}}, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r9, 0x0, 0x40, &(0x7f0000000480)=@security={'security\x00', 0xe, 0x4, 0x358, 0xffffffff, 0x0, 0x1f0, 0x140, 0xffffffff, 0xffffffff, 0x2c0, 0x2c0, 0x2c0, 0xffffffff, 0x4, &(0x7f0000000300), {[{{@ip={@loopback, @empty, 0x6339420cda9ae7e9, 0xffffffff, 'nr0\x00', 'ipvlan0\x00', {}, {}, 0x89, 0x0, 0x2}, 0x0, 0xe0, 0x140, 0x0, {}, [@common=@set={{0x40}, {{0x2, [0x1, 0x2, 0x4, 0x4, 0x0, 0x6], 0x1, 0x9}}}, @common=@ah={{0x30}, {[0x1, 0x32]}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x0, 0x4, 0x5, 0x6, 0x4, 0x5], 0x4, 0x6}, {0x3, [0x0, 0x1, 0x6, 0x1, 0x3], 0x1, 0x4}}}}, {{@uncond, 0x0, 0x70, 0xb0}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x9, 0xaa, {0x6}}}}, {{@ip={@multicast1, @empty, 0xffffff00, 0xffffff00, 'pim6reg0\x00', 'macsec0\x00', {0xff}, {0xff}, 0xc9, 0x2, 0x44}, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x4, 0x2, 0x1, 0x1, 0x4, 0x8], 0x5, 0x4}, {0x2, [0x6, 0x3, 0x3, 0x3, 0x4, 0x1], 0x0, 0x7}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3b8)
ioctl$sock_inet6_SIOCSIFADDR(r8, 0x8916, &(0x7f0000000200)={@private1, 0x0, r4})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'})
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff)

1.580265429s ago: executing program 0 (id=4445):
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f000000e280)={0x2020, 0x0, <r1=>0x0}, 0x2020)
syz_fuse_handle_req(r0, &(0x7f000000c280)="897c6500ff3035465c7acb4e06980b05687c1480c7aafe631c0543db2bf0d6f539506e8782da06c1ca018774d72e9e5a3418ab66ee78dad68457b17ec9d47bf7d8272d607c1c0a4bd906f0cee7f8451828d2458596bdd6a459ba18ebaf61b38f5d66c27fa8a024ad7832a85e58689a4c254c94cbcf7208fce6e61d9566459789d15a6f91dd7db7c54cc3a94da956fb290a8a15f849270bc459d9d9f47801be86dd5c9d18382081a993b7bfde5c28adca4c71329afd6be743b076033b5859891703eb65fa256d6f47450b6edacbd05a9bd8b372e90cfc30f32826566dac6c48e6ef001881cbc30482f9ec469e476a101da496b8c0785eaf875d3608b0c49e9d39baaa1041f903a805f0f24aa63722fa2d87b98595fa5cfaf8b79c458de43ee39904e7cac7540a934b4108957785d58807abff186949f1b94cd21b724aff34ac45c7066dcdbd68ea7b766af9d045cd7fafeafc5c5a0c3400ef4e0c71a6fdd5b8d68a6f317644cda9d2fd2c839a82b97b3d909b54c672227bef573c9de1991d65a63017f724d1f7f1575e69db53318a7fd7065b303e751518c8eef04f642dbd4dfa349040a7b5401050ffc2b4ef62803a7c8eaba99e011dfac24d81b2b61e0b0581e53bf520f623eca17f0545c5e59ff15b527475f970f589894ae589145fa4283f7225088ccfeba1d72e9128f8c223ae1840f2edae3dbcdf7e560d5cdf4f71c9ada1931c0f8312c000101b264aaddb9fab166ba8d8903d6098eca20935ca607ea79e936798b3dfb22a7e159abb234cf21f3733dbf263a8ff116092f251659108892b2e21e1b428fd225096a5040270b2d70347013eaa1fd8e452942200283aab092c4ffc5b8b427b5d691a5a773e09da20539ff0f8214331c5d84107ae8a59aeb58efe22d7a079e446f1dfb07510377799bfdc7ee59cabcd76af0fe8a427ac8258ff33bbad5a8061f1cfdfbf375d73d676cc7916d6658ce46a0b17ad6350150f98e3512b513e25ca73f5f5df0a1fb9582ace7906c493fe1fd2889d9aac0b7c29c2b6c205537627bad64df433336a5ace32ca871e51b4dab0fbb00886a1fa81a98b74de0a26cebf65723515ebb807fc3c161ed42d1a7b6b55717613577ea437f3a2967c66ce45ff85a6a35b7cd40625fc575b107d7394e3d2db51d58347276c33e21f50b5a6b5672bf9fda63139bb75aead1fe4ee9a4064af5a5958466aa39faa6d821489fa415224c8d69d3b5922236832c2b1e4f6b8863b32f9aea83fb522a2de081d674502b48f73ce6db98d84136059b4a6676bc85ac6b7626329afa9bc7d3f9f2caa3c4d872744e0a8e02d72a75c6c545b8ec8e15b6fb0fe4185bd0d154960e6fef05ba40e5fe2968eb1301dcc52a03337179e74ba1522af93d77827845f8941c69ed8bb84567e3c63f1cc378a542f1de7007b688ff0a9c69d5861f0b85402c30a2fd391c52bafbe65f8e82135fd38361d7c0b43c982b2f3e7cb09c40c7e215114f4243d670cd576bcd93c1e959345170c75d6c3cf89cf8c2c70dc792e646e7c649d4c5f36bb016c7acd466ad58473d40dfef36394e581065a8581ab852250403cf372ac0065bf757fa3f445424ac0d82aec1938a2ea116bdfd306baa1cb06c62a4a97d66ab1b9489469cb8ba842da12e310caed02c5ef05c0be1e1e8c9c8b87d6871c94c57d164d08672b205c948086a06a545b266b7ad902a908681eb188bc51b6190b5cb9d8ca59b8c4c6e7369c00d6f6119fd5d437239e3d3c89cb81e09e560fb817590106015f08e7b09f1e1e65bfab3b8489fa058e24081978b9e25463d9945bfbca81c08885d4b6d4c62e217bd9e19460762f36c66bc948fe31cde089626fbb310e3c78a8d3f2eac21d374d9b58d887235d3a95721168e4b9475849071d60ecfe7ea5d6c4bf60da3747612ef59bb651270f326c0af31bc8c71361f851de34ccb3c8071b96f1128d7ee79b41246e566edd0272dbd3ccfe472b38e5e03d3ef83218bd498e6de8b4d92cb6f82716449ede7ba845028eccdb9137be8a622ac88ac53118fbc39637fa7a93cd3abc6f7671c7804420d66e94720acbcac916950f9baca77fef4217155ccc2cd0507339a0486f9f468eb28772986ee768c63eba671bf8c52e48a2a5dc2cc24fe925368706c2d712dd1064692b0fb2a32ddfbd4a0ffcf9c2abcedaae6e527bc1d42637aff2a275b76a7a7f010e42e1cc1d27141f6c3585a2bf58c6c5789ce61551d10118a000e3764631ec0b7f4b1a6f22a678133a30940b79dc76f863dd9f6e0d7776300898c97cef286c731c2050928c492439256e481652bff0d202db3cfdc54c9816ceea7895357bfa0362fad79afd09ed55189294d6ead7e898ac091cddbe7efcedb314bc02a18dd5bbddc42e089124758bb491fd1536aab27c5c124567bc325e7028bced5a179a011d1cb9a5ffb61d7af863e91ec8e60495561188b74d158ba1418228d44e92915a22eb1c166ef7d6179e84381ed950ffd747f13e24172942d922ca3109fb8b1e4e6264fa4a4eec75ad0d0e22579d90f45d6cd157300e38ae665eb56457202e25a8dd5877ba99725de288660badd2704345d9bad208c903ba27ea167dd45a77f77b6502b525b2973270582858183c784c324c1366fbba8d410c38bf75b41e067f6a9a017c56595161db4fc5639393fdafb1f148d3f416c1adc5fe1ab9cebe4689855c9b4bda6dcba5d5fa858a1b87d2ad23cdf54dbdf4d14aa4462da0b6f1107f4afa0091c2643508861a4d9f133ba77751941bb8fb756abf1a104205b80d47a3b4a59724d959c8b5833da4f56fb6613231f230a9378c9af741e94fd2c7213ac1d7625559b3f032f6c8df3ab441929720fe43d7c548cc661eed5b3c62b3c61f538ea3228376e2a18c6da2ad906322f64fb4865cde8e1889a8e5237fd6a39bbd6662f1dedc22fbd74e4376fa610cd710703dbd3924a38beae69783d1d5abf36122cbb87129ba719042748f060f4303a3199c5891c5040fd8cdb9761b006bf64cdcb65e5cc50a29994b8c1c34b83760ece12ed9ed7c3d2a7f8911cdf23a1afe0d7db1bf342aa0123dd5cd31339f5c8e160c4efef882602b3eccbe76fb690162b8bfb8a31910bcdf9a4a5dde76c2ac2fcd8678add7a000cfdcab398eb2171c026313eb6eb56b4b87bf8ef93f7f8a1c0bcc3775b681d4229ea561cb52281d8ba4315c3694ed08433596884d5a7ce3a8b1f82359846b7136726e2fe37bf4f7b7e2206cdcdb0705ced9f0dcaaa2ed3a78ea70d2cfeab668eb321400fc955e9aeb7bbcf86cd03f02dd443503a1480d9d9f899f53bd747a95293786798fc59fceb09e686a9328da4f929b6201841bbbefaffcf3386abdf69540e3b46a643ec10f0acf21f27c0053dc13f18485dbc898729dfbeaaa4887b58cd442d7ffa941808cd9658595be8650a815b088621278d89f0d8a4252566b923df3a3cd65c0e4af08fad385927251b31d35f75eaf25e6cf13a579aeeb0bcc0a14ca4a20a6831d532be0b2af3821792a2df95131b7fafef245aa19b214053342aa820c35858d13f84e496294529411015c41ed447b5b51dc44a45d52552a2be1abfc157f3ace7bfa32d5b931421d5a152dd66b7bf549311b08325e5a7201f793037b38990bedeca8a647c08d2478670f8fc2b4e8983ea18bcd514daeeeeb9d7a778f783c76edf01bd4beda4b77b612cd2e865c2e4f58ca7ae06147bf66ae6aee221cf9b9505dc07e6fb6cf4f82dc8c406c78e270210c11cf2531011ed678d9dfe1f49c9a69a95a9f3b0e5b624d9c2664d787ab911b75a4a38d63e9d6c353f8aaf433ff961fe5e34d84936ead0d0bc7954caf84e541f5c6f3f20c9eed21eb0316b82c0dc5182540e63a0af25565496792153d6395adc2b8d68b8bcd93dd110ff5685879db4384ec390d44b89663d43a5de3bdc0e103b7c1b355dc5f6fe3518c93628780ba03f156badea65d1d0af8433c9e8a975fdd19453da662a33fa9f0f5fa15fdb216b483fb48370a967246e0b763df8b3bc7924a6c76c4b114f803dbfa3b312e6815b4eb67be167283a9e482d9a5beac250089d069d4c386b7fda5fc228404a0f58b12ca4dc131c381b49b42b570bcfc0dd663f24afaf65a26a21f6d92f52c9f8de36cb76bacbaa0eef98ba6b7dbbc2629a03bb2b6f83fc5adaf20c217bc8d0f0d2421e01472532bcb546aeb2d483c8f95011a3ba1d2fd8086a717cb015dd53064ef4a80b6d6fdc12d9069223fdf2aa9b192a0e0bdb38436f49d9eedfef3665815633fee4344aff11162526362b70b18e1dbedbb5d8c4698860beccf667851878a25a1e766caae2861f2e23404aac859e62fdfeac06a6057554828d7035806e8ab3ee2fa6d711e5811db61231a22f4672f6a11b27641f350bcab78792362e6ebc1c054a643bbbf2746678c14dc567d1f73e37005c8ab6374c4d8d3106384a2d32c5fcf05cb9ba97cb7fa1aff11505a701bead543e555f3901ef3b693d5b9ebf49518c3509af042b7e84b1b867c22b7e08725220e4338fd074edce428212e6a3563a08e2ccd8ab71910256532904542e93d5c7deb5bf5d49beb3202d4da4f643649e55edbb91188cdcf0883a40c6ed6b8a086fb5c50dc08fee00308420121d4c7431b3cfb80f9c1e099423ac451d67b12e930d9e391d0a799c7d4b54a0d56ea0aae00c1d009e21fb5459416b464b227d66ccc1a68da59d64c1583dee54bbcd7d61ffe541fd0fb7452adba91906918966a7d58019ad1f8fdebeceeed7018837b6e4272eefeec8385abe7207fb2d7061fa6cdc478165a98971f9729b818a73edefed976d5c7c0a651c091cfd1174c020e39330a79144271fe4cbc61ea0ffa274d0d87d06dd08c1d5f8a0364d46ef7b54426bc286330c75fa257afeb2715c2ae511ff53b1189cc59ab80b1325fbdcedfdb8f36ed71f70091116e16b52188b794e637755027caac8db8554f8674b844964c710cacd7a9d6b06baf6fef76159a380e639b0d3e66080a7cf7f86baac01dbe47fe687fcef2f3bfbf6f8fba045181dee688360a11ee56e5fc73ed31c0e2924ae57f0cc93c63a30662a65c5d5f17123ae28cc5b74dd13ed81b03dc7fa61dc575668868c0df12d3553269f04ba79084d070abcdbd4745de80e90e4e3e524f27249b5c4a2f2d4c8b331b0cb6d4efe62a298daacc6eacdfe008c1f912795dbdc37098c42db860953120fda709baa6d46f52eaba781505e68561ca0f281e850532ef8e7c779883e312806e1c357bdef8d0dda005e710cfa6eb8686e8bf3bff036b3fcdc4036541d93530ce6f598442c24170b307ef05f23c93aa0ec96831b532d8120402214a940d1fa01ed649061a4a71308be189cffd729a196754fb8a75f23851189589be1b819f0612cad3dc94ccee88f4ab9ef6ac9c7daad8cf94f5ed9496c4c824e5b4f66ce32a80e7a6ef069a32f6812e656aa5f5742bd432afdf026c86e8f28212c1139dad47d7fc07e5c1a83e993daaa4a4bb5f0c9435ccab2a10f867ffe259dba7a1d9168619b1e3048860a5122e4a5d0b00372eaae861a0cc88549852fffa76e6d78739b654d67df15ea97a9a46b7c382d83191a673aa619b4a10ec05bc681379b0d6df824cb6fe158e9d89ae5dd1ef66976f67972b553db52eb6feef836dca6026293f83a61e117754a7424a3da63bd82d017f87f0603e2a9b8fc550aae611681935ae91f7ca2b5341b05a25208bd28f1a202a7f2a213b1d7411ffb557470aec00c4d13c70163f22a038a189710dd19a47e8db4a87c3fd329a63abca172a9810edad2d8e19ef85b57ea4287cfb3d740d7ea3fa9c80d06e1aa84b317f678ddb3c147ba5e0db432125f59ca4944c8e9050281ca82a3ecf67b2a5df678697a52a7297af1ecb03c586af7b91d74e881964ed95f7be12fa07e2a4e71aab8b913a13996fa33e915144bf00e49b8e7adec5b2c4b8165f54ba3155230e241ee023af77a295ab87c40f63f6092ccee05cb08a265abe8f57c9919bf45064b6c2240ba8011db223a283a4e2292d9b59df8c9a4fdc763f0631007db9976f351717db0e6b5f9c6e5f227c2efa1ae5fe0be1af0b22fc164f9f9678a01fe8b059749fe8a2972455732da1989c609d191544ef9fbb3e58da93ec4a582430523f260b776e4d747312747d18a9bae14740f5dcd35fd1072f8a4d81573b5882203be856b62d7e1d87081a9e431872c9d68864197bbc61f15dd8aeae950d34d6ce97182deebd2ad64cabd1c723baf512acfc7e94675b31369bd60e155af79b97bb734312569f736dcd5b5a78223ffaa0f7e93e1a112cb9f6a5b88fe3cf12c30024c16c6b8380fdf086c662665d3751c11617cc4dbd5b8bc7543301a23fbc90ba8d060193cdc2b68c31c734d516707b759f7db009c8f06e69b40154e1cd8ae444afb28134acdf871136b4fd78bd86d7faaaf618afb25e92d1ee37cdff0595278f9565f5eb109e181e9cacec2f22e32e9f34774ee223fdb992febcc5dbc5cceeda16cbcf1434730d859e7e03d36ff17636a7a7e66956b515894da114f3040909f90ce3cfbb2d7d46e37049c0fb124e0683d662eb427cd7b851ada229451e6e3aaee64b9964ced3036bde5d9d80eb062474f96ecfb9b65fcafc719494ac12ab7df245475f2a5e7f85ca4789833ca373e6214d39176c8f51dde87a4cfe5414a20f68bb9f34709979b99533ba3435c4aa56e525195e10ffd00f8e41aee30a909c07b973bbf733d45500b539ebe2206d438216690998d9e256db1b7ac6bef3e810785e1986985c945a2b820323a592721fcfa444934d0faf8aa439d5efca5dcd77b72d1eb91b3790d50d0a7483e354c415f81d99c133d648c1293e795b3c43f9b47e23ef982e10072ea5baafb0df675e69af1807b225afa0cec3eafbde8535d3ecaa0ea6ddbffe4465207425bb003670320324df0aeeb16b38a043f9c0e85673b36def332fd68b2b1e6edda621d0cadebbced8c7fc8f890489115b457249e8d8103676b3207a472804d33e0fe511ac56cd8dc5333b2333892f87b455940ada78fcf5075c358fce990e6f65f095eb416d876ce6f120b8b02cfa6b176ee269c942f881247c3e464cce2aa65c39137607c585aeb4b5f24f5f8e058c9c8b48003c1809da3e8aad1bee7955c3a976d43fe132e2b16f4758a0a9884e51d13b930675a4361ff366b0fed190ad7b2a00385528951e39cd44ea06d8921b9d613d7626221154cf86249a550198fe4e5b05ad3052b474291da0a0a2f701759859bc0392adf243ad5eca89e6d18e28dff99ef95743bcabe75504be8c715cd6360facf3bb06cb97c29989d4f6ff5083573cefe6ef0b39a252a2678112fa88e5b06c9a6bfc9597cc96e5a49710c4fc120fb0da4945b9d94e46de1e9989d0fc3d8d20df23d815b660c799a903f651b0d013f7fe158f1d297f7fcb6a48780ca5525f1d081ada0aafa83552318b848783306549750b6254cf676c7b934cf7fdab992717f0cdc089b34278f3fb151cadde14d0d3250e85a4b0ff2a2778a219aa40563d3ef575285484424b6d0e7cc8392342e4848c6fc8cb20fa1b450cc4c1fea19f3bbdd9e342e6c49cd7ac893b1eda2e93d1d74d20969465946b398fbc733757741ac822c4a118632cd242a439fc37512cf79b7c629504ccc1e7f2f11798955c3262b5e9695625ba74d8050e20f51d4769e1ab938f487f1bc4b55b5abcaa3ec079c2d0972b2ae9bfb7c5423b959119292ea05f1d79d35afe47e49d97c946b193bffc0a8f607f18a6845cecbbdd98cd351db2b2dce05a4848ba84a6a497b4618950130cb7e76c03d0976eb2fb41d3a42a1430063ed8e5b8c67e80fd4fc1148911958babbcbff33a6505de209b0d9320017fd736fd027a16564008ab2e1f48a6dd66c9256730e9fda0a606875d0871b2b9b0bc2ed4e1b696dbf0283c8dc72cf4338e595266f5390bc3a21f988353118f2948fc75d050ea076b73508d9ed89bade0ba305c1f4e5daf9d40d2f5e7ababed8d1b1d919c61a6d3fb149c1a9b44e38585a2fe322f83d73a3aecb44da3f0e82942d75d62ed3f91eb44f3411df014f88839e4cb1e21b9b259d4eb4adaf6b0be433d0ed4c87ec77dde5ee9d566e3dd8d928fc1875c63af26c59daba5ae267d9bd5da72b99a03e6a33cc48ed961ab484ff4a46c2d5fa597e626e00b530d7b9a9705e4e08d03f3a7f2a5a5233ad6340e3b5c89db81ca713b6d7d855c6324955f85109b204566f50178cd88abe3fcba25de905e8ea0b75ad51831761ed9b1af2470f976f05ec73bf74d137c207270cfd614170518cdc449aeeb663e114359c8124eaf2499d8cf5dc84a0872301db2e57b50bd285060ec4390d99d4ae3674ca3bb8679c1b08e566ba4f30daec8684a980055eb43cb5a1306c4b52a154682aa96637e06c869278aa2f74ef7345632c11265ef8ac97e953745302556881ba0cb590fef271c0abb193fb84d18ee3f24d9976ae816b857d6f68d1fdfe10b312c799fe014debf875d04bff8b4f387859e97c6bf13f7083c28a2045a0b5eb09c94e781a165965e8617c0efed1701ea9667aeca26d9577ea7b1242e1d91b25d6a66756cc627648a293b9f4345966bc469fafaeddc1118d0972bd5c7751a1f51e5989fd952f314ae10417c97b41e60ebfbc47e496486fa4a89fd16aea7fa1eabebd26eb2a37a3e2b351e0c9d2f67b2e5be0f921adc9b6045b045948e5103af0e5050b9c0799b513c00865deebda730de538f956ceb6164e08bd6f58655a294b4b44fc65309b30f9c00f92ef5bd5b911a3d830f72c258b19521bb8e80db02129954efb61423f518d2c5f36587303890cad9a93fa4f4bcd0e24c67db679c67ea59c1350b8442577632d5e8735833f3daf5a74bc7bd82659a81beba8c889632efe03cd24187aee856cf659e16e195464f52f2b984fc7a299e7b2aa53979a147ebed35705d5e89691666536f2febacfcef9b32d14952f958b72512869e4f6a0a34176918217888b1eb8b89322ebb6bb1dead2b4744e728479880db70e6147edaff6c3f083f18e0696bdbd78cf0bda14d9f42e5c1077ced00041aadff90470aacec0e48e2a5f2a0ed37818a173b96061e8c5bf24c0bde9e09f9e0ddb8e13306ef1d4eb8043ebadde5d7553e5212ecd4691eb426251f9d6720b8276ac543dde02399a35d974b22c1727d4b6df01957cae47443b706d43165e01d6932b136f561ce837431254cfb2a6e7d8070a2d3805aaa15b3c10ccd0cda2e9b418ce9ef380e5d08217752e12b3b892d03a9495c83d78d674612fde5a67738b2d4649ce44606ecce6bf3bd1293eca246a83643e4f1c7ba362b110e07c8479f216e3d4afc4fcb8d0820c8ab702a66d8183e83174597035e92b9b500dee08c80b927b42c3689c7c9617b4112c9e54cbfa51e989b5fd42b80c595d3edd265f138e8128cfbbb0e4f53aa0aa95a2ecda4518b2e564c42d5de7671560843d08103b9bdceac5fdeb0b1266f72f491265dd2b2b80a225a50955167da1812364ea340d82f61535401bae6f3140a8795d7c318a64cee4676627244930957b2f0b227be21b72d90027e6a5a7af3c59470c74dcdb71d1ef090a0f49c91acd604c792385c8f4e085765292822ee5eca03885fd6bfeaca9b3bbbdeac939f7846a487c5a483ed1e4fbf37c93886ea27bb35c812089b900b77c7c924147e97b6a71533610750bc84921012aa8158b213f7601d934a20bdd1f757b0a33042a683af6b9069f3900059d7f80f9fdcc9f33ece8cf7888dc9e24f1fc6ca0ecccf161c5334c60f440feb3acfc3d115011c176dfa05314c5bcf089e3c82bbe7680a3eefdcdbf3ac27265b779db4f49bade0128eda6e29bc5933ef454601db1b49628fd39ab938794fa46a33937a086ece7050d31a21524e2f0cacb307ed4412a2078636f9cc8e11c5c31cc0f9edd7be6d1e31a1513a58e25215f5a24245cb988589e6d5e5119f4f6557c697fad7d1c3a7e3bae064db4382701e33e48c5b6a52fe9141a385ef2325c6f7781134607e98bfd02c43d6deefaa861700388b40d98e941cfb2ddec209f977e8b9f93d29fdbf85e3010ce7cd622e8c75ce3df535e392052b6d65d5042d2a6e78bbfe5ee146e8b18d4bc7fb024dbba57cbe0402205593766a313950cb719d00c67bb6b3bcaa1015b89e820f11475afce655947113a7c3dcbb52427f090df994fbf076db867e0ab3f6125fb8884c1d13ff3e99fab5fa8b9f0b72cb44db4d0a48d9ec17f9733764e213c40a15ad821ec60e4a88cb2fd9dd9a4f35e6a708f4b74067f4be3f03a95261f6b191df53fa5bb5164e4a164630ad9ce39087aa950ad9e60cd2c44fa2237c49abf858c97737fd21180fd0b9542767150fbed3f39a29e6c3484d9437e15d2439f2a54b2a1ac7e63e6c436658abc3f1dd52d984f6c6901768a8cf2ec98ebf44e90e0fc0c24f8957c62e05d8eacecaf25b178fd710af609a8a1bc4d7955b5f0cb4f48a37685e6304ea5843573a1abff37b5106916c83c8f23f939a0dc43aea8d196191ed6e18dd793990d1f37d7de0bf8fac6f469843724eaab86be8a483be281b8ecf4aa29d9c571951cde8cd8c2aaf4d597ac2cb48f23fad145916920a55d655924940573b64dbd42a280cddc4810434f930183fdbbdc72db1491a4c9d44daf9b1bc2fecd855508648063040faeb125da0e68e6cd2002181118eecff0be1dd8eae726af5d451630cd65119c52abd6dded97f931202f186a18c4ba34bc2c3f6d765e2d8f445e959f26ffb55827cf3ff2cc0289f17b82c8caa5a2d3d54306a300f0ef42bbe4ea9e32c5d4b1173942745cdcfe4f5d1619eefaf8dc600afbc9171d516f7f4b35331d0b9be005132ffad5e9df59710278b842afb626a78b8b8b37fc3a894dc705b2d4e0940cb264e9dc87eaa148e6faf78125462f28a0f1d7b3c65a291b85713fa71ffc478f6601e8716c35489f4a54ed0c70bcfd5502cc91374dc3c982075c5180398bc6b195b36e79dcc4087cb990cc9d964a150e0dcc887d496bdd27c3f298736b9ad8345ba2df46021964cf43c38f9d2e94b77bee2b7bf059e0870ff9f17b9ef1320c0aa88a2fa9781e9017ab64643de9a3df9ed4b8cfd8fa080a2e494409520b795eb1517d224a05e450c4c8ae0e9fd29c0e72d3a592cce55f6dd5107f21214e1a3f9a5448384de06149f959ec0c92790f0ff229ab4971171f1c528ae6d095ec007bf5e7f55d623a68194e9ea8edc3af418075338328f24e7504341c22bef72c2963fc9c3237ba990d29c2c8aa3007395f6d96e95b40ee1b18dbad550bf39d0d98268cb74dde76d987c3169c9067495fb1b88508bbb7e94cbb7dfc15c03b1d5b163132c8a468906f02d422a8cf98d0b432b5779dd962074b72dd27439b2e94312f573435e5aa84664432c1914839cd6e172186ce93eeb1d7cb0659696d9d550eb3b185f8c6ee16e53f78233cbe709f99d2879d63d93f7d0ed133241d2f1ab1eb2c56605ca0f0e01c39ab0ba2370fe5c4e68de0561b517ff9a10023c386236398372c7176e35443e2cf5dd6cbed9f23395f231e6a54f65626cb5860a8b72122c34664119e7c47204ef4a70583a", 0x2000, &(0x7f0000001940)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={0x90, 0xffffffffffffffda}, 0x0, 0x0, 0x0, 0x0})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
pivot_root(&(0x7f0000000500)='./file0\x00', &(0x7f0000000540)='./file0/file0\x00')
write$FUSE_INIT(r0, &(0x7f0000000380)={0x50, 0x0, r1}, 0x50)

1.467918233s ago: executing program 0 (id=4446):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x120, &(0x7f0000000100)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@response={0x2, 0x0, 0x0, "82d18160f7d8dda36479a6b179161b4bbff2d0508977b3928ebd2dee05607d17", "0194bd7b1b0303c5ba7f602606a285b3", {"30da2d58da817f8a5f77a23de36a2164", "3b33cfa231a427159c7b9f0eceb155f0"}}}}}}}, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000100000000000000000850000007d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x52)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000480)='kmem_cache_free\x00', r1}, 0x10)
recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

1.199135734s ago: executing program 3 (id=4453):
r0 = socket(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x1, 0x8, 0x8}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r1}, &(0x7f0000000280), &(0x7f00000002c0)}, 0x20)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000001500)=@newtaction={0x18, 0x31, 0x829, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0)

1.148787245s ago: executing program 3 (id=4455):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
fsopen(0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x4020940d, 0x0)
getsockname(r0, 0x0, &(0x7f00000001c0))

1.148441105s ago: executing program 3 (id=4456):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa1000000000000070100000007040000f0ffffffb7020000080000001823000000000000000000000000009d7cdb2b654a9fa06af78e1a6dc94d361c7714ad175e53ca88a13002aa2aa94d837889f72ba842f06ad9b4e0eff9c3f9816c737ab51df7bd6962c5cb2569a2691abf7e74b8c767d4f10ccab6cf7ccb762f1fd69ea1a973055d5a2330b641f83f85fd6f6dcc669a055b51817fa5d4a0f766f79645391d52013c123e541473948aefbd2215b0e9eda0519c70e118e4832b358d22afdd97dc7e8614ec22fd374353eac783073984fe6648a3fad141f5cde3b6326ef2575ea32bf63c6af928cfab9810c2fa36629db8d95869780be0e54fd7ece99ed5e8c4b41a81c126eada9c96f23616ceb4261efec1c7d3892b021be689", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000690000009500000000000000"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCL_PASTESEL(r2, 0x541c, &(0x7f0000000080))
readv(r2, &(0x7f0000000400)=[{&(0x7f00000004c0)=""/233, 0xe9}], 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000980)={&(0x7f0000000900)='svcrdma_send_err\x00', r1}, 0x10)
r3 = socket$inet(0x2, 0x3, 0x8d)
setsockopt$inet_msfilter(r3, 0x0, 0x8, &(0x7f0000000440)=ANY=[@ANYBLOB='~'], 0x1)
getsockopt$inet_pktinfo(r3, 0x0, 0x8, &(0x7f0000000040)={<r4=>0x0, @local, @local}, &(0x7f0000000140)=0xc)
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000000)={@ipv4={'\x00', '\xff\xff', @loopback}, 0x0, r4})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000025e40)={0x70, 0x0, 0x1, 0x404, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_SYNPROXY={0x4, 0xe}, @CTA_MARK={0x8}]}, 0x70}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000002c0)={'erspan0\x00'})
sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00022bbd7000fddbdf25050000000800020004000000080002000400000038000680f5e605004e200000060005004e230000060005004e2200001400040000000000000000000000ffffe0000002060001000a00000008000400300e0000"], 0x64}, 0x1, 0x0, 0x0, 0x4}, 0x5)
r6 = socket$netlink(0x10, 0x3, 0x0)
writev(r6, &(0x7f00000000c0)=[{&(0x7f0000000240)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
bind$unix(0xffffffffffffffff, &(0x7f00000001c0)=@abs={0xa, 0x2}, 0x6e)
sendto$packet(0xffffffffffffffff, &(0x7f0000000840)="08733677f34fa9f60a0216a3337673189de88acdf60e13491e1469b4520dc147a3fac520e54c55e6aebfc4c68aa348da022f04850ea8a0d674b98acf8c9a10acba6e18024487c59f6b15a740a130f4ea637b3d31e810d20367dfe9285d2817a85f0ec59034c4f6df6588c4aa981149a43c63d06d0dbd", 0x76, 0x800, &(0x7f00000008c0)={0x11, 0x17, r4, 0x1, 0x3, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x17}}, 0x14)
r7 = socket(0xa, 0x1, 0x0)
ioctl(r7, 0x8916, &(0x7f0000000000))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='ext4_insert_range\x00', r1}, 0x10)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
r9 = socket$igmp(0x2, 0x3, 0x2)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000002fc0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001080)=ANY=[@ANYBLOB="2c0000001a00010000000000000000000a000000000000000000000006001c0000000000080019"], 0x2c}}, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r9, 0x0, 0x40, &(0x7f0000000480)=@security={'security\x00', 0xe, 0x4, 0x358, 0xffffffff, 0x0, 0x1f0, 0x140, 0xffffffff, 0xffffffff, 0x2c0, 0x2c0, 0x2c0, 0xffffffff, 0x4, &(0x7f0000000300), {[{{@ip={@loopback, @empty, 0x6339420cda9ae7e9, 0xffffffff, 'nr0\x00', 'ipvlan0\x00', {}, {}, 0x89, 0x0, 0x2}, 0x0, 0xe0, 0x140, 0x0, {}, [@common=@set={{0x40}, {{0x2, [0x1, 0x2, 0x4, 0x4, 0x0, 0x6], 0x1, 0x9}}}, @common=@ah={{0x30}, {[0x1, 0x32]}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x0, 0x4, 0x5, 0x6, 0x4, 0x5], 0x4, 0x6}, {0x3, [0x0, 0x1, 0x6, 0x1, 0x3], 0x1, 0x4}}}}, {{@uncond, 0x0, 0x70, 0xb0}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x9, 0xaa, {0x6}}}}, {{@ip={@multicast1, @empty, 0xffffff00, 0xffffff00, 'pim6reg0\x00', 'macsec0\x00', {0xff}, {0xff}, 0xc9, 0x2, 0x44}, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x4, 0x2, 0x1, 0x1, 0x4, 0x8], 0x5, 0x4}, {0x2, [0x6, 0x3, 0x3, 0x3, 0x4, 0x1], 0x0, 0x7}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3b8)
ioctl$sock_inet6_SIOCSIFADDR(r8, 0x8916, &(0x7f0000000200)={@private1, 0x0, r4})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'})
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff)

1.148165886s ago: executing program 2 (id=4457):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b80)={&(0x7f0000000100)='kfree\x00', r0}, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
flistxattr(r1, 0x0, 0x0)

1.139393396s ago: executing program 3 (id=4458):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x1, &(0x7f00000003c0)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01)
r5 = syz_open_dev$usbfs(0x0, 0x76, 0x101301)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r5, 0x5522, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000004ec0)=ANY=[@ANYBLOB="1800000000000000000000000000000895"], &(0x7f00000000c0)='syzkaller\x00'}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='contention_begin\x00', r6}, 0x10)
ioctl$USBDEVFS_DISCSIGNAL(r5, 0x8010550e, &(0x7f0000000540)={0x80, &(0x7f0000000440)="63038050de6f5cf77e5ff9321eb3f355fe00ee0f06ba6efe220ad521b95bbdfc23c9fa94bcf993c9a64ec92bebde4ac30a4b503abc627a2d282d274734bbc4c68046b3cc5edb8b76edfbd645668104e70852d87d2d9c82191f62946db7724f19f01b7b095b30a746d566764b581f5b84b739608b176cb049968b0a77337115cb5e534ae803e71246f423229019cd0a4c30767456f86dba221625a099049e4b3b794f467613cbf14916367d1769f7308b573ebb93d67ab2fbf196aea78464cb1578dbd1c3629eaf09736f6bc1cc12a1f26db97783"})
ioctl$USBDEVFS_DISCONNECT_CLAIM(r4, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"})
ioctl$USBDEVFS_ALLOW_SUSPEND(r4, 0x5522)
ioctl$USBDEVFS_SETINTERFACE(r4, 0x80045510, &(0x7f0000000000))
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x0, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1}, 0x90)
socket$inet(0x2, 0x1, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
poll(&(0x7f0000000380)=[{r0, 0x62a8}, {r0, 0x3401}, {r3, 0x42a2}, {r5, 0x1200}, {r3, 0x20}], 0x5, 0xca)
socket$nl_xfrm(0x10, 0x3, 0x6)

1.084883128s ago: executing program 2 (id=4459):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='devpts\x00', 0x0, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000180)={'team_slave_0\x00', {0x2, 0x0, @broadcast}})

1.084343838s ago: executing program 2 (id=4460):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$igmp6(0xa, 0x3, 0x2)
r3 = socket$igmp6(0xa, 0x3, 0x2)
sendmmsg$inet6(r3, &(0x7f00000000c0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x0)
sendmmsg$inet6(r3, &(0x7f0000005180)=[{{&(0x7f0000000100)={0xa, 0x0, 0x0, @mcast1}, 0x1c, 0x0}}], 0x1, 0x0)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00')
dup3(r4, r2, 0x0)

1.077837248s ago: executing program 2 (id=4461):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r2 = dup(r0)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}})

1.066060119s ago: executing program 2 (id=4462):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo\x00')
fchdir(r0)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)

623.304346ms ago: executing program 0 (id=4463):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000cc0), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
syz_emit_ethernet(0x36, &(0x7f0000000180)={@link_local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @multicast1, @private}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r3}, 0x10)
write$cgroup_subtree(r0, &(0x7f0000000180)=ANY=[], 0x240)

545.477669ms ago: executing program 0 (id=4464):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x9e, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109025c0002010000000904000001020d0000052406000105240000000d240f0100000000000000000006241a0000000905810300020000000904010000020d00000904010102020d00000905820200020000"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x20, 0x80, 0x1c}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)

253.62033ms ago: executing program 3 (id=4466):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
chdir(&(0x7f0000000000)='./file0\x00')
creat(&(0x7f0000000040)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0)
readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)

218.332741ms ago: executing program 2 (id=4467):
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="6c617a7974696d652c6e6f696e6c696e655f78617474722c6c617a7974696d652c6e6f626172726965722c6163746976655f6c6f67733d342c757365725f78617474722c6d6f64653d6c66732c616c6c6f635f6d6f64653d64656661756c742c00be9ee044c45511e65887f6fac9eba6d787c3684a836f23dbf8ad3dd5931c08b4d8bde7e8acbbf3bf3326f2faa5952a332ad2ced40c98a2affa2dad4d623f9ff3ffa81e45095548ab6200f069d0f63d20fd71d3043b0dd5c4cf9785f3f531abc19bc1678f5e0b33006bd1049ca45fd8500d67a5aa6e1c23d900000000007867738729e703bb122283fb2fae9813a0cfefcdf3dc968af1cf80e96649d943198a96d9b1af9c91506b30922be8537f54e65cf60c6b6a5798955796aea325770d6ccc93a95fad93b2c7bad114fcbc55036a301c23b07073c71555791db8919235022bb0ee4294211ab9b43f3fbedecd223722d937aa22b31e2e9c97e5ea94e4ab83d4e5811c7556813c334aec856af0a0c12b3c93ba5aa906c6e2268a0c6cbbb13f496d87c608604eb02b2c031d5ae40c75"], 0x1, 0x54f6, &(0x7f0000005800)="$eJzs3M1rI2UcB/Bf2u2+uxbx4G0HFqGFTdh0X9Bb1V18wS7Fl4MnTZM0ZDfJlCZNa08ePIoH/xNR8OTRv8GDZ2/iQfEmKJlnKltfQGm2sdvPB6bfmSeT3/yeUFqeSUgAp9Zi9stPlbgSFyJiPiIuRxT7lXIrrKZ4LiKuRsTcI1ulHP9j4GxEXIyIK5PiqWalfOiz6+Nrt3984+evvz135tLnX303u1kDs/Z8RPS30v5uP2XeSfmgHG+Mu0X2b43LTA/0H5bHecrd9kZRYbdxcF6jyJuddH6+tTOc5Gav0Zxkp7tZjG8N0gWH485BneIJDxrbxXGrvVFkd5gX2dlPfe3tp79t+8NRqtMq631YlI/R6CDTeHuvneaz9bDI5mBUjqe6eau9N8lxmeXlopn3WkUfG0d5pf/f3uwOdvaycXt72M0H2e1a/YVa/U61vp232qP2rWqj37pzK1vq9CanVUftRn+1k+edXrvWzPvL2VKn2azW69nS3fZGtzHI6vXazdqN6u3lcu969ur9d7NeK1ua5Mvdwc6o2xtmm/l2lp6xnK3Ubr64nF2rZ2+vrWfrb927t7b+zvt337v/0trrr5Qn/aWtbGnlxspKtX6julJfPrnzn/yv/0/z/7hseorzhyOpzLoBgJPH+h+YhZO+/g/r/6mw/j/d84cjsf4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADi1vl/44rViZzEdXyrHnyqHnimPKxExFxG//Y35OHuo5nxZZ+Efzl/4Uw/fVKKoMLnGuXK7GBGr5fbr04/7VQAAAIAn15cfXf00rdbTj8VZN8RxSjdt5i5/MKV6lYhYWPxhClWivNkUzx69q2Ty+30m9qZUrbiBdX5KxdIttzPTqvavzB+K849EJcXcsbYDAAAci8MrgeNdhQAAAHCcPpl1A8xG8U5r+Vn88gP851KUbwheOHQEAAAAnECVWTcAAAAAPHbF+t/3/wEAAMCTLX3/HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDv7NxPTupQFAfg00Lf4/0xEuPcrTiDZbgEhw4NC3ATLAG34AZYA85cggFDW6I1mJj0to3k+5L2chvy45QwOfeSAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQpediNX+8v3pom7PdtZPmbgAAAIBjNsVqXr6YVvN/9fWz+tJFPc8iIo+IY737KH41Mkd1TvHF+4tPNTxFlAn7z/hdH38j4ro+Xs+7/hYAAADgdK0Xy1nVrVen6dAF0adq0Sb/f5MoL4uIYvqSKC3fny4ThZW/73HcJUorF7AmicKqJbdxqrRvGTWGyYchq4a813IAAIBeNDuBfrsQAAAA+nQ7dAEMI4vDVuZhL7j85/37huCfxgwAAAD4gbKhCwAAAAA6V/b/nv8HAAAAp616/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABd2hSr+XqxnLXN2e7aSXM3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAb+zPOwqEQBiEwd71ncnc/7DSoKmpSRUIH39jMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG9+95f/E1PjTDL32lh6HknWTo2tU2Pv3Dj6w/j6NQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwsT8vKRACQRAFc8b/Tvr+h5UEPYMIEdDwqKIWDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAF/3ul/8TU+NMMnfaWDoeSdauGltXjb0HjaMH4+3fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwsXP/vnFTcQDAn+3zlRYQR0A3BCGQGGCh12tp6coAihj4E5Ci9FoCV360GWhVIWVhQ5m7IBgRQgKFrf9D51bqUrYONxSJiQFkn528HpE4iGJfks9Hen5fW5bf9zlRlK+f7wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDa5J3dOCs2vWmcVsfuPb61VvT3Z/rCna0Hy0Ur4qTJpA+Hl+OdpN9eIgAAABwfWV3fhxAe5tsrRZ/2yvo/r88pav7vnp3GdT0/W/fXfV37F+3XXx69uDNQbzpOcdHL6+PRmX+m0jm4WS625/71jE5558tnL1n5A0nf33xhkpf3M/nm7t13u2V4oolsAYD/43TdV0H9/1DRD9tMDIBjoxMV3nX9n/XazQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgCd3N8HQdJyGE5c5uXLj/+NZa2c/s39l6sFy3C7dvb8XXLC6RhxAur49HZ5qayCFw/cbNT1bH49G15oNXQgjtjV4FH85xTghtZijYb5BWv+uLks/hCFr+wwQAwJGTV62o6x/m2yvFsWQphL++f7L+fz2KQ1z/z/Rx/f/oowv34rHi+n/Y2AwX32Dj6ueD6zduvrl+dfXK6Mro07fODt8enrt4/vzFQfmsZOCJCQAAAPvTrVpc/6dLIUxm1v9PRXGYs/7/4tvhV/FYmfp/T7uLfm1nAgAAcLw9/+ofvyd7HE+63fDl6sbGteF0u7N/drptIdX/7ETV4vo/W2o7KwAAAKAJk83kifX/S1Ec5lz/f+aHl36Kr5mFEE5W6/+n1z4bX2puOi35c66zmvg48YFPFQAAgIV2smrx+n9evv+f7rzykIYQ3nhtGldfAzhX/Z+99/WP8Vjx+//nmpviQkr70/tR9v0QOv22MwIAAOAoe6pqRbH/W7698vHPpz7oev8fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoGl/BwAA//+S5D5T")
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getrlimit(0xf, &(0x7f0000000340))
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x101c08a, &(0x7f00000001c0)=ANY=[@ANYBLOB="7379735f696d6d757461626c652c757466383d312c696f636861727365743d61736369692c73686f72746e616d653d77696e39352c73686f77657865632c6e66732c636865636b3d7374726963742c756e695f786c6174653d302c757466383d312c73686f72746e616d653d6c6f7765722c73686f72746e616d653d6c6f7765722c726f6469722c726f6469722c64656275672c757466383d302c726f6469722c71756965742c6572726f72733d72656d6f756e742d726f2c009c8a8fc4f74784ad79ec08fb556262ebc972ef94821f3565ef5f75f11e30ef1f72a065c510b17cae352940538b7b2c5d72f4627c25306b2479725add28f511a68f5f6f47f9facdd0cc574286d00ab52d6b9374b6a58eac694336ebe971f41860d01084c1a0fa6b51d80fa9f9d2c5a2e7a5284f93296217ef8f28e0a36e573296a0bfb38b94191f4b82873563f3759b5e193ecfab6ed7892542364757e47d656ad6a0fbb6e8bf138bddae620a3602991821d4844f628e6bdd8b62cca73744332f0185a54b"], 0x6, 0x2c1, &(0x7f00000005c0)="$eJzs3T+LI2UcB/DfZLOTUYuksBLhBrzC6nCvE5sscgfiVh4p1EIX7w5kE4Q7WPAPxqtsbSwsfAWC4Au5xncg2Ap2rrAwMpOZzWSNMZHNyu1+Ps0++8zznfk9k4fsbJEnH748Obqfx8MnX/wSWZZEZxjDOEliEJ1ofBULht8EAPAsOymK+L2Y2SSXRES2vbIAgC1a7+9/d9786VLKAgC26N677729f3Bw550ssrg7+fp4VP5nX/6cHd9/GB/HOB7Ea9GP04jqQWE3qqeFsnm3KIppNy8N4uZkejwqk5MPntbn3/8tosrvRT8GVdfZ00aVf+vgzl4+08pPyzqer68/LPO3ox8vnoUX8reX5GOUxquvtOq/Ff34+aP4JMZxvypinv9yL8/fLL794/P3y/LKfDI9HvWqcXPFziW/NAAAAAAAAAAAAAAAAAAAAAAAXGG36r1zepHfiJuTsqvef2fnNNLy17wxWNyfZ5ZPmhO19wcqimJaxPetLQXzoh44z3fjpW57Y0EAAAAAAAAAAAAAAAAAAAC4vh5/+tnR4Xj84NGFNJrdALoR8ee9iP96nmGr50asHtyrr3k4Hnfq5sKYp2m7J3aaMUnEyjLKSVzQbfm3xnPna24aP/xYTnCTE2atnteXT3B3+/NqVtfRYbL8Wr1oerJ6kXyXRszHpLHmtdJ/OlTEJssvXXqov/Hc0xeqxnTFmEhWFfbGr7M7V/ck52eRVnd1aXy3brTi59bGWq97ZLP4398rkmq3jt723owAAAAAAAAAAAAAAAAAAOCam3/6d8nBJyujncJHgQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4Iubf/79BY1qH1xicxqPH//MUAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuAb+CgAA//8HIVi7")
creat(&(0x7f0000000040)='./bus\x00', 0x0)
r5 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
pwritev2(r5, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x78c00}], 0x1, 0x7a00, 0xfffffffb, 0x3)

59.857767ms ago: executing program 4 (id=4465):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000060000000000000004850000006d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='attr/keycreate\x00')
write$UHID_DESTROY(r1, &(0x7f0000000140), 0x4)

696.66µs ago: executing program 4 (id=4468):
syz_open_procfs(0x0, 0x0)
syz_open_procfs(0x0, 0x0)
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'syz_tun\x00'})
socket$packet(0x11, 0x3, 0x300)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x1000)=nil, 0x1000, &(0x7f0000000040)='\x00')
madvise(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000a9f850000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000380)='netlink_extack\x00', r3}, 0xb3)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@getnexthop={0x18, 0x76, 0xb0d, 0x0, 0x0, {0x3, 0x0, 0x0, 0x2}}, 0x18}}, 0x0)
r5 = eventfd(0x0)
r6 = eventfd(0x0)
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000240)={r5, 0x0, 0x2, r6})
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000000)={0x81, <r7=>0x0}, 0x8)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x3aac1373788c1231, 0x16, &(0x7f00000003c0)=ANY=[@ANYBLOB="1818000006000020000000000002000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf09000000000000550901000000000095000000000000008520000002000000fe12ff0f080000008f600400f0ffffff4306f0fff0ffffff18180000", @ANYRES32, @ANYBLOB="00000000000000008500000051000000bf91000000000000b7020000020000008500000084000000b7000000000000009500000000000000"], &(0x7f0000000180)='syzkaller\x00', 0x8, 0x21, &(0x7f0000000200)=""/33, 0x41100, 0x11, '\x00', 0x0, 0x13, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x5, 0x0, 0x8, 0x4}, 0x10, r7, 0xffffffffffffffff, 0x2, 0x0, &(0x7f00000002c0)=[{0x1, 0x1, 0xb, 0x7}, {0x2, 0x4, 0x2, 0x2}], 0x10, 0x1}, 0x90)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
sendmmsg(r9, &(0x7f0000009700)=[{{&(0x7f0000000380)=@un=@file={0x0, './file0\x00'}, 0x80, 0x0, 0x0, &(0x7f0000000a00)=[{0x10, 0x1}], 0x10}}], 0x1, 0x0)
r10 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000600)=ANY=[@ANYBLOB="9feb01001800000000000000c4000000c4000000030000000e00000000000009000000000b00000009000004010100000300000005000000010000800c00000001000000020000000500000000000000000000000200000002000000090002000d00000004000000000000000800000002000000000000000600000005000000008000000300000000000000030000000600000004000000ff0f000002000000000000010000000015002501010000000000000203000000000000000000000300000000020000000400000001000000000000000000000200000000009300"], &(0x7f0000000700)=""/4096, 0xdf, 0x1000, 0x0, 0xa73}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0x20000000000000a9, &(0x7f0000000340)=ANY=[@ANYRES64=0x0], 0x0, 0xfffffffe, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x4, r10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r7, r8, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f00000001c0)={r5, 0x100000, 0x2, r6})

0s ago: executing program 3 (id=4469):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa1000000000000070100000007040000f0ffffffb7020000080000001823000000000000000000000000009d7cdb2b654a9fa06af78e1a6dc94d361c7714ad175e53ca88a13002aa2aa94d837889f72ba842f06ad9b4e0eff9c3f9816c737ab51df7bd6962c5cb2569a2691abf7e74b8c767d4f10ccab6cf7ccb762f1fd69ea1a973055d5a2330b641f83f85fd6f6dcc669a055b51817fa5d4a0f766f79645391d52013c123e541473948aefbd2215b0e9eda0519c70e118e4832b358d22afdd97dc7e8614ec22fd374353eac783073984fe6648a3fad141f5cde3b6326ef2575ea32bf63c6af928cfab9810c2fa36629db8d95869780be0e54fd7ece99ed5e8c4b41a81c126eada9c96f23616ceb4261efec1c7d3892b021be689", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000690000009500000000000000"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCL_PASTESEL(r2, 0x541c, &(0x7f0000000080))
readv(r2, &(0x7f0000000400)=[{&(0x7f00000004c0)=""/233, 0xe9}], 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000980)={&(0x7f0000000900)='svcrdma_send_err\x00', r1}, 0x10)
r3 = socket$inet(0x2, 0x3, 0x8d)
setsockopt$inet_msfilter(r3, 0x0, 0x8, &(0x7f0000000440)=ANY=[@ANYBLOB='~'], 0x1)
getsockopt$inet_pktinfo(r3, 0x0, 0x8, &(0x7f0000000040)={<r4=>0x0, @local, @local}, &(0x7f0000000140)=0xc)
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000000)={@ipv4={'\x00', '\xff\xff', @loopback}, 0x0, r4})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000025e40)={0x70, 0x0, 0x1, 0x404, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_SYNPROXY={0x4, 0xe}, @CTA_MARK={0x8}]}, 0x70}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000002c0)={'erspan0\x00'})
sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00022bbd7000fddbdf25050000000800020004000000080002000400000038000680f5e605004e200000060005004e230000060005004e2200001400040000000000000000000000ffffe0000002060001000a00000008000400300e0000"], 0x64}, 0x1, 0x0, 0x0, 0x4}, 0x5)
r6 = socket$netlink(0x10, 0x3, 0x0)
writev(r6, &(0x7f00000000c0)=[{&(0x7f0000000240)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
bind$unix(0xffffffffffffffff, &(0x7f00000001c0)=@abs={0xa, 0x2}, 0x6e)
sendto$packet(0xffffffffffffffff, &(0x7f0000000840)="08733677f34fa9f60a0216a3337673189de88acdf60e13491e1469b4520dc147a3fac520e54c55e6aebfc4c68aa348da022f04850ea8a0d674b98acf8c9a10acba6e18024487c59f6b15a740a130f4ea637b3d31e810d20367dfe9285d2817a85f0ec59034c4f6df6588c4aa981149a43c63d06d0dbd", 0x76, 0x800, &(0x7f00000008c0)={0x11, 0x17, r4, 0x1, 0x3, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x17}}, 0x14)
r7 = socket(0xa, 0x1, 0x0)
ioctl(r7, 0x8916, &(0x7f0000000000))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='ext4_insert_range\x00', r1}, 0x10)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
r9 = socket$igmp(0x2, 0x3, 0x2)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000002fc0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001080)=ANY=[@ANYBLOB="2c0000001a00010000000000000000000a000000000000000000000006001c0000000000080019"], 0x2c}}, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r9, 0x0, 0x40, &(0x7f0000000480)=@security={'security\x00', 0xe, 0x4, 0x358, 0xffffffff, 0x0, 0x1f0, 0x140, 0xffffffff, 0xffffffff, 0x2c0, 0x2c0, 0x2c0, 0xffffffff, 0x4, &(0x7f0000000300), {[{{@ip={@loopback, @empty, 0x6339420cda9ae7e9, 0xffffffff, 'nr0\x00', 'ipvlan0\x00', {}, {}, 0x89, 0x0, 0x2}, 0x0, 0xe0, 0x140, 0x0, {}, [@common=@set={{0x40}, {{0x2, [0x1, 0x2, 0x4, 0x4, 0x0, 0x6], 0x1, 0x9}}}, @common=@ah={{0x30}, {[0x1, 0x32]}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x0, 0x4, 0x5, 0x6, 0x4, 0x5], 0x4, 0x6}, {0x3, [0x0, 0x1, 0x6, 0x1, 0x3], 0x1, 0x4}}}}, {{@uncond, 0x0, 0x70, 0xb0}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x9, 0xaa, {0x6}}}}, {{@ip={@multicast1, @empty, 0xffffff00, 0xffffff00, 'pim6reg0\x00', 'macsec0\x00', {0xff}, {0xff}, 0xc9, 0x2, 0x44}, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x4, 0x2, 0x1, 0x1, 0x4, 0x8], 0x5, 0x4}, {0x2, [0x6, 0x3, 0x3, 0x3, 0x4, 0x1], 0x0, 0x7}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3b8)
ioctl$sock_inet6_SIOCSIFADDR(r8, 0x8916, &(0x7f0000000200)={@private1, 0x0, r4})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'})
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff)

kernel console output (not intermixed with test programs):

 4-1: USB disconnect, device number 46
[  304.325850][ T8237] usb 1-1: 0:2 : does not exist
[  304.335344][ T8237] usb 1-1: USB disconnect, device number 44
[  304.385198][ T1914] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  304.446356][T10124] bridge: RTM_NEWNEIGH with unconfigured vlan 2 on bridge_slave_0
[  304.625195][ T1914] usb 3-1: Using ep0 maxpacket: 32
[  304.660384][T10131] tipc: Started in network mode
[  304.665055][T10131] tipc: Node identity 00000000000000000000000000000001, cluster identity 6
[  304.673833][T10131] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[  304.682073][T10131] tipc: Enabled bearer <udp:syz1>, priority 10
[  304.725524][ T2779] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  304.745246][ T1914] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  304.756360][ T1914] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  304.821953][   T30] audit: type=1400 audit(2000000787.513:1362): avc:  denied  { create } for  pid=10144 comm="syz.0.3600" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  304.881480][T10145] device bridge_slave_0 left promiscuous mode
[  304.885270][ T1914] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  304.887563][T10145] ÿÿÿÿÿÿ: port 1(bridge_slave_0) entered disabled state
[  304.896317][ T1914] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  304.911226][ T1914] usb 3-1: Product: syz
[  304.911857][T10145] device bridge_slave_1 left promiscuous mode
[  304.915166][ T1914] usb 3-1: Manufacturer: syz
[  304.925589][T10145] ÿÿÿÿÿÿ: port 2(bridge_slave_1) entered disabled state
[  304.955886][ T1914] hub 3-1:4.0: USB hub found
[  304.995203][ T8237] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[  305.115235][ T2779] usb 2-1: config 0 has an invalid descriptor of length 99, skipping remainder of the config
[  305.125386][ T2779] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  305.175272][ T1914] hub 3-1:4.0: 2 ports detected
[  305.215204][  T548] usb 1-1: new high-speed USB device number 45 using dummy_hcd
[  305.215360][ T2779] usb 2-1: New USB device found, idVendor=056a, idProduct=0333, bcdDevice= 0.00
[  305.231492][ T2779] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=19
[  305.235250][ T8237] usb 4-1: Using ep0 maxpacket: 32
[  305.239529][ T2779] usb 2-1: SerialNumber: syz
[  305.249509][ T2779] usb 2-1: config 0 descriptor??
[  305.295833][ T2779] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  305.355311][ T8237] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  305.366036][ T8237] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  305.375589][ T8237] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  305.384396][ T8237] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  305.392854][ T8237] usb 4-1: config 0 descriptor??
[  305.435700][ T8237] hub 4-1:0.0: USB hub found
[  305.455208][  T548] usb 1-1: Using ep0 maxpacket: 16
[  305.571532][   T20] usb 2-1: USB disconnect, device number 41
[  305.577721][  T548] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  305.589468][  T548] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  305.599122][  T548] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.40
[  305.607983][  T548] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  305.616453][  T548] usb 1-1: config 0 descriptor??
[  305.631156][T10152] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3602'.
[  305.641557][T10152] device vlan0 entered promiscuous mode
[  305.645267][ T8237] hub 4-1:0.0: 1 port detected
[  305.795199][  T523] tipc: Node number set to 1
[  305.965202][ T2779] usb 5-1: new high-speed USB device number 52 using dummy_hcd
[  306.106530][  T548] cp2112 0003:10C4:EA90.0059: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.0-1/input0
[  306.205362][ T2779] usb 5-1: Using ep0 maxpacket: 16
[  306.285239][   T20] hub 4-1:0.0: activate --> -90
[  306.315247][  T548] cp2112 0003:10C4:EA90.0059: Part Number: 0xE5 Device Version: 0x26
[  306.325242][ T2779] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  306.335982][ T2779] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  306.345469][ T2779] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  306.358099][ T2779] usb 5-1: New USB device found, idVendor=1e7d, idProduct=31ce, bcdDevice= 0.00
[  306.366909][ T2779] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  306.375664][ T2779] usb 5-1: config 0 descriptor??
[  306.445265][ T8237] hub 3-1:4.0: activate --> -90
[  306.449984][ T1914] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  306.745260][  T548] cp2112 0003:10C4:EA90.0059: error setting SMBus config
[  306.752572][  T548] cp2112: probe of 0003:10C4:EA90.0059 failed with error -71
[  306.761441][  T548] usb 1-1: USB disconnect, device number 45
[  306.825226][ T1914] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  306.835184][ T1914] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  306.845819][ T1914] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  306.855674][ T1914] usb 2-1: New USB device found, idVendor=056e, idProduct=00fb, bcdDevice= 0.00
[  306.858484][ T2779] ryos 0003:1E7D:31CE.005A: unknown main item tag 0x0
[  306.864509][ T1914] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  306.865389][ T1914] usb 2-1: config 0 descriptor??
[  306.874452][ T2779] ryos 0003:1E7D:31CE.005A: item fetching failed at offset 8/11
[  306.891290][ T2779] ryos 0003:1E7D:31CE.005A: parse failed
[  306.896852][ T2779] ryos: probe of 0003:1E7D:31CE.005A failed with error -22
[  306.907595][ T2779] usb 4-1: USB disconnect, device number 47
[  306.915238][   T20] hub 4-1:0.0: hub_ext_port_status failed (err = -71)
[  306.924749][   T20] usb 4-1-port1: connect-debounce failed
[  307.061512][  T548] usb 5-1: USB disconnect, device number 52
[  307.120670][   T20] usb 2-1: USB disconnect, device number 42
[  307.332577][   T20] usb 3-1: USB disconnect, device number 40
[  307.345317][ T8237] usb 3-1-port2: cannot warm reset (err = -71)
[  308.023077][T10176] loop3: detected capacity change from 0 to 40427
[  308.290076][T10176] F2FS-fs (loop3): Unrecognized mount option "disable_roll_ground_gc=on" or missing value
[  308.596955][T10194] loop3: detected capacity change from 0 to 1024
[  308.632494][   T20] usb 1-1: new high-speed USB device number 46 using dummy_hcd
[  308.661391][T10194] EXT4-fs (loop3): Test dummy encryption mode enabled
[  308.668338][T10194] EXT4-fs (loop3): Ignoring removed orlov option
[  308.720031][T10194] EXT4-fs (loop3): mounted filesystem without journal. Opts: test_dummy_encryption,debug_want_extra_isize=0x0000000000000084,stripe=0x0000000000000007,commit=0x0000000000000005,orlov,barrier=0x0000000000000005,max_batch_time=0x0000000000000000,data_err=abort,,errors=continue. Quota mode: writeback.
[  308.840259][T10203] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3620'.
[  308.850275][T10203] device vlan0 entered promiscuous mode
[  309.045261][   T20] usb 1-1: unable to get BOS descriptor or descriptor too short
[  309.165220][   T20] usb 1-1: config 0 has no interfaces?
[  309.185206][ T8237] usb 5-1: new high-speed USB device number 53 using dummy_hcd
[  309.195183][  T523] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[  309.305250][   T20] usb 1-1: New USB device found, idVendor=07da, idProduct=104d, bcdDevice=e5.48
[  309.314224][   T20] usb 1-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[  309.322070][   T20] usb 1-1: Product: syz
[  309.326140][   T20] usb 1-1: SerialNumber: syz
[  309.335126][   T30] audit: type=1326 audit(2000000792.023:1363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10208 comm="syz.2.3623" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f369d65af19 code=0x7ffc0000
[  309.336075][   T20] usb 1-1: config 0 descriptor??
[  309.365244][   T30] audit: type=1326 audit(2000000792.053:1364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10208 comm="syz.2.3623" exe="/root/syz-executor" sig=0 arch=c000003e syscall=448 compat=0 ip=0x7f369d65af19 code=0x7ffc0000
[  309.390042][   T30] audit: type=1326 audit(2000000792.053:1365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10208 comm="syz.2.3623" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f369d65af19 code=0x7ffc0000
[  309.437213][  T523] usb 4-1: Using ep0 maxpacket: 16
[  309.445263][ T8237] usb 5-1: Using ep0 maxpacket: 32
[  309.641977][T10217] loop1: detected capacity change from 0 to 2048
[  309.671926][   T30] audit: type=1326 audit(2000000792.363:1366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10184 comm="syz.0.3614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f648d5aef19 code=0x7ffc0000
[  309.695387][ T8237] usb 5-1: New USB device found, idVendor=046d, idProduct=08f6, bcdDevice=81.8a
[  309.704236][ T8237] usb 5-1: New USB device strings: Mfr=0, Product=9, SerialNumber=0
[  309.712274][   T20] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  309.715284][  T523] usb 4-1: New USB device found, idVendor=046d, idProduct=0821, bcdDevice=57.47
[  309.720070][   T30] audit: type=1326 audit(2000000792.363:1367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10184 comm="syz.0.3614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f648d5aef19 code=0x7ffc0000
[  309.752622][T10217] Alternate GPT is invalid, using primary GPT.
[  309.759174][T10217]  loop1: p1 p2 p3
[  309.761903][  T523] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  309.777737][  T523] usb 4-1: Product: syz
[  309.781836][  T523] usb 4-1: Manufacturer: syz
[  309.784945][ T8237] usb 5-1: Product: syz
[  309.790879][ T8237] usb 5-1: config 0 descriptor??
[  309.795213][  T523] usb 4-1: SerialNumber: syz
[  309.795928][   T30] audit: type=1326 audit(2000000792.403:1368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10184 comm="syz.0.3614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f648d5aef19 code=0x7ffc0000
[  309.823875][  T523] usb 4-1: config 0 descriptor??
[  309.826409][  T100] Alternate GPT is invalid, using primary GPT.
[  309.834706][  T100]  loop1: p1 p2 p3
[  309.838774][ T8237] usb 5-1: Found UVC 0.00 device syz (046d:08f6)
[  309.846028][ T8237] usb 5-1: No valid video chain found.
[  309.860518][   T30] audit: type=1326 audit(2000000792.403:1369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10184 comm="syz.0.3614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f648d5aef19 code=0x7ffc0000
[  309.884961][   T30] audit: type=1326 audit(2000000792.403:1370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10184 comm="syz.0.3614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f648d5aef19 code=0x7ffc0000
[  309.921076][   T30] audit: type=1326 audit(2000000792.443:1371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10184 comm="syz.0.3614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=221 compat=0 ip=0x7f648d5aef19 code=0x7ffc0000
[  310.025474][T10222] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10222 comm=syz.1.3628
[  310.041245][   T20] usb 3-1: Using ep0 maxpacket: 32
[  310.082543][  T458] udevd[458]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory
[  310.104949][  T311] udevd[311]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory
[  310.134557][T10222] device wireguard0 entered promiscuous mode
[  310.181777][  T992] udevd[992]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory
[  310.215477][   T20] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  310.220742][   T30] audit: type=1326 audit(2000000792.443:1372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10184 comm="syz.0.3614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f648d5aef19 code=0x7ffc0000
[  310.232959][   T20] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  310.277146][  T523] usb 4-1: Found UVC 0.00 device syz (046d:0821)
[  310.283479][  T523] usb 4-1: No valid video chain found.
[  310.286930][   T30] audit: type=1326 audit(2000000792.453:1373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10184 comm="syz.0.3614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f648d5aef19 code=0x7ffc0000
[  310.295710][  T523] usb 4-1: USB disconnect, device number 48
[  310.325561][   T30] audit: type=1326 audit(2000000792.483:1374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10184 comm="syz.0.3614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f648d5aef19 code=0x7ffc0000
[  310.349659][   T30] audit: type=1326 audit(2000000792.483:1375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10184 comm="syz.0.3614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f648d5aef19 code=0x7ffc0000
[  310.373528][   T30] audit: type=1326 audit(2000000792.483:1376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10184 comm="syz.0.3614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f648d5aef19 code=0x7ffc0000
[  310.397281][   T30] audit: type=1326 audit(2000000792.503:1377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10184 comm="syz.0.3614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f648d5b0d37 code=0x7ffc0000
[  310.420722][   T30] audit: type=1326 audit(2000000792.503:1378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10184 comm="syz.0.3614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f648d5b0cac code=0x7ffc0000
[  310.455409][   T20] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  310.468017][   T20] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  310.476593][   T20] usb 3-1: Product: syz
[  310.480560][   T20] usb 3-1: Manufacturer: syz
[  310.489563][ T8237] usb 5-1: USB disconnect, device number 53
[  310.513283][  T548] usb 1-1: USB disconnect, device number 46
[  310.535733][   T20] hub 3-1:4.0: USB hub found
[  310.775238][   T20] hub 3-1:4.0: 2 ports detected
[  311.246052][T10233] loop4: detected capacity change from 0 to 40427
[  311.305816][T10233] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  311.313421][T10233] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  311.324025][T10233] F2FS-fs (loop4): Found nat_bits in checkpoint
[  311.350040][T10233] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  311.361420][T10233] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  311.368344][T10233] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  311.479140][T10247] loop4: detected capacity change from 0 to 512
[  311.515002][T10247] EXT4-fs error (device loop4): ext4_xattr_block_get:546: inode #2: comm syz.4.3635: corrupted xattr block 255
[  311.530985][T10247] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -117
[  311.539301][T10247] EXT4-fs (loop4): mounted filesystem without journal. Opts: data_err=abort,noblock_validity,dioread_lock,init_itable,auto_da_alloc,grpjquota=.noload,barrier=0x0000000000000007,jqfmt=vfsv1,grpid,,,errors=continue. Quota mode: writeback.
[  311.572340][T10247] EXT4-fs error (device loop4): ext4_xattr_block_get:546: inode #2: comm syz.4.3635: corrupted xattr block 255
[  311.584812][T10247] SELinux: (dev loop4, type ext4) getxattr errno 117
[  311.667374][T10258] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3639'.
[  311.677299][T10258] device vlan2 entered promiscuous mode
[  311.697657][T10260] loop3: detected capacity change from 0 to 256
[  312.175245][   T20] hub 3-1:4.0: activate --> -90
[  312.195209][  T548] usb 4-1: new high-speed USB device number 49 using dummy_hcd
[  312.510382][T10280] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=10280 comm=syz.1.3647
[  312.920684][  T548] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  312.930782][  T548] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  313.015272][  T548] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  313.024277][  T548] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  313.032124][  T548] usb 4-1: SerialNumber: syz
[  313.148917][T10292] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3651'.
[  313.158934][T10292] device vlan2 entered promiscuous mode
[  313.164305][T10292] device bridge_slave_0 entered promiscuous mode
[  313.171037][T10292] device bridge_slave_0 left promiscuous mode
[  313.240788][ T8237] usb 3-1: USB disconnect, device number 41
[  313.246701][   T20] usb 3-1-port2: cannot warm reset (err = -71)
[  313.296055][  T548] usb 4-1: 0:2 : does not exist
[  313.366592][T10301] loop1: detected capacity change from 0 to 2048
[  313.403961][T10301]  loop1: p1 < > p3 p4 < >
[  313.439467][T10304] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10304 comm=syz.0.3654
[  313.646322][T10301] loop1: p3 start 4259840 is beyond EOD, truncated
[  313.665874][T10304] device wireguard0 entered promiscuous mode
[  313.696466][  T100]  loop1: p1 < > p3 p4 < >
[  313.701190][  T100] loop1: p3 start 4259840 is beyond EOD, truncated
[  313.784045][ T8237] usb 4-1: USB disconnect, device number 49
[  314.071329][T10321] netem: change failed
[  314.246883][T10330] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=10330 comm=syz.0.3665
[  314.317657][T10316] loop4: detected capacity change from 0 to 131072
[  314.344905][T10316] F2FS-fs (loop4): Invalid log sectorsize (67108873)
[  314.356081][T10316] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  314.374696][T10316] F2FS-fs (loop4): invalid crc value
[  314.381518][T10316] F2FS-fs (loop4): Found nat_bits in checkpoint
[  314.529851][T10345] loop1: detected capacity change from 0 to 512
[  314.542651][T10316] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  314.588371][T10316] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  314.684578][T10345] EXT4-fs error (device loop1): ext4_orphan_get:1397: inode #15: comm syz.1.3670: casefold flag without casefold feature
[  314.688452][T10316] F2FS-fs (loop4): inode (7) has corrupted xattr
[  314.697599][T10345] EXT4-fs (loop1): 1 truncate cleaned up
[  314.703222][T10316] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop4 ino=7
[  314.709235][T10345] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  314.717518][T10316] F2FS-fs (loop4): inode (7) has corrupted xattr
[  314.734556][T10316] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop4 ino=7
[  314.743288][T10316] F2FS-fs (loop4): inode (7) has corrupted xattr
[  314.923441][T10354] netem: change failed
[  315.164244][   T30] kauditd_printk_skb: 54 callbacks suppressed
[  315.164259][   T30] audit: type=1326 audit(2000000797.853:1433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10366 comm="syz.0.3677" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f648d5aef19 code=0x0
[  315.215284][    T6] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[  315.238392][T10371] loop3: detected capacity change from 0 to 2048
[  315.265573][T10371]  loop3: p1 < > p3 p4 < >
[  315.271387][T10371] loop3: p3 start 4259840 is beyond EOD, truncated
[  315.292352][  T100]  loop3: p1 < > p3 p4 < >
[  315.297432][  T100] loop3: p3 start 4259840 is beyond EOD, truncated
[  315.575291][    T6] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30
[  315.597100][    T6] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  315.608000][    T6] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 128, changing to 11
[  315.621385][    T6] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 255
[  315.634398][    T6] usb 3-1: New USB device found, idVendor=056a, idProduct=00b2, bcdDevice= 0.00
[  315.654674][    T6] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  315.667977][    T6] usb 3-1: config 0 descriptor??
[  315.861249][T10387] netem: change failed
[  315.985192][  T548] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  316.108278][T10402] loop4: detected capacity change from 0 to 512
[  316.210851][    T6] wacom 0003:056A:00B2.005B: unbalanced delimiter at end of report description
[  316.220371][    T6] wacom 0003:056A:00B2.005B: parse failed
[  316.226309][    T6] wacom: probe of 0003:056A:00B2.005B failed with error -22
[  316.235203][T10402] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: comm syz.4.3685: inode #1: comm syz.4.3685: iget: illegal inode #
[  316.248291][T10402] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz.4.3685: error while reading EA inode 1 err=-117
[  316.261295][T10402] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: comm syz.4.3685: inode #1: comm syz.4.3685: iget: illegal inode #
[  316.274253][T10402] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz.4.3685: error while reading EA inode 1 err=-117
[  316.286494][T10402] EXT4-fs (loop4): 1 orphan inode deleted
[  316.292011][T10402] EXT4-fs (loop4): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000005c,minixdf,resgid=0x0000000000000000,grpquota,usrjquota=,,errors=continue. Quota mode: writeback.
[  316.446027][ T2779] usb 3-1: USB disconnect, device number 42
[  316.585183][  T548] usb 2-1: Using ep0 maxpacket: 32
[  316.705240][  T548] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  316.716005][  T548] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  316.725511][  T548] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  316.734607][  T548] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  316.743126][  T548] usb 2-1: config 0 descriptor??
[  316.785768][  T548] hub 2-1:0.0: USB hub found
[  316.901470][T10417] loop4: detected capacity change from 0 to 512
[  316.916038][T10417] EXT4-fs error (device loop4): ext4_xattr_block_get:546: inode #2: comm syz.4.3694: corrupted xattr block 255
[  316.927770][T10417] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -117
[  316.935979][T10417] EXT4-fs (loop4): mounted filesystem without journal. Opts: data_err=abort,noblock_validity,dioread_lock,init_itable,auto_da_alloc,grpjquota=.noload,barrier=0x0000000000000007,jqfmt=vfsv1,grpid,,,errors=continue. Quota mode: writeback.
[  316.958703][T10417] EXT4-fs error (device loop4): ext4_xattr_block_get:546: inode #2: comm syz.4.3694: corrupted xattr block 255
[  316.970525][T10417] SELinux: (dev loop4, type ext4) getxattr errno 117
[  317.005272][  T548] hub 2-1:0.0: config failed, hub doesn't have any ports! (err -19)
[  317.160771][T10424] loop2: detected capacity change from 0 to 2048
[  317.175458][  T523] usb 1-1: new high-speed USB device number 47 using dummy_hcd
[  317.188546][T10428] loop4: detected capacity change from 0 to 256
[  317.205242][T10424]  loop2: p1 < > p3 p4 < >
[  317.211384][T10424] loop2: p3 start 4259840 is beyond EOD, truncated
[  317.305200][ T2779] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[  317.313637][   T30] audit: type=1326 audit(2000000800.003:1434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10427 comm="syz.4.3698" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f56be177f19 code=0x0
[  317.325235][  T548] usbhid 2-1:0.0: can't add hid device: -71
[  317.342754][  T548] usbhid: probe of 2-1:0.0 failed with error -71
[  317.377655][  T548] usb 2-1: USB disconnect, device number 43
[  317.605267][  T523] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  317.616098][  T523] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  317.625727][  T523] usb 1-1: New USB device found, idVendor=0419, idProduct=0001, bcdDevice= 0.00
[  317.634655][  T523] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  317.647543][  T523] usb 1-1: config 0 descriptor??
[  317.755236][ T2779] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  317.965318][ T2779] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  317.974523][ T2779] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  317.982698][ T2779] usb 4-1: Product: syz
[  317.986888][ T2779] usb 4-1: Manufacturer: syz
[  317.991307][ T2779] usb 4-1: SerialNumber: syz
[  318.126069][  T523] samsung 0003:0419:0001.005C: unknown main item tag 0x0
[  318.134882][  T523] samsung 0003:0419:0001.005C: unknown main item tag 0x0
[  318.141815][  T523] samsung 0003:0419:0001.005C: item fetching failed at offset 4/7
[  318.149704][  T523] samsung 0003:0419:0001.005C: parse failed
[  318.155462][  T523] samsung: probe of 0003:0419:0001.005C failed with error -22
[  318.275183][   T39] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[  318.290553][   T30] audit: type=1400 audit(2000000800.983:1435): avc:  denied  { create } for  pid=10421 comm="syz.3.3696" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  318.292937][T10458] loop4: detected capacity change from 0 to 40427
[  318.334448][    T6] usb 1-1: USB disconnect, device number 47
[  318.358308][  T523] usb 4-1: USB disconnect, device number 50
[  318.366921][T10458] F2FS-fs (loop4): invalid crc value
[  318.373368][T10458] F2FS-fs (loop4): Found nat_bits in checkpoint
[  318.400682][T10458] F2FS-fs (loop4): Cannot turn on quotas: -2 on 1
[  318.407565][T10458] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  318.432800][T10458] attempt to access beyond end of device
[  318.432800][T10458] loop4: rw=34817, want=79896, limit=40427
[  318.452851][ T5782] attempt to access beyond end of device
[  318.452851][ T5782] loop4: rw=2049, want=45104, limit=40427
[  318.545179][   T39] usb 3-1: Using ep0 maxpacket: 32
[  318.765468][   T39] usb 3-1: New USB device found, idVendor=046d, idProduct=08f6, bcdDevice=81.8a
[  318.774487][   T39] usb 3-1: New USB device strings: Mfr=0, Product=9, SerialNumber=0
[  318.782739][   T39] usb 3-1: Product: syz
[  318.789631][   T39] usb 3-1: config 0 descriptor??
[  318.825708][   T39] usb 3-1: Found UVC 0.00 device syz (046d:08f6)
[  318.835220][ T2779] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[  318.842692][   T39] usb 3-1: No valid video chain found.
[  318.871278][T10470] loop1: detected capacity change from 0 to 2048
[  318.915549][T10470]  loop1: p1 < > p3 p4 < >
[  318.920729][T10470] loop1: p3 start 4259840 is beyond EOD, truncated
[  318.955229][  T100]  loop1: p1 < > p3 p4 < >
[  318.963584][  T100] loop1: p3 start 4259840 is beyond EOD, truncated
[  319.171508][T10488] loop3: detected capacity change from 0 to 256
[  319.245180][ T2779] usb 5-1: Using ep0 maxpacket: 32
[  319.365334][ T2779] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  319.382375][ T2779] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  319.402446][ T2779] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  319.411683][    T6] usb 3-1: USB disconnect, device number 43
[  319.423826][ T2779] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  319.445231][ T2779] usb 5-1: config 0 descriptor??
[  319.485702][ T2779] hub 5-1:0.0: USB hub found
[  319.545712][T10496] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=10496 comm=syz.0.3724
[  319.825273][ T2779] hub 5-1:0.0: config failed, hub doesn't have any ports! (err -19)
[  320.112790][T10527] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3737'.
[  320.125213][ T2779] usbhid 5-1:0.0: can't add hid device: -71
[  320.132914][ T2779] usbhid: probe of 5-1:0.0 failed with error -71
[  320.135349][   T20] usb 4-1: new high-speed USB device number 51 using dummy_hcd
[  320.175792][ T2779] usb 5-1: USB disconnect, device number 54
[  320.289125][T10534] loop2: detected capacity change from 0 to 256
[  320.536059][   T20] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  320.715289][   T20] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  320.724258][   T20] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  320.732103][   T20] usb 4-1: Product: syz
[  320.736080][   T20] usb 4-1: Manufacturer: syz
[  320.740478][   T20] usb 4-1: SerialNumber: syz
[  320.935175][  T548] usb 5-1: new high-speed USB device number 55 using dummy_hcd
[  320.955182][  T290] usb 1-1: new high-speed USB device number 48 using dummy_hcd
[  321.362782][T10565] loop2: detected capacity change from 0 to 256
[  321.404853][ T8237] usb 4-1: USB disconnect, device number 51
[  321.432049][   T30] audit: type=1326 audit(2000000804.123:1436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10564 comm="syz.2.3752" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f369d65af19 code=0x0
[  321.454798][  T290] usb 1-1: Using ep0 maxpacket: 32
[  321.485203][  T548] usb 5-1: Using ep0 maxpacket: 32
[  321.605423][  T548] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  321.620310][  T548] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  321.629917][  T548] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  321.638710][  T548] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  321.647492][  T548] usb 5-1: config 0 descriptor??
[  321.685653][  T548] hub 5-1:0.0: USB hub found
[  321.695389][  T290] usb 1-1: New USB device found, idVendor=046d, idProduct=08f6, bcdDevice=81.8a
[  321.704326][  T290] usb 1-1: New USB device strings: Mfr=0, Product=9, SerialNumber=0
[  321.712231][  T290] usb 1-1: Product: syz
[  321.717081][  T290] usb 1-1: config 0 descriptor??
[  321.775835][  T290] usb 1-1: Found UVC 0.00 device syz (046d:08f6)
[  321.782133][  T290] usb 1-1: No valid video chain found.
[  321.905227][  T548] hub 5-1:0.0: 1 port detected
[  322.197293][  T290] usb 1-1: USB disconnect, device number 48
[  322.385143][ T8237] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  322.484265][T10585] loop2: detected capacity change from 0 to 40427
[  322.566616][T10585] F2FS-fs (loop2): invalid crc value
[  322.574249][T10585] F2FS-fs (loop2): Found nat_bits in checkpoint
[  322.603989][T10585] F2FS-fs (loop2): Cannot turn on quotas: -2 on 1
[  322.610692][T10585] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  322.625226][ T8237] usb 2-1: Using ep0 maxpacket: 32
[  322.635199][  T548] hub 5-1:0.0: activate --> -90
[  322.652323][T10585] attempt to access beyond end of device
[  322.652323][T10585] loop2: rw=34817, want=79880, limit=40427
[  322.681372][ T8904] attempt to access beyond end of device
[  322.681372][ T8904] loop2: rw=2049, want=45104, limit=40427
[  322.745234][ T8237] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  322.755955][ T8237] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  322.864838][T10600] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3760'.
[  322.885231][ T8237] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  322.894093][ T8237] usb 2-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  322.902492][ T8237] usb 2-1: Product: syz
[  323.182567][ T8237] usb 2-1: Manufacturer: syz
[  323.235743][ T8237] hub 2-1:4.0: USB hub found
[  323.278386][    T6] usb 5-1: USB disconnect, device number 55
[  323.295294][  T548] hub 5-1:0.0: hub_ext_port_status failed (err = -71)
[  323.455243][ T8237] hub 2-1:4.0: 2 ports detected
[  323.809206][   T30] audit: type=1400 audit(2000000806.503:1437): avc:  denied  { getopt } for  pid=10621 comm="syz.4.3771" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  323.813128][T10622] loop4: detected capacity change from 0 to 512
[  323.919162][T10622] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  323.930090][T10622] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (20904!=33349)
[  323.940520][T10622] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  323.948777][T10622] EXT4-fs (loop4): orphan cleanup on readonly fs
[  323.954942][T10622] EXT4-fs error (device loop4): ext4_map_blocks:602: inode #2: block 4: comm syz.4.3771: lblock 0 mapped to illegal pblock 4 (length 1)
[  323.969069][T10622] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -117
[  323.977218][T10622] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x000000000000ee00,errors=continue,noload,data_err=ignore,usrjquota="init_itable=0x0000000000000601,max_dir_size_kb=0x0000000000000003,,errors=continue. Quota mode: writeback.
[  324.005227][    T6] usb 4-1: new high-speed USB device number 52 using dummy_hcd
[  324.012829][   T20] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[  324.505296][    T6] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  324.525376][   T20] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  324.535292][   T20] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  324.615276][   T20] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  324.624156][   T20] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  324.631969][   T20] usb 3-1: SerialNumber: syz
[  324.675279][    T6] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  324.684139][    T6] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  324.692377][    T6] usb 4-1: Product: syz
[  324.696378][    T6] usb 4-1: Manufacturer: syz
[  324.700760][    T6] usb 4-1: SerialNumber: syz
[  324.735191][ T8237] usb 1-1: new high-speed USB device number 49 using dummy_hcd
[  324.805251][ T1914] hub 2-1:4.0: activate --> -90
[  324.905762][   T20] usb 3-1: 0:2 : does not exist
[  324.911852][   T20] usb 3-1: USB disconnect, device number 44
[  324.995182][ T8237] usb 1-1: Using ep0 maxpacket: 32
[  325.023192][  T548] usb 4-1: USB disconnect, device number 52
[  325.041756][T10636] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3775'.
[  325.195251][ T8237] usb 1-1: New USB device found, idVendor=046d, idProduct=08f6, bcdDevice=81.8a
[  325.204307][ T8237] usb 1-1: New USB device strings: Mfr=0, Product=9, SerialNumber=0
[  325.212070][ T8237] usb 1-1: Product: syz
[  325.219845][ T8237] usb 1-1: config 0 descriptor??
[  325.256054][ T8237] usb 1-1: Found UVC 0.00 device syz (046d:08f6)
[  325.262263][ T8237] usb 1-1: No valid video chain found.
[  325.471364][T10642] loop2: detected capacity change from 0 to 1024
[  325.480660][T10642] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  325.491802][T10642] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  325.501930][T10642] JBD2: no valid journal superblock found
[  325.507583][T10642] EXT4-fs (loop2): error loading journal
[  325.526966][ T8237] usb 1-1: USB disconnect, device number 49
[  325.551710][T10644] loop3: detected capacity change from 0 to 16
[  325.626076][T10644] erofs: (device loop3): mounted with root inode @ nid 36.
[  325.691234][   T39] usb 2-1: USB disconnect, device number 44
[  325.753260][ T1914] usb 2-1-port2: cannot warm reset (err = -71)
[  325.805445][T10660] loop3: detected capacity change from 0 to 512
[  326.055318][ T2779] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[  326.325459][T10675] loop1: detected capacity change from 0 to 16
[  326.345303][ T2779] usb 3-1: Using ep0 maxpacket: 32
[  326.358894][   T30] audit: type=1400 audit(2000000809.053:1438): avc:  denied  { connect } for  pid=10676 comm="syz.0.3791" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  326.378258][ T8237] usb 5-1: new high-speed USB device number 56 using dummy_hcd
[  326.386072][T10675] erofs: (device loop1): mounted with root inode @ nid 36.
[  326.495195][ T2779] usb 3-1: config 0 has an invalid interface number: 250 but max is 1
[  326.503510][ T2779] usb 3-1: config 0 has no interface number 1
[  326.509616][ T2779] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping
[  326.523747][T10689] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3796'.
[  326.895459][ T2779] usb 3-1: New USB device found, idVendor=0408, idProduct=3090, bcdDevice=a6.3f
[  326.911353][ T2779] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  326.939597][ T2779] usb 3-1: Product: syz
[  326.989061][ T2779] usb 3-1: Manufacturer: syz
[  327.010836][ T2779] usb 3-1: SerialNumber: syz
[  327.061419][ T2779] usb 3-1: config 0 descriptor??
[  327.155221][ T8237] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  327.165170][ T8237] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  327.245216][ T8237] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  327.254109][ T8237] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  327.261899][ T8237] usb 5-1: SerialNumber: syz
[  327.335332][ T2779] usb 3-1: Found UVC 0.00 device syz (0408:3090)
[  327.345672][ T2779] usb 3-1: No valid video chain found.
[  327.540414][ T2779] usb 3-1: USB disconnect, device number 45
[  327.565804][ T8237] usb 5-1: 0:2 : does not exist
[  327.573986][ T8237] usb 5-1: USB disconnect, device number 56
[  327.655557][T10716] loop1: detected capacity change from 0 to 40427
[  327.666478][  T377] udevd[377]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  328.193971][T10716] F2FS-fs (loop1): invalid crc value
[  328.352197][T10716] F2FS-fs (loop1): Found nat_bits in checkpoint
[  328.456722][T10716] F2FS-fs (loop1): Cannot turn on quotas: -2 on 1
[  328.463429][T10716] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  328.853996][T10739] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3811'.
[  328.856864][T10716] attempt to access beyond end of device
[  328.856864][T10716] loop1: rw=34817, want=79880, limit=40427
[  328.955747][ T7312] attempt to access beyond end of device
[  328.955747][ T7312] loop1: rw=2049, want=45104, limit=40427
[  329.255166][T10778] SELinux: security_context_str_to_sid(ÿÿÿÿ) failed for (dev ?, type ?) errno=-22
[  329.264396][T10778] SELinux: security_context_str_to_sid(ÿÿÿÿ) failed for (dev incremental-fs, type incremental-fs) errno=-22
[  329.355202][ T2779] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  329.375237][  T290] usb 4-1: new high-speed USB device number 53 using dummy_hcd
[  329.595182][ T2779] usb 3-1: Using ep0 maxpacket: 16
[  329.615174][  T290] usb 4-1: Using ep0 maxpacket: 32
[  329.634219][T10796] loop4: detected capacity change from 0 to 40427
[  329.691292][T10796] F2FS-fs (loop4): invalid crc value
[  329.725248][ T2779] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  329.735954][ T2779] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  329.742312][T10796] F2FS-fs (loop4): Found nat_bits in checkpoint
[  329.755202][  T290] usb 4-1: config 0 has an invalid interface number: 250 but max is 1
[  329.763192][  T290] usb 4-1: config 0 has no interface number 1
[  329.769105][ T2779] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  329.785155][  T290] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping
[  329.788793][T10796] F2FS-fs (loop4): Cannot turn on quotas: -2 on 1
[  329.797569][ T2779] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  329.802521][T10796] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  329.833227][ T2779] usb 3-1: config 0 descriptor??
[  329.933725][T10796] attempt to access beyond end of device
[  329.933725][T10796] loop4: rw=34817, want=79880, limit=40427
[  329.967488][ T5782] attempt to access beyond end of device
[  329.967488][ T5782] loop4: rw=2049, want=45104, limit=40427
[  329.985314][  T290] usb 4-1: New USB device found, idVendor=0408, idProduct=3090, bcdDevice=a6.3f
[  329.994215][  T290] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  330.002206][  T290] usb 4-1: Product: syz
[  330.006344][  T290] usb 4-1: Manufacturer: syz
[  330.010822][  T290] usb 4-1: SerialNumber: syz
[  330.019254][  T290] usb 4-1: config 0 descriptor??
[  330.416531][  T290] usb 4-1: Found UVC 0.00 device syz (0408:3090)
[  330.422708][  T290] usb 4-1: No valid video chain found.
[  330.429116][ T2779] microsoft 0003:045E:07DA.005D: No inputs registered, leaving
[  330.437501][ T2779] microsoft 0003:045E:07DA.005D: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0
[  330.450356][ T2779] microsoft 0003:045E:07DA.005D: no inputs found
[  330.456540][ T2779] microsoft 0003:045E:07DA.005D: could not initialize ff, continuing anyway
[  330.644372][  T290] usb 4-1: USB disconnect, device number 53
[  330.815181][ T2779] usb 1-1: new high-speed USB device number 50 using dummy_hcd
[  331.055339][   T39] usb 3-1: USB disconnect, device number 46
[  331.066228][ T2779] usb 1-1: Using ep0 maxpacket: 32
[  331.215210][ T2779] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  331.226031][ T2779] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  331.235692][ T2779] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  331.244507][ T2779] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  331.252954][ T2779] usb 1-1: config 0 descriptor??
[  331.305694][ T2779] hub 1-1:0.0: USB hub found
[  331.317284][T10831] loop4: detected capacity change from 0 to 16
[  331.365643][T10831] erofs: (device loop4): mounted with root inode @ nid 36.
[  331.416212][T10842] loop4: detected capacity change from 0 to 512
[  331.495221][  T290] Bluetooth: hci0: command 0x1003 tx timeout
[  331.504143][ T4463] Bluetooth: hci0: sending frame failed (-49)
[  331.535254][ T2779] hub 1-1:0.0: config failed, hub doesn't have any ports! (err -19)
[  331.805402][   T39] usb 4-1: new high-speed USB device number 54 using dummy_hcd
[  331.855224][ T2779] usbhid 1-1:0.0: can't add hid device: -71
[  331.860993][ T2779] usbhid: probe of 1-1:0.0 failed with error -71
[  331.895452][ T2779] usb 1-1: USB disconnect, device number 50
[  332.105886][T10853] loop2: detected capacity change from 0 to 128
[  332.154514][T10853] FAT-fs (loop2): Unrecognized mount option "" or missing value
[  332.301576][T10856] device pim6reg1 entered promiscuous mode
[  332.375224][   T39] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  332.385500][   T39] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  332.445422][T10858] loop4: detected capacity change from 0 to 40427
[  332.485264][   T39] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  332.494186][   T39] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  332.502160][   T39] usb 4-1: SerialNumber: syz
[  332.780836][T10858] F2FS-fs (loop4): Found nat_bits in checkpoint
[  332.828611][T10858] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  332.844287][T10871] SELinux: security_context_str_to_sid(ÿÿÿÿ) failed for (dev ?, type ?) errno=-22
[  332.854093][   T39] usb 4-1: 0:2 : does not exist
[  332.855463][T10871] SELinux: security_context_str_to_sid(ÿÿÿÿ) failed for (dev incremental-fs, type incremental-fs) errno=-22
[  332.870508][ T5782] attempt to access beyond end of device
[  332.870508][ T5782] loop4: rw=2049, want=45104, limit=40427
[  333.016091][T10888] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3869'.
[  333.451621][  T523] usb 4-1: USB disconnect, device number 54
[  333.613594][ T2779] Bluetooth: hci0: command 0x1001 tx timeout
[  333.634745][ T4463] Bluetooth: hci0: sending frame failed (-49)
[  334.038528][T10922] device pim6reg1 entered promiscuous mode
[  334.698650][T10957] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10957 comm=syz.3.3894
[  334.739463][T10957] device wireguard0 entered promiscuous mode
[  334.847231][T10945] loop4: detected capacity change from 0 to 40427
[  334.958765][T10945] F2FS-fs (loop4): invalid crc value
[  334.965190][T10945] F2FS-fs (loop4): Ignore s_resuid=60929, s_resgid=0 w/o reserve_root
[  334.978009][T10945] F2FS-fs (loop4): Found nat_bits in checkpoint
[  335.012701][T10945] F2FS-fs (loop4): recover fsync data on readonly fs
[  335.019448][T10945] F2FS-fs (loop4): Cannot turn on quotas: -2 on 0
[  335.026191][T10945] F2FS-fs (loop4): Cannot turn on quotas: -2 on 1
[  335.032731][T10945] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  335.226673][  T523] usb 3-1: new high-speed USB device number 47 using dummy_hcd
[  336.109603][  T290] Bluetooth: hci0: command 0x1009 tx timeout
[  337.076208][T11011] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3915'.
[  337.105241][  T523] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  337.115673][  T523] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  337.133515][T11019] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=11019 comm=syz.4.3920
[  337.188962][T11027] loop4: detected capacity change from 0 to 256
[  337.245217][  T523] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  337.254207][  T523] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  337.262035][  T523] usb 3-1: SerialNumber: syz
[  337.934000][T11033] loop3: detected capacity change from 0 to 256
[  337.974373][T11027] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d)
[  338.042223][   T30] audit: type=1400 audit(2000000820.733:1439): avc:  denied  { unlink } for  pid=5782 comm="syz-executor" name="file0" dev="loop4" ino=1048948 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  338.065002][   T30] audit: type=1400 audit(2000000820.753:1440): avc:  denied  { rmdir } for  pid=5782 comm="syz-executor" name="file0" dev="loop4" ino=1048943 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  338.147678][  T523] usb 3-1: 0:2 : does not exist
[  338.167252][T11049] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=11049 comm=syz.0.3934
[  338.195755][  T523] usb 3-1: USB disconnect, device number 47
[  338.224805][  T377] udevd[377]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  338.538866][T11053] loop4: detected capacity change from 0 to 40427
[  338.565205][   T26] usb 1-1: new high-speed USB device number 51 using dummy_hcd
[  338.626604][T11053] F2FS-fs (loop4): invalid crc value
[  338.633585][T11053] F2FS-fs (loop4): Found nat_bits in checkpoint
[  338.663035][T11053] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  338.687151][ T5782] attempt to access beyond end of device
[  338.687151][ T5782] loop4: rw=2049, want=45104, limit=40427
[  338.715169][ T8237] usb 4-1: new high-speed USB device number 55 using dummy_hcd
[  338.799963][T11067] loop4: detected capacity change from 0 to 256
[  338.806079][   T26] usb 1-1: Using ep0 maxpacket: 32
[  338.877685][T11067] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d)
[  339.025235][   T26] usb 1-1: New USB device found, idVendor=046d, idProduct=08f6, bcdDevice=81.8a
[  339.034490][   T26] usb 1-1: New USB device strings: Mfr=0, Product=9, SerialNumber=0
[  339.042765][   T26] usb 1-1: Product: syz
[  339.050869][   T26] usb 1-1: config 0 descriptor??
[  339.062805][T11076] loop4: detected capacity change from 0 to 40427
[  339.085318][ T8237] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  339.095267][ T8237] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  339.096807][   T26] usb 1-1: Found UVC 0.00 device syz (046d:08f6)
[  339.110213][   T26] usb 1-1: No valid video chain found.
[  339.115092][T11076] F2FS-fs (loop4): Found nat_bits in checkpoint
[  339.143429][T11076] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  339.175217][ T8237] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  339.184176][ T8237] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  339.192135][ T8237] usb 4-1: SerialNumber: syz
[  339.356636][T11085] attempt to access beyond end of device
[  339.356636][T11085] loop4: rw=2049, want=54224, limit=40427
[  339.505922][ T8237] usb 4-1: 0:2 : does not exist
[  339.639689][   T20] usb 1-1: USB disconnect, device number 51
[  339.817681][T11087] bridge0: port 1(bridge_slave_0) entered blocking state
[  339.824585][T11087] bridge0: port 1(bridge_slave_0) entered disabled state
[  339.831871][T11087] device bridge_slave_0 entered promiscuous mode
[  339.838754][T11087] bridge0: port 2(bridge_slave_1) entered blocking state
[  339.846221][T11087] bridge0: port 2(bridge_slave_1) entered disabled state
[  339.846395][ T5782] attempt to access beyond end of device
[  339.846395][ T5782] loop4: rw=2049, want=45112, limit=40427
[  339.853547][T11087] device bridge_slave_1 entered promiscuous mode
[  339.925361][T11087] bridge0: port 2(bridge_slave_1) entered blocking state
[  339.932295][T11087] bridge0: port 2(bridge_slave_1) entered forwarding state
[  339.939419][T11087] bridge0: port 1(bridge_slave_0) entered blocking state
[  339.946199][T11087] bridge0: port 1(bridge_slave_0) entered forwarding state
[  339.953468][   T20] usb 4-1: USB disconnect, device number 55
[  339.988162][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  339.996942][   T26] bridge0: port 1(bridge_slave_0) entered disabled state
[  340.004076][   T26] bridge0: port 2(bridge_slave_1) entered disabled state
[  340.026717][  T523] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  340.034671][  T523] bridge0: port 1(bridge_slave_0) entered blocking state
[  340.041561][  T523] bridge0: port 1(bridge_slave_0) entered forwarding state
[  340.048903][  T523] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  340.057293][  T523] bridge0: port 2(bridge_slave_1) entered blocking state
[  340.064116][  T523] bridge0: port 2(bridge_slave_1) entered forwarding state
[  340.067233][T11092] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=11092 comm=syz.4.3945
[  340.071353][  T523] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  340.106775][  T523] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  340.122501][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  340.132951][T11087] device veth0_vlan entered promiscuous mode
[  340.139222][  T523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  340.147380][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  340.154593][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  340.169577][T11087] device veth1_macvtap entered promiscuous mode
[  340.177210][  T523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  340.191345][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  340.201829][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  340.296435][T11097] loop4: detected capacity change from 0 to 40427
[  340.301340][T11106] loop1: detected capacity change from 0 to 256
[  340.372458][T11097] F2FS-fs (loop4): invalid crc value
[  340.377901][T11106] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d)
[  340.379570][T11097] F2FS-fs (loop4): Found nat_bits in checkpoint
[  340.396464][ T7660] device bridge_slave_1 left promiscuous mode
[  340.404486][ T7660] ÿÿÿÿÿÿ: port 2(bridge_slave_1) entered disabled state
[  340.427917][ T7660] device bridge_slave_0 left promiscuous mode
[  340.460861][ T7660] ÿÿÿÿÿÿ: port 1(bridge_slave_0) entered disabled state
[  340.510774][ T7660] device veth1_macvtap left promiscuous mode
[  340.568220][ T7660] device veth0_vlan left promiscuous mode
[  340.649732][T11097] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  340.692258][T11117] overlayfs: statfs failed on './file0'
[  340.707623][ T5782] attempt to access beyond end of device
[  340.707623][ T5782] loop4: rw=2049, want=45104, limit=40427
[  340.799843][T11124] loop3: detected capacity change from 0 to 512
[  340.880302][T11130] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=11130 comm=syz.4.3955
[  340.990958][T11147] netlink: 76 bytes leftover after parsing attributes in process `syz.4.3966'.
[  340.999994][T11147] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3966'.
[  341.387503][T11158] loop1: detected capacity change from 0 to 1024
[  341.417567][T11158] EXT4-fs (loop1): Can't support bigalloc feature without extents feature
[  341.417567][T11158] 
[  341.431078][T11158] EXT4-fs (loop1): couldn't mount as ext3 due to feature incompatibilities
[  341.505958][T11164] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=11164 comm=syz.4.3973
[  341.625171][  T548] usb 1-1: new high-speed USB device number 52 using dummy_hcd
[  341.778914][T11191] loop1: detected capacity change from 0 to 1024
[  341.825491][T11191] EXT4-fs (loop1): Can't support bigalloc feature without extents feature
[  341.825491][T11191] 
[  341.837519][T11191] EXT4-fs (loop1): couldn't mount as ext3 due to feature incompatibilities
[  342.066601][  T548] usb 1-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  342.297708][  T548] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  342.307456][  T548] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  342.323652][  T548] usb 1-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  342.340801][  T548] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.99
[  342.354632][  T548] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  342.391541][T11208] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=11208 comm=syz.2.3990
[  342.426630][  T548] usb 1-1: invalid MIDI out EP 0
[  342.431709][  T548] snd-usb-audio: probe of 1-1:27.0 failed with error -22
[  342.469429][T11218] overlayfs: statfs failed on './file0'
[  342.606407][T11235] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=11235 comm=syz.2.4004
[  342.628953][  T548] usb 1-1: USB disconnect, device number 52
[  342.686598][T11241] netem: change failed
[  342.706960][T11245] serio: Serial port ptm0
[  342.905181][T11255] loop3: detected capacity change from 0 to 256
[  343.300230][T11264] loop1: detected capacity change from 0 to 40427
[  343.397159][T11264] F2FS-fs (loop1): Found nat_bits in checkpoint
[  343.474761][T11264] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  344.080318][T11291] attempt to access beyond end of device
[  344.080318][T11291] loop1: rw=2049, want=54224, limit=40427
[  344.577089][T11087] attempt to access beyond end of device
[  344.577089][T11087] loop1: rw=2049, want=45112, limit=40427
[  344.598104][T11307] loop3: detected capacity change from 0 to 512
[  344.635783][T11313] serio: Serial port ptm0
[  344.818535][T11315] loop4: detected capacity change from 0 to 128
[  344.876628][T11315] FAT-fs (loop4): Unrecognized mount option "" or missing value
[  345.149601][T11317] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4029'.
[  345.409090][  T548] usb 1-1: new high-speed USB device number 53 using dummy_hcd
[  345.645544][T11335] loop2: detected capacity change from 0 to 40427
[  345.723917][T11335] F2FS-fs (loop2): Found nat_bits in checkpoint
[  345.752077][T11335] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  345.821261][   T20] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  346.041812][T11344] attempt to access beyond end of device
[  346.041812][T11344] loop2: rw=2049, want=54224, limit=40427
[  346.087160][  T548] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  346.098226][  T548] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  346.108026][  T548] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  346.122970][  T548] usb 1-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00
[  346.131997][  T548] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  346.140861][  T548] usb 1-1: config 0 descriptor??
[  346.225209][   T20] usb 2-1: Using ep0 maxpacket: 16
[  346.449570][ T8904] attempt to access beyond end of device
[  346.449570][ T8904] loop2: rw=2049, want=45112, limit=40427
[  346.535303][   T20] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  346.554444][   T20] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  346.562631][   T20] usb 2-1: Product: syz
[  346.575168][   T20] usb 2-1: Manufacturer: syz
[  346.580490][   T20] usb 2-1: SerialNumber: syz
[  346.588362][   T20] r8152-cfgselector 2-1: config 0 descriptor??
[  346.624894][  T548] acrux 0003:1A34:0802.005E: hidraw0: USB HID v0.00 Device [HID 1a34:0802] on usb-dummy_hcd.0-1/input0
[  346.645907][  T548] acrux 0003:1A34:0802.005E: no inputs found
[  346.654074][  T548] acrux 0003:1A34:0802.005E: Failed to enable force feedback support, error: -19
[  346.801587][T11358] loop2: detected capacity change from 0 to 40427
[  346.818673][  T548] usb 1-1: USB disconnect, device number 53
[  346.826152][T11358] F2FS-fs (loop2): invalid crc value
[  346.841618][T11358] F2FS-fs (loop2): Found nat_bits in checkpoint
[  346.883950][T11358] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[  346.909567][ T8904] attempt to access beyond end of device
[  346.909567][ T8904] loop2: rw=2049, want=45104, limit=40427
[  347.085266][   T20] r8152-cfgselector 2-1: Unknown version 0x0000
[  347.091485][   T20] r8152-cfgselector 2-1: bad CDC descriptors
[  347.125209][   T20] r8152-cfgselector 2-1: Unknown version 0x0000
[  347.135749][   T20] r8152-cfgselector 2-1: USB disconnect, device number 45
[  347.260857][T11373] loop2: detected capacity change from 0 to 256
[  347.283550][T11373] FAT-fs (loop2): Directory bread(block 64) failed
[  347.290116][T11373] FAT-fs (loop2): Directory bread(block 65) failed
[  347.296702][T11373] FAT-fs (loop2): Directory bread(block 66) failed
[  347.303070][T11373] FAT-fs (loop2): Directory bread(block 67) failed
[  347.309442][T11373] FAT-fs (loop2): Directory bread(block 68) failed
[  347.315826][T11373] FAT-fs (loop2): Directory bread(block 69) failed
[  347.322165][T11373] FAT-fs (loop2): Directory bread(block 70) failed
[  347.328584][T11373] FAT-fs (loop2): Directory bread(block 71) failed
[  347.335017][T11373] FAT-fs (loop2): Directory bread(block 72) failed
[  347.341415][T11373] FAT-fs (loop2): Directory bread(block 73) failed
[  347.920791][T11397] loop3: detected capacity change from 0 to 128
[  348.315782][T11397] FAT-fs (loop3): Unrecognized mount option "" or missing value
[  348.549919][T11414] xt_SECMARK: invalid mode: 0
[  348.977869][T11418] loop3: detected capacity change from 0 to 256
[  348.995166][ T1914] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[  349.040627][T11418] FAT-fs (loop3): Directory bread(block 64) failed
[  349.053351][T11418] FAT-fs (loop3): Directory bread(block 65) failed
[  349.066624][T11418] FAT-fs (loop3): Directory bread(block 66) failed
[  349.073208][T11418] FAT-fs (loop3): Directory bread(block 67) failed
[  349.081094][T11418] FAT-fs (loop3): Directory bread(block 68) failed
[  349.088281][T11418] FAT-fs (loop3): Directory bread(block 69) failed
[  349.094917][T11418] FAT-fs (loop3): Directory bread(block 70) failed
[  349.101472][T11418] FAT-fs (loop3): Directory bread(block 71) failed
[  349.108057][T11418] FAT-fs (loop3): Directory bread(block 72) failed
[  349.114510][T11418] FAT-fs (loop3): Directory bread(block 73) failed
[  349.406885][ T1914] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  349.420414][T11430] loop2: detected capacity change from 0 to 40427
[  349.421877][ T1914] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  349.436343][ T1914] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  349.448984][ T1914] usb 2-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00
[  349.457844][ T1914] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  349.851362][T11430] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  349.871749][T11430] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  349.887891][T11430] F2FS-fs (loop2): invalid crc value
[  349.905711][T11430] F2FS-fs (loop2): Found nat_bits in checkpoint
[  349.908779][ T1914] usb 2-1: config 0 descriptor??
[  349.950710][T11430] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  349.957597][T11430] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  349.986324][ T9250] attempt to access beyond end of device
[  349.986324][ T9250] loop2: rw=1, want=45104, limit=40427
[  350.142108][T11455] loop2: detected capacity change from 0 to 512
[  350.191381][T11455] EXT4-fs (loop2): corrupt root inode, run e2fsck
[  350.198022][T11455] EXT4-fs (loop2): mount failed
[  350.364136][T11472] loop2: detected capacity change from 0 to 256
[  350.397500][ T1914] acrux 0003:1A34:0802.005F: hidraw0: USB HID v0.00 Device [HID 1a34:0802] on usb-dummy_hcd.1-1/input0
[  350.416315][ T1914] acrux 0003:1A34:0802.005F: no inputs found
[  350.423975][ T1914] acrux 0003:1A34:0802.005F: Failed to enable force feedback support, error: -19
[  350.882597][ T1914] usb 2-1: USB disconnect, device number 46
[  351.001697][T11508] loop4: detected capacity change from 0 to 1024
[  351.122849][T11508] EXT4-fs (loop4): mounted filesystem without journal. Opts: data_err=abort,stripe=0x0000000000000002,noblock_validity,errors=remount-ro,noblock_validity,bsddf,sysvgroups,nojournal_checksum,nodelalloc,. Quota mode: none.
[  351.146287][   T30] audit: type=1400 audit(2000000833.843:1441): avc:  denied  { write } for  pid=11505 comm="syz.4.4101" name="bus" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=chr_file permissive=1
[  351.168600][   T30] audit: type=1400 audit(2000000833.843:1442): avc:  denied  { open } for  pid=11505 comm="syz.4.4101" path="/414/file1/bus" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=chr_file permissive=1
[  351.191672][   T30] audit: type=1400 audit(2000000833.863:1443): avc:  denied  { read } for  pid=11505 comm="syz.4.4101" name="bus" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=chr_file permissive=1
[  351.385177][   T26] usb 3-1: new high-speed USB device number 48 using dummy_hcd
[  351.408517][T11547] loop4: detected capacity change from 0 to 256
[  351.526945][T11543] loop3: detected capacity change from 0 to 40427
[  351.567530][T11543] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  351.575596][T11543] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  351.592812][T11547] FAT-fs (loop4): error, fat_free_clusters: deleting FAT entry beyond EOF
[  351.603991][T11543] F2FS-fs (loop3): Found nat_bits in checkpoint
[  351.733202][ T5782] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 0, start 0000953a)
[  351.744550][ T5782] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 0, start 0000953a)
[  351.786184][T11543] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  351.797543][T11543] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  351.816036][   T26] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  351.862451][   T26] usb 3-1: config 0 interface 0 has no altsetting 0
[  351.952004][T11559] bridge0: port 1(bridge_slave_0) entered blocking state
[  351.959080][T11559] bridge0: port 1(bridge_slave_0) entered disabled state
[  351.966327][T11559] device bridge_slave_0 entered promiscuous mode
[  351.972998][T11559] bridge0: port 2(bridge_slave_1) entered blocking state
[  351.980046][T11559] bridge0: port 2(bridge_slave_1) entered disabled state
[  351.987280][T11559] device bridge_slave_1 entered promiscuous mode
[  352.025408][   T26] usb 3-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[  352.034484][   T26] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  352.043393][   T26] usb 3-1: Product: syz
[  352.050541][   T26] usb 3-1: Manufacturer: syz
[  352.054978][   T26] usb 3-1: SerialNumber: syz
[  352.110337][   T26] usb 3-1: config 0 descriptor??
[  352.159929][   T26] usb 3-1: selecting invalid altsetting 0
[  352.165917][   T26] snd-usb-audio: probe of 3-1:0.0 failed with error -2
[  352.272913][T11559] bridge0: port 2(bridge_slave_1) entered blocking state
[  352.279801][T11559] bridge0: port 2(bridge_slave_1) entered forwarding state
[  352.286992][T11559] bridge0: port 1(bridge_slave_0) entered blocking state
[  352.291214][ T9405] f2fs_fill_dentries: 4 callbacks suppressed
[  352.291228][ T9405] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix.
[  352.293765][T11559] bridge0: port 1(bridge_slave_0) entered forwarding state
[  352.300280][ T9405] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix.
[  352.314178][ T9405] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix.
[  352.321810][ T9405] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix.
[  352.329830][ T9405] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix.
[  352.337311][ T9405] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix.
[  352.344726][ T9405] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix.
[  352.376989][T11559] device veth0_vlan entered promiscuous mode
[  352.396117][  T523] usb 3-1: USB disconnect, device number 48
[  352.397546][  T548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  352.411500][  T548] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  352.419723][  T548] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  352.430012][  T548] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  352.438177][  T548] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  352.448206][  T548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  352.456437][  T548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  352.464317][  T548] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  352.471716][  T548] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  352.479128][  T548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  352.487500][T11559] device veth1_macvtap entered promiscuous mode
[  352.497815][  T548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  352.511976][  T548] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  352.551488][T11575] loop4: detected capacity change from 0 to 1024
[  352.600059][T11575] EXT4-fs (loop4): mounted filesystem without journal. Opts: data_err=abort,stripe=0x0000000000000002,noblock_validity,errors=remount-ro,noblock_validity,bsddf,sysvgroups,nojournal_checksum,nodelalloc,. Quota mode: none.
[  352.606398][T11583] syz.3.4126[11583] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  352.625105][T11583] syz.3.4126[11583] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  352.639314][T11583] syz.3.4126[11583] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  352.655420][T11583] syz.3.4126[11583] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  352.734833][T11591] loop4: detected capacity change from 0 to 256
[  352.770306][T11591] FAT-fs (loop4): Directory bread(block 64) failed
[  352.777606][T11591] FAT-fs (loop4): Directory bread(block 65) failed
[  352.783950][T11591] FAT-fs (loop4): Directory bread(block 66) failed
[  352.790487][T11591] FAT-fs (loop4): Directory bread(block 67) failed
[  352.796865][T11591] FAT-fs (loop4): Directory bread(block 68) failed
[  352.803200][T11591] FAT-fs (loop4): Directory bread(block 69) failed
[  352.809808][T11591] FAT-fs (loop4): Directory bread(block 70) failed
[  352.816896][T11591] FAT-fs (loop4): Directory bread(block 71) failed
[  352.823239][T11591] FAT-fs (loop4): Directory bread(block 72) failed
[  352.829808][T11591] FAT-fs (loop4): Directory bread(block 73) failed
[  352.831081][T11587] loop3: detected capacity change from 0 to 40427
[  352.865800][T11587] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  352.873471][T11587] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  352.882648][T11587] F2FS-fs (loop3): invalid crc value
[  352.893820][T11587] F2FS-fs (loop3): Found nat_bits in checkpoint
[  352.925626][   T30] audit: type=1400 audit(2000000835.623:1444): avc:  denied  { mount } for  pid=11603 comm="syz.4.4139" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  352.948082][   T30] audit: type=1400 audit(2000000835.623:1445): avc:  denied  { mounton } for  pid=11603 comm="syz.4.4139" path="/4/file0/bus" dev="devtmpfs" ino=137 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=dir permissive=1
[  352.978417][T11587] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  352.986318][   T30] audit: type=1400 audit(2000000835.623:1446): avc:  denied  { unlink } for  pid=11603 comm="syz.4.4139" name="#aa" dev="devtmpfs" ino=1729 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=chr_file permissive=1
[  353.008643][T11587] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  353.066534][ T7660] attempt to access beyond end of device
[  353.066534][ T7660] loop3: rw=1, want=45104, limit=40427
[  353.180683][T11618] bridge0: port 1(bridge_slave_0) entered blocking state
[  353.188068][T11618] bridge0: port 1(bridge_slave_0) entered disabled state
[  353.201048][T11618] device bridge_slave_0 entered promiscuous mode
[  353.216801][T11618] bridge0: port 2(bridge_slave_1) entered blocking state
[  353.223695][T11618] bridge0: port 2(bridge_slave_1) entered disabled state
[  353.232485][T11618] device bridge_slave_1 entered promiscuous mode
[  353.252391][T11628] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4145'.
[  353.655375][   T26] Bluetooth: hci0: command 0x1003 tx timeout
[  353.661633][ T4463] Bluetooth: hci0: sending frame failed (-49)
[  353.750009][T11618] bridge0: port 2(bridge_slave_1) entered blocking state
[  353.757027][T11618] bridge0: port 2(bridge_slave_1) entered forwarding state
[  353.764108][T11618] bridge0: port 1(bridge_slave_0) entered blocking state
[  353.770913][T11618] bridge0: port 1(bridge_slave_0) entered forwarding state
[  353.786605][ T9250] device bridge_slave_1 left promiscuous mode
[  353.814095][ T9250] bridge0: port 2(bridge_slave_1) entered disabled state
[  353.828372][ T9250] device bridge_slave_0 left promiscuous mode
[  353.834714][ T9250] bridge0: port 1(bridge_slave_0) entered disabled state
[  353.846041][ T9250] device veth1_macvtap left promiscuous mode
[  353.852028][ T9250] device veth0_vlan left promiscuous mode
[  354.000456][ T8237] bridge0: port 1(bridge_slave_0) entered disabled state
[  354.007670][ T8237] bridge0: port 2(bridge_slave_1) entered disabled state
[  354.044001][  T523] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  354.052783][  T523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  354.112517][   T26] usb 3-1: new high-speed USB device number 49 using dummy_hcd
[  354.148231][  T290] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  354.165789][  T290] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  354.200106][  T290] bridge0: port 1(bridge_slave_0) entered blocking state
[  354.207125][  T290] bridge0: port 1(bridge_slave_0) entered forwarding state
[  354.280967][  T290] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  354.289314][  T290] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  354.297613][  T290] bridge0: port 2(bridge_slave_1) entered blocking state
[  354.304453][  T290] bridge0: port 2(bridge_slave_1) entered forwarding state
[  354.319255][  T290] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  354.328386][  T290] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  354.336439][  T290] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  354.344386][  T290] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  354.368549][ T2779] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  354.379807][ T2779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  354.389730][ T2779] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  354.398271][ T2779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  354.408956][T11618] device veth0_vlan entered promiscuous mode
[  354.421359][ T2779] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  354.429164][ T2779] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  354.443011][T11618] device veth1_macvtap entered promiscuous mode
[  354.450391][  T523] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  354.460034][  T523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  354.468244][  T523] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  354.484952][ T2779] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  354.493327][ T2779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  354.502049][ T2779] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  354.510541][ T2779] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  354.518601][   T26] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  354.533436][   T26] usb 3-1: config 0 interface 0 has no altsetting 0
[  354.735568][   T26] usb 3-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[  354.744777][   T26] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  354.753978][   T26] usb 3-1: Product: syz
[  354.759063][   T26] usb 3-1: Manufacturer: syz
[  354.763506][   T26] usb 3-1: SerialNumber: syz
[  354.773027][   T26] usb 3-1: config 0 descriptor??
[  354.879656][   T26] usb 3-1: selecting invalid altsetting 0
[  354.927027][   T26] snd-usb-audio: probe of 3-1:0.0 failed with error -2
[  354.993951][T11665] loop3: detected capacity change from 0 to 1024
[  355.036923][T11665] EXT4-fs (loop3): mounted filesystem without journal. Opts: data_err=abort,stripe=0x0000000000000002,noblock_validity,errors=remount-ro,noblock_validity,bsddf,sysvgroups,nojournal_checksum,nodelalloc,. Quota mode: none.
[  355.079385][ T2779] usb 3-1: USB disconnect, device number 49
[  355.688560][T11711] xt_bpf: check failed: parse error
[  355.701279][T11713] netlink: 'syz.0.4182': attribute type 4 has an invalid length.
[  355.711112][T11713] netlink: 'syz.0.4182': attribute type 4 has an invalid length.
[  355.736121][   T26] Bluetooth: hci0: command 0x1001 tx timeout
[  355.742107][ T4463] Bluetooth: hci0: sending frame failed (-49)
[  355.755177][   T20] usb 4-1: new high-speed USB device number 56 using dummy_hcd
[  355.850044][   T30] audit: type=1400 audit(2000000838.543:1447): avc:  denied  { create } for  pid=11726 comm="syz.0.4188" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  355.873747][   T30] audit: type=1400 audit(2000000838.563:1448): avc:  denied  { write } for  pid=11726 comm="syz.0.4188" name="bus" dev="tmpfs" ino=2178 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  355.900578][   T30] audit: type=1400 audit(2000000838.563:1449): avc:  denied  { open } for  pid=11726 comm="syz.0.4188" path="/394/bus" dev="tmpfs" ino=2178 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  355.923243][   T30] audit: type=1400 audit(2000000838.563:1450): avc:  denied  { read } for  pid=11726 comm="syz.0.4188" name="bus" dev="tmpfs" ino=2178 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  356.056812][T11739] xt_bpf: check failed: parse error
[  356.086771][T11746] overlayfs: failed to verify upper (/file1, ino=1736, err=-116)
[  356.094336][T11746] overlayfs: failed to verify index dir 'upper' xattr
[  356.101410][T11746] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index.
[  356.155319][   T20] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  356.166253][   T20] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  356.176178][   T20] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  356.189515][   T20] usb 4-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00
[  356.198422][   T20] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  356.254189][T11753] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4194'.
[  356.335217][   T30] audit: type=1400 audit(2000000838.943:1451): avc:  denied  { bind } for  pid=11743 comm="syz.4.4194" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  356.355262][ T2779] usb 3-1: new high-speed USB device number 50 using dummy_hcd
[  356.364786][   T20] usb 4-1: config 0 descriptor??
[  356.715209][ T2779] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  356.725172][ T2779] usb 3-1: config 0 interface 0 has no altsetting 0
[  356.837671][   T20] acrux 0003:1A34:0802.0060: hidraw0: USB HID v0.00 Device [HID 1a34:0802] on usb-dummy_hcd.3-1/input0
[  356.848606][   T20] acrux 0003:1A34:0802.0060: no inputs found
[  356.854352][   T20] acrux 0003:1A34:0802.0060: Failed to enable force feedback support, error: -19
[  356.885244][ T2779] usb 3-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[  356.894221][ T2779] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  356.902055][ T2779] usb 3-1: Product: syz
[  356.906030][ T2779] usb 3-1: Manufacturer: syz
[  356.910407][ T2779] usb 3-1: SerialNumber: syz
[  356.916589][ T2779] usb 3-1: config 0 descriptor??
[  356.956313][ T2779] usb 3-1: selecting invalid altsetting 0
[  356.961944][ T2779] snd-usb-audio: probe of 3-1:0.0 failed with error -2
[  357.052772][ T2779] usb 4-1: USB disconnect, device number 56
[  357.157739][ T8237] usb 3-1: USB disconnect, device number 50
[  357.295253][   T20] usb 1-1: new high-speed USB device number 54 using dummy_hcd
[  357.365175][  T548] usb 5-1: new high-speed USB device number 57 using dummy_hcd
[  357.565191][   T20] usb 1-1: Using ep0 maxpacket: 32
[  357.604875][T11769] xt_bpf: check failed: parse error
[  357.615346][  T548] usb 5-1: Using ep0 maxpacket: 16
[  357.623010][T11771] input: syz0 as /devices/virtual/input/input48
[  357.682345][   T30] audit: type=1400 audit(2000000840.373:1452): avc:  denied  { ioctl } for  pid=11772 comm="syz.2.4207" path="/184/file0" dev="tmpfs" ino=1027 ioctlcmd=0x1269 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  357.715410][   T20] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  357.733279][   T20] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[  357.744756][   T20] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  357.755060][   T20] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  357.770338][   T20] usb 1-1: config 0 descriptor??
[  357.778300][T11777] device veth0_vlan left promiscuous mode
[  357.784403][T11777] device veth0_vlan entered promiscuous mode
[  357.795209][T11758] raw-gadget.2 gadget: fail, usb_ep_enable returned -22
[  357.815235][ T2779] Bluetooth: hci0: command 0x1009 tx timeout
[  357.816560][   T20] hub 1-1:0.0: USB hub found
[  357.868350][T11780] loop3: detected capacity change from 0 to 512
[  357.873494][T11775] loop2: detected capacity change from 0 to 40427
[  357.915882][T11775] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  357.916281][T11780] EXT4-fs warning (device loop3): ext4_multi_mount_protect:326: fsck is running on the filesystem
[  357.926456][T11775] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  357.937493][T11780] EXT4-fs warning (device loop3): ext4_multi_mount_protect:326: MMP failure info: last update time: 1669132786, last update node: dvyukov-desk.muc.corp.google.com, last update device: loop4
[  357.943413][T11775] F2FS-fs (loop2): invalid crc value
[  357.960640][  T548] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  357.974444][  T548] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  357.975979][T11775] F2FS-fs (loop2): Found nat_bits in checkpoint
[  357.982681][  T548] usb 5-1: Product: syz
[  357.992591][  T548] usb 5-1: Manufacturer: syz
[  357.997157][  T548] usb 5-1: SerialNumber: syz
[  358.005672][  T548] r8152-cfgselector 5-1: config 0 descriptor??
[  358.018143][T11775] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  358.024989][T11775] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  358.083477][ T9250] attempt to access beyond end of device
[  358.083477][ T9250] loop2: rw=1, want=45104, limit=40427
[  358.125216][   T20] hub 1-1:0.0: config failed, can't read hub descriptor (err -22)
[  358.245203][   T20] usbhid 1-1:0.0: can't add hid device: -71
[  358.253636][   T20] usbhid: probe of 1-1:0.0 failed with error -71
[  358.285786][   T20] usb 1-1: USB disconnect, device number 54
[  358.351998][T11805] input: syz0 as /devices/virtual/input/input49
[  358.475326][  T548] r8152-cfgselector 5-1: Unknown version 0x0000
[  358.486339][  T548] r8152-cfgselector 5-1: bad CDC descriptors
[  358.505493][  T548] r8152-cfgselector 5-1: Unknown version 0x0000
[  358.519312][  T548] r8152-cfgselector 5-1: USB disconnect, device number 57
[  358.531221][T11811] xt_bpf: check failed: parse error
[  358.545193][   T26] usb 4-1: new high-speed USB device number 57 using dummy_hcd
[  358.546859][T11813] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  358.559422][T11813] overlayfs: failed to set xattr on upper
[  358.669527][T11815] loop2: detected capacity change from 0 to 40427
[  358.741862][   T30] audit: type=1400 audit(2000000841.433:1453): avc:  denied  { read } for  pid=7041 comm="syz-executor" name="loop0" dev="devtmpfs" ino=1759 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  358.764723][   T30] audit: type=1400 audit(2000000841.433:1454): avc:  denied  { ioctl } for  pid=7041 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=1759 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  358.789731][T11815] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  358.807822][T11815] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  358.816240][   T30] audit: type=1400 audit(2000000841.513:1455): avc:  denied  { mounton } for  pid=11828 comm="syz.0.4230" path="/405/file0" dev="tmpfs" ino=2240 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1
[  358.818550][T11815] F2FS-fs (loop2): Found nat_bits in checkpoint
[  358.867202][T11815] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  358.874057][T11815] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  358.915276][   T26] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  358.926452][   T26] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  358.936306][   T26] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  358.949107][   T26] usb 4-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00
[  358.958106][   T26] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  358.969876][   T26] usb 4-1: config 0 descriptor??
[  359.043848][T11845] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  359.051120][T11845] overlayfs: failed to set xattr on upper
[  359.648563][   T26] acrux 0003:1A34:0802.0061: hidraw0: USB HID v0.00 Device [HID 1a34:0802] on usb-dummy_hcd.3-1/input0
[  359.663124][   T26] acrux 0003:1A34:0802.0061: no inputs found
[  359.669363][   T26] acrux 0003:1A34:0802.0061: Failed to enable force feedback support, error: -19
[  359.705640][ T8904] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix.
[  359.705661][ T8904] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix.
[  359.713212][ T8904] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix.
[  359.720639][ T8904] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix.
[  359.728023][ T8904] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix.
[  359.735605][ T8904] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix.
[  359.742994][ T8904] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix.
[  359.785246][ T2779] usb 5-1: new high-speed USB device number 58 using dummy_hcd
[  359.862881][   T26] usb 4-1: USB disconnect, device number 57
[  359.879611][T11854] syz.2.4237[11854] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  359.879700][T11854] syz.2.4237[11854] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  360.035184][ T2779] usb 5-1: Using ep0 maxpacket: 32
[  360.039242][T11874] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  360.061212][T11874] overlayfs: failed to set xattr on upper
[  360.165288][ T2779] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  360.176612][ T2779] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[  360.187894][ T2779] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  360.196946][ T2779] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  360.205626][ T2779] usb 5-1: config 0 descriptor??
[  360.225255][T11851] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  360.245816][ T2779] hub 5-1:0.0: USB hub found
[  360.525220][ T2779] hub 5-1:0.0: config failed, can't read hub descriptor (err -22)
[  360.625237][ T2779] usbhid 5-1:0.0: can't add hid device: -71
[  360.631041][ T2779] usbhid: probe of 5-1:0.0 failed with error -71
[  360.665435][ T2779] usb 5-1: USB disconnect, device number 58
[  360.815158][  T548] usb 4-1: new high-speed USB device number 58 using dummy_hcd
[  361.815228][  T548] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  361.835601][  T548] usb 4-1: config 0 interface 0 has no altsetting 0
[  361.935782][   T30] audit: type=1326 audit(2000000844.633:1456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11925 comm="syz.4.4268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58a5361f19 code=0x7ffc0000
[  361.971918][   T30] audit: type=1326 audit(2000000844.653:1457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11925 comm="syz.4.4268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f58a5361f19 code=0x7ffc0000
[  361.995387][   T30] audit: type=1326 audit(2000000844.653:1458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11925 comm="syz.4.4268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58a5361f19 code=0x7ffc0000
[  362.018880][   T30] audit: type=1326 audit(2000000844.653:1459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11925 comm="syz.4.4268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f58a5361f19 code=0x7ffc0000
[  362.055203][  T548] usb 4-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[  362.064163][  T548] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  362.093285][  T548] usb 4-1: Product: syz
[  362.098098][  T548] usb 4-1: Manufacturer: syz
[  362.102502][  T548] usb 4-1: SerialNumber: syz
[  362.110597][   T30] audit: type=1326 audit(2000000844.653:1460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11925 comm="syz.4.4268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58a5361f19 code=0x7ffc0000
[  362.137547][   T30] audit: type=1326 audit(2000000844.653:1461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11925 comm="syz.4.4268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f58a5361f19 code=0x7ffc0000
[  362.161290][  T548] usb 4-1: config 0 descriptor??
[  362.167082][   T30] audit: type=1326 audit(2000000844.653:1462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11925 comm="syz.4.4268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58a5361f19 code=0x7ffc0000
[  362.203161][   T30] audit: type=1326 audit(2000000844.653:1463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11925 comm="syz.4.4268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7f58a5361f19 code=0x7ffc0000
[  362.230344][T11928] bridge0: port 1(bridge_slave_0) entered blocking state
[  362.239088][T11928] bridge0: port 1(bridge_slave_0) entered disabled state
[  362.249487][T11928] device bridge_slave_0 entered promiscuous mode
[  362.259657][T11928] bridge0: port 2(bridge_slave_1) entered blocking state
[  362.267154][T11928] bridge0: port 2(bridge_slave_1) entered disabled state
[  362.288154][T11928] device bridge_slave_1 entered promiscuous mode
[  362.392019][   T30] audit: type=1326 audit(2000000844.713:1464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11925 comm="syz.4.4268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58a5361f19 code=0x7ffc0000
[  362.433699][   T30] audit: type=1326 audit(2000000844.713:1465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11925 comm="syz.4.4268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58a5361f19 code=0x7ffc0000
[  362.446546][  T548] usb 4-1: selecting invalid altsetting 0
[  362.477992][  T548] snd-usb-audio: probe of 4-1:0.0 failed with error -2
[  362.530061][   T26] usb 4-1: USB disconnect, device number 58
[  362.554970][T11928] bridge0: port 2(bridge_slave_1) entered blocking state
[  362.561969][T11928] bridge0: port 2(bridge_slave_1) entered forwarding state
[  362.588564][  T548] bridge0: port 2(bridge_slave_1) entered disabled state
[  362.597865][  T548] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  362.606365][  T548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  362.617520][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  362.625823][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  362.633820][    T6] bridge0: port 1(bridge_slave_0) entered blocking state
[  362.640680][    T6] bridge0: port 1(bridge_slave_0) entered forwarding state
[  362.656921][  T548] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  362.665382][  T548] bridge0: port 2(bridge_slave_1) entered blocking state
[  362.672232][  T548] bridge0: port 2(bridge_slave_1) entered forwarding state
[  362.690079][  T548] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  362.698200][  T548] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  362.720917][  T523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  362.729962][  T523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  362.738024][  T523] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  362.746068][  T523] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  362.754480][T11928] device veth0_vlan entered promiscuous mode
[  362.771740][  T523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  362.781889][T11928] device veth1_macvtap entered promiscuous mode
[  362.792763][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  362.806939][  T523] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  362.896075][T11959] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4276'.
[  363.055875][ T7660] device bridge_slave_1 left promiscuous mode
[  363.061990][ T7660] bridge0: port 2(bridge_slave_1) entered disabled state
[  363.070792][ T7660] device bridge_slave_0 left promiscuous mode
[  363.077282][ T7660] bridge0: port 1(bridge_slave_0) entered disabled state
[  363.088476][ T7660] device veth1_macvtap left promiscuous mode
[  363.094332][ T7660] device veth0_vlan left promiscuous mode
[  363.368108][    C1] TCP: request_sock_TCP: Possible SYN flooding on port 2. Sending cookies.  Check SNMP counters.
[  363.721750][T12008] overlayfs: failed to resolve './file2': -2
[  363.829702][T12022] loop1: detected capacity change from 0 to 512
[  363.916993][T12022] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue. Quota mode: writeback.
[  363.932830][T12022] ext4 filesystem being mounted at /9/bus supports timestamps until 2038 (0x7fffffff)
[  364.123379][T12030] loop1: detected capacity change from 0 to 512
[  364.196832][T12030] EXT4-fs (loop1): orphan cleanup on readonly fs
[  364.203771][T12030] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.4304: bg 0: block 97: padding at end of block bitmap is not set
[  364.218764][T12030] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2925: inode #15: comm syz.1.4304: corrupted xattr block 19
[  364.230965][T12030] EXT4-fs warning (device loop1): ext4_evict_inode:303: xattr delete (err -117)
[  364.239941][T12030] EXT4-fs (loop1): 1 orphan inode deleted
[  364.246927][T12030] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  364.446724][    C0] TCP: request_sock_TCP: Possible SYN flooding on port 2. Sending cookies.  Check SNMP counters.
[  364.473258][T12042] serio: Serial port pts0
[  364.537098][  T523] Bluetooth: hci0: command 0x1003 tx timeout
[  364.553157][ T4463] Bluetooth: hci0: sending frame failed (-49)
[  364.561225][T12052] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  364.576820][T12052] overlayfs: failed to set xattr on upper
[  364.580545][T12055] loop4: detected capacity change from 0 to 512
[  364.651039][    C0] TCP: request_sock_TCP: Possible SYN flooding on port 2. Sending cookies.  Check SNMP counters.
[  364.686426][T12055] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  364.717191][T12055] EXT4-fs warning (device loop4): ext4_update_dynamic_rev:1053: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  364.731842][T12055] EXT4-fs (loop4): 1 truncate cleaned up
[  364.737537][T12055] EXT4-fs (loop4): mounted filesystem without journal. Opts: nodelalloc,block_validity,sysvgroups,,errors=continue. Quota mode: writeback.
[  364.782762][T12072] overlayfs: failed to resolve './file2': -2
[  365.384987][T12081] serio: Serial port pts0
[  365.402311][T12084] overlayfs: statfs failed on './file0'
[  365.467338][T12089] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  365.474168][T12089] overlayfs: failed to set xattr on upper
[  365.686282][T12109] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4336'.
[  365.730470][T12111] overlayfs: statfs failed on './file0'
[  365.899707][T12093] loop1: detected capacity change from 0 to 131072
[  365.995527][T12093] F2FS-fs (loop1): Invalid log_blocksize (32), supports only 12
[  366.003067][T12093] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  366.013810][T12093] F2FS-fs (loop1): Found nat_bits in checkpoint
[  366.042007][T12093] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  366.048892][T12093] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  366.059953][T12093] F2FS-fs (loop1): access invalid blkaddr:0
[  366.065978][T12093] CPU: 1 PID: 12093 Comm: syz.1.4330 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0
[  366.075764][T12093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  366.085668][T12093] Call Trace:
[  366.088783][T12093]  <TASK>
[  366.091563][T12093]  dump_stack_lvl+0x151/0x1b7
[  366.096075][T12093]  ? io_uring_drop_tctx_refs+0x190/0x190
[  366.101542][T12093]  ? memcpy+0x56/0x70
[  366.105363][T12093]  dump_stack+0x15/0x17
[  366.109356][T12093]  f2fs_is_valid_blkaddr+0xcc3/0x12d0
[  366.114566][T12093]  f2fs_iget+0x1d69/0x4de0
[  366.118823][T12093]  f2fs_lookup+0x410/0xd80
[  366.123070][T12093]  ? f2fs_encrypted_symlink_getattr+0x50/0x50
[  366.128971][T12093]  ? d_hash_and_lookup+0x1e0/0x1e0
[  366.133922][T12093]  ? f2fs_encrypted_symlink_getattr+0x50/0x50
[  366.139817][T12093]  path_openat+0x1194/0x2f40
[  366.144251][T12093]  ? do_filp_open+0x460/0x460
[  366.148763][T12093]  do_filp_open+0x21c/0x460
[  366.153097][T12093]  ? vfs_tmpfile+0x2c0/0x2c0
[  366.157533][T12093]  do_sys_openat2+0x13f/0x830
[  366.162039][T12093]  ? do_sys_open+0x220/0x220
[  366.166461][T12093]  ? check_zeroed_user+0x13f/0x190
[  366.171422][T12093]  __x64_sys_openat+0x243/0x290
[  366.176105][T12093]  ? __ia32_sys_open+0x270/0x270
[  366.180870][T12093]  ? __kasan_check_read+0x11/0x20
[  366.185736][T12093]  ? exit_to_user_mode_prepare+0x7e/0xa0
[  366.191201][T12093]  do_syscall_64+0x3d/0xb0
[  366.195453][T12093]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  366.201190][T12093] RIP: 0033:0x7f6d6f8c6f19
[  366.205434][T12093] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  366.224876][T12093] RSP: 002b:00007f6d6eb48048 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  366.233120][T12093] RAX: ffffffffffffffda RBX: 00007f6d6fa54f60 RCX: 00007f6d6f8c6f19
[  366.240929][T12093] RDX: 0000000000000000 RSI: 0000000020000040 RDI: ffffffffffffff9c
[  366.248841][T12093] RBP: 00007f6d6f935bcd R08: 0000000000000000 R09: 0000000000000000
[  366.256652][T12093] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  366.264463][T12093] R13: 000000000000000b R14: 00007f6d6fa54f60 R15: 00007ffd17aa2f48
[  366.272280][T12093]  </TASK>
[  366.277586][T12093] F2FS-fs (loop1): sanity_check_inode: inode (ino=7) extent info [0, 0, 54528] is incorrect, run fsck to fix
[  366.595904][T12126] overlayfs: failed to resolve './file2': -2
[  366.650611][T12128] serio: Serial port pts0
[  366.817020][T12136] loop1: detected capacity change from 0 to 512
[  366.844311][  T523] Bluetooth: hci0: command 0x1001 tx timeout
[  366.850192][ T4463] Bluetooth: hci0: sending frame failed (-49)
[  366.876881][T12136] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback.
[  366.889172][T12136] ext4 filesystem being mounted at /23/file0 supports timestamps until 2038 (0x7fffffff)
[  367.359418][T12154] loop1: detected capacity change from 0 to 131072
[  367.445463][T12154] F2FS-fs (loop1): Invalid log_blocksize (32), supports only 12
[  367.453094][T12154] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  367.463772][T12154] F2FS-fs (loop1): Found nat_bits in checkpoint
[  367.491648][T12154] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  367.498809][T12154] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  367.517475][T12154] F2FS-fs (loop1): access invalid blkaddr:0
[  367.523219][T12154] CPU: 1 PID: 12154 Comm: syz.1.4351 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0
[  367.532990][T12154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  367.542887][T12154] Call Trace:
[  367.546004][T12154]  <TASK>
[  367.548782][T12154]  dump_stack_lvl+0x151/0x1b7
[  367.553297][T12154]  ? io_uring_drop_tctx_refs+0x190/0x190
[  367.558765][T12154]  ? memcpy+0x56/0x70
[  367.562585][T12154]  dump_stack+0x15/0x17
[  367.566578][T12154]  f2fs_is_valid_blkaddr+0xcc3/0x12d0
[  367.571783][T12154]  f2fs_iget+0x1d69/0x4de0
[  367.576041][T12154]  f2fs_lookup+0x410/0xd80
[  367.580288][T12154]  ? f2fs_encrypted_symlink_getattr+0x50/0x50
[  367.586290][T12154]  ? d_hash_and_lookup+0x1e0/0x1e0
[  367.591236][T12154]  ? f2fs_encrypted_symlink_getattr+0x50/0x50
[  367.597138][T12154]  path_openat+0x1194/0x2f40
[  367.601569][T12154]  ? do_filp_open+0x460/0x460
[  367.606077][T12154]  do_filp_open+0x21c/0x460
[  367.610415][T12154]  ? vfs_tmpfile+0x2c0/0x2c0
[  367.614848][T12154]  do_sys_openat2+0x13f/0x830
[  367.619356][T12154]  ? do_sys_open+0x220/0x220
[  367.623780][T12154]  ? check_zeroed_user+0x13f/0x190
[  367.628731][T12154]  __x64_sys_openat+0x243/0x290
[  367.633415][T12154]  ? __ia32_sys_open+0x270/0x270
[  367.638188][T12154]  ? __kasan_check_read+0x11/0x20
[  367.643050][T12154]  ? exit_to_user_mode_prepare+0x7e/0xa0
[  367.648517][T12154]  do_syscall_64+0x3d/0xb0
[  367.652767][T12154]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  367.658497][T12154] RIP: 0033:0x7f6d6f8c6f19
[  367.662751][T12154] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  367.682192][T12154] RSP: 002b:00007f6d6eb48048 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  367.690435][T12154] RAX: ffffffffffffffda RBX: 00007f6d6fa54f60 RCX: 00007f6d6f8c6f19
[  367.698247][T12154] RDX: 0000000000000000 RSI: 0000000020000040 RDI: ffffffffffffff9c
[  367.706144][T12154] RBP: 00007f6d6f935bcd R08: 0000000000000000 R09: 0000000000000000
[  367.713964][T12154] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  367.721773][T12154] R13: 000000000000000b R14: 00007f6d6fa54f60 R15: 00007ffd17aa2f48
[  367.729585][T12154]  </TASK>
[  367.734291][T12154] F2FS-fs (loop1): sanity_check_inode: inode (ino=7) extent info [0, 0, 54528] is incorrect, run fsck to fix
[  367.795233][  T523] usb 5-1: new high-speed USB device number 59 using dummy_hcd
[  368.041839][T12168] loop1: detected capacity change from 0 to 512
[  368.126555][T12168] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback.
[  368.139003][T12168] ext4 filesystem being mounted at /31/file0 supports timestamps until 2038 (0x7fffffff)
[  368.155276][  T523] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  368.166034][  T523] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  368.175547][  T523] usb 5-1: New USB device found, idVendor=0eef, idProduct=72d0, bcdDevice= 0.00
[  368.184347][  T523] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  368.192908][  T523] usb 5-1: config 0 descriptor??
[  368.387822][T12191] loop1: detected capacity change from 0 to 256
[  368.683641][  T523] hid-multitouch 0003:0EEF:72D0.0062: unknown main item tag 0x0
[  368.707040][  T523] hid-multitouch 0003:0EEF:72D0.0062: unknown main item tag 0x0
[  368.767088][  T523] hid-multitouch 0003:0EEF:72D0.0062: hidraw0: USB HID v0.00 Device [HID 0eef:72d0] on usb-dummy_hcd.4-1/input0
[  368.994220][ T2779] Bluetooth: hci0: command 0x1009 tx timeout
[  369.002933][  T523] usb 5-1: USB disconnect, device number 59
[  369.265189][ T2779] usb 3-1: new high-speed USB device number 51 using dummy_hcd
[  369.695255][ T2779] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  369.706843][ T2779] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[  369.718051][ T2779] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  369.733667][T12235] loop4: detected capacity change from 0 to 16
[  369.735174][ T2779] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  369.748681][ T2779] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  369.757226][ T2779] usb 3-1: config 0 descriptor??
[  369.765975][T12235] erofs: (device loop4): mounted with root inode @ nid 36.
[  369.774846][T12235] attempt to access beyond end of device
[  369.774846][T12235] loop4: rw=0, want=14552337264, limit=16
[  369.786027][T12196] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  369.842890][   T30] kauditd_printk_skb: 15 callbacks suppressed
[  369.842905][   T30] audit: type=1326 audit(2000000000.160:1478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12236 comm="syz.4.4384" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f58a5361f19 code=0x0
[  370.246011][ T2779] plantronics 0003:047F:FFFF.0063: unknown main item tag 0x0
[  370.253445][ T2779] plantronics 0003:047F:FFFF.0063: No inputs registered, leaving
[  370.262158][ T2779] plantronics 0003:047F:FFFF.0063: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  370.526506][  T523] usb 3-1: USB disconnect, device number 51
[  370.685191][   T20] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[  371.048355][T12251] loop2: detected capacity change from 0 to 512
[  371.095410][   T20] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  371.105557][   T20] usb 2-1: config 0 interface 0 has no altsetting 0
[  371.147101][T12251] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  371.210486][T12253] syz.2.4389[12253] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  371.210575][T12253] syz.2.4389[12253] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  371.222807][T12253] 9pnet: Insufficient options for proto=fd
[  371.275282][   T20] usb 2-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[  371.284351][   T20] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  371.292349][   T20] usb 2-1: Product: syz
[  371.296516][   T20] usb 2-1: Manufacturer: syz
[  371.300950][   T20] usb 2-1: SerialNumber: syz
[  371.309811][   T20] usb 2-1: config 0 descriptor??
[  371.347372][   T20] usb 2-1: selecting invalid altsetting 0
[  371.353056][   T20] snd-usb-audio: probe of 2-1:0.0 failed with error -2
[  371.548400][  T548] usb 2-1: USB disconnect, device number 47
[  371.955001][   T30] audit: type=1400 audit(2000000002.270:1479): avc:  denied  { read } for  pid=138 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1
[  371.992827][   T30] audit: type=1400 audit(2000000002.270:1480): avc:  denied  { search } for  pid=138 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  372.023828][   T30] audit: type=1400 audit(2000000002.270:1481): avc:  denied  { read } for  pid=138 comm="dhcpcd" name="n15" dev="tmpfs" ino=26740 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  372.046929][   T30] audit: type=1400 audit(2000000002.270:1482): avc:  denied  { open } for  pid=138 comm="dhcpcd" path="/run/udev/data/n15" dev="tmpfs" ino=26740 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  372.069860][   T30] audit: type=1400 audit(2000000002.270:1483): avc:  denied  { getattr } for  pid=138 comm="dhcpcd" path="/run/udev/data/n15" dev="tmpfs" ino=26740 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  372.092976][   T30] audit: type=1400 audit(2000000002.300:1484): avc:  denied  { read } for  pid=12263 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=296 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  372.119169][   T30] audit: type=1400 audit(2000000002.300:1485): avc:  denied  { open } for  pid=12263 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=296 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  372.145633][   T30] audit: type=1400 audit(2000000002.300:1486): avc:  denied  { getattr } for  pid=12263 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=296 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  372.195660][   T30] audit: type=1400 audit(2000000002.360:1487): avc:  denied  { write } for  pid=12262 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=295 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  372.265858][T12279] bridge0: port 1(bridge_slave_0) entered blocking state
[  372.275161][T12279] bridge0: port 1(bridge_slave_0) entered disabled state
[  372.282440][T12279] device bridge_slave_0 entered promiscuous mode
[  372.305940][T12279] bridge0: port 2(bridge_slave_1) entered blocking state
[  372.324255][T12279] bridge0: port 2(bridge_slave_1) entered disabled state
[  372.344836][T12279] device bridge_slave_1 entered promiscuous mode
[  372.404627][T12286] loop2: detected capacity change from 0 to 40427
[  372.435359][T12286] F2FS-fs (loop2): Found nat_bits in checkpoint
[  372.479200][T12286] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  372.505851][T12279] bridge0: port 2(bridge_slave_1) entered blocking state
[  372.512720][T12279] bridge0: port 2(bridge_slave_1) entered forwarding state
[  372.519827][T12279] bridge0: port 1(bridge_slave_0) entered blocking state
[  372.526607][T12279] bridge0: port 1(bridge_slave_0) entered forwarding state
[  372.551575][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  372.559573][   T20] bridge0: port 1(bridge_slave_0) entered disabled state
[  372.567172][   T20] bridge0: port 2(bridge_slave_1) entered disabled state
[  372.585806][ T8237] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  372.608821][  T548] usb 4-1: new high-speed USB device number 59 using dummy_hcd
[  372.617825][ T8237] bridge0: port 1(bridge_slave_0) entered blocking state
[  372.624660][ T8237] bridge0: port 1(bridge_slave_0) entered forwarding state
[  372.632182][ T8237] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  372.640268][ T8237] bridge0: port 2(bridge_slave_1) entered blocking state
[  372.647124][ T8237] bridge0: port 2(bridge_slave_1) entered forwarding state
[  372.665262][ T8237] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  372.733785][T12286] attempt to access beyond end of device
[  372.733785][T12286] loop2: rw=2049, want=54224, limit=40427
[  372.814529][ T8237] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  372.844112][ T2779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  372.866628][ T8904] attempt to access beyond end of device
[  372.866628][ T8904] loop2: rw=2049, want=45112, limit=40427
[  372.884591][T12279] device veth0_vlan entered promiscuous mode
[  372.919485][  T523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  372.927708][  T523] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  372.937884][  T523] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  372.961961][ T8237] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  372.970274][ T8237] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  372.979614][T12279] device veth1_macvtap entered promiscuous mode
[  372.996257][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  373.003725][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  373.018525][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  373.026954][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  373.035031][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  373.045240][  T548] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  373.074778][  T548] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[  373.096254][  T548] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  373.118080][  T548] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  373.127173][  T548] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  373.127980][T12313] loop0: detected capacity change from 0 to 16
[  373.146110][  T548] usb 4-1: config 0 descriptor??
[  373.165997][T12292] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  373.181235][T12313] erofs: (device loop0): mounted with root inode @ nid 36.
[  373.196122][T12313] attempt to access beyond end of device
[  373.196122][T12313] loop0: rw=0, want=14552337264, limit=16
[  373.282648][T12320] device pim6reg1 entered promiscuous mode
[  373.429418][T12326] bridge0: port 1(bridge_slave_0) entered blocking state
[  373.436331][T12326] bridge0: port 1(bridge_slave_0) entered disabled state
[  373.443444][T12326] device bridge_slave_0 entered promiscuous mode
[  373.450473][T12326] bridge0: port 2(bridge_slave_1) entered blocking state
[  373.457467][T12326] bridge0: port 2(bridge_slave_1) entered disabled state
[  373.464585][T12326] device bridge_slave_1 entered promiscuous mode
[  373.508377][T12326] bridge0: port 2(bridge_slave_1) entered blocking state
[  373.515234][T12326] bridge0: port 2(bridge_slave_1) entered forwarding state
[  373.522301][T12326] bridge0: port 1(bridge_slave_0) entered blocking state
[  373.525169][  T290] usb 1-1: new high-speed USB device number 55 using dummy_hcd
[  373.529133][T12326] bridge0: port 1(bridge_slave_0) entered forwarding state
[  373.556932][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  373.564375][   T26] bridge0: port 1(bridge_slave_0) entered disabled state
[  373.571528][   T26] bridge0: port 2(bridge_slave_1) entered disabled state
[  373.586930][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  373.594975][   T20] bridge0: port 1(bridge_slave_0) entered blocking state
[  373.601812][   T20] bridge0: port 1(bridge_slave_0) entered forwarding state
[  373.609003][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  373.617011][   T20] bridge0: port 2(bridge_slave_1) entered blocking state
[  373.623827][   T20] bridge0: port 2(bridge_slave_1) entered forwarding state
[  373.631492][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  373.639265][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  373.647706][  T548] plantronics 0003:047F:FFFF.0064: unknown main item tag 0x0
[  373.655055][  T548] plantronics 0003:047F:FFFF.0064: No inputs registered, leaving
[  373.665537][  T548] plantronics 0003:047F:FFFF.0064: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  373.683186][T12326] device veth0_vlan entered promiscuous mode
[  373.690272][  T548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  373.698504][  T548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  373.706279][  T548] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  373.713432][  T548] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  373.724375][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  373.733644][T12326] device veth1_macvtap entered promiscuous mode
[  373.745979][ T2779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  373.754236][ T2779] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  373.915389][  T290] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  373.928506][  T290] usb 1-1: config 0 interface 0 has no altsetting 0
[  373.931411][   T20] usb 4-1: USB disconnect, device number 59
[  374.004503][T12337] loop2: detected capacity change from 0 to 40427
[  374.056652][T12337] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  374.064270][T12337] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  374.074609][T12337] F2FS-fs (loop2): Found nat_bits in checkpoint
[  374.102314][T12337] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  374.109441][T12337] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  374.116839][  T290] usb 1-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[  374.129019][  T290] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  374.137137][  T290] usb 1-1: Product: syz
[  374.141108][  T290] usb 1-1: Manufacturer: syz
[  374.145601][  T290] usb 1-1: SerialNumber: syz
[  374.153607][  T290] usb 1-1: config 0 descriptor??
[  374.206085][  T290] usb 1-1: selecting invalid altsetting 0
[  374.211672][  T290] snd-usb-audio: probe of 1-1:0.0 failed with error -2
[  374.490165][ T8237] usb 1-1: USB disconnect, device number 55
[  374.994470][T12326] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix.
[  374.994494][T12326] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix.
[  375.004660][T12326] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix.
[  375.012104][T12326] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix.
[  375.020189][T12326] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix.
[  375.027570][T12326] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix.
[  375.034911][T12326] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix.
[  375.095673][   T20] Bluetooth: hci0: command 0x1003 tx timeout
[  375.113781][ T4463] Bluetooth: hci0: sending frame failed (-49)
[  375.901448][T12364] sit: Dst spoofed 0.0.0.0/2002::bfd8:a5dd -> 224.0.0.1/2002:c021:42c4:3911:45ba:dd28:fd7f:ffc
[  376.176408][T12376] loop0: detected capacity change from 0 to 256
[  376.231608][T12376] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x1c9fa50a, utbl_chksum : 0xe619d30d)
[  376.243774][T12376] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186)
[  376.257796][   T30] kauditd_printk_skb: 8 callbacks suppressed
[  376.257819][   T30] audit: type=1400 audit(2000000006.580:1496): avc:  denied  { execute } for  pid=12375 comm="syz.0.4424" path="/4/file2/bus" dev="loop0" ino=1049007 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  376.312695][T12380] loop0: detected capacity change from 0 to 512
[  376.379395][   T30] audit: type=1326 audit(2000000006.700:1497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12381 comm="syz.2.4427" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb52f07af19 code=0x0
[  376.390444][T12380] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[  376.427634][T12380] EXT4-fs warning (device loop0): ext4_update_dynamic_rev:1053: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  376.442644][T12380] EXT4-fs (loop0): 1 truncate cleaned up
[  376.448193][T12380] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodelalloc,block_validity,sysvgroups,,errors=continue. Quota mode: writeback.
[  376.634693][T12391] loop3: detected capacity change from 0 to 2048
[  376.677022][  T100]  loop3: p2 p3 p7
[  376.687800][T12391]  loop3: p2 p3 p7
[  377.269341][ T8237] Bluetooth: hci0: command 0x1001 tx timeout
[  377.307611][ T4463] Bluetooth: hci0: sending frame failed (-49)
[  377.345268][T12401] netlink: 'syz.0.4432': attribute type 4 has an invalid length.
[  377.356278][T12401] x_tables: duplicate underflow at hook 2
[  377.498561][T12409] loop0: detected capacity change from 0 to 512
[  377.506494][T12409] EXT4-fs (loop0): Ignoring removed oldalloc option
[  377.557253][T12409] EXT4-fs (loop0): mounted filesystem without journal. Opts: oldalloc,,errors=continue. Quota mode: none.
[  377.628789][T12418] loop3: detected capacity change from 0 to 256
[  377.720003][T12418] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x1c9fa50a, utbl_chksum : 0xe619d30d)
[  377.732080][T12418] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186)
[  377.820566][T12422] sit: Dst spoofed 0.0.0.0/2002::bfd8:a5dd -> 224.0.0.1/2002:c021:42c4:3911:45ba:dd28:fd7f:ffc
[  377.990697][T12424] device syzkaller0 entered promiscuous mode
[  378.310559][   T30] audit: type=1326 audit(2000000008.630:1498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12431 comm="syz.2.4441" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb52f07af19 code=0x0
[  378.745564][T12442] netlink: 'syz.0.4444': attribute type 4 has an invalid length.
[  378.754199][T12442] x_tables: duplicate underflow at hook 2
[  379.076108][T12459] device syzkaller0 entered promiscuous mode
[  379.180060][T12470] netlink: 'syz.3.4456': attribute type 4 has an invalid length.
[  379.194846][T12470] x_tables: duplicate underflow at hook 2
[  379.281469][   T30] audit: type=1326 audit(2000000009.600:1499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12482 comm="syz.2.4462" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb52f07af19 code=0x0
[  379.511195][    T6] Bluetooth: hci0: command 0x1009 tx timeout
[  379.740918][T12488] device syzkaller0 entered promiscuous mode
[  379.859258][T12492] bridge0: port 1(bridge_slave_0) entered blocking state
[  379.866188][T12492] bridge0: port 1(bridge_slave_0) entered disabled state
[  379.873224][T12492] device bridge_slave_0 entered promiscuous mode
[  379.880021][T12492] bridge0: port 2(bridge_slave_1) entered blocking state
[  379.887220][T12492] bridge0: port 2(bridge_slave_1) entered disabled state
[  379.894328][T12492] device bridge_slave_1 entered promiscuous mode
[  379.945763][T12492] bridge0: port 2(bridge_slave_1) entered blocking state
[  379.952620][T12492] bridge0: port 2(bridge_slave_1) entered forwarding state
[  379.959716][T12492] bridge0: port 1(bridge_slave_0) entered blocking state
[  379.966494][T12492] bridge0: port 1(bridge_slave_0) entered forwarding state
[  379.990343][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  379.997923][   T20] bridge0: port 1(bridge_slave_0) entered disabled state
[  380.004912][   T20] bridge0: port 2(bridge_slave_1) entered disabled state
[  380.014368][  T523] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  380.022467][  T523] bridge0: port 1(bridge_slave_0) entered blocking state
[  380.029313][  T523] bridge0: port 1(bridge_slave_0) entered forwarding state
[  380.039974][  T523] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  380.082900][  T523] bridge0: port 2(bridge_slave_1) entered blocking state
[  380.089864][  T523] bridge0: port 2(bridge_slave_1) entered forwarding state
[  380.096999][  T290] usb 1-1: new high-speed USB device number 56 using dummy_hcd
[  380.098854][T12497] loop3: detected capacity change from 0 to 1024
[  380.114892][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  380.122910][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  380.147175][T12492] device veth0_vlan entered promiscuous mode
[  380.155276][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  380.163485][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  380.171480][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  380.178755][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  380.189917][T12492] device veth1_macvtap entered promiscuous mode
[  380.197365][ T2779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  380.206172][T12497] EXT4-fs (loop3): Ignoring removed orlov option
[  380.214496][T12497] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option
[  380.226411][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  380.239593][T12497] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  380.264685][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  380.284850][T12499] loop2: detected capacity change from 0 to 40427
[  380.298214][T12497] EXT4-fs error (device loop3): get_max_inline_xattr_value_size:69: inode #12: comm syz.3.4466: corrupt xattr in inline inode
[  380.311513][T12497] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2213: inode #12: comm syz.3.4466: corrupted in-inode xattr
[  380.330020][ T9405] ==================================================================
[  380.337978][ T9405] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xcd0/0xce0
SYZFAIL: failed to recv rpc
fd=3 want=4 sent=0 n=0 (errno 9: Bad file descriptor)
[  380.345789][ T9405] Read of size 4 at addr ffff8881371e8000 by task syz-executor/9405
[  380.353595][ T9405] 
[  380.355766][ T9405] CPU: 1 PID: 9405 Comm: syz-executor Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0
[  380.365666][ T9405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  380.375555][ T9405] Call Trace:
[  380.378679][ T9405]  <TASK>
[  380.381460][ T9405]  dump_stack_lvl+0x151/0x1b7
[  380.385974][ T9405]  ? io_uring_drop_tctx_refs+0x190/0x190
[  380.391437][ T9405]  ? panic+0x751/0x751
[  380.395348][ T9405]  print_address_description+0x87/0x3b0
[  380.400728][ T9405]  kasan_report+0x179/0x1c0
[  380.405026][T12499] F2FS-fs (loop2): Found nat_bits in checkpoint
[  380.405064][ T9405]  ? ext4_xattr_delete_inode+0xcd0/0xce0
[  380.416608][ T9405]  ? ext4_xattr_delete_inode+0xcd0/0xce0
[  380.422076][ T9405]  __asan_report_load4_noabort+0x14/0x20
[  380.427547][ T9405]  ext4_xattr_delete_inode+0xcd0/0xce0
[  380.432836][ T9405]  ? sb_end_intwrite+0x120/0x120
[  380.437611][ T9405]  ? ext4_expand_extra_isize_ea+0x1bb0/0x1bb0
[  380.443513][ T9405]  ? ext4_journal_check_start+0x16c/0x230
[  380.449069][ T9405]  ? __kasan_check_read+0x11/0x20
[  380.453928][ T9405]  ? ext4_inode_is_fast_symlink+0x295/0x3d0
[  380.459658][ T9405]  ? ext4_evict_inode+0xb8d/0x14e0
[  380.464602][ T9405]  ext4_evict_inode+0xea1/0x14e0
[  380.469377][ T9405]  ? _raw_spin_unlock+0x4d/0x70
[  380.474063][ T9405]  ? ext4_inode_is_fast_symlink+0x3d0/0x3d0
[  380.479793][ T9405]  ? _raw_spin_unlock+0x4d/0x70
[  380.484477][ T9405]  ? inode_io_list_del+0x18b/0x1a0
[  380.489430][ T9405]  ? ext4_inode_is_fast_symlink+0x3d0/0x3d0
[  380.495152][ T9405]  evict+0x2a3/0x630
[  380.498888][ T9405]  iput+0x63b/0x7e0
[  380.502531][ T9405]  vfs_rmdir+0x359/0x470
[  380.506610][ T9405]  do_rmdir+0x3ab/0x630
[  380.510603][ T9405]  ? d_delete_notify+0x160/0x160
[  380.515379][ T9405]  __x64_sys_unlinkat+0xdf/0xf0
[  380.520064][ T9405]  do_syscall_64+0x3d/0xb0
[  380.524315][ T9405]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  380.530045][ T9405] RIP: 0033:0x7fda103f1597
[  380.534308][ T9405] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  380.553738][ T9405] RSP: 002b:00007ffc530e0c98 EFLAGS: 00000207 ORIG_RAX: 0000000000000107
[  380.561982][ T9405] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007fda103f1597
[  380.569795][ T9405] RDX: 0000000000000200 RSI: 00007ffc530e1e40 RDI: 00000000ffffff9c
[  380.577603][ T9405] RBP: 00007fda1045f65d R08: 0000000000000000 R09: 0000000000000000
[  380.585421][ T9405] R10: 0000000000000100 R11: 0000000000000207 R12: 00007ffc530e1e40
[  380.593236][ T9405] R13: 00007fda1045f65d R14: 000000000005ccad R15: 0000000000000007
[  380.601043][ T9405]  </TASK>
[  380.603901][ T9405] 
[  380.606090][ T9405] The buggy address belongs to the page:
[  380.611557][ T9405] page:ffffea0004dc7a00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x1371e8
[  380.621614][ T9405] flags: 0x4000000000000000(zone=1)
[  380.626652][ T9405] raw: 4000000000000000 ffffea0004beac08 ffffea0004c282c8 0000000000000000
[  380.635066][ T9405] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[  380.643479][ T9405] page dumped because: kasan: bad access detected
[  380.649733][ T9405] page_owner tracks the page as freed
[  380.654935][ T9405] page last allocated via order 0, migratetype Movable, gfp_mask 0x100cca(GFP_HIGHUSER_MOVABLE), pid 12380, ts 376657361025, free_ts 377306073268
[  380.669525][ T9405]  post_alloc_hook+0x1a3/0x1b0
[  380.674121][ T9405]  prep_new_page+0x1b/0x110
[  380.678458][ T9405]  get_page_from_freelist+0x3550/0x35d0
[  380.683836][ T9405]  __alloc_pages+0x27e/0x8f0
[  380.688265][ T9405]  shmem_alloc_and_acct_page+0x4bd/0xa80
[  380.693733][ T9405]  shmem_getpage_gfp+0x1388/0x23c0
[  380.698680][ T9405]  shmem_fault+0x1b8/0x6c0
[  380.702933][ T9405]  __do_fault+0x273/0x300
[  380.707099][ T9405]  handle_pte_fault+0x167b/0x24d0
[  380.711961][ T9405]  do_handle_mm_fault+0x1ea9/0x23a0
[  380.716994][ T9405]  __get_user_pages+0x379/0xee0
[  380.721679][ T9405]  __mm_populate+0x38d/0x560
[  380.726104][ T9405]  vm_mmap_pgoff+0x271/0x450
[  380.730530][ T9405]  ksys_mmap_pgoff+0xed/0x1e0
[  380.735044][ T9405]  __x64_sys_mmap+0x103/0x120
[  380.739559][ T9405]  do_syscall_64+0x3d/0xb0
[  380.743813][ T9405] page last free stack trace:
[  380.748323][ T9405]  free_unref_page_prepare+0x7c8/0x7d0
[  380.753616][ T9405]  free_unref_page_list+0x14b/0xa60
[  380.758652][ T9405]  release_pages+0x1310/0x1370
[  380.763253][ T9405]  __pagevec_release+0x84/0x100
[  380.767939][ T9405]  shmem_undo_range+0x604/0x1560
[  380.772713][ T9405]  shmem_evict_inode+0x215/0x9d0
[  380.777484][ T9405]  evict+0x2a3/0x630
[  380.781217][ T9405]  iput+0x63b/0x7e0
[  380.784864][ T9405]  dentry_unlink_inode+0x34f/0x440
[  380.789809][ T9405]  __dentry_kill+0x447/0x660
[  380.794237][ T9405]  dentry_kill+0xc0/0x2a0
[  380.798403][ T9405]  dput+0x45/0x80
[  380.801873][ T9405]  __fput+0x662/0x910
[  380.805693][ T9405]  ____fput+0x15/0x20
[  380.809513][ T9405]  task_work_run+0x129/0x190
[  380.813939][ T9405]  do_exit+0xc48/0x2ca0
[  380.817931][ T9405] 
[  380.820099][ T9405] Memory state around the buggy address:
[  380.825573][ T9405]  ffff8881371e7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  380.833468][ T9405]  ffff8881371e7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  380.841374][ T9405] >ffff8881371e8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  380.849264][ T9405]                    ^
[  380.853169][ T9405]  ffff8881371e8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  380.861071][ T9405]  ffff8881371e8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  380.868963][ T9405] ==================================================================
[  380.876865][ T9405] Disabling lock debugging due to kernel taint