last executing test programs:

8.2866937s ago: executing program 3 (id=6213):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_usb_connect$uac1(0x2, 0xac, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xfffffffffffffed1, 0x3, 0x1, 0xc, 0x60, 0x40, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x0, 0xb1}, [@input_terminal={0x24, 0x24, 0x2, 0x0, 0x205, 0x0, 0x0, 0x0, 0x0, 0x2}, @input_terminal={0xc, 0x24, 0x2, 0x0, 0x0, 0xfe}, @processing_unit={0xd, 0x24, 0x7, 0x0, 0x0, 0x0, "4336d88b1a56"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0x0, 0x0, 0x0, {0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x0, 0x2, 0x2, "f6f81132fff8"}, @as_header={0x7, 0x24, 0x1, 0xfe}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0xfc, 0x0, 0xb, {0x7, 0x25, 0x1, 0x2}}}}}}}]}}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x7, 0x8000, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r2, <r3=>0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000020d0039000000000000b4a518110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4}, 0x10)

6.81174213s ago: executing program 2 (id=6219):
setuid(0xee01)
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000040)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000140)={r0, &(0x7f00000000c0), 0x0}, 0x20)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r1, 0xc0045878, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='module_load\x00'}, 0xfffffffffffffee8)
r2 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, 0x0)
fallocate(r2, 0x8, 0x0, 0x1000)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000200)={'ip6tnl0\x00', &(0x7f0000000280)={'ip6_vti0\x00', <r4=>0x0, 0x2f, 0x9, 0x4, 0x222, 0x20, @rand_addr=' \x01\x00', @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x10, 0xff50, 0x29, 0x6}})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000080000024d564b"])
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000440)={'ip6tnl0\x00', <r7=>0x0, 0x2f, 0x3, 0x0, 0x5, 0x41, @private1={0xfc, 0x1, '\x00', 0x1}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x40, 0x7816, 0x8, 0xc6b1}})
mount$overlay(0x0, &(0x7f0000000640)='./bus\x00', &(0x7f0000000680), 0x9000, &(0x7f00000006c0)={[{@userxattr}, {@metacopy_off}, {@upperdir={'upperdir', 0x3d, './bus'}}], [{@pcr={'pcr', 0x3d, 0x7}}]})
r8 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000007c0)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_ADD_TX_TS(r2, &(0x7f0000000880)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000840)={&(0x7f0000000800)={0x38, r8, 0x8, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r9}, @val={0xc, 0x99, {0x80, 0x64}}}}, [@NL80211_ATTR_ADMITTED_TIME={0x6, 0xd4, 0x820}, @NL80211_ATTR_USER_PRIO={0x5, 0xd3, 0x2}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x40)
sendmsg$ETHTOOL_MSG_DEBUG_GET(r2, &(0x7f0000000600)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000500)={0x80, r3, 0x200, 0x70bd25, 0x25dfdbfc, {}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0\x00'}]}, @HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}]}, @HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan0\x00'}]}]}, 0x80}, 0x1, 0x0, 0x0, 0x48004}, 0xc000)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)

6.766929864s ago: executing program 4 (id=6220):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x71}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='sched_switch\x00', r3}, 0x10)
pipe(0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
process_vm_writev(r0, &(0x7f0000000340)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1, &(0x7f0000002940)=[{0x0}, {&(0x7f00000003c0)=""/89, 0x59}, {&(0x7f00000015c0)=""/232, 0xe8}, {&(0x7f00000016c0)=""/146, 0x92}, {&(0x7f0000001780)=""/58, 0x3a}, {0x0}], 0x6, 0x0)
r4 = socket$inet(0x2, 0x2, 0x8)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
setuid(0x0)
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000040), 0x12)
add_key$fscrypt_v1(&(0x7f0000000040), 0x0, 0x0, 0x0, 0xfffffffffffffffd)

6.277590758s ago: executing program 0 (id=6221):
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000800085"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000100))
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000003c0)={0x18, 0x0, &(0x7f0000000300)=[@acquire, @request_death], 0x0, 0x0, 0x0})
r6 = dup3(r5, r4, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000400)={0x4, 0x0, &(0x7f0000000140)=[@enter_looper], 0x1, 0x0, &(0x7f0000001b80)='\x00'})

5.920410129s ago: executing program 2 (id=6223):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10)
r5 = openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
write$selinux_user(r5, &(0x7f00000004c0)=ANY=[], 0x34)

5.90590364s ago: executing program 3 (id=6224):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0x1000e, &(0x7f0000000280)={[{@resuid}, {@init_itable}, {@grpid}, {@noblock_validity}]}, 0x3, 0x45c, &(0x7f0000001980)="$eJzs3M1vFOUfAPDvTLvlxw+wFfGFF7WKxsaXlgIqBw9qNPGAiYke9Ni0hSALNbQmQoiCMXgyhsS78ei/4Ekvxngy8ap3Q0IMBwFPY2Z3pt3d7i60bFntfj7JwPPMPMPzfPeZh31mnk4DGFjj+R9JxPaI+C0iRuvZ5gLj9b9uXDs/e/Pa+dkksuztP5NauevXzs+WRcvzthWZiTQi/SyJvW3qXTx77uRMtTp/pshPLZ36YGrx7LnnTpyaOT5/fP70wSNHDh+afvGFg8/3JM68Tdf3fLywb/cb711+8+gXTfG3xNEj490OPpllPa6uv3Y0pJPhPjaENRmKiLy7KrXxPxpDsdJ5o/H6p31tHLChsizLtnU+fCEDNrEkmvOGPAyK8os+v/8tt9ZJwMsbN/3ou6uv1G+A8rhvFFv9yHCkRZlKy/1tL41HxLsX/v4632JjnkMAADT5Pp//PNtu/pfGAw3l7inWhsYi4t6I2BkR90XEroi4P6JW9sGIeGiN9bcukqye/6RX1hXYbcrnfy8Va1vN879y9hdjQ0VuRy3+SnLsRHX+QPGZTERlS56f7lLHD6/9+mWnY43zv3zL6y/ngkU7rgxvaT5nbmZp5k5ibnT1YsSe4XbxJ8srAUlE7I6IPeus48TT3+7rdOzW8XfRg3Wm7JuIp+r9fyFa4i8l3dcnp/4X1fkDU+VVsdrPv1x6q1P9dxR/D+T9//+21/9y/GNJ43rt4trruPT75x3vadZ7/Y8k79TSI8W+j2aWls5MR4wkR+uNbtx/cOXcMl+Wz+Of2N9+/O+MlU9ib0TkF/HDEfFIRDxatP2xiHg8IvZ3if+nV594f/3xb6w8/rk19f9KYiRa97RPDJ388bumSsdWxX+ze/8frqUmij23/P/vr4jbadf6rmYAAAD470kjYnsk6eRyOk0nJ+s/L78rIq0uLC49c2zhw9Nz9XcExqKSlk+6Rhueh04Xt/X1/MWIyGJLw/FDxXPjr4a21vKTswvVuX4HDwNuW4fxn/tjqN+tAzac97VgQCXGPwwy4x8Gl/EPg6vN+N/aj3YAd1+77/9P+tAO4O5rGf+W/WCAuP+HwdVx/G/m3/wD1Pj+h4G0uDVu/ZL8qsT2iOV3/8t/aQ2nD0QiKv+KZtx5Ikvadm6k/W7YcuJyxeXX44QpAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsFn8EwAA//8Vct2R")
mkdir(&(0x7f0000000080)='./bus\x00', 0x0)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000026c0)={0x0, r0}, 0x10)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1000410, &(0x7f0000000100)={[{@grpid}, {@grpquota}]}, 0x4, 0x4eb, &(0x7f0000000540)="$eJzs3c9vVFsdAPDvnXZoKQMFZaFGBRFFQ5j+ABqCC2GjMYTESFy5gNoOTdMZpum0SCuLsnRvIokr/RPcuTBh5cKdO925wYUJKnkv9CVvMS/3zqUd2g7te7Qd6Hw+ye2955xhvufMcM6Ze2B6AuhZZyNiNSKORMS9iBjO85P8iButI33cq5ePp9ZePp5Kotm8878kK0/zou3PpI7lzzkYET/7ccQvk61xG8src5PVamUhT48s1uZHGssrl2YLec74xNjE6LXLV8f3rK1nan968aPZWz//y5+/8fzvq9//dVqt0m+OZ2Xt7dhLraYXo9SW1x8Rt/YjWJf0539/+PCkve1LEXEu6//D0Ze9mwDAYdZsDkdzuD0NABx26f1/KZJCOV8LKEWhUC631vBOx1ChWm8sXhyuLz2YjmwN62QUC/dnq5XRfK3wZBSTND2WXW+kxzelL0fEqYj47cDRLF2eqlenu/nBBwB62LFN8//HA635HwA45Aa7XQEA4MCZ/wGg95j/AaD3fI7537cDAeCQcP8PAL3H/A8AvWfH+f/JwdQDADgQP719Oz2aa/nvv55+uLz0g9LDS9OVxly5tjRVnqovzJdn6vWZaqU81Wzu9HzVen1+7Mp6srG8crdWX3qweHe2NjlTuVsp7nN7AICdnTrz7J9JRKxeP5od0baXg7kaDrdCtysAdE1ftysAdI3v80Dv2sU9vmUAOOS22aL3DR3/i9BTm7/Ch+rCV63/Q6+y/g+964ut//9wz+sBHDzr/9C7ms3Env8A0GOs8QPv9O//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KNK2ZEUytle4Kvpz0K5HHE8Ik5GMbk/W62MRsSJiPjHQHEgTY91u9IAwDsq/CfJ9/+6MHy+tLn0SPLJQHaOiF/9/s7vHk0uLi6Mpfn/X89ffJrnjx/pRgMAgHY3tma15un83HYj/+rl46nXx0FW8cXN1uaiady1/GiV9Ed/dh6MYkQMfZTk6Zb080rfHsRffRIRX9lo/6O2CKVsDaS18+nm+Gns4/sQf+P13xy/8Eb8QlaWnovZa/HlPagL9JpnN1vjZN730i6W979CnM3O2/f/wWyEenevx7+1LeNfYX3869sSP8n6/Nn19Ntr8uLKX3+yJbM53Cp7EvG1/u3iJ+vxkw7j7/ldtvFfX//muU5lzT9EXIjt47fUsmF2ZLE2P9JYXrk0W5ucqcxUHoyPT4xNjF67fHV8JFujbv3823Yx/nv94olO8dP2D3WIP7hD+7+zy/b/8dN7v/jWW+J/79vbv/+n3xI/nRO/u8v4k0M3Om7fncaf7tD+nd7/i7uM//zfK9O7fCgAcAAayytzk9VqZWGHi/Sz5k6PcfFhXsRqxHtQDRfv1UW3RyZgv210+m7XBAAAAAAAAAAAAAAA6KSxvDI3EPv7daJutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDD67MAAAD//w/PzvM=")
openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0)
sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b7000000000000"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d)
r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r6, 0x800c6613, &(0x7f0000000100)=@v1={0x0, @adiantum, 0x0, @desc1})
r7 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
getdents64(r7, &(0x7f0000000f80)=""/4096, 0x1000)

5.834216756s ago: executing program 4 (id=6225):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000008a306cd0c00000000000109022400010000000009040000010300000009"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='kfree\x00', r2}, 0x10)
syz_usb_control_io(r1, &(0x7f0000000040)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\v'], 0x0, 0x0, 0x0, 0x0}, 0x0)

5.00471612s ago: executing program 2 (id=6226):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffdb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x200000c0}, 0x10040)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, 0x0, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x0, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
r6 = openat$incfs(r5, &(0x7f0000000080)='.pending_reads\x00', 0x0, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000f7850000002d000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r7}, 0x10)
r8 = socket$nl_generic(0x11, 0x3, 0x10)
sendmsg(r8, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd8168", 0x7}], 0x1, 0x0, 0x0, 0x11000000}, 0x0)
ioctl$KVM_CREATE_VCPU(r6, 0x40106726, 0x20000000)

4.930696036s ago: executing program 0 (id=6228):
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1817c1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0xfffffffffffffddf, &(0x7f0000000040)=0x2)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x200400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000009007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r3}, 0x10)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='tmpfs\x00', 0x0, 0x0)

4.925416757s ago: executing program 3 (id=6229):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@file={0x0, './cgroup/../file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r3 = socket$tipc(0x1e, 0x5, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r4, &(0x7f0000000080), &(0x7f0000001540)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, 0x0, 0x0)
r6 = add_key$fscrypt_v1(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb)
keyctl$KEYCTL_MOVE(0x1e, 0x0, r6, 0xfffffffffffffffa, 0x1)

4.130121386s ago: executing program 2 (id=6230):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0x1000e, &(0x7f0000000280)={[{@resuid}, {@init_itable}, {@grpid}, {@noblock_validity}]}, 0x3, 0x45c, &(0x7f0000001980)="$eJzs3M1vFOUfAPDvTLvlxw+wFfGFF7WKxsaXlgIqBw9qNPGAiYke9Ni0hSALNbQmQoiCMXgyhsS78ei/4Ekvxngy8ap3Q0IMBwFPY2Z3pt3d7i60bFntfj7JwPPMPMPzfPeZh31mnk4DGFjj+R9JxPaI+C0iRuvZ5gLj9b9uXDs/e/Pa+dkksuztP5NauevXzs+WRcvzthWZiTQi/SyJvW3qXTx77uRMtTp/pshPLZ36YGrx7LnnTpyaOT5/fP70wSNHDh+afvGFg8/3JM68Tdf3fLywb/cb711+8+gXTfG3xNEj490OPpllPa6uv3Y0pJPhPjaENRmKiLy7KrXxPxpDsdJ5o/H6p31tHLChsizLtnU+fCEDNrEkmvOGPAyK8os+v/8tt9ZJwMsbN/3ou6uv1G+A8rhvFFv9yHCkRZlKy/1tL41HxLsX/v4632JjnkMAADT5Pp//PNtu/pfGAw3l7inWhsYi4t6I2BkR90XEroi4P6JW9sGIeGiN9bcukqye/6RX1hXYbcrnfy8Va1vN879y9hdjQ0VuRy3+SnLsRHX+QPGZTERlS56f7lLHD6/9+mWnY43zv3zL6y/ngkU7rgxvaT5nbmZp5k5ibnT1YsSe4XbxJ8srAUlE7I6IPeus48TT3+7rdOzW8XfRg3Wm7JuIp+r9fyFa4i8l3dcnp/4X1fkDU+VVsdrPv1x6q1P9dxR/D+T9//+21/9y/GNJ43rt4trruPT75x3vadZ7/Y8k79TSI8W+j2aWls5MR4wkR+uNbtx/cOXcMl+Wz+Of2N9+/O+MlU9ib0TkF/HDEfFIRDxatP2xiHg8IvZ3if+nV594f/3xb6w8/rk19f9KYiRa97RPDJ388bumSsdWxX+ze/8frqUmij23/P/vr4jbadf6rmYAAAD470kjYnsk6eRyOk0nJ+s/L78rIq0uLC49c2zhw9Nz9XcExqKSlk+6Rhueh04Xt/X1/MWIyGJLw/FDxXPjr4a21vKTswvVuX4HDwNuW4fxn/tjqN+tAzac97VgQCXGPwwy4x8Gl/EPg6vN+N/aj3YAd1+77/9P+tAO4O5rGf+W/WCAuP+HwdVx/G/m3/wD1Pj+h4G0uDVu/ZL8qsT2iOV3/8t/aQ2nD0QiKv+KZtx5Ikvadm6k/W7YcuJyxeXX44QpAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsFn8EwAA//8Vct2R")
mkdir(&(0x7f0000000080)='./bus\x00', 0x0)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000026c0)={0x0, r0}, 0x10)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1000410, &(0x7f0000000100)={[{@grpid}, {@grpquota}]}, 0x4, 0x4eb, &(0x7f0000000540)="$eJzs3c9vVFsdAPDvnXZoKQMFZaFGBRFFQ5j+ABqCC2GjMYTESFy5gNoOTdMZpum0SCuLsnRvIokr/RPcuTBh5cKdO925wYUJKnkv9CVvMS/3zqUd2g7te7Qd6Hw+ye2955xhvufMcM6Ze2B6AuhZZyNiNSKORMS9iBjO85P8iButI33cq5ePp9ZePp5Kotm8878kK0/zou3PpI7lzzkYET/7ccQvk61xG8src5PVamUhT48s1uZHGssrl2YLec74xNjE6LXLV8f3rK1nan968aPZWz//y5+/8fzvq9//dVqt0m+OZ2Xt7dhLraYXo9SW1x8Rt/YjWJf0539/+PCkve1LEXEu6//D0Ze9mwDAYdZsDkdzuD0NABx26f1/KZJCOV8LKEWhUC631vBOx1ChWm8sXhyuLz2YjmwN62QUC/dnq5XRfK3wZBSTND2WXW+kxzelL0fEqYj47cDRLF2eqlenu/nBBwB62LFN8//HA635HwA45Aa7XQEA4MCZ/wGg95j/AaD3fI7537cDAeCQcP8PAL3H/A8AvWfH+f/JwdQDADgQP719Oz2aa/nvv55+uLz0g9LDS9OVxly5tjRVnqovzJdn6vWZaqU81Wzu9HzVen1+7Mp6srG8crdWX3qweHe2NjlTuVsp7nN7AICdnTrz7J9JRKxeP5od0baXg7kaDrdCtysAdE1ftysAdI3v80Dv2sU9vmUAOOS22aL3DR3/i9BTm7/Ch+rCV63/Q6+y/g+964ut//9wz+sBHDzr/9C7ms3Env8A0GOs8QPv9O//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KNK2ZEUytle4Kvpz0K5HHE8Ik5GMbk/W62MRsSJiPjHQHEgTY91u9IAwDsq/CfJ9/+6MHy+tLn0SPLJQHaOiF/9/s7vHk0uLi6Mpfn/X89ffJrnjx/pRgMAgHY3tma15un83HYj/+rl46nXx0FW8cXN1uaiady1/GiV9Ed/dh6MYkQMfZTk6Zb080rfHsRffRIRX9lo/6O2CKVsDaS18+nm+Gns4/sQf+P13xy/8Eb8QlaWnovZa/HlPagL9JpnN1vjZN730i6W979CnM3O2/f/wWyEenevx7+1LeNfYX3869sSP8n6/Nn19Ntr8uLKX3+yJbM53Cp7EvG1/u3iJ+vxkw7j7/ldtvFfX//muU5lzT9EXIjt47fUsmF2ZLE2P9JYXrk0W5ucqcxUHoyPT4xNjF67fHV8JFujbv3823Yx/nv94olO8dP2D3WIP7hD+7+zy/b/8dN7v/jWW+J/79vbv/+n3xI/nRO/u8v4k0M3Om7fncaf7tD+nd7/i7uM//zfK9O7fCgAcAAayytzk9VqZWGHi/Sz5k6PcfFhXsRqxHtQDRfv1UW3RyZgv210+m7XBAAAAAAAAAAAAAAA6KSxvDI3EPv7daJutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDD67MAAAD//w/PzvM=")
sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b702000000000000850000008400"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d)
r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r6, 0x800c6613, &(0x7f0000000100)=@v1={0x0, @adiantum, 0x0, @desc1})
r7 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
getdents64(r7, &(0x7f0000000f80)=""/4096, 0x1000)

4.129508627s ago: executing program 1 (id=6231):
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./bus\x00', 0x1010000, &(0x7f0000000300)={[{@utf8}, {@iocharset={'iocharset', 0x3d, 'macgreek'}}, {@uni_xlateno}, {@fat=@check_strict}, {@utf8no}, {@uni_xlateno}, {@rodir}, {@fat=@codepage={'codepage', 0x3d, '866'}}, {@uni_xlate}, {@shortname_winnt}, {@iocharset={'iocharset', 0x3d, 'euc-jp'}}, {@shortname_win95}, {@shortname_win95}, {@shortname_winnt}, {@shortname_mixed}, {@uni_xlate}, {@fat=@allow_utime={'allow_utime', 0x3d, 0x1fd}}]}, 0x1, 0x369, &(0x7f0000000700)="$eJzs3U1oY1UbAOA3vWnSGfi+dicKQnQnaJnOTje2SAcGu1EJ/izE4HRUkiq0WGwX09aF4lJwqSt3CrpwIS5FUMSdC7eOIKPiQmc34OCR5OYmt0naaQerFJ9nkZy+57znnPtDcntJTp5bjPal6bh8/fq1mJmpRHXxkcW4UYm5yKKwG+NqE2IAwOlwI6X4PeWOmFI54SkBACes9/7/QkQ0Yi6PvP7lYe2Td38AOPX6//+fOazNzEEVr5zIlACAEzZ2///efdW1akQtqsWf1dKnAgCA0+qJp595dGkl4vFGYyZi7c3N5mYzHhrWL12Ol6ITq3EuZuNmRH6h0H2o9B4vXFxZPtdoNHbip7loRsRUP7GZXyksZb38eizEbMz187uXGqlXzi58srK80OiJiN2d3vixVtlsTsfZ/vjfn43V4YVH0UnvKeLiyvL5Rr+D5lqRvxOxN7xv0Z3/fMzGt88Pukmp+ATjyvKVhWLSw/zNZj0uDfbCgXdAAAAAAAAAAAAAAAAAAAAAAADgtsw3BuYG6+ek7nO+Us78/IT63vo4eX5/faC9fH2gVE+R0m+vPdB8K4t96wONrs+zaSFBAAAAAAAAAAAAAAAAAAAAGNjYqkWr01ld39jabpcLO+sbW1MR0Y28/PVHX5yJ8Ta3KFTzIeoRgyEa/WG3262UFY1TFjGennUHLyIffDqYcblNfbAVE6dRP7iq0/nfPT++O4zcnRU9/zlsk8XkDcxK03h4pOe1/+dTOs6OGhTOlyP18dGvppRKkTfK6VeeHe8wKhHV4x+47fZUHNwmdQtfXXvxzmLvtz5Pufvun33y6jvv/9JudbojR+8I1tY3bqZ2q1I0Pt5u6e7qIlKJvFApnwnVw9L39kda2Xe/PnXX298cbfRUjrzaPZ9H2mT55nw8ml7LC91pjlSdGaZP9zeiszo94eS/VeE2jukd7332YUo//HzkIYamxl42Kn/Pqw8AAAAAAAAAAAAAAAAAAFBW+q54X//LvtOHZT342MnPDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+OcPf/y8V9nZjJDIo7I5FBoU/diZk1VfXNyJq//ZmAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwH/dXAAAA//+g5Vir")
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000010700000000000000f9000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000080)='9p_client_res\x00'}, 0x10)
r6 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$RTC_UIE_ON(r6, 0x7003)
ioctl$RTC_WKALM_SET(r6, 0x4028700f, &(0x7f0000000040)={0x11, 0x0, {0x0, 0x0, 0x0, 0x1c, 0x0, 0x7ffd}})
ioctl$RTC_ALM_SET(r6, 0x40247007, &(0x7f00000003c0))
chdir(&(0x7f0000000000)='./file0\x00')
setsockopt$inet6_int(r0, 0x29, 0x13, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)

4.078038071s ago: executing program 0 (id=6232):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001100)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x22000406, &(0x7f00000000c0)={[{@sysvgroups}, {@orlov}, {@nogrpid}, {@init_itable}, {@dioread_nolock}, {@grpjquota, 0x2e}, {@oldalloc}, {@errors_remount}, {@jqfmt_vfsv1}, {@grpid}], [], 0x2c}, 0x0, 0x4da, &(0x7f0000000140)="$eJzs3MtrHdUfAPDvTF59J+2vv0cfPxutYrCatGnVLlyoKHQjCLrQjRDTtNSmrTQRbCm2FalL8S9Ql4Lgyo0rBRF1pbjVvQhFuml1IVfmzkw6yc29vTdJE839fOAm58wj53zPzJl77pw7CaBrDWc/kogtEfFTRAzm2fkbDOe/bt24NPn7jUuTSdRqL/yW1Le7eePSZLlpud/mIjOSRqTvJLFnkXJnLlw8PTE9PXW+yI/Nnnl9bObCxUdOnZk4OXVy6uz40aNHDh96/LHxR1ckziyum7vfOrd317GX339ushavfvtJVt8txfpqHLmhZZc5HMMbIqKWub20v/7zgWX/9b+XrZV00ruGFaEjPRGRHa6+ev8fjJ64ffAG49m35zJfrVEFgbsme2/a3rC0p/id5m9ewDqV3KGPJ8XIfrXqA6yW8h0/+/xbvlZz/LHWrj+VX96yuG8Vr3xNb6TZqqH8E3tPk/3/s8zyt0TES1f++CB7xaL3IQAAVtYX2fjn4cXGf+m8sc22Yg5lKCIORMSOiPhXROyMiH8X46D/RsT/Oix/eEG+cfzzw8YlBdambPz3RDG3lb9emYs/l8zlttbj70tOnJqeOli0yUj0DZy4Qw2/fObH95qtG66M/7JXVodyLFjU49fegfn7HJ+YnVhqvAtdvxqxu7caf9n+ydxMQNYCuyJi9xL+ftZmpx76eG+W3ra5cX1j/NlIuxp/Cyswz1T7KOLB/PhfiQXxl5K8pGbzk2MbYnrq4Fh5VjT67vtrz1fzfZV0Hn8lkjZi2tB5mE1lx39TLH7868puUM7XznRexrWf3236mabx+CdZe1QU53+lj2Xnf3/yYj3dXyx7c2J29vyhiP5iwbzl47f3LfPl9ln8I/sXiz/NrnF/fljstycispP4/xFxT0TsK+p+b0TcFxH7W8T/zdP3v9a6hVr1/7sri/94q+MfMZRU5+sbE73RdFWe6Dn99efNym/v+neknhoplrRz/WtRnXmJ5bQdAAAA/FOk9TnoJB0t05WbUztjUzp9bmb2wHC8cfZ4Plc9FH1peadrsHI/9FBxb7jMjy/IH46I7fXvEG2s50cnz01vXcvAgfqzOvP6f6Tp6Gi+7pdmX3oB1o+O5tGqTwd++tnKVwZYVZ7XhO6l/0P30v+he+n/0L0W6/+XI26tQVWAVeb9H7pXZ/3f1QLWEz0aupf+D12p8ZH48h8ttPf8fLPEjmPL2n0JiTKi9vaqDd6ValzpfK+emQtXV7AaEVH/9xlZIhq2qQ1UltQG8m9zLq2sSFtv099Y+iKJy6t7kpSJ9I7bPLnEZukgsa9IDEREu3tdbqtVV+hEAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWAf+CgAA///Xp8Iq")
r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(r2, 0x8004587d, &(0x7f0000000140)={0x2, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0})
mount$incfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x3000038, 0x0)

3.910537196s ago: executing program 0 (id=6233):
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x16, 0x0, 0x40004, 0x1, 0x113a, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x8000000, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x20010, 0xffffffffffffffff, 0x0)
getitimer(0x1, &(0x7f0000000100))
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10)
r4 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000000)=0xf)
chmod(&(0x7f0000000040)='./file0\x00', 0xf0)
ioctl$TCFLSH(r4, 0x400455c8, 0x40000000004)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000180)=0x33)

2.626409739s ago: executing program 1 (id=6234):
setuid(0xee01)
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000040)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000140)={r0, &(0x7f00000000c0), 0x0}, 0x20)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r1, 0xc0045878, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='module_load\x00'}, 0xfffffffffffffee8)
r2 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, 0x0)
fallocate(r2, 0x8, 0x0, 0x1000)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000200)={'ip6tnl0\x00', &(0x7f0000000280)={'ip6_vti0\x00', <r4=>0x0, 0x2f, 0x9, 0x4, 0x222, 0x20, @rand_addr=' \x01\x00', @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x10, 0xff50, 0x29, 0x6}})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000080000024d564b"])
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000440)={'ip6tnl0\x00', <r7=>0x0, 0x2f, 0x3, 0x0, 0x5, 0x41, @private1={0xfc, 0x1, '\x00', 0x1}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x40, 0x7816, 0x8, 0xc6b1}})
mount$overlay(0x0, &(0x7f0000000640)='./bus\x00', &(0x7f0000000680), 0x9000, &(0x7f00000006c0)={[{@userxattr}, {@metacopy_off}, {@upperdir={'upperdir', 0x3d, './bus'}}], [{@pcr={'pcr', 0x3d, 0x7}}]})
r8 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000007c0)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_ADD_TX_TS(r2, &(0x7f0000000880)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000840)={&(0x7f0000000800)={0x38, r8, 0x8, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r9}, @val={0xc, 0x99, {0x80, 0x64}}}}, [@NL80211_ATTR_ADMITTED_TIME={0x6, 0xd4, 0x820}, @NL80211_ATTR_USER_PRIO={0x5, 0xd3, 0x2}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x40)
sendmsg$ETHTOOL_MSG_DEBUG_GET(r2, &(0x7f0000000600)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000500)={0x80, r3, 0x200, 0x70bd25, 0x25dfdbfc, {}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0\x00'}]}, @HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}]}, @HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan0\x00'}]}]}, 0x80}, 0x1, 0x0, 0x0, 0x48004}, 0xc000)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)

2.581514023s ago: executing program 3 (id=6235):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_usb_connect$uac1(0x2, 0xac, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xfffffffffffffed1, 0x3, 0x1, 0xc, 0x60, 0x40, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x0, 0xb1}, [@input_terminal={0x24, 0x24, 0x2, 0x0, 0x205, 0x0, 0x0, 0x0, 0x0, 0x2}, @input_terminal={0xc, 0x24, 0x2, 0x0, 0x0, 0xfe}, @processing_unit={0xd, 0x24, 0x7, 0x0, 0x0, 0x0, "4336d88b1a56"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0x0, 0x0, 0x0, {0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x0, 0x2, 0x2, "f6f81132fff8"}, @as_header={0x7, 0x24, 0x1, 0xfe}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0xfc, 0x0, 0xb, {0x7, 0x25, 0x1, 0x2}}}}}}}]}}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x7, 0x8000, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r2, <r3=>0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000020d0039000000000000b4a518110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4}, 0x10)

2.519541009s ago: executing program 2 (id=6236):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000c80)=ANY=[@ANYBLOB="12010000000000406d0422c2000000000001090224000100000000090400000103000000092100000001220b0009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000002c0000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r2}, 0x10)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0)

2.487299901s ago: executing program 4 (id=6237):
write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x15)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x3000000, &(0x7f0000000280), 0x1, 0x535, &(0x7f0000000840)="$eJzs3e9rJGcdAPDvzGavubu02arIWbAttnJX9HYvjW2jSFtB9FVBre/PmOyFcJtsyG7qJRRN8Q8QRFTwD/CN4B8gSP8EEQr6wneioohe9aXeyOzOan7sZtf82NXN5wNz8zwz88z3eR5uJ/PjYSaAS+vZiHg9IkoR8UIpYr5YnhbT3Tyz393u/Ydvr+RTEln25l+SSIplvX3l+ZmIuN4tErMR8ZUvRnw9OR63tbt3f7nRqG8X+Vp7Y6vW2t27vb6xvFZfq28uLi68vPTK0ktLd7LCmdpZiYhXP/+H73/nx1949eef/MZv7/7p1jfzan32w916R8TKmQIM0N13udMXPXkfbV9EsAnJ21MuTboWAACMIj/H/0BEfCw//4/5KHXO5gAAAIBpkr02F/9IIjIAAABgaqURMRdJWi3GAsxFmlar3TG8H4praaPZan/iXnNnczVfF1GJcnpvvVG/E92xwpUoJ3l+oRhj28u/eCS/GBFPRsT35q928tWVZmN10jc/AAAA4JK4/szh6/+/z6edNAAAADBlKgMzAAAAwLRwyQ8AAADTz/U/AAAATLUvvfFGPmW973ivvrW7c7/51u3Veut+dWNnpbrS3N6qrjWba5139m0M21+j2dz6VGzuPKi16612rbW7d3ejubPZvrt+6BPYAAAAwBg9+cy7v04iYv8zVztTFO8BBDjk95OuAHCeSpOuADAxM5OuADAx5aFbOELAtEuGrD8+eKd7rzB+cTH1AQAAzt/Njxx//n+lWDf83gDw/8xYHwC4fDzdg8urfNoRgDfOuybApDzRnT02aP3Al3eM8Py/e48hy05VMQAA4NzMdaYkrRbn6XORptVqxOOdzwKUk3vrjfqd4vrgV/Plx/L8QqdkMnTMMAAAAAAAAAAAAAAAAAAAAAAAAADQlWVJZAAAAMBUi0j/mHTe5h9xc/75ucN3B4589etHb/7gwXK7vb0QcSX563y+6EpEtH9YLH8x80kAAAAAGJ+Bn+vuXqcX84XxVgoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA6ff+w7dXetM44/75cxFR6Rd/JmY789koR8S1vyUxc6BcEhGlc4i//05E3OgXP4lHWZZVilr0i3/1guNXOl3TP34aEdfPIT5cZu/mx5/X+/3+0ni2M+//+5spprMafPxL/338Kw04/jx+JD/IU+/9tDYw/jsRT830P/704ifd+IdC5JnnRmzj1766t9d3xYFd9ot/MFatvbFVa+3u3V7fWF6rr9U3FxcXXl56ZemlpTu1e+uNevFv3zDf/ejPHp3U/msD4lcOt/9Y/z8/Uuuz+Od7Dx5+sJsp94t/67n+f39vHIlffaK7PC3+9n28SOfrb/bS+930QU//5JdPn9T+1QHtnx3S/lsjtT8+/cKXv/27vmuO9QYAMA6t3b37y41GffuExOwI24w58do4g179zamL56djueEbx/9Ar55DonfW/t8Wz741akedlDhj8WOJ7CzFZ4Z2wmzRWSdsc+XY77QUp21OEtH57zhaqXEfiQAAgIv2n5P+k54gAQAAAAAAAAAAAAAAAAAAABfplK83m42IkTc+GnN/Mk0FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADjRvwIAAP//y+3H8w==")
getegid()
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
syz_mount_image$ext4(0x0, &(0x7f0000000440)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0xc})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00001b5000/0x2000)=nil, 0x2000}, 0x3})
poll(&(0x7f0000000000)=[{r0}], 0x1, 0xe2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x4)
dup3(r1, r0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000010700000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.controllers\x00', 0x275a, 0x0)
write$cgroup_int(r2, &(0x7f00000000c0), 0x12)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x1a0cc10, &(0x7f00000059c0)=ANY=[@ANYRES8=r3, @ANYBLOB="a93e1cbfeea088b9cb059ce91c144fd901b2d208e6ec16e9c0bdf78cda5604babe81021bae593d8bf404d46fe9ae1e8a141739e9717566c21648e8f46b4fc9d9eb0a646a28283f6f61bd31a6a5c909f53dcaf2e8a1914f6cbd8d230587ca11862216e1a7ea1aaca778c2b5eea4e08eeb7bbbfd55e1ba9fbcb378636cca2dcb46a029961a41e272c878b929b276ac2741c8f3b77e7850100e289c3b6edbf5d0377206c0bc212cf6a42ececcd4e98747c0423cc4b304569431e8b347fe68e9083d419f13de6e27d28126d9a4988919"], 0x1, 0x559f, &(0x7f0000000400)="$eJzs3M2LG2UYAPBnkm6/rYt48NaBIuxCE5rtB3qyaosf2FL8OHjSbJKGtElm2aTp2lMPHsWD/4koePLo3+BBj3oTD4o3oZKZWWn6/ZFmtf39YPLMPHnzzPsOYeGZWRLAM2s5/euPJA7FvoioRsTBJPL9pNwirkecLsa+FBGHI6Jy05aU+X8TuyNif0QcmhYvaiblW18dnRw5+fu7f37/455dB77+7qcdXTiwo16OiMFGsX91UMSsm4cb1TLfnPTyODgxKePGTI1BVuSvdtbzCleb2+OaeTzeLcZnG1dG03ix32xNY7d3Mc9vDIsTjibd7TrTD6SXmpv5cbuznsfeKMtj91px3q1rxd+2a6NxUadd1vssLx/j8XYs8p2tTrGejct5bA3HZb6om7U7W9M4KWN5umhl/XY+j/VHvcr/fe/1hle20klnc9TLhunJeuOVeuNUrbGZtTvjzolac9A+dSJd6fanw2rjTnNwuptl3X6n3soGq+lKt9WqNRrpypnOeq85TBuN+vH6sdrJ1XLvaPrW+Y/SfjtdmcY3esMr415/lF7MNtPiE6vpWv34q6vpkUb6wbkL6YX3z549d+HDT858fP71c++8WQ66bVrpytqxtbVa41htrbH6DK3/83LSD7H+5M7pX35+vMsGADyi2/r/uLX/D/0/MHf36P/j0n36/8Hl8vjJ9P9xx/6/Mtv/xzz7/2lLpf+/f/9b2YH+dyn0/w+8/upjfhvgId3lBtN97J77PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWLhfl755O99ZLo4PlPnnytQL5XESEZWIuHEH1dg9U7Na1lm6y/ilW+bwQxJ5hek59pTb/og4XW5/P/+krwIAAAA8vb69fvjLolsvXpZ3ekIsUnHTpnLw0znVSyJiafm3OVWrTF9enFOx/Pu9K7bmVC2/gbV3TsWKW2675lXtgVRnwt6bQlKEykKnAwAALMRsJ7DYLgQAAIBF+uKe7762sHmwYElsP8rcfhac/+d9xL7ygeC+mfcAAACA/6FkpycAAAAAPHF5/+/3/wAAAODpVvz+HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMA/7NxdrtJAFADg0/YW/I3E+O5WfINluAQffRQW4CZYAq7AxA2wBkx8cAcqGDojSRUSYltQ7vclnd6ZC2dOgZczbQYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCF9rlezD+9evu8Y5uOPXTd/N+32rmPeAAAAcC9s6tWs+WOS+o/z+NM89Dz3i4goI+JY7V7FqBWzynHqE6+vf8vhU0QTYT8+zsejiHiVj+/Phv4UAAAA4HatF8tpqtZTk5cAvpz37m8DZsYFpEWb8snrnuIVEVFPvvYUrdw3Lw7debdo+9/3XbztnFXSLGA96ClYWnI78SDLqK9J2qrW6deVzJsvsemVw8wLAABcU7sS8Dg9AADA7Xpz7QS4hD9L++LQHO4zjtMp3xB82OoBAAAA/6Hi2gkAAAAAfaqODTb1/7+0/19h/z8AAADoXdr/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCFt6tVsvVhOT/1/fmac7a6b/q4IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAn+/OOAiEQBmGwd31nMvc/rDRoaGxSBcLH3xgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJvf/eX/xNQ4k8y9NpaeR5K1U2Pr1Ng7N47+ML5+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFzsz0sKhEAQRMGc8b+Tvv9hJUHPIEIENDyqqEUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwRb/75f/E1DiTzJ02lo5HkrWrxtZVY+9B4+jBePs3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFzs27FvG1UYAPDPvthtCogQUCQCKEgdYKGpW1o6ghAoYuBPQIpSpwRSCm0GWkWULGwocxcEI0JIoLDlf+jcSF3K1iFDkJgYgu5855xjQ6MSnU39+0nP77vn67vvzlaV794ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACjsvhMv1/M4SV+mOnExdm9vfSntdw71qe3N+7NpS+NaxXmPnonDA6+UN+ZmKk0GAACAMZUU9f3bB2P1qaz+b3S3I+L7ZzpxUc8frvt39tZP5m/NFvX/b78+fKE76VSSHSeddHlltX22P5W+QnlcPPvIPSayK5/de0myD6T+wcbzu43seta+vXv3vWYWnqgiWwDgcZwp+jwo/h5K+9YwEwNgbEyUCu8Hja2FtE+mhpsTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQBV2N+KpIq5FxOzEQZza2VtfGtR/vXl/djtvF+/c2SzPmU7RiIjlldX22QrPZXQVV/PWp4urq+3rN25WHcxFxIC3bh/tnyd5+v+4TzMiekZOvzhgno+OcKxD8/QF+dczqr2Gk+n5PXLnWs9Ire+Cv7vfMYwvwPEFc/knMHifev7uSKR6zEHx3Tv+mSv8rwgAgLHQyFtaiT5obC2kY7XpiP0feuv/10px9NT9+7c7I53t7VL9//Dji/fKxyrX/62Kzu//YH7t6ufzN27eemPl6uKV9pX2Z2+ea73VOn/pwoVL89m9kvnlqLtjAgAAwH/QzFu5/q9P96//nyrF8S/r/+X6/4vvWl+Vj5Wo/wc6WPQbdiYAAADjqNmNnnv1zz9qA/aoNZvx5eLa2vVW57W7fa7zWmm6j+lE3sr1fzI97KwAAACAKuxu1HrW/y+X4jji+v/TP770c3nOJCImI65FRPvM0rXVy9Wdzkir4ofK2YGawz5TAAAAhmUyb+X1/0b2/H+9+8hDPSJePx3xV/4b/jhi/Z+8/81P5WOVn/8/X+lZjp76TOd6ZP1MxMTMsDMCAADgSXYyb2mx/3tja+GTX0592PT8PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDV/g4AAP//kF4wGA==")
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000063c0)={0x15, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10)

2.1580594s ago: executing program 4 (id=6238):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000300)='ext4\x00', &(0x7f0000000600)='./bus\x00', 0x2c14754, &(0x7f00000003c0)={[], [{@subj_role={'subj_role', 0x3d, '-+'}}, {@euid_eq}, {@subj_role}, {@pcr={'pcr', 0x3d, 0x1e}}]}, 0x21, 0x492, &(0x7f0000000f00)="$eJzs3M9rHFUcAPDvzG76U5tY64/WgtEqBn8kTdpqD3pQFDwoKHqox5ikpXbbSBPBlqKpSD1Kwbt4FPwLPHkS9SR48aB3KRQNQlsvrszuTJJdd2N+79b9fGDb93bezHvfzLydl/d2EkDPGsz+SSLuiIhfIqK/nm0sMFj/7+b8pYlb85cmkqhW3/g9qZW7MX9poiha7Lc7zwylEenHSV5Jo5kLF8+MVypT5/P8yOzZd0dmLlx86vTZ8VNTp6bOjR0/fvTI6DNPjx1r2O/YGuPM4rtx4IPpg/tffuvqqxMnrr79/VdZe9N8+9I4NspgFvgf1ZrmbY9udGUd9nd1Mc6k3OnWsFKliMhOV1+t//dHKRZPXn+89FFHGwdsquwze3v7zXNV4H8siU63AOiM4kaf/f6bv/q2aOjRFa4/X/8FKIv9Zv6qbykvzA1s5g9kMCJOzP31efaKpnmIaot5AwCA9fomG/882TD+y8cfady7pNyefG1oICLuioi9EXF3ROyLiHsiamXvi4j7V1LpjsVk89LQv9dh0mtrDm4FsvHfs/naVuP4rxj9xUApz91Zi78vOXm6MnU4/5kMRd/2LD/a6uDFIV786dN29S8d/2WvrP5iLJgf5Fq5aYJucnx2fKMGpdcvRxwot4o/WVgJSCJif0QcWN2h9xSJ049/ebBdof+OfxkbsM5U/SLisfr5n4um+AvJ8uuTIzuiMnV4pH5VlFrU8cOPV15rV/+64t8A2fnf1Xj9N5Xo/zNZul47s/o6rvz6Sdu11fIar/9tyZu1Nd1t+Xvvj8/Onh+N2Ja8Uss3vD+2uG+RL8pn8Q8dat3/9+b7ZPE/EBEHI34uut2D+bl7KCIejohDy8T/3QuPvNNuWzec/8mWn38L1/9A4/lffaJ05tuv29XfHH+S5xdLZOf/aC01lL9T+/zL7Wxz3PbNKW4+a72aAQAA4PaT1r4bn6TDC+k0HR6uf4d/X+xKK9Mzs0+cnH7v3GT9O/QD0ZcW85/9S+ZDR5O5/Ij1/Fg+V1xsP5LPG39W2pkkUZkanpiuTHY4duh1u9v0/8xvpca1msJzW95KYNN4Xgt6V3P/TzvUDmDruf9D79L/oXfp/9C7iv7/+pL3Pmwq0+qL7cDtz/0fepf+D71rof9f7mw7gK3n/g89qdVD8sXfOFjHI//rSpSXeXq/SxPF7Gi3tOdMEhGbW0Wk3RFp20Tkf8SiW9qz+sSt6hp3Ly/Tu1ea6MznEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwEb7JwAA//+34eUt")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={0x0, r4}, 0x18)
syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000))
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x51, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r5 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', <r6=>0x0})
setsockopt$packet_int(r5, 0x107, 0x14, &(0x7f0000000480)=0x102, 0x4)
setsockopt$packet_int(r5, 0x107, 0xf, &(0x7f0000000080)=0xf3e, 0x62)
sendto$packet(r5, &(0x7f00000000c0)="3f033608260812002c001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c152bfdf9435e3ffe46", 0xe90c, 0xa0c4, &(0x7f0000000540)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @multicast}, 0x14)

1.676471323s ago: executing program 1 (id=6239):
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000800085"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000100))
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000003c0)={0x18, 0x0, &(0x7f0000000300)=[@acquire, @request_death], 0x0, 0x0, 0x0})
r6 = dup3(r5, r4, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000400)={0x4, 0x0, &(0x7f0000000140)=[@enter_looper], 0x1, 0x0, &(0x7f0000001b80)='\x00'})

1.293473336s ago: executing program 4 (id=6240):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffdb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x200000c0}, 0x10040)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, 0x0, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x0, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
r6 = openat$incfs(r5, &(0x7f0000000080)='.pending_reads\x00', 0x0, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000f7850000002d000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r7}, 0x10)
r8 = socket$nl_generic(0x11, 0x3, 0x10)
sendmsg(r8, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd8168", 0x7}], 0x1, 0x0, 0x0, 0x11000000}, 0x0)
ioctl$KVM_CREATE_VCPU(r6, 0x40106726, 0x20000000)

877.016563ms ago: executing program 3 (id=6241):
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
capget(&(0x7f00000001c0)={0x20071026, r0}, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000780)=ANY=[@ANYBLOB="18000000000000000000000000000000950000000000000031889d5c7bb919944c69726b0f3612b180e548fba63722231fbb17346e177e3cfaedebab383620efc0a028aebbff3f4083d9ff68cbce6ea1b626b9ceae41ba0da6e5c8d2e413d4c0995920d79097a082ad04d25ab4e469081664f7e445fd942faf6987daa5529ae45bec3da2b979b6f36fa304f236cf8e0a4ac39bfd020f20a64b3425d5f84563453db4616985868059637063f756b1c226f88ba6b684daa74cabd8157832fa2353c35fe0672da4ac339d2f1941f018b759aab0eec0ba09d6cbf645764cfbcc32189af48379f6e4b3b2ce2717d329189f58b91f4576e9dc23a15f147ebb8fee69af34838eb6b068f04f4aa3501137267e7e822cc412a5ecfe40ad3fa10c5872f2660f9f00"/302], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'veth1_to_hsr\x00'})
sendmsg$ETHTOOL_MSG_LINKMODES_GET(0xffffffffffffffff, 0x0, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e000000020013000200000000000000ff0800ed05000600200000000a00060000000000ff0000000000000000001ffeff0001000003f1dc7f7c6e7c0200010000000000004000020000000005000500000000000a"], 0x80}}, 0x0)
sendmmsg(r5, &(0x7f0000000180), 0x400008a, 0x0)
sendmsg$key(r5, &(0x7f0000000140)={0x9, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="0209000002000000f918000000000000"], 0x10}}, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x13, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r6, 0x0, 0x10, 0x10, &(0x7f00000002c0)="0000000012000000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)

823.171318ms ago: executing program 2 (id=6242):
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1817c1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0xfffffffffffffddf, &(0x7f0000000040)=0x2)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x200400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000009007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r3}, 0x10)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='tmpfs\x00', 0x0, 0x0)

790.587881ms ago: executing program 1 (id=6243):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001100)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x22000406, &(0x7f00000000c0)={[{@sysvgroups}, {@orlov}, {@nogrpid}, {@init_itable}, {@dioread_nolock}, {@grpjquota, 0x2e}, {@oldalloc}, {@errors_remount}, {@jqfmt_vfsv1}, {@grpid}], [], 0x2c}, 0x0, 0x4da, &(0x7f0000000140)="$eJzs3MtrHdUfAPDvTF59J+2vv0cfPxutYrCatGnVLlyoKHQjCLrQjRDTtNSmrTQRbCm2FalL8S9Ql4Lgyo0rBRF1pbjVvQhFuml1IVfmzkw6yc29vTdJE839fOAm58wj53zPzJl77pw7CaBrDWc/kogtEfFTRAzm2fkbDOe/bt24NPn7jUuTSdRqL/yW1Le7eePSZLlpud/mIjOSRqTvJLFnkXJnLlw8PTE9PXW+yI/Nnnl9bObCxUdOnZk4OXVy6uz40aNHDh96/LHxR1ckziyum7vfOrd317GX339ushavfvtJVt8txfpqHLmhZZc5HMMbIqKWub20v/7zgWX/9b+XrZV00ruGFaEjPRGRHa6+ev8fjJ64ffAG49m35zJfrVEFgbsme2/a3rC0p/id5m9ewDqV3KGPJ8XIfrXqA6yW8h0/+/xbvlZz/LHWrj+VX96yuG8Vr3xNb6TZqqH8E3tPk/3/s8zyt0TES1f++CB7xaL3IQAAVtYX2fjn4cXGf+m8sc22Yg5lKCIORMSOiPhXROyMiH8X46D/RsT/Oix/eEG+cfzzw8YlBdambPz3RDG3lb9emYs/l8zlttbj70tOnJqeOli0yUj0DZy4Qw2/fObH95qtG66M/7JXVodyLFjU49fegfn7HJ+YnVhqvAtdvxqxu7caf9n+ydxMQNYCuyJi9xL+ftZmpx76eG+W3ra5cX1j/NlIuxp/Cyswz1T7KOLB/PhfiQXxl5K8pGbzk2MbYnrq4Fh5VjT67vtrz1fzfZV0Hn8lkjZi2tB5mE1lx39TLH7868puUM7XznRexrWf3236mabx+CdZe1QU53+lj2Xnf3/yYj3dXyx7c2J29vyhiP5iwbzl47f3LfPl9ln8I/sXiz/NrnF/fljstycispP4/xFxT0TsK+p+b0TcFxH7W8T/zdP3v9a6hVr1/7sri/94q+MfMZRU5+sbE73RdFWe6Dn99efNym/v+neknhoplrRz/WtRnXmJ5bQdAAAA/FOk9TnoJB0t05WbUztjUzp9bmb2wHC8cfZ4Plc9FH1peadrsHI/9FBxb7jMjy/IH46I7fXvEG2s50cnz01vXcvAgfqzOvP6f6Tp6Gi+7pdmX3oB1o+O5tGqTwd++tnKVwZYVZ7XhO6l/0P30v+he+n/0L0W6/+XI26tQVWAVeb9H7pXZ/3f1QLWEz0aupf+D12p8ZH48h8ttPf8fLPEjmPL2n0JiTKi9vaqDd6ValzpfK+emQtXV7AaEVH/9xlZIhq2qQ1UltQG8m9zLq2sSFtv099Y+iKJy6t7kpSJ9I7bPLnEZukgsa9IDEREu3tdbqtVV+hEAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWAf+CgAA///Xp8Iq")
r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(r2, 0x8004587d, &(0x7f0000000140)={0x2, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0})
mount$incfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x3000038, 0x0)

439.129192ms ago: executing program 0 (id=6244):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @call={0x85, 0x0, 0x0, 0x23}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r0, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20)

351.46465ms ago: executing program 4 (id=6245):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@file={0x0, './cgroup/../file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r3 = socket$tipc(0x1e, 0x5, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r4, &(0x7f0000000080), &(0x7f0000001540)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, 0x0, 0x0)
r6 = add_key$fscrypt_v1(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb)
keyctl$KEYCTL_MOVE(0x1e, 0x0, r6, 0xfffffffffffffffa, 0x1)

351.01731ms ago: executing program 0 (id=6246):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0x1000e, &(0x7f0000000280)={[{@resuid}, {@init_itable}, {@grpid}, {@noblock_validity}]}, 0x3, 0x45c, &(0x7f0000001980)="$eJzs3M1vFOUfAPDvTLvlxw+wFfGFF7WKxsaXlgIqBw9qNPGAiYke9Ni0hSALNbQmQoiCMXgyhsS78ei/4Ekvxngy8ap3Q0IMBwFPY2Z3pt3d7i60bFntfj7JwPPMPMPzfPeZh31mnk4DGFjj+R9JxPaI+C0iRuvZ5gLj9b9uXDs/e/Pa+dkksuztP5NauevXzs+WRcvzthWZiTQi/SyJvW3qXTx77uRMtTp/pshPLZ36YGrx7LnnTpyaOT5/fP70wSNHDh+afvGFg8/3JM68Tdf3fLywb/cb711+8+gXTfG3xNEj490OPpllPa6uv3Y0pJPhPjaENRmKiLy7KrXxPxpDsdJ5o/H6p31tHLChsizLtnU+fCEDNrEkmvOGPAyK8os+v/8tt9ZJwMsbN/3ou6uv1G+A8rhvFFv9yHCkRZlKy/1tL41HxLsX/v4632JjnkMAADT5Pp//PNtu/pfGAw3l7inWhsYi4t6I2BkR90XEroi4P6JW9sGIeGiN9bcukqye/6RX1hXYbcrnfy8Va1vN879y9hdjQ0VuRy3+SnLsRHX+QPGZTERlS56f7lLHD6/9+mWnY43zv3zL6y/ngkU7rgxvaT5nbmZp5k5ibnT1YsSe4XbxJ8srAUlE7I6IPeus48TT3+7rdOzW8XfRg3Wm7JuIp+r9fyFa4i8l3dcnp/4X1fkDU+VVsdrPv1x6q1P9dxR/D+T9//+21/9y/GNJ43rt4trruPT75x3vadZ7/Y8k79TSI8W+j2aWls5MR4wkR+uNbtx/cOXcMl+Wz+Of2N9+/O+MlU9ib0TkF/HDEfFIRDxatP2xiHg8IvZ3if+nV594f/3xb6w8/rk19f9KYiRa97RPDJ388bumSsdWxX+ze/8frqUmij23/P/vr4jbadf6rmYAAAD470kjYnsk6eRyOk0nJ+s/L78rIq0uLC49c2zhw9Nz9XcExqKSlk+6Rhueh04Xt/X1/MWIyGJLw/FDxXPjr4a21vKTswvVuX4HDwNuW4fxn/tjqN+tAzac97VgQCXGPwwy4x8Gl/EPg6vN+N/aj3YAd1+77/9P+tAO4O5rGf+W/WCAuP+HwdVx/G/m3/wD1Pj+h4G0uDVu/ZL8qsT2iOV3/8t/aQ2nD0QiKv+KZtx5Ikvadm6k/W7YcuJyxeXX44QpAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsFn8EwAA//8Vct2R")
mkdir(&(0x7f0000000080)='./bus\x00', 0x0)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000026c0)={0x0, r0}, 0x10)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1000410, &(0x7f0000000100)={[{@grpid}, {@grpquota}]}, 0x4, 0x4eb, &(0x7f0000000540)="$eJzs3c9vVFsdAPDvnXZoKQMFZaFGBRFFQ5j+ABqCC2GjMYTESFy5gNoOTdMZpum0SCuLsnRvIokr/RPcuTBh5cKdO925wYUJKnkv9CVvMS/3zqUd2g7te7Qd6Hw+ye2955xhvufMcM6Ze2B6AuhZZyNiNSKORMS9iBjO85P8iButI33cq5ePp9ZePp5Kotm8878kK0/zou3PpI7lzzkYET/7ccQvk61xG8src5PVamUhT48s1uZHGssrl2YLec74xNjE6LXLV8f3rK1nan968aPZWz//y5+/8fzvq9//dVqt0m+OZ2Xt7dhLraYXo9SW1x8Rt/YjWJf0539/+PCkve1LEXEu6//D0Ze9mwDAYdZsDkdzuD0NABx26f1/KZJCOV8LKEWhUC631vBOx1ChWm8sXhyuLz2YjmwN62QUC/dnq5XRfK3wZBSTND2WXW+kxzelL0fEqYj47cDRLF2eqlenu/nBBwB62LFN8//HA635HwA45Aa7XQEA4MCZ/wGg95j/AaD3fI7537cDAeCQcP8PAL3H/A8AvWfH+f/JwdQDADgQP719Oz2aa/nvv55+uLz0g9LDS9OVxly5tjRVnqovzJdn6vWZaqU81Wzu9HzVen1+7Mp6srG8crdWX3qweHe2NjlTuVsp7nN7AICdnTrz7J9JRKxeP5od0baXg7kaDrdCtysAdE1ftysAdI3v80Dv2sU9vmUAOOS22aL3DR3/i9BTm7/Ch+rCV63/Q6+y/g+964ut//9wz+sBHDzr/9C7ms3Env8A0GOs8QPv9O//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KNK2ZEUytle4Kvpz0K5HHE8Ik5GMbk/W62MRsSJiPjHQHEgTY91u9IAwDsq/CfJ9/+6MHy+tLn0SPLJQHaOiF/9/s7vHk0uLi6Mpfn/X89ffJrnjx/pRgMAgHY3tma15un83HYj/+rl46nXx0FW8cXN1uaiady1/GiV9Ed/dh6MYkQMfZTk6Zb080rfHsRffRIRX9lo/6O2CKVsDaS18+nm+Gns4/sQf+P13xy/8Eb8QlaWnovZa/HlPagL9JpnN1vjZN730i6W979CnM3O2/f/wWyEenevx7+1LeNfYX3869sSP8n6/Nn19Ntr8uLKX3+yJbM53Cp7EvG1/u3iJ+vxkw7j7/ldtvFfX//muU5lzT9EXIjt47fUsmF2ZLE2P9JYXrk0W5ucqcxUHoyPT4xNjF67fHV8JFujbv3823Yx/nv94olO8dP2D3WIP7hD+7+zy/b/8dN7v/jWW+J/79vbv/+n3xI/nRO/u8v4k0M3Om7fncaf7tD+nd7/i7uM//zfK9O7fCgAcAAayytzk9VqZWGHi/Sz5k6PcfFhXsRqxHtQDRfv1UW3RyZgv210+m7XBAAAAAAAAAAAAAAA6KSxvDI3EPv7daJutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDD67MAAAD//w/PzvM=")
sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b702000000000000850000008400"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d)
r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r6, 0x800c6613, &(0x7f0000000100)=@v1={0x0, @adiantum, 0x0, @desc1})
r7 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
getdents64(r7, &(0x7f0000000f80)=""/4096, 0x1000)

340.77053ms ago: executing program 1 (id=6247):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r1}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"})

86.966903ms ago: executing program 1 (id=6248):
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, &(0x7f0000000780))
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000f7850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r0}, 0x18)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x0)
write$cgroup_int(r1, &(0x7f0000000000)=0x700, 0x12)

0s ago: executing program 3 (id=6249):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0x1000e, &(0x7f0000000280)={[{@resuid}, {@init_itable}, {@grpid}, {@noblock_validity}]}, 0x3, 0x45c, &(0x7f0000001980)="$eJzs3M1vFOUfAPDvTLvlxw+wFfGFF7WKxsaXlgIqBw9qNPGAiYke9Ni0hSALNbQmQoiCMXgyhsS78ei/4Ekvxngy8ap3Q0IMBwFPY2Z3pt3d7i60bFntfj7JwPPMPMPzfPeZh31mnk4DGFjj+R9JxPaI+C0iRuvZ5gLj9b9uXDs/e/Pa+dkksuztP5NauevXzs+WRcvzthWZiTQi/SyJvW3qXTx77uRMtTp/pshPLZ36YGrx7LnnTpyaOT5/fP70wSNHDh+afvGFg8/3JM68Tdf3fLywb/cb711+8+gXTfG3xNEj490OPpllPa6uv3Y0pJPhPjaENRmKiLy7KrXxPxpDsdJ5o/H6p31tHLChsizLtnU+fCEDNrEkmvOGPAyK8os+v/8tt9ZJwMsbN/3ou6uv1G+A8rhvFFv9yHCkRZlKy/1tL41HxLsX/v4632JjnkMAADT5Pp//PNtu/pfGAw3l7inWhsYi4t6I2BkR90XEroi4P6JW9sGIeGiN9bcukqye/6RX1hXYbcrnfy8Va1vN879y9hdjQ0VuRy3+SnLsRHX+QPGZTERlS56f7lLHD6/9+mWnY43zv3zL6y/ngkU7rgxvaT5nbmZp5k5ibnT1YsSe4XbxJ8srAUlE7I6IPeus48TT3+7rdOzW8XfRg3Wm7JuIp+r9fyFa4i8l3dcnp/4X1fkDU+VVsdrPv1x6q1P9dxR/D+T9//+21/9y/GNJ43rt4trruPT75x3vadZ7/Y8k79TSI8W+j2aWls5MR4wkR+uNbtx/cOXcMl+Wz+Of2N9+/O+MlU9ib0TkF/HDEfFIRDxatP2xiHg8IvZ3if+nV594f/3xb6w8/rk19f9KYiRa97RPDJ388bumSsdWxX+ze/8frqUmij23/P/vr4jbadf6rmYAAAD470kjYnsk6eRyOk0nJ+s/L78rIq0uLC49c2zhw9Nz9XcExqKSlk+6Rhueh04Xt/X1/MWIyGJLw/FDxXPjr4a21vKTswvVuX4HDwNuW4fxn/tjqN+tAzac97VgQCXGPwwy4x8Gl/EPg6vN+N/aj3YAd1+77/9P+tAO4O5rGf+W/WCAuP+HwdVx/G/m3/wD1Pj+h4G0uDVu/ZL8qsT2iOV3/8t/aQ2nD0QiKv+KZtx5Ikvadm6k/W7YcuJyxeXX44QpAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsFn8EwAA//8Vct2R")
mkdir(&(0x7f0000000080)='./bus\x00', 0x0)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000026c0)={0x0, r0}, 0x10)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1000410, &(0x7f0000000100)={[{@grpid}, {@grpquota}]}, 0x4, 0x4eb, &(0x7f0000000540)="$eJzs3c9vVFsdAPDvnXZoKQMFZaFGBRFFQ5j+ABqCC2GjMYTESFy5gNoOTdMZpum0SCuLsnRvIokr/RPcuTBh5cKdO925wYUJKnkv9CVvMS/3zqUd2g7te7Qd6Hw+ye2955xhvufMcM6Ze2B6AuhZZyNiNSKORMS9iBjO85P8iButI33cq5ePp9ZePp5Kotm8878kK0/zou3PpI7lzzkYET/7ccQvk61xG8src5PVamUhT48s1uZHGssrl2YLec74xNjE6LXLV8f3rK1nan968aPZWz//y5+/8fzvq9//dVqt0m+OZ2Xt7dhLraYXo9SW1x8Rt/YjWJf0539/+PCkve1LEXEu6//D0Ze9mwDAYdZsDkdzuD0NABx26f1/KZJCOV8LKEWhUC631vBOx1ChWm8sXhyuLz2YjmwN62QUC/dnq5XRfK3wZBSTND2WXW+kxzelL0fEqYj47cDRLF2eqlenu/nBBwB62LFN8//HA635HwA45Aa7XQEA4MCZ/wGg95j/AaD3fI7537cDAeCQcP8PAL3H/A8AvWfH+f/JwdQDADgQP719Oz2aa/nvv55+uLz0g9LDS9OVxly5tjRVnqovzJdn6vWZaqU81Wzu9HzVen1+7Mp6srG8crdWX3qweHe2NjlTuVsp7nN7AICdnTrz7J9JRKxeP5od0baXg7kaDrdCtysAdE1ftysAdI3v80Dv2sU9vmUAOOS22aL3DR3/i9BTm7/Ch+rCV63/Q6+y/g+964ut//9wz+sBHDzr/9C7ms3Env8A0GOs8QPv9O//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KNK2ZEUytle4Kvpz0K5HHE8Ik5GMbk/W62MRsSJiPjHQHEgTY91u9IAwDsq/CfJ9/+6MHy+tLn0SPLJQHaOiF/9/s7vHk0uLi6Mpfn/X89ffJrnjx/pRgMAgHY3tma15un83HYj/+rl46nXx0FW8cXN1uaiady1/GiV9Ed/dh6MYkQMfZTk6Zb080rfHsRffRIRX9lo/6O2CKVsDaS18+nm+Gns4/sQf+P13xy/8Eb8QlaWnovZa/HlPagL9JpnN1vjZN730i6W979CnM3O2/f/wWyEenevx7+1LeNfYX3869sSP8n6/Nn19Ntr8uLKX3+yJbM53Cp7EvG1/u3iJ+vxkw7j7/ldtvFfX//muU5lzT9EXIjt47fUsmF2ZLE2P9JYXrk0W5ucqcxUHoyPT4xNjF67fHV8JFujbv3823Yx/nv94olO8dP2D3WIP7hD+7+zy/b/8dN7v/jWW+J/79vbv/+n3xI/nRO/u8v4k0M3Om7fncaf7tD+nd7/i7uM//zfK9O7fCgAcAAayytzk9VqZWGHi/Sz5k6PcfFhXsRqxHtQDRfv1UW3RyZgv210+m7XBAAAAAAAAAAAAAAA6KSxvDI3EPv7daJutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDD67MAAAD//w/PzvM=")
openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0)
sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b700000000000000"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d)
r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r6, 0x800c6613, &(0x7f0000000100)=@v1={0x0, @adiantum, 0x0, @desc1})
r7 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
getdents64(r7, &(0x7f0000000f80)=""/4096, 0x1000)

kernel console output (not intermixed with test programs):

[  849.537448][   T19] usb 2-1: USB disconnect, device number 57
[  849.550413][   T43] device bridge_slave_0 left promiscuous mode
[  849.562514][ T2818] usb 1-1: config 179 has an invalid interface number: 65 but max is 0
[  849.572996][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[  849.581629][   T43] device veth1_macvtap left promiscuous mode
[  849.587762][ T2818] usb 1-1: config 179 has no interface number 0
[  849.601139][ T2818] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  849.608621][   T43] device veth0_vlan left promiscuous mode
[  849.625482][ T2818] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1029, setting to 1024
[  849.649051][ T2818] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 255, changing to 11
[  849.661529][ T2818] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 59391, setting to 1024
[  849.678693][ T2818] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  849.692304][T18756] loop3: detected capacity change from 0 to 512
[  849.708699][T18756] ext4: Unknown parameter 'subj_role'
[  849.714085][ T2818] usb 1-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  849.723034][ T2818] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  849.752507][T18734] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  849.759532][T18734] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  849.775634][ T2818] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:179.65/input/input187
[  849.835096][T18743] bridge0: port 2(bridge_slave_1) entered blocking state
[  849.842016][T18743] bridge0: port 2(bridge_slave_1) entered disabled state
[  849.849800][T18743] device bridge_slave_1 entered promiscuous mode
[  849.909968][ T2818] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  849.918071][ T2818] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  849.938228][  T712] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  849.947547][  T712] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  849.955786][  T712] bridge0: port 1(bridge_slave_0) entered blocking state
[  849.962657][  T712] bridge0: port 1(bridge_slave_0) entered forwarding state
[  849.969956][  T712] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  850.002892][  T712] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  850.011009][  T712] bridge0: port 2(bridge_slave_1) entered blocking state
[  850.017904][  T712] bridge0: port 2(bridge_slave_1) entered forwarding state
[  850.025997][  T712] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  850.038613][  T712] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  850.048355][  T712] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  850.077561][  T549] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  850.312057][T18763] tipc: Started in network mode
[  850.317165][T18763] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[  850.325949][T18763] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[  850.333974][T18763] tipc: Enabled bearer <udp:s>, priority 10
[  850.358917][  T549] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  850.368123][  T549] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  850.376313][  T549] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  850.393424][T18743] device veth0_vlan entered promiscuous mode
[  850.423059][  T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  850.440879][T18743] device veth1_macvtap entered promiscuous mode
[  850.465835][ T2818] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  850.485207][ T2818] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  851.400638][  T549] usb 1-1: USB disconnect, device number 55
[  851.412449][    C0] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  851.420652][  T549] xpad 1-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  851.421696][T18785] loop0: detected capacity change from 0 to 512
[  851.446136][T18785] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  851.487820][   T39] tipc: Node number set to 1
[  851.491660][T18788] device ip6gretap0 entered promiscuous mode
[  851.501246][T18788] device ip6gretap0 left promiscuous mode
[  851.508721][T18785] EXT4-fs (loop0): 1 truncate cleaned up
[  851.514632][T18785] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  851.587571][T18792] loop3: detected capacity change from 0 to 512
[  851.607071][T18781] loop1: detected capacity change from 0 to 40427
[  851.615797][T18792] EXT4-fs error (device loop3): ext4_orphan_get:1396: inode #15: comm syz.3.5768: casefold flag without casefold feature
[  851.628712][T18792] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #2: comm syz.3.5768: missing EA_INODE flag
[  851.640321][T18792] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.5768: error while reading EA inode 2 err=-117
[  851.652921][T13329] I/O error, dev loop1, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  851.653363][T18792] EXT4-fs (loop3): 1 orphan inode deleted
[  851.703066][T18792] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  851.724519][T18795] EXT4-fs error (device loop0): htree_dirblock_to_tree:1111: inode #2: block 13: comm syz.0.5765: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[  851.887798][T18248] EXT4-fs (loop3): unmounting filesystem.
[  852.438721][T18607] EXT4-fs (loop0): unmounting filesystem.
[  852.492756][T18808] loop1: detected capacity change from 0 to 512
[  852.499315][T18808] /dev/loop1: Can't open blockdev
[  852.508992][T18808] loop1: detected capacity change from 0 to 512
[  852.515876][T18808] /dev/loop1: Can't open blockdev
[  852.573598][T13329] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  852.637028][T18805] loop0: detected capacity change from 0 to 40427
[  852.653484][T18805] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  852.661247][T18805] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  852.671687][T18805] F2FS-fs (loop0): Found nat_bits in checkpoint
[  852.695744][T18805] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  852.702663][T18805] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  852.803404][T18817] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  853.092591][    T6] usb 4-1: new high-speed USB device number 53 using dummy_hcd
[  853.192586][T14278] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  853.192615][   T45] Bluetooth: hci0: command 0x1003 tx timeout
[  853.365549][T18822] loop4: detected capacity change from 0 to 256
[  853.572593][    T6] usb 4-1: Using ep0 maxpacket: 8
[  853.743469][    T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  853.754908][    T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  854.460246][    T6] usb 4-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00
[  854.469463][    T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  854.481021][    T6] usb 4-1: config 0 descriptor??
[  854.731532][T18841] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  855.000308][T18833] loop1: detected capacity change from 0 to 40427
[  855.033154][T13329] I/O error, dev loop1, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  855.173455][    T6] hid-picolcd 0003:04D8:F002.0061: unknown main item tag 0x6
[  855.184012][    T6] hid-picolcd 0003:04D8:F002.0061: unknown main item tag 0x0
[  855.235858][    T6] hid-picolcd 0003:04D8:F002.0061: unknown main item tag 0x4
[  855.273053][    T6] hid-picolcd 0003:04D8:F002.0061: unknown main item tag 0x0
[  855.306019][    T6] hid-picolcd 0003:04D8:F002.0061: unknown main item tag 0x0
[  855.402573][    T6] hid-picolcd 0003:04D8:F002.0061: No report with id 0xf3 found
[  855.430413][    T6] hid-picolcd 0003:04D8:F002.0061: No report with id 0xf4 found
[  855.583074][T18858] loop4: detected capacity change from 0 to 512
[  855.585352][    T6] usb 4-1: USB disconnect, device number 53
[  855.673021][T18858] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  855.782049][T18858] EXT4-fs (loop4): 1 truncate cleaned up
[  855.838870][T18858] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  855.997668][T18860] loop0: detected capacity change from 0 to 40427
[  856.006266][T18860] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  856.014070][T18860] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  856.023878][T18863] EXT4-fs error (device loop4): htree_dirblock_to_tree:1111: inode #2: block 13: comm syz.4.5785: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[  856.056684][T18860] F2FS-fs (loop0): Found nat_bits in checkpoint
[  856.113977][T18860] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  856.121016][T18860] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  856.221099][T18873] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  856.372504][  T549] usb 3-1: new full-speed USB device number 58 using dummy_hcd
[  856.582906][T18743] EXT4-fs (loop4): unmounting filesystem.
[  856.837454][  T549] usb 3-1: config index 0 descriptor too short (expected 65233, got 154)
[  856.885932][  T549] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  857.082916][  T549] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4
[  857.226560][  T549] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 252, changing to 4
[  857.522715][T18885] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  857.832936][  T549] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  857.844992][  T549] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  857.855143][  T549] usb 3-1: Product: syz
[  857.861943][  T549] usb 3-1: Manufacturer: syz
[  857.871013][  T549] usb 3-1: SerialNumber: syz
[  858.104793][T18907] device ip6gretap0 entered promiscuous mode
[  858.111487][T18907] device ip6gretap0 left promiscuous mode
[  858.152245][T18909] loop0: detected capacity change from 0 to 512
[  858.159231][T18909] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  858.196498][T18915] loop3: detected capacity change from 0 to 512
[  858.197656][T18909] EXT4-fs (loop0): 1 truncate cleaned up
[  858.213584][T18909] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  858.232748][  T549] usb 3-1: 2:1 : unknown format tag 0x0 is detected.  processed as MPEG.
[  858.301129][  T549] usb 3-1: found format II with max.bitrate = 0, frame size=2
[  858.308975][  T549] usb 3-1: 2:1 : unknown format tag 0x0 is detected.  processed as MPEG.
[  858.313587][T18915] EXT4-fs (loop3): 1 orphan inode deleted
[  858.317690][  T549] usb 3-1: found format II with max.bitrate = 0, frame size=2
[  858.330586][T18915] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  858.339444][T18915] ext4 filesystem being mounted at /43/file1 supports timestamps until 2038 (0x7fffffff)
[  858.361382][T18918] EXT4-fs error (device loop0): htree_dirblock_to_tree:1111: inode #2: block 13: comm syz.0.5800: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[  858.392890][  T549] usb 3-1: failed to enable PITCH for EP 0x82
[  858.403196][T18248] EXT4-fs (loop3): unmounting filesystem.
[  858.404558][T18912] loop1: detected capacity change from 0 to 40427
[  858.438094][  T549] usb 3-1: USB disconnect, device number 58
[  858.454171][T12089] I/O error, dev loop1, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  858.608747][T18925] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  858.874586][T18930] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  859.000750][T18607] EXT4-fs (loop0): unmounting filesystem.
[  859.212025][T18938] loop1: detected capacity change from 0 to 512
[  859.218593][T18938] /dev/loop1: Can't open blockdev
[  859.227468][T18938] loop1: detected capacity change from 0 to 512
[  859.233801][T18938] /dev/loop1: Can't open blockdev
[  859.292787][   T39] usb 1-1: new high-speed USB device number 56 using dummy_hcd
[  859.952525][   T39] usb 1-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 0
[  859.964880][   T39] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  859.974826][   T39] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4
[  860.253676][   T39] usb 1-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[  860.263235][   T39] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  860.272863][   T39] usb 1-1: Product: syz
[  860.276855][   T39] usb 1-1: Manufacturer: syz
[  860.281278][   T39] usb 1-1: SerialNumber: syz
[  860.286418][   T39] usb 1-1: config 0 descriptor??
[  860.380572][   T39] usb-storage 1-1:0.0: USB Mass Storage device detected
[  860.398899][   T39] usb-storage 1-1:0.0: Quirks match for vid 1908 pid 1315: 20000
[  860.952555][ T1658] Bluetooth: hci0: command 0x1003 tx timeout
[  860.958616][T14278] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  861.121870][   T39] usb 1-1: USB disconnect, device number 56
[  861.132696][T18970] loop1: detected capacity change from 0 to 512
[  861.139288][T18970] /dev/loop1: Can't open blockdev
[  861.139762][T18969] device pim6reg1 entered promiscuous mode
[  861.203070][T18970] loop1: detected capacity change from 0 to 512
[  861.217345][T18970] /dev/loop1: Can't open blockdev
[  861.296010][T18981] loop4: detected capacity change from 0 to 512
[  861.358108][T18981] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  861.374818][T18981] ext4 filesystem being mounted at /9/file0 supports timestamps until 2038 (0x7fffffff)
[  861.432129][T18981] EXT4-fs error (device loop4): ext4_do_update_inode:5212: inode #2: comm syz.4.5822: corrupted inode contents
[  861.481711][T18981] EXT4-fs error (device loop4): ext4_dirty_inode:6074: inode #2: comm syz.4.5822: mark_inode_dirty error
[  861.526695][T18981] EXT4-fs error (device loop4): ext4_do_update_inode:5212: inode #2: comm syz.4.5822: corrupted inode contents
[  861.571848][T18981] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #2: comm syz.4.5822: mark_inode_dirty error
[  862.420221][T18743] EXT4-fs (loop4): unmounting filesystem.
[  862.481349][T18979] loop3: detected capacity change from 0 to 40427
[  862.506250][T18979] F2FS-fs (loop3): Invalid Fs Meta Ino: node(1) meta(2) root(0)
[  862.513874][T18979] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  862.523207][T18979] F2FS-fs (loop3): invalid crc value
[  862.565349][T18979] F2FS-fs (loop3): Found nat_bits in checkpoint
[  862.627148][T18979] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  862.634112][T18979] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  862.647554][T19005] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  862.753045][T18979] futex_wake_op: syz.3.5821 tries to shift op by -1; fix this program
[  862.754111][T19011] loop2: detected capacity change from 0 to 256
[  863.544770][T18248] F2FS-fs (loop3): access invalid blkaddr:2048
[  863.563211][   T28] audit: type=1326 audit(1726128390.280:774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18978 comm="syz.3.5821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd77717def9 code=0x7ffc0000
[  863.606897][T18248] CPU: 0 PID: 18248 Comm: syz-executor Not tainted 6.1.93-syzkaller-00004-g75c9b1955b7e #0
[  863.616716][T18248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  863.626612][T18248] Call Trace:
[  863.629735][T18248]  <TASK>
[  863.632511][T18248]  dump_stack_lvl+0x151/0x1b7
[  863.637026][T18248]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[  863.642317][T18248]  ? __f2fs_is_valid_blkaddr+0x31/0x1450
[  863.647780][T18248]  ? __f2fs_is_valid_blkaddr+0xd78/0x1450
[  863.653339][T18248]  dump_stack+0x15/0x1c
[  863.657330][T18248]  __f2fs_is_valid_blkaddr+0xda6/0x1450
[  863.662822][T18248]  f2fs_is_valid_blkaddr+0x25/0x30
[  863.667853][T18248]  f2fs_map_blocks+0xd32/0x43a0
[  863.672548][T18248]  ? f2fs_map_lock+0x260/0x260
[  863.677140][T18248]  ? xa_load+0x1a1/0x210
[  863.681215][T18248]  ? xas_find_conflict+0x8c0/0x8c0
[  863.686161][T18248]  ? kasan_check_range+0x17a/0x2a0
[  863.691111][T18248]  ? folio_unlock+0x5c/0x70
[  863.695452][T18248]  f2fs_mpage_readpages+0xc65/0x20f0
[  863.700575][T18248]  ? dquot_release_reservation_block+0xa0/0xa0
[  863.706564][T18248]  ? asm_sysvec_reschedule_ipi+0x1b/0x20
[  863.712034][T18248]  f2fs_readahead+0xfd/0x250
[  863.716459][T18248]  ? blk_start_plug+0x9c/0x130
[  863.721055][T18248]  read_pages+0x1be/0xd40
[  863.725229][T18248]  ? workingset_activation+0x430/0x430
[  863.730519][T18248]  ? folio_add_lru+0x280/0x3f0
[  863.735141][T18248]  ? page_cache_ra_unbounded+0x690/0x690
[  863.740582][T18248]  ? filemap_add_folio+0x18f/0x200
[  863.745617][T18248]  ? __filemap_add_folio+0xd10/0xd10
[  863.750738][T18248]  ? page_cache_ra_unbounded+0x42f/0x690
[  863.756206][T18248]  page_cache_ra_unbounded+0x4c1/0x690
[  863.761501][T18248]  ? readahead_gfp_mask+0x190/0x190
[  863.766538][T18248]  ? __kernel_text_address+0xd/0x40
[  863.771572][T18248]  ? unwind_get_return_address+0x4d/0x90
[  863.777034][T18248]  page_cache_ra_order+0x987/0xc40
[  863.782000][T18248]  ? do_page_cache_ra+0x110/0x110
[  863.786846][T18248]  ? __stack_depot_save+0x36/0x480
[  863.791875][T18248]  ? putname+0xfa/0x150
[  863.795867][T18248]  ondemand_readahead+0x91a/0xee0
[  863.800727][T18248]  ? kasan_set_track+0x4b/0x70
[  863.805330][T18248]  ? kasan_save_free_info+0x2b/0x40
[  863.810362][T18248]  ? ____kasan_slab_free+0x131/0x180
[  863.815484][T18248]  ? do_syscall_64+0x3b/0xb0
[  863.819911][T18248]  ? page_cache_sync_ra+0x450/0x450
[  863.824946][T18248]  ? blk_cgroup_congested+0x132/0x150
[  863.830151][T18248]  page_cache_sync_ra+0x3d6/0x450
[  863.835014][T18248]  f2fs_readdir+0x599/0xc10
[  863.839355][T18248]  ? f2fs_fill_dentries+0xd00/0xd00
[  863.844386][T18248]  ? __this_cpu_preempt_check+0x13/0x20
[  863.849766][T18248]  ? memcg_rstat_updated+0x4f/0x110
[  863.854815][T18248]  ? security_file_permission+0x86/0xb0
[  863.860183][T18248]  iterate_dir+0x265/0x610
[  863.864434][T18248]  ? f2fs_fill_dentries+0xd00/0xd00
[  863.869469][T18248]  __se_sys_getdents64+0x1c1/0x460
[  863.874418][T18248]  ? __x64_sys_getdents64+0x90/0x90
[  863.879458][T18248]  ? filldir+0x670/0x670
[  863.883530][T18248]  ? debug_smp_processor_id+0x17/0x20
[  863.888824][T18248]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  863.894725][T18248]  ? exit_to_user_mode_prepare+0x39/0xa0
[  863.900201][T18248]  __x64_sys_getdents64+0x7b/0x90
[  863.905079][T18248]  x64_sys_call+0x5ae/0x9a0
[  863.909393][T18248]  do_syscall_64+0x3b/0xb0
[  863.913644][T18248]  ? clear_bhb_loop+0x55/0xb0
[  863.918172][T18248]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  863.923887][T18248] RIP: 0033:0x7fd7771b0093
[  863.928141][T18248] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 52 43 f8 ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 a8 ff ff ff f7 d8
[  863.947582][T18248] RSP: 002b:00007ffe00183988 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9
[  863.955829][T18248] RAX: ffffffffffffffda RBX: 0000555555a724e0 RCX: 00007fd7771b0093
[  863.963642][T18248] RDX: 0000000000008000 RSI: 0000555555a724e0 RDI: 0000000000000005
[  863.971451][T18248] RBP: 0000555555a724b4 R08: 0000000000000000 R09: 0000000000000000
[  863.979260][T18248] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffa8
[  863.987072][T18248] R13: 0000000000000010 R14: 0000555555a724b0 R15: 00007ffe00185c30
[  863.994888][T18248]  </TASK>
[  863.998960][   T28] audit: type=1326 audit(1726128390.280:775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18978 comm="syz.3.5821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd77717def9 code=0x7ffc0000
[  864.028556][T18248] syz-executor: attempt to access beyond end of device
[  864.028556][T18248] loop3: rw=524288, sector=45064, nr_sectors = 8 limit=40427
[  864.047851][T18248] syz-executor: attempt to access beyond end of device
[  864.047851][T18248] loop3: rw=0, sector=45064, nr_sectors = 8 limit=40427
[  864.085610][   T43] kworker/u4:2: attempt to access beyond end of device
[  864.085610][   T43] loop3: rw=2049, sector=40960, nr_sectors = 32 limit=40427
[  864.170919][   T43] tipc: Disabling bearer <udp:s>
[  864.175899][   T43] tipc: Left network mode
[  864.212199][T19020] loop2: detected capacity change from 0 to 40427
[  864.630606][T19022] loop0: detected capacity change from 0 to 40427
[  864.640913][T19022] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  864.648733][T19022] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  864.661752][T19022] F2FS-fs (loop0): Found nat_bits in checkpoint
[  864.698315][T19022] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  864.705476][T19022] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  864.712952][ T1658] Bluetooth: hci0: command 0x1003 tx timeout
[  864.718807][T14278] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  864.755359][T19031] bridge0: port 1(bridge_slave_0) entered blocking state
[  864.762511][T19031] bridge0: port 1(bridge_slave_0) entered disabled state
[  864.769873][T19031] device bridge_slave_0 entered promiscuous mode
[  864.777250][T19031] bridge0: port 2(bridge_slave_1) entered blocking state
[  864.784269][T19031] bridge0: port 2(bridge_slave_1) entered disabled state
[  864.795655][T19031] device bridge_slave_1 entered promiscuous mode
[  865.429794][T19038] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  865.459973][   T43] device bridge_slave_1 left promiscuous mode
[  865.466245][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[  865.480629][   T43] device bridge_slave_0 left promiscuous mode
[  865.487330][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[  865.498662][   T43] device veth1_macvtap left promiscuous mode
[  865.504712][   T43] device veth0_vlan left promiscuous mode
[  865.860365][   T39] usb 3-1: new high-speed USB device number 59 using dummy_hcd
[  865.993304][T16662] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  866.015741][T16662] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  866.054016][T16662] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  866.074359][T16662] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  866.089631][T16662] bridge0: port 1(bridge_slave_0) entered blocking state
[  866.096563][T16662] bridge0: port 1(bridge_slave_0) entered forwarding state
[  866.112465][   T39] usb 3-1: Using ep0 maxpacket: 8
[  866.121848][T16662] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  866.130188][T16662] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  866.138307][T16662] bridge0: port 2(bridge_slave_1) entered blocking state
[  866.145184][T16662] bridge0: port 2(bridge_slave_1) entered forwarding state
[  866.153835][T16662] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  866.161284][T16662] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  866.169342][T16662] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  866.184201][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  866.194222][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  866.228485][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  866.236951][   T39] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  866.255931][   T39] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  866.270028][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  866.284629][   T39] usb 3-1: New USB device found, idVendor=06a3, idProduct=0ccd, bcdDevice= 0.00
[  866.300356][T19031] device veth0_vlan entered promiscuous mode
[  866.315542][   T39] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  866.326612][T19031] device veth1_macvtap entered promiscuous mode
[  866.336516][   T39] usb 3-1: config 0 descriptor??
[  866.347662][T16662] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  866.356423][T16662] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  866.364461][T16662] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  866.373191][T16662] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  866.382228][T16662] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  866.394320][T16662] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  866.417252][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  866.428731][  T478] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  866.460888][T19059] loop3: detected capacity change from 0 to 512
[  866.487931][T19059] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  866.520996][T19059] EXT4-fs (loop3): 1 truncate cleaned up
[  866.532586][T19059] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  866.710638][T19064] EXT4-fs error (device loop3): htree_dirblock_to_tree:1111: inode #2: block 13: comm syz.3.5835: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[  866.751829][T19071] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  866.803523][   T39] saitek 0003:06A3:0CCD.0062: unknown main item tag 0x0
[  866.810396][   T39] saitek 0003:06A3:0CCD.0062: unknown main item tag 0x0
[  866.817222][   T39] saitek 0003:06A3:0CCD.0062: item fetching failed at offset 2/11
[  866.824990][   T39] saitek 0003:06A3:0CCD.0062: parse failed
[  866.830697][   T39] saitek: probe of 0003:06A3:0CCD.0062 failed with error -22
[  866.862493][ T2818] usb 2-1: new high-speed USB device number 58 using dummy_hcd
[  867.003884][   T39] usb 3-1: USB disconnect, device number 59
[  867.242542][ T2818] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  867.253315][ T2818] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  867.262835][ T2818] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  867.271660][ T2818] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  867.280046][ T2818] usb 2-1: config 0 descriptor??
[  867.305876][T19031] EXT4-fs (loop3): unmounting filesystem.
[  867.410123][T19077] loop3: detected capacity change from 0 to 40427
[  867.416892][T19077] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  867.424554][T19077] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  867.434787][T19077] F2FS-fs (loop3): Found nat_bits in checkpoint
[  867.458980][T19077] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  867.466056][T19077] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  867.520851][T19083] loop2: detected capacity change from 0 to 512
[  867.527403][T19083] /dev/loop2: Can't open blockdev
[  867.565610][T19083] loop2: detected capacity change from 0 to 128
[  867.575778][T19083] /dev/loop2: Can't open blockdev
[  867.631490][T19085] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  867.972582][ T2818] usb 2-1: string descriptor 0 read error: -22
[  868.013594][T19098] loop0: detected capacity change from 0 to 512
[  868.019920][T19098] EXT4-fs: Ignoring removed orlov option
[  868.025960][T19098] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  868.038944][T19098] EXT4-fs error (device loop0): dx_probe:822: inode #2: comm syz.0.5853: Attempting to read directory block (0) that is past i_size (256)
[  868.053498][T19098] EXT4-fs (loop0): Remounting filesystem read-only
[  868.059927][T19098] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -117
[  868.067987][T19098] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  868.077625][T19098] EXT4-fs (loop0): shut down requested (2)
[  868.083660][T19098] EXT4-fs (loop0): re-mounted. Quota mode: writeback.
[  868.093544][T18607] EXT4-fs (loop0): unmounting filesystem.
[  868.184330][ T2818] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0063/input/input190
[  868.259723][T19103] loop0: detected capacity change from 0 to 256
[  868.453519][ T2818] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0063/input/input191
[  868.514533][ T2818] input: HID 256c:006d Touch Strip as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0063/input/input192
[  868.529569][ T2818] input: HID 256c:006d Dial as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0063/input/input193
[  868.542887][ T2818] uclogic 0003:256C:006D.0063: input,hiddev96,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.1-1/input0
[  868.556368][ T2818] usb 2-1: USB disconnect, device number 58
[  868.792696][ T1658] Bluetooth: hci0: command 0x1003 tx timeout
[  868.797587][T14278] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  868.815065][T19112] loop4: detected capacity change from 0 to 512
[  868.821751][T19112] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  868.832518][T19112] EXT4-fs (loop4): 1 truncate cleaned up
[  868.838088][T19112] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  868.943209][T19114] EXT4-fs error (device loop4): htree_dirblock_to_tree:1111: inode #2: block 13: comm syz.4.5857: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[  869.101646][T19116] loop0: detected capacity change from 0 to 40427
[  869.108481][T19116] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  869.116233][T19116] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  869.125394][T19116] F2FS-fs (loop0): invalid crc value
[  869.282044][T19116] F2FS-fs (loop0): Found nat_bits in checkpoint
[  869.340554][T19116] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  869.351458][T19126] loop3: detected capacity change from 0 to 512
[  869.352917][T19116] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  869.374880][T19116] syz.0.5858: attempt to access beyond end of device
[  869.374880][T19116] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  869.376632][T19126] EXT4-fs (loop3): 1 orphan inode deleted
[  869.394339][T19126] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  869.403163][T19126] ext4 filesystem being mounted at /4/file1 supports timestamps until 2038 (0x7fffffff)
[  869.411373][T18607] syz-executor: attempt to access beyond end of device
[  869.411373][T18607] loop0: rw=2051, sector=45096, nr_sectors = 8 limit=40427
[  869.426981][T18607] F2FS-fs (loop0): Issue discard(5637, 5637, 1) failed, ret: -5
[  869.452058][T19031] EXT4-fs (loop3): unmounting filesystem.
[  869.507313][T19134] loop3: detected capacity change from 0 to 512
[  869.526083][T19134] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  869.536055][T19134] ext4 filesystem being mounted at /7/file0 supports timestamps until 2038 (0x7fffffff)
[  869.551367][T19134] EXT4-fs error (device loop3): ext4_do_update_inode:5212: inode #2: comm syz.3.5864: corrupted inode contents
[  869.563769][T19134] EXT4-fs error (device loop3): ext4_dirty_inode:6074: inode #2: comm syz.3.5864: mark_inode_dirty error
[  869.577974][T19134] EXT4-fs error (device loop3): ext4_do_update_inode:5212: inode #2: comm syz.3.5864: corrupted inode contents
[  869.591448][T19134] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #2: comm syz.3.5864: mark_inode_dirty error
[  869.627650][T19140] loop0: detected capacity change from 0 to 512
[  869.634350][T19140] EXT4-fs: Ignoring removed orlov option
[  869.643227][T19140] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  869.665948][T19140] EXT4-fs error (device loop0): dx_probe:822: inode #2: comm syz.0.5865: Attempting to read directory block (0) that is past i_size (256)
[  869.680609][T19140] EXT4-fs (loop0): Remounting filesystem read-only
[  869.687084][T19140] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -117
[  869.688148][T18743] EXT4-fs (loop4): unmounting filesystem.
[  869.695645][T19140] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  869.814608][T19140] EXT4-fs (loop0): shut down requested (2)
[  869.839700][T19140] EXT4-fs (loop0): re-mounted. Quota mode: writeback.
[  869.947637][T18607] EXT4-fs (loop0): unmounting filesystem.
[  869.974957][T19148] loop1: detected capacity change from 0 to 512
[  870.007001][T19148] /dev/loop1: Can't open blockdev
[  870.190388][T19157] loop0: detected capacity change from 0 to 256
[  870.429742][T19031] EXT4-fs (loop3): unmounting filesystem.
[  870.817182][T19166] loop4: detected capacity change from 0 to 512
[  870.844478][T19166] EXT4-fs (loop4): 1 orphan inode deleted
[  870.850120][T19166] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  870.858987][T19166] ext4 filesystem being mounted at /18/file1 supports timestamps until 2038 (0x7fffffff)
[  870.925496][T18743] EXT4-fs (loop4): unmounting filesystem.
[  870.996053][T19177] loop1: detected capacity change from 0 to 512
[  871.004438][T19177] EXT4-fs: Ignoring removed orlov option
[  871.010039][T19177] /dev/loop1: Can't open blockdev
[  871.887599][T19188] loop0: detected capacity change from 0 to 512
[  871.924290][T19188] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  871.933240][T19188] ext4 filesystem being mounted at /44/file0 supports timestamps until 2038 (0x7fffffff)
[  871.948585][T13329] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  871.982337][T19188] EXT4-fs error (device loop0): ext4_do_update_inode:5212: inode #2: comm syz.0.5881: corrupted inode contents
[  871.989692][T19193] loop3: detected capacity change from 0 to 2048
[  872.098520][T19188] EXT4-fs error (device loop0): ext4_dirty_inode:6074: inode #2: comm syz.0.5881: mark_inode_dirty error
[  872.210668][T19188] EXT4-fs error (device loop0): ext4_do_update_inode:5212: inode #2: comm syz.0.5881: corrupted inode contents
[  872.235193][T19188] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #2: comm syz.0.5881: mark_inode_dirty error
[  872.240413][T19193] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  872.957243][T19209] xt_CT: No such helper "snmp_trap"
[  873.308044][T18607] EXT4-fs (loop0): unmounting filesystem.
[  873.334476][T19031] EXT4-fs (loop3): unmounting filesystem.
[  873.368338][   T39] usb 2-1: new full-speed USB device number 59 using dummy_hcd
[  873.401424][T19215] loop3: detected capacity change from 0 to 512
[  873.528585][T19215] EXT4-fs (loop3): 1 orphan inode deleted
[  873.533053][T19206] loop2: detected capacity change from 0 to 40427
[  873.535221][T19215] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  873.549449][T19215] ext4 filesystem being mounted at /12/file1 supports timestamps until 2038 (0x7fffffff)
[  873.573579][T13329] I/O error, dev loop2, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  873.684980][ T1658] Bluetooth: hci0: sending frame failed (-49)
[  873.689096][T19224] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  873.690944][T14278] Bluetooth: hci0: Opcode 0x1003 failed: -49
[  873.742541][   T39] usb 2-1: config index 0 descriptor too short (expected 65233, got 154)
[  873.753175][   T39] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  873.758131][T19031] EXT4-fs (loop3): unmounting filesystem.
[  873.774026][   T39] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4
[  873.795898][   T39] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 252, changing to 4
[  874.073689][T19229] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  874.084654][   T39] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  874.093817][   T39] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  874.101933][   T39] usb 2-1: Product: syz
[  874.106101][   T39] usb 2-1: Manufacturer: syz
[  874.110562][   T39] usb 2-1: SerialNumber: syz
[  874.513207][   T39] usb 2-1: 2:1 : unknown format tag 0x0 is detected.  processed as MPEG.
[  874.556673][   T39] usb 2-1: found format II with max.bitrate = 0, frame size=2
[  874.562433][T19247] loop0: detected capacity change from 0 to 512
[  874.573249][   T39] usb 2-1: 2:1 : unknown format tag 0x0 is detected.  processed as MPEG.
[  874.582622][   T39] usb 2-1: found format II with max.bitrate = 0, frame size=2
[  874.597127][T19247] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  874.642718][   T39] usb 2-1: failed to enable PITCH for EP 0x82
[  874.644864][T19247] EXT4-fs (loop0): 1 truncate cleaned up
[  874.654229][T19247] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  874.669914][   T39] usb 2-1: USB disconnect, device number 59
[  874.740222][T12046] udevd[12046]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  874.741382][T19250] loop3: detected capacity change from 0 to 512
[  874.787186][T19250] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  874.796919][T19250] ext4 filesystem being mounted at /14/file0 supports timestamps until 2038 (0x7fffffff)
[  874.843958][T19254] EXT4-fs error (device loop0): htree_dirblock_to_tree:1111: inode #2: block 13: comm syz.0.5896: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[  874.995785][T19250] EXT4-fs error (device loop3): ext4_do_update_inode:5212: inode #2: comm syz.3.5897: corrupted inode contents
[  875.015981][T19250] EXT4-fs error (device loop3): ext4_dirty_inode:6074: inode #2: comm syz.3.5897: mark_inode_dirty error
[  875.028369][T19250] EXT4-fs error (device loop3): ext4_do_update_inode:5212: inode #2: comm syz.3.5897: corrupted inode contents
[  875.039907][T19258] loop4: detected capacity change from 0 to 512
[  875.043493][T19258] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  875.051339][T19250] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #2: comm syz.3.5897: mark_inode_dirty error
[  875.057887][T19258] EXT4-fs (loop4): 1 truncate cleaned up
[  875.072529][T19258] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  875.435707][T19265] EXT4-fs error (device loop4): htree_dirblock_to_tree:1111: inode #2: block 13: comm syz.4.5899: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[  875.621830][T18607] EXT4-fs (loop0): unmounting filesystem.
[  875.654518][T19031] EXT4-fs (loop3): unmounting filesystem.
[  875.672609][   T39] usb 2-1: new high-speed USB device number 60 using dummy_hcd
[  875.863626][T19261] loop2: detected capacity change from 0 to 40427
[  875.904273][T18743] EXT4-fs (loop4): unmounting filesystem.
[  875.967348][T19273] loop4: detected capacity change from 0 to 512
[  875.980205][T19273] EXT4-fs: Ignoring removed orlov option
[  875.993343][T19273] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  876.018440][T19273] EXT4-fs error (device loop4): dx_probe:822: inode #2: comm syz.4.5903: Attempting to read directory block (0) that is past i_size (256)
[  876.032551][   T39] usb 2-1: Using ep0 maxpacket: 8
[  876.072841][T19273] EXT4-fs (loop4): Remounting filesystem read-only
[  876.079720][T19270] loop3: detected capacity change from 0 to 40427
[  876.145619][T19273] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -117
[  876.153981][T19270] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  876.161713][T19270] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  876.170009][T19273] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  876.182507][   T39] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[  876.195647][   T39] usb 2-1: config 179 has no interface number 0
[  876.204154][T19273] EXT4-fs (loop4): shut down requested (2)
[  876.210337][   T39] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  876.221564][   T39] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1029, setting to 1024
[  876.237358][T19273] EXT4-fs (loop4): re-mounted. Quota mode: writeback.
[  876.284753][   T39] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 255, changing to 11
[  876.342165][T19270] F2FS-fs (loop3): Found nat_bits in checkpoint
[  876.414274][T18743] EXT4-fs (loop4): unmounting filesystem.
[  876.442907][   T39] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 59391, setting to 1024
[  876.515264][   T39] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  876.528698][   T39] usb 2-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  876.537901][T19270] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  876.537904][   T39] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  876.552662][T19256] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  876.559522][T19256] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  876.562502][T19270] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  876.596508][   T39] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:179.65/input/input194
[  876.687778][T19286] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  876.778992][T19291] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  877.100574][T19256] tipc: Enabling of bearer <udp:s> rejected, already enabled
[  877.109044][   T39] usb 2-1: USB disconnect, device number 60
[  877.115093][    C1] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  877.141861][   T39] xpad 2-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  878.178287][T19312] loop3: detected capacity change from 0 to 512
[  878.239317][T19312] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  878.260516][T19312] ext4 filesystem being mounted at /17/file0 supports timestamps until 2038 (0x7fffffff)
[  878.275626][T19312] EXT4-fs error (device loop3): ext4_do_update_inode:5212: inode #2: comm syz.3.5912: corrupted inode contents
[  878.287529][T19312] EXT4-fs error (device loop3): ext4_dirty_inode:6074: inode #2: comm syz.3.5912: mark_inode_dirty error
[  878.299360][T19312] EXT4-fs error (device loop3): ext4_do_update_inode:5212: inode #2: comm syz.3.5912: corrupted inode contents
[  878.307092][T19296] loop0: detected capacity change from 0 to 40427
[  878.311519][T19312] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #2: comm syz.3.5912: mark_inode_dirty error
[  878.326889][T19296] F2FS-fs (loop0): invalid crc value
[  878.387068][T19296] F2FS-fs (loop0): Found nat_bits in checkpoint
[  878.426733][T19296] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  878.729067][T19322] loop4: detected capacity change from 0 to 2048
[  878.767183][T19322] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  878.792498][T14278] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  878.953745][T19329] xt_CT: No such helper "snmp_trap"
[  879.195477][T19031] EXT4-fs (loop3): unmounting filesystem.
[  879.334039][T19333] loop2: detected capacity change from 0 to 512
[  879.361905][T19333] EXT4-fs: Ignoring removed orlov option
[  879.373682][T19333] /dev/loop2: Can't open blockdev
[  879.573888][T18743] EXT4-fs (loop4): unmounting filesystem.
[  879.658285][T19337] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5916'.
[  880.274888][T19337] bridge0: port 1(bridge_slave_0) entered disabled state
[  880.282257][T19337] device bridge_slave_0 left promiscuous mode
[  880.288283][T19337] bridge0: port 1(bridge_slave_0) entered disabled state
[  880.332637][T18607] syz-executor: attempt to access beyond end of device
[  880.332637][T18607] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  880.633589][T19348] loop1: detected capacity change from 0 to 512
[  880.695780][T19348] /dev/loop1: Can't open blockdev
[  880.726245][T19348] loop1: detected capacity change from 0 to 512
[  880.739010][T19348] /dev/loop1: Can't open blockdev
[  880.772517][T19331] loop3: detected capacity change from 0 to 40427
[  880.779262][T19331] F2FS-fs (loop3): Invalid Fs Meta Ino: node(1) meta(2) root(0)
[  880.788188][T19331] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  880.797360][T19331] F2FS-fs (loop3): invalid crc value
[  880.857252][T19331] F2FS-fs (loop3): Found nat_bits in checkpoint
[  880.895060][T19340] loop4: detected capacity change from 0 to 40427
[  880.896498][T19331] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  880.909077][T19331] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  880.918118][T19340] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  880.926209][T19340] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  881.123375][T19340] F2FS-fs (loop4): Found nat_bits in checkpoint
[  881.184298][T19340] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  881.228767][T19340] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  881.249394][T19365] futex_wake_op: syz.3.5914 tries to shift op by -1; fix this program
[  881.258348][T19365] overlayfs: failed to resolve './file0': -2
[  881.266351][   T28] audit: type=1326 audit(1726128408.780:776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19330 comm="syz.3.5914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19ec57def9 code=0x7ffc0000
[  881.290329][   T28] audit: type=1326 audit(1726128408.780:777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19330 comm="syz.3.5914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19ec57def9 code=0x7ffc0000
[  881.412295][T19031] syz-executor: attempt to access beyond end of device
[  881.412295][T19031] loop3: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  881.706737][T19379] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  881.814123][T19381] loop3: detected capacity change from 0 to 512
[  881.828737][T19381] EXT4-fs: Ignoring removed orlov option
[  881.837330][T19381] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  881.876512][T19384] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  881.887778][T19381] EXT4-fs error (device loop3): dx_probe:822: inode #2: comm syz.3.5927: Attempting to read directory block (0) that is past i_size (256)
[  881.923421][T19381] EXT4-fs (loop3): Remounting filesystem read-only
[  881.948247][T19381] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117
[  881.962639][T19381] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  881.996740][T19381] EXT4-fs (loop3): shut down requested (2)
[  882.006117][T19381] EXT4-fs (loop3): re-mounted. Quota mode: writeback.
[  882.031651][T19031] EXT4-fs (loop3): unmounting filesystem.
[  882.078263][T19389] support for the xor transformation has been removed.
[  882.182183][T19393] device ip6gretap0 entered promiscuous mode
[  882.205049][T19393] device ip6gretap0 left promiscuous mode
[  882.350907][T19387] loop4: detected capacity change from 0 to 40427
[  882.382493][T19387] F2FS-fs (loop4): invalid crc value
[  882.411445][T19387] F2FS-fs (loop4): Found nat_bits in checkpoint
[  882.456032][T19387] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  882.534634][T19405] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5934'.
[  882.980331][T19411] loop1: detected capacity change from 0 to 512
[  882.989693][T19411] /dev/loop1: Can't open blockdev
[  883.048659][T19411] loop1: detected capacity change from 0 to 512
[  883.062232][T19411] /dev/loop1: Can't open blockdev
[  883.421386][T18743] syz-executor: attempt to access beyond end of device
[  883.421386][T18743] loop4: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  883.733355][T19421] loop4: detected capacity change from 0 to 512
[  883.740952][T19415] loop3: detected capacity change from 0 to 40427
[  883.747761][T19415] F2FS-fs (loop3): Invalid Fs Meta Ino: node(1) meta(2) root(0)
[  883.755646][T19415] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  883.758132][T19421] EXT4-fs (loop4): 1 orphan inode deleted
[  883.763841][T19409] usb 3-1: new high-speed USB device number 60 using dummy_hcd
[  883.769336][T19421] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  883.778048][T19415] F2FS-fs (loop3): invalid crc value
[  883.785677][T19421] ext4 filesystem being mounted at /31/file1 supports timestamps until 2038 (0x7fffffff)
[  883.791957][T19415] F2FS-fs (loop3): Found nat_bits in checkpoint
[  883.840128][T19415] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  883.847256][T19415] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  883.903169][T18743] EXT4-fs (loop4): unmounting filesystem.
[  883.915181][T14278] Bluetooth: hci0: command 0x1003 tx timeout
[  883.921050][ T1658] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  883.966756][T19431] futex_wake_op: syz.3.5937 tries to shift op by -1; fix this program
[  883.975179][T19431] overlayfs: failed to resolve './file0': -2
[  883.982725][   T28] audit: type=1326 audit(1726128411.490:778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19414 comm="syz.3.5937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19ec57def9 code=0x7ffc0000
[  884.023226][   T28] audit: type=1326 audit(1726128411.490:779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19414 comm="syz.3.5937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19ec57def9 code=0x7ffc0000
[  884.046523][T19409] usb 3-1: Using ep0 maxpacket: 8
[  884.110762][T19031] syz-executor: attempt to access beyond end of device
[  884.110762][T19031] loop3: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  884.112146][T19430] loop1: detected capacity change from 0 to 40427
[  884.192538][T19409] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[  884.200731][T19409] usb 3-1: config 179 has no interface number 0
[  884.212899][T19409] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  884.226965][T19409] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1029, setting to 1024
[  884.239497][T19409] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 255, changing to 11
[  884.251074][T19409] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 59391, setting to 1024
[  884.262503][T19409] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  884.275740][T19409] usb 3-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  884.285028][T19409] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  884.312520][T19413] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  884.319621][T19413] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  884.343105][T19409] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input195
[  884.537527][T19413] tipc: Enabling of bearer <udp:s> rejected, already enabled
[  884.546703][T19409] usb 3-1: USB disconnect, device number 60
[  884.552471][    C0] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  884.560859][T19409] xpad 3-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  884.897569][T19454] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  884.982537][  T312] usb 2-1: new high-speed USB device number 61 using dummy_hcd
[  885.262576][  T312] usb 2-1: device descriptor read/64, error -71
[  885.387592][   T28] audit: type=1326 audit(1726128412.900:780): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19461 comm="syz.3.5950" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f19ec57def9 code=0x0
[  885.710645][  T312] usb 2-1: device descriptor read/64, error -71
[  885.846102][T19457] loop0: detected capacity change from 0 to 40427
[  885.859172][T19457] F2FS-fs (loop0): invalid crc value
[  885.877024][T19457] F2FS-fs (loop0): Found nat_bits in checkpoint
[  885.877872][T19468] loop4: detected capacity change from 0 to 512
[  885.936549][T19468] EXT4-fs (loop4): 1 orphan inode deleted
[  885.942234][T19468] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  885.942598][T19457] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  885.951116][T19468] ext4 filesystem being mounted at /35/file1 supports timestamps until 2038 (0x7fffffff)
[  885.982486][  T312] usb 2-1: new high-speed USB device number 62 using dummy_hcd
[  886.049647][T18743] EXT4-fs (loop4): unmounting filesystem.
[  887.398957][T19483] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  887.411177][T18607] syz-executor: attempt to access beyond end of device
[  887.411177][T18607] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  887.472521][  T312] usb 2-1: device descriptor read/64, error -71
[  887.962055][T19479] loop4: detected capacity change from 0 to 40427
[  887.977372][T19479] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  887.985146][T19479] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  888.050557][T19495] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5956'.
[  888.143135][T19479] F2FS-fs (loop4): invalid crc value
[  888.149476][T19479] F2FS-fs (loop4): invalid crc value
[  888.168525][T19479] F2FS-fs (loop4): Failed to get valid F2FS checkpoint
[  888.917844][   T28] audit: type=1326 audit(1726128416.380:781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19504 comm="syz.0.5960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa15b17def9 code=0x7ffc0000
[  889.042219][   T28] audit: type=1326 audit(1726128416.380:782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19504 comm="syz.0.5960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa15b17def9 code=0x7ffc0000
[  889.065722][   T28] audit: type=1326 audit(1726128416.380:783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19504 comm="syz.0.5960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa15b17def9 code=0x7ffc0000
[  889.089059][   T28] audit: type=1326 audit(1726128416.390:784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19504 comm="syz.0.5960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa15b17def9 code=0x7ffc0000
[  889.122680][   T28] audit: type=1326 audit(1726128416.390:785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19504 comm="syz.0.5960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa15b17def9 code=0x7ffc0000
[  889.166596][   T28] audit: type=1326 audit(1726128416.390:786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19504 comm="syz.0.5960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa15b17def9 code=0x7ffc0000
[  889.222578][   T28] audit: type=1326 audit(1726128416.390:787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19504 comm="syz.0.5960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa15b17def9 code=0x7ffc0000
[  889.256865][   T28] audit: type=1326 audit(1726128416.390:788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19504 comm="syz.0.5960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa15b17def9 code=0x7ffc0000
[  889.280356][   T28] audit: type=1326 audit(1726128416.390:789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19504 comm="syz.0.5960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fa15b17def9 code=0x7ffc0000
[  889.312519][   T28] audit: type=1326 audit(1726128416.400:790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19504 comm="syz.0.5960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fa15b17df33 code=0x7ffc0000
[  889.399579][T19509] loop1: detected capacity change from 0 to 40427
[  889.432470][   T45] Bluetooth: hci0: command 0x1003 tx timeout
[  889.432512][ T1658] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  890.754309][T19538] loop4: detected capacity change from 0 to 40427
[  890.778753][T19531] loop3: detected capacity change from 0 to 40427
[  890.790893][T19538] F2FS-fs (loop4): Invalid Fs Meta Ino: node(1) meta(2) root(0)
[  890.811370][T19531] F2FS-fs (loop3): invalid crc value
[  890.816662][T19538] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  890.823880][T19531] F2FS-fs (loop3): Found nat_bits in checkpoint
[  890.829082][T19538] F2FS-fs (loop4): invalid crc value
[  890.837449][T19538] F2FS-fs (loop4): Found nat_bits in checkpoint
[  890.862894][T19531] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  890.879895][T19538] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  890.941960][T19538] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  891.247815][T19557] futex_wake_op: syz.4.5969 tries to shift op by -1; fix this program
[  892.299625][T18743] F2FS-fs (loop4): access invalid blkaddr:2048
[  892.307354][T18743] CPU: 1 PID: 18743 Comm: syz-executor Not tainted 6.1.93-syzkaller-00004-g75c9b1955b7e #0
[  892.317248][T18743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  892.327136][T18743] Call Trace:
[  892.330260][T18743]  <TASK>
[  892.333071][T18743]  dump_stack_lvl+0x151/0x1b7
[  892.337556][T18743]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[  892.342842][T18743]  ? f2fs_get_next_page_offset+0x770/0x770
[  892.348486][T18743]  dump_stack+0x15/0x1c
[  892.352477][T18743]  __f2fs_is_valid_blkaddr+0xda6/0x1450
[  892.357869][T18743]  f2fs_is_valid_blkaddr+0x25/0x30
[  892.362811][T18743]  f2fs_map_blocks+0xd32/0x43a0
[  892.367497][T18743]  ? mempool_alloc_slab+0x1d/0x30
[  892.372359][T18743]  ? f2fs_map_lock+0x260/0x260
[  892.376957][T18743]  ? xa_load+0x1a1/0x210
[  892.381314][T18743]  ? xas_find_conflict+0x8c0/0x8c0
[  892.386264][T18743]  ? folio_unlock+0x5c/0x70
[  892.390601][T18743]  f2fs_mpage_readpages+0xc65/0x20f0
[  892.395812][T18743]  ? get_page_from_freelist+0x27ea/0x2870
[  892.401365][T18743]  ? xas_load+0x39d/0x3b0
[  892.405534][T18743]  ? dquot_release_reservation_block+0xa0/0xa0
[  892.411521][T18743]  ? __this_cpu_preempt_check+0x13/0x20
[  892.416934][T18743]  ? memcg_rstat_updated+0x4f/0x110
[  892.421944][T18743]  f2fs_readahead+0xfd/0x250
[  892.426368][T18743]  ? blk_start_plug+0x9c/0x130
[  892.430960][T18743]  read_pages+0x1be/0xd40
[  892.435128][T18743]  ? workingset_activation+0x430/0x430
[  892.440421][T18743]  ? folio_add_lru+0x280/0x3f0
[  892.445020][T18743]  ? page_cache_ra_unbounded+0x690/0x690
[  892.450490][T18743]  ? filemap_add_folio+0x18f/0x200
[  892.455436][T18743]  ? __filemap_add_folio+0xd10/0xd10
[  892.460742][T18743]  page_cache_ra_unbounded+0x4c1/0x690
[  892.466138][T18743]  ? readahead_gfp_mask+0x190/0x190
[  892.471231][T18743]  ? __kernel_text_address+0xd/0x40
[  892.476267][T18743]  ? unwind_get_return_address+0x4d/0x90
[  892.481735][T18743]  page_cache_ra_order+0x987/0xc40
[  892.486686][T18743]  ? do_page_cache_ra+0x110/0x110
[  892.491629][T18743]  ? __stack_depot_save+0x36/0x480
[  892.496578][T18743]  ? putname+0xfa/0x150
[  892.500575][T18743]  ondemand_readahead+0x91a/0xee0
[  892.505437][T18743]  ? kasan_set_track+0x4b/0x70
[  892.510114][T18743]  ? kasan_save_free_info+0x2b/0x40
[  892.512545][T19409] usb 3-1: new high-speed USB device number 61 using dummy_hcd
[  892.515150][T18743]  ? ____kasan_slab_free+0x131/0x180
[  892.527651][T18743]  ? do_syscall_64+0x3b/0xb0
[  892.532074][T18743]  ? page_cache_sync_ra+0x450/0x450
[  892.537283][T18743]  ? blk_cgroup_congested+0x132/0x150
[  892.542440][T18743]  page_cache_sync_ra+0x3d6/0x450
[  892.547283][T18743]  f2fs_readdir+0x599/0xc10
[  892.551634][T18743]  ? f2fs_fill_dentries+0xd00/0xd00
[  892.556657][T18743]  ? __this_cpu_preempt_check+0x13/0x20
[  892.562208][T18743]  ? memcg_rstat_updated+0x4f/0x110
[  892.567253][T18743]  ? security_file_permission+0x86/0xb0
[  892.572626][T18743]  iterate_dir+0x265/0x610
[  892.576877][T18743]  ? f2fs_fill_dentries+0xd00/0xd00
[  892.581918][T18743]  __se_sys_getdents64+0x1c1/0x460
[  892.586959][T18743]  ? __x64_sys_getdents64+0x90/0x90
[  892.591903][T18743]  ? filldir+0x670/0x670
[  892.595973][T18743]  ? debug_smp_processor_id+0x17/0x20
[  892.601283][T18743]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  892.607185][T18743]  ? exit_to_user_mode_prepare+0x39/0xa0
[  892.612656][T18743]  __x64_sys_getdents64+0x7b/0x90
[  892.617513][T18743]  x64_sys_call+0x5ae/0x9a0
[  892.621939][T18743]  do_syscall_64+0x3b/0xb0
[  892.626192][T18743]  ? clear_bhb_loop+0x55/0xb0
[  892.630713][T18743]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  892.636432][T18743] RIP: 0033:0x7fcdf67b0093
[  892.640691][T18743] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 52 43 f8 ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 a8 ff ff ff f7 d8
[  892.660133][T18743] RSP: 002b:00007ffebd3714b8 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9
[  892.668375][T18743] RAX: ffffffffffffffda RBX: 0000555556b774e0 RCX: 00007fcdf67b0093
[  892.676183][T18743] RDX: 0000000000008000 RSI: 0000555556b774e0 RDI: 0000000000000005
[  892.683995][T18743] RBP: 0000555556b774b4 R08: 0000000000000000 R09: 0000000000000000
[  892.691806][T18743] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffa8
[  892.699618][T18743] R13: 0000000000000010 R14: 0000555556b774b0 R15: 00007ffebd373760
[  892.707467][T18743]  </TASK>
[  892.711096][T19031] syz-executor: attempt to access beyond end of device
[  892.711096][T19031] loop3: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  892.716444][T18743] syz-executor: attempt to access beyond end of device
[  892.716444][T18743] loop4: rw=524288, sector=45064, nr_sectors = 8 limit=40427
[  892.739664][T18743] syz-executor: attempt to access beyond end of device
[  892.739664][T18743] loop4: rw=0, sector=45064, nr_sectors = 8 limit=40427
[  892.782850][ T8257] kworker/u4:7: attempt to access beyond end of device
[  892.782850][ T8257] loop4: rw=2049, sector=40960, nr_sectors = 32 limit=40427
[  893.362495][T19409] usb 3-1: config 0 has no interfaces?
[  893.392310][T19569] bridge0: port 1(bridge_slave_0) entered blocking state
[  893.399327][T19569] bridge0: port 1(bridge_slave_0) entered disabled state
[  893.406672][T19569] device bridge_slave_0 entered promiscuous mode
[  893.414779][T19569] bridge0: port 2(bridge_slave_1) entered blocking state
[  893.421644][T19569] bridge0: port 2(bridge_slave_1) entered disabled state
[  893.429025][T19569] device bridge_slave_1 entered promiscuous mode
[  893.498896][T19569] bridge0: port 2(bridge_slave_1) entered blocking state
[  893.505806][T19569] bridge0: port 2(bridge_slave_1) entered forwarding state
[  893.512881][T19569] bridge0: port 1(bridge_slave_0) entered blocking state
[  893.519663][T19569] bridge0: port 1(bridge_slave_0) entered forwarding state
[  893.539948][T13834] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  893.547081][T19409] usb 3-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[  893.556417][T13834] bridge0: port 1(bridge_slave_0) entered disabled state
[  893.563564][T19409] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  893.571798][T13834] bridge0: port 2(bridge_slave_1) entered disabled state
[  893.579090][T19409] usb 3-1: Product: syz
[  893.585133][T19409] usb 3-1: Manufacturer: syz
[  893.591547][T19409] usb 3-1: SerialNumber: syz
[  893.597460][  T549] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  893.599864][T19409] r8152-cfgselector 3-1: config 0 descriptor??
[  893.610807][  T549] bridge0: port 1(bridge_slave_0) entered blocking state
[  893.618174][  T549] bridge0: port 1(bridge_slave_0) entered forwarding state
[  893.628249][  T549] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  893.637663][  T549] bridge0: port 2(bridge_slave_1) entered blocking state
[  893.644558][  T549] bridge0: port 2(bridge_slave_1) entered forwarding state
[  893.766411][T16662] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  893.782528][T19409] r8152-cfgselector 3-1: Unknown version 0x0000
[  893.782945][T16662] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  893.799507][T19409] r8152-cfgselector 3-1: USB disconnect, device number 61
[  893.808463][T19580] syz.2.5978 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  893.844877][  T549] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  893.863481][  T549] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  893.882057][T19584] loop2: detected capacity change from 0 to 512
[  893.901201][  T549] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  893.912351][T19584] /dev/loop2: Can't open blockdev
[  893.918514][  T549] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  894.009667][T19569] device veth0_vlan entered promiscuous mode
[  894.020029][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  894.027561][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  894.038802][T19569] device veth1_macvtap entered promiscuous mode
[  894.045506][  T549] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  894.053726][  T549] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  894.063849][  T549] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  894.448261][ T8257] device bridge_slave_1 left promiscuous mode
[  894.457990][ T8257] bridge0: port 2(bridge_slave_1) entered disabled state
[  894.478247][ T8257] device bridge_slave_0 left promiscuous mode
[  894.496896][ T8257] bridge0: port 1(bridge_slave_0) entered disabled state
[  894.531638][ T8257] device veth1_macvtap left promiscuous mode
[  894.545257][ T8257] device veth0_vlan left promiscuous mode
[  894.746665][T19409] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  894.750451][T19599] loop2: detected capacity change from 0 to 512
[  894.759131][T19409] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  894.778716][T19409] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  894.783991][T19599] /dev/loop2: Can't open blockdev
[  894.802718][T19409] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  894.822486][T13834] usb 2-1: new high-speed USB device number 63 using dummy_hcd
[  894.838977][T19599] loop2: detected capacity change from 0 to 128
[  894.852812][T19599] /dev/loop2: Can't open blockdev
[  894.861048][T19601] loop4: detected capacity change from 0 to 512
[  894.882699][T19601] EXT4-fs (loop4): Test dummy encryption mode enabled
[  894.940409][T19601] EXT4-fs error (device loop4): __ext4_iget:5046: inode #11: block 1: comm syz.4.5985: invalid block
[  894.961530][T19601] EXT4-fs error (device loop4): ext4_orphan_get:1401: comm syz.4.5985: couldn't read orphan inode 11 (err -117)
[  894.981846][T19601] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  895.037335][T19597] loop0: detected capacity change from 0 to 40427
[  895.060776][T19597] F2FS-fs (loop0): invalid crc value
[  895.067048][T19597] F2FS-fs (loop0): Found nat_bits in checkpoint
[  895.093399][T19597] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  895.102589][T13834] usb 2-1: device descriptor read/64, error -71
[  895.336935][   T28] kauditd_printk_skb: 30 callbacks suppressed
[  895.444890][   T28] audit: type=1326 audit(1726128422.710:821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19607 comm="syz.2.5987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b9517def9 code=0x7ffc0000
[  895.479261][   T28] audit: type=1326 audit(1726128422.720:822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19607 comm="syz.2.5987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b9517def9 code=0x7ffc0000
[  895.515981][   T28] audit: type=1326 audit(1726128422.720:823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19607 comm="syz.2.5987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5b9517def9 code=0x7ffc0000
[  895.540243][   T28] audit: type=1326 audit(1726128422.730:824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19607 comm="syz.2.5987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b9517def9 code=0x7ffc0000
[  895.603701][   T28] audit: type=1326 audit(1726128422.740:825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19607 comm="syz.2.5987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b9517def9 code=0x7ffc0000
[  895.629145][   T28] audit: type=1326 audit(1726128422.760:826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19607 comm="syz.2.5987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5b9517def9 code=0x7ffc0000
[  895.654447][   T28] audit: type=1326 audit(1726128422.760:827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19607 comm="syz.2.5987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b9517def9 code=0x7ffc0000
[  895.678486][  T312] usb 5-1: new high-speed USB device number 53 using dummy_hcd
[  895.687263][   T28] audit: type=1326 audit(1726128422.760:828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19607 comm="syz.2.5987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b9517def9 code=0x7ffc0000
[  895.751834][   T28] audit: type=1326 audit(1726128422.770:829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19607 comm="syz.2.5987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f5b9517def9 code=0x7ffc0000
[  895.775578][   T28] audit: type=1326 audit(1726128422.790:830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19607 comm="syz.2.5987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f5b9517df33 code=0x7ffc0000
[  896.002855][T18607] syz-executor: attempt to access beyond end of device
[  896.002855][T18607] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  896.062519][T13834] usb 2-1: device descriptor read/64, error -71
[  896.162583][  T478] usb 3-1: new high-speed USB device number 62 using dummy_hcd
[  896.203835][  T312] usb 5-1: config 0 has no interfaces?
[  896.209290][  T312] usb 5-1: New USB device found, idVendor=056e, idProduct=00fc, bcdDevice= 0.00
[  896.218323][  T312] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  896.233020][  T312] usb 5-1: config 0 descriptor??
[  896.442494][T13834] usb 2-1: new high-speed USB device number 64 using dummy_hcd
[  896.522505][  T478] usb 3-1: config 0 has no interfaces?
[  896.682545][  T478] usb 3-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[  896.691483][  T478] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  896.699346][  T478] usb 3-1: Product: syz
[  896.703375][  T478] usb 3-1: Manufacturer: syz
[  896.707790][  T478] usb 3-1: SerialNumber: syz
[  896.712613][T13834] usb 2-1: device descriptor read/64, error -71
[  896.715661][  T478] r8152-cfgselector 3-1: config 0 descriptor??
[  897.122497][T13834] usb 2-1: device descriptor read/64, error -71
[  897.184020][  T478] usb 3-1: USB disconnect, device number 62
[  897.242525][T13834] usb usb2-port1: attempt power cycle
[  898.169962][  T478] usb 5-1: USB disconnect, device number 53
[  898.296279][T19569] EXT4-fs (loop4): unmounting filesystem.
[  898.802614][T19658] loop0: detected capacity change from 0 to 512
[  898.852993][T19658] EXT4-fs (loop0): 1 orphan inode deleted
[  898.861158][T19658] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  898.882906][T19658] ext4 filesystem being mounted at /72/file1 supports timestamps until 2038 (0x7fffffff)
[  898.950583][T18607] EXT4-fs (loop0): unmounting filesystem.
[  899.021822][T19660] loop2: detected capacity change from 0 to 40427
[  899.072526][T13834] usb 2-1: new high-speed USB device number 65 using dummy_hcd
[  899.080122][T13329] I/O error, dev loop2, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  899.182557][T13834] usb 2-1: Using ep0 maxpacket: 8
[  900.042605][T13834] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[  900.051094][T13834] usb 2-1: config 179 has no interface number 0
[  900.057328][T13834] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  900.068353][T13834] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1029, setting to 1024
[  900.079786][T13834] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 255, changing to 11
[  900.091147][T13834] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 59391, setting to 1024
[  900.102497][T13834] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  900.115627][T13834] usb 2-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  900.124464][T13834] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  900.152545][T19652] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  900.159512][T19652] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  900.173809][T13834] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:179.65/input/input196
[  900.272572][  T312] usb 3-1: new high-speed USB device number 63 using dummy_hcd
[  900.524704][T19690] tipc: Enabling of bearer <udp:s> rejected, already enabled
[  900.642707][  T312] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  900.653690][  T312] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  900.663295][  T312] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  900.672245][  T312] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  900.680894][  T312] usb 3-1: config 0 descriptor??
[  901.482771][  T312] usb 3-1: string descriptor 0 read error: -22
[  901.658420][T13834] usb 2-1: USB disconnect, device number 65
[  901.682516][T13834] xpad 2-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  901.863499][  T312] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:256C:006D.0064/input/input197
[  902.025424][  T312] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:256C:006D.0064/input/input198
[  902.038303][  T312] input: HID 256c:006d Touch Strip as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:256C:006D.0064/input/input199
[  902.055962][  T312] input: HID 256c:006d Dial as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:256C:006D.0064/input/input200
[  902.073811][  T312] uclogic 0003:256C:006D.0064: input,hiddev96,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.2-1/input0
[  902.087180][  T312] usb 3-1: USB disconnect, device number 63
[  902.936502][T19716] loop1: detected capacity change from 0 to 40427
[  903.114164][T13329] I/O error, dev loop1, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  905.676695][T19773] loop2: detected capacity change from 0 to 512
[  905.683194][T19773] EXT4-fs: Ignoring removed orlov option
[  905.688730][T19773] /dev/loop2: Can't open blockdev
[  905.737324][T13329] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  905.847395][T19774] loop0: detected capacity change from 0 to 40427
[  905.854152][T19774] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  905.861725][T19774] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  905.871877][T19774] F2FS-fs (loop0): Found nat_bits in checkpoint
[  905.892692][  T312] usb 2-1: new high-speed USB device number 66 using dummy_hcd
[  905.900302][  T478] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[  905.971095][T19774] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  905.979235][T19774] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  906.242529][  T312] usb 2-1: device descriptor read/64, error -71
[  906.332546][  T478] usb 5-1: config 0 has no interfaces?
[  906.337894][  T478] usb 5-1: New USB device found, idVendor=056e, idProduct=00fc, bcdDevice= 0.00
[  906.346899][  T478] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  906.355658][  T478] usb 5-1: config 0 descriptor??
[  906.632734][  T312] usb 2-1: device descriptor read/64, error -71
[  906.772473][ T5716] usb 4-1: new high-speed USB device number 54 using dummy_hcd
[  906.902504][  T312] usb 2-1: new high-speed USB device number 67 using dummy_hcd
[  907.152545][ T5716] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  907.163311][ T5716] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  907.172505][  T312] usb 2-1: device descriptor read/64, error -71
[  907.172979][ T5716] usb 4-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  907.187726][ T5716] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  907.196262][ T5716] usb 4-1: config 0 descriptor??
[  907.549635][T19803] loop0: detected capacity change from 0 to 16
[  907.557936][T19803] erofs: (device loop0): mounted with root inode @ nid 36.
[  907.575072][T19803] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  907.585751][T19803] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -35 in[64, 4032] out[1851]
[  907.603752][T19803] erofs: (device loop0): z_erofs_read_folio: failed to read, err [-117]
[  907.732142][ T5716] lg-g15 0003:046D:C222.0065: unknown main item tag 0x0
[  907.775844][ T5716] lg-g15 0003:046D:C222.0065: unknown main item tag 0x0
[  907.810197][ T5716] lg-g15 0003:046D:C222.0065: unknown main item tag 0x0
[  907.817396][ T5716] lg-g15 0003:046D:C222.0065: unknown main item tag 0x0
[  907.824411][ T5716] lg-g15 0003:046D:C222.0065: unknown main item tag 0x0
[  907.831313][ T5716] lg-g15 0003:046D:C222.0065: unknown main item tag 0x0
[  907.842686][ T5716] lg-g15 0003:046D:C222.0065: unknown main item tag 0x0
[  907.849549][ T5716] lg-g15 0003:046D:C222.0065: unknown main item tag 0x0
[  907.856767][ T5716] lg-g15 0003:046D:C222.0065: unknown main item tag 0x0
[  907.864141][ T5716] lg-g15 0003:046D:C222.0065: unknown main item tag 0x0
[  907.871263][ T5716] lg-g15 0003:046D:C222.0065: unknown main item tag 0x0
[  907.882040][ T5716] lg-g15 0003:046D:C222.0065: hidraw0: USB HID v0.00 Device [HID 046d:c222] on usb-dummy_hcd.3-1/input0
[  907.889761][  T312] usb 2-1: device descriptor read/64, error -71
[  907.942034][  T297] usb 4-1: USB disconnect, device number 54
[  908.021233][  T312] usb usb2-port1: attempt power cycle
[  908.466380][  T312] usb 2-1: new high-speed USB device number 68 using dummy_hcd
[  908.621475][ T5716] usb 5-1: USB disconnect, device number 54
[  908.654714][T19819] loop1: detected capacity change from 0 to 512
[  908.673555][T19819] EXT4-fs: Ignoring removed orlov option
[  908.912662][  T312] usb 2-1: device descriptor read/8, error -71
[  908.948056][T19819] /dev/loop1: Can't open blockdev
[  909.188097][   T28] kauditd_printk_skb: 10 callbacks suppressed
[  909.188113][   T28] audit: type=1326 audit(1726128436.700:841): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19829 comm="syz.0.6046" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa15b17def9 code=0x0
[  909.219199][  T312] usb 2-1: device descriptor read/8, error -71
[  909.987290][T19842] loop4: detected capacity change from 0 to 40427
[  909.994892][T19842] F2FS-fs (loop4): invalid crc value
[  910.001637][T19842] F2FS-fs (loop4): Found nat_bits in checkpoint
[  910.084287][T19842] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  910.325533][T19859] overlayfs: failed to resolve './file2': -2
[  910.813742][T19569] syz-executor: attempt to access beyond end of device
[  910.813742][T19569] loop4: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  912.197527][T19882] loop1: detected capacity change from 0 to 8192
[  912.243110][T13329] I/O error, dev loop1, sector 8064 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  912.523102][ T5716] usb 4-1: new high-speed USB device number 55 using dummy_hcd
[  912.922570][ T5716] usb 4-1: config 0 has no interfaces?
[  913.182539][ T5716] usb 4-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[  913.201935][ T5716] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  913.238399][ T5716] usb 4-1: Product: syz
[  913.252174][ T5716] usb 4-1: Manufacturer: syz
[  913.267402][ T5716] usb 4-1: SerialNumber: syz
[  913.286691][ T5716] r8152-cfgselector 4-1: config 0 descriptor??
[  913.549030][T19920] loop4: detected capacity change from 0 to 512
[  913.561510][T19920] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  913.604410][T19920] EXT4-fs (loop4): 1 truncate cleaned up
[  913.629416][T19920] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  913.885825][  T297] usb 4-1: USB disconnect, device number 55
[  914.538213][T19925] EXT4-fs error (device loop4): htree_dirblock_to_tree:1111: inode #2: block 13: comm syz.4.6072: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[  914.760293][T19569] EXT4-fs (loop4): unmounting filesystem.
[  914.806289][T19915] loop1: detected capacity change from 0 to 40427
[  914.873325][T13329] I/O error, dev loop1, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  914.970333][  T312] usb 3-1: new high-speed USB device number 64 using dummy_hcd
[  915.616466][T19939] loop3: detected capacity change from 0 to 40427
[  915.673029][T19939] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  915.685901][T19939] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  915.703616][T19939] F2FS-fs (loop3): Found nat_bits in checkpoint
[  915.738023][  T312] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  915.745678][T19939] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  915.751654][  T312] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  915.759834][T19939] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  915.768046][  T312] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  915.795101][  T312] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  915.826067][T19956] loop0: detected capacity change from 0 to 512
[  915.848973][T19956] EXT4-fs error (device loop0): ext4_orphan_get:1396: inode #15: comm syz.0.6081: casefold flag without casefold feature
[  915.854954][  T312] usb 3-1: config 0 descriptor??
[  915.866753][T19956] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #2: comm syz.0.6081: missing EA_INODE flag
[  915.878508][T19956] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.6081: error while reading EA inode 2 err=-117
[  915.891031][T19956] EXT4-fs (loop0): 1 orphan inode deleted
[  915.896804][T19956] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  915.914460][T18607] EXT4-fs (loop0): unmounting filesystem.
[  915.972485][ T5716] usb 5-1: new high-speed USB device number 55 using dummy_hcd
[  916.241102][T19965] loop3: detected capacity change from 0 to 40427
[  916.248045][T19965] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  916.255908][T19965] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  916.264472][T19965] F2FS-fs (loop3): invalid crc value
[  916.269756][T19965] F2FS-fs (loop3): invalid crc value
[  916.274927][T19965] F2FS-fs (loop3): Failed to get valid F2FS checkpoint
[  916.341984][T19965] overlayfs: missing 'lowerdir'
[  916.352587][ T5716] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  916.363104][ T5716] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4
[  916.385402][T19967] loop1: detected capacity change from 0 to 512
[  916.405094][T19967] /dev/loop1: Can't open blockdev
[  916.447485][T19967] loop1: detected capacity change from 0 to 512
[  916.453913][T19967] /dev/loop1: Can't open blockdev
[  916.532540][ T5716] usb 5-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[  916.541563][ T5716] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  916.549832][ T5716] usb 5-1: Product: syz
[  916.553950][ T5716] usb 5-1: Manufacturer: syz
[  916.558372][ T5716] usb 5-1: SerialNumber: syz
[  916.562501][  T312] usb 3-1: string descriptor 0 read error: -22
[  916.566680][ T5716] usb 5-1: config 0 descriptor??
[  916.802131][ T5716] usb-storage 5-1:0.0: USB Mass Storage device detected
[  916.804522][  T312] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:256C:006D.0066/input/input201
[  916.836845][  T312] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:256C:006D.0066/input/input202
[  916.845827][ T5716] usb-storage 5-1:0.0: Quirks match for vid 1908 pid 1315: 20000
[  916.894233][  T312] input: HID 256c:006d Touch Strip as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:256C:006D.0066/input/input203
[  916.912872][  T312] input: HID 256c:006d Dial as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:256C:006D.0066/input/input204
[  916.923755][ T5716] usb 5-1: USB disconnect, device number 55
[  916.928506][  T312] uclogic 0003:256C:006D.0066: input,hiddev96,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.2-1/input0
[  917.201684][T19981] device ip6gretap0 entered promiscuous mode
[  917.202995][  T312] usb 3-1: USB disconnect, device number 64
[  917.213806][T19981] device ip6gretap0 left promiscuous mode
[  917.268066][T19985] loop3: detected capacity change from 0 to 512
[  917.274812][T19985] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  917.285358][T19985] EXT4-fs (loop3): 1 truncate cleaned up
[  917.290836][T19985] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  917.454317][T19988] EXT4-fs error (device loop3): htree_dirblock_to_tree:1111: inode #2: block 13: comm syz.3.6089: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[  917.502519][  T297] usb 2-1: new high-speed USB device number 70 using dummy_hcd
[  917.768328][T19992] loop4: detected capacity change from 0 to 256
[  917.994094][T19997] netlink: 20 bytes leftover after parsing attributes in process `syz.0.6091'.
[  918.479699][T19031] EXT4-fs (loop3): unmounting filesystem.
[  918.502645][  T297] usb 2-1: config 0 has no interfaces?
[  918.517082][T20001] loop3: detected capacity change from 0 to 512
[  918.527711][T20001] EXT4-fs error (device loop3): ext4_orphan_get:1396: inode #15: comm syz.3.6093: casefold flag without casefold feature
[  918.547307][T20001] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #2: comm syz.3.6093: missing EA_INODE flag
[  918.559591][T20001] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.6093: error while reading EA inode 2 err=-117
[  918.575920][T20001] EXT4-fs (loop3): 1 orphan inode deleted
[  918.581595][T20001] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  918.614526][T19031] EXT4-fs (loop3): unmounting filesystem.
[  918.861666][  T297] usb 2-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[  918.870577][  T297] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  918.878400][  T297] usb 2-1: Product: syz
[  918.882574][  T297] usb 2-1: Manufacturer: syz
[  918.886987][  T297] usb 2-1: SerialNumber: syz
[  918.891988][  T297] r8152-cfgselector 2-1: config 0 descriptor??
[  919.010621][T20011] loop3: detected capacity change from 0 to 40427
[  919.012194][T20013] loop0: detected capacity change from 0 to 40427
[  919.023666][T20013] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  919.032185][T20011] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  919.035766][T20013] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  919.040325][T20011] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  919.048625][T20013] F2FS-fs (loop0): invalid crc value
[  919.061043][T20013] F2FS-fs (loop0): invalid crc value
[  919.061797][T20011] F2FS-fs (loop3): Found nat_bits in checkpoint
[  919.066505][T20013] F2FS-fs (loop0): Failed to get valid F2FS checkpoint
[  919.093803][T20011] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  919.100704][T20011] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  919.172616][T20013] overlayfs: missing 'lowerdir'
[  919.378614][T20023] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  919.400820][ T7773] usb 2-1: USB disconnect, device number 70
[  919.470481][T20025] loop4: detected capacity change from 0 to 2048
[  919.484339][T20025] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  919.625589][T20032] device ip6gretap0 entered promiscuous mode
[  919.640150][T20032] device ip6gretap0 left promiscuous mode
[  919.667973][T20033] xt_CT: No such helper "snmp_trap"
[  920.012511][T13834] usb 3-1: new full-speed USB device number 65 using dummy_hcd
[  920.152505][ T5716] usb 4-1: new high-speed USB device number 56 using dummy_hcd
[  920.317936][T19569] EXT4-fs (loop4): unmounting filesystem.
[  920.442507][T13834] usb 3-1: config index 0 descriptor too short (expected 65233, got 154)
[  920.466230][T13834] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  920.478282][T20049] loop4: detected capacity change from 0 to 256
[  920.673043][T13834] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4
[  920.684308][T13834] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 252, changing to 4
[  920.732616][ T5716] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  920.743846][ T5716] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  920.753631][ T5716] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  920.763005][ T5716] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  920.785661][ T5716] usb 4-1: config 0 descriptor??
[  920.971332][T20058] netlink: 20 bytes leftover after parsing attributes in process `syz.1.6107'.
[  921.276975][T13834] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  921.355278][T13834] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  921.368328][T13834] usb 3-1: Product: syz
[  921.373413][T13834] usb 3-1: Manufacturer: syz
[  921.384065][T13834] usb 3-1: SerialNumber: syz
[  921.602916][T20061] loop4: detected capacity change from 0 to 40427
[  921.609697][T20061] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  921.617615][T20061] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  921.627806][T20061] F2FS-fs (loop4): Found nat_bits in checkpoint
[  921.676660][T20061] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  921.684065][T20061] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  921.722667][ T5716] usb 4-1: string descriptor 0 read error: -22
[  921.782772][T13834] usb 3-1: 2:1 : unknown format tag 0x0 is detected.  processed as MPEG.
[  921.859539][T13834] usb 3-1: found format II with max.bitrate = 0, frame size=2
[  921.867363][T13834] usb 3-1: 2:1 : unknown format tag 0x0 is detected.  processed as MPEG.
[  921.875983][T13834] usb 3-1: found format II with max.bitrate = 0, frame size=2
[  921.942566][T13834] usb 3-1: failed to enable PITCH for EP 0x82
[  921.950378][ T5716] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.0067/input/input205
[  921.972565][T13834] usb 3-1: USB disconnect, device number 65
[  922.002967][ T5716] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.0067/input/input206
[  922.036673][ T5716] input: HID 256c:006d Touch Strip as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.0067/input/input207
[  922.081190][ T5716] input: HID 256c:006d Dial as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.0067/input/input208
[  922.127192][ T5716] uclogic 0003:256C:006D.0067: input,hiddev96,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.3-1/input0
[  922.172357][ T5716] usb 4-1: USB disconnect, device number 56
[  922.545739][T20084] loop4: detected capacity change from 0 to 512
[  922.603971][T20084] EXT4-fs (loop4): 1 orphan inode deleted
[  922.612492][T20084] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  922.622869][T20084] ext4 filesystem being mounted at /19/file1 supports timestamps until 2038 (0x7fffffff)
[  922.714255][T19569] EXT4-fs (loop4): unmounting filesystem.
[  922.782299][T20097] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  922.874393][T20099] loop1: detected capacity change from 0 to 256
[  923.063663][T20101] loop4: detected capacity change from 0 to 512
[  923.070369][T20101] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  923.101600][T20101] EXT4-fs (loop4): 1 truncate cleaned up
[  923.107341][T20101] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  923.376449][T20108] EXT4-fs error (device loop4): htree_dirblock_to_tree:1111: inode #2: block 13: comm syz.4.6119: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[  924.173123][T19569] EXT4-fs (loop4): unmounting filesystem.
[  924.179934][T20117] device ip6gretap0 entered promiscuous mode
[  924.198877][T20117] device ip6gretap0 left promiscuous mode
[  924.522486][T13834] usb 1-1: new high-speed USB device number 57 using dummy_hcd
[  924.706996][T20137] loop3: detected capacity change from 0 to 512
[  924.713376][T20137] EXT4-fs: Ignoring removed orlov option
[  924.719293][T20137] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  924.731798][T20137] EXT4-fs error (device loop3): dx_probe:822: inode #2: comm syz.3.6130: Attempting to read directory block (0) that is past i_size (256)
[  924.746118][T20137] EXT4-fs (loop3): Remounting filesystem read-only
[  924.752735][T20137] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117
[  924.760768][T20137] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  924.770369][T20137] EXT4-fs (loop3): shut down requested (2)
[  924.776481][T20137] EXT4-fs (loop3): re-mounted. Quota mode: writeback.
[  924.786452][T19031] EXT4-fs (loop3): unmounting filesystem.
[  924.949702][T20142] loop3: detected capacity change from 0 to 256
[  925.114405][T13834] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  925.127825][T13834] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  925.137648][T13834] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  925.146689][T13834] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  925.156604][T13834] usb 1-1: config 0 descriptor??
[  925.512481][ T2818] usb 5-1: new high-speed USB device number 56 using dummy_hcd
[  925.927829][T13834] usb 1-1: string descriptor 0 read error: -22
[  926.029000][T20155] loop2: detected capacity change from 0 to 512
[  926.042555][ T2818] usb 5-1: config 0 has no interfaces?
[  926.060117][T20155] /dev/loop2: Can't open blockdev
[  926.104372][T13834] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.0068/input/input209
[  926.127841][T20155] loop2: detected capacity change from 0 to 512
[  926.134887][T13834] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.0068/input/input210
[  926.158811][T20155] /dev/loop2: Can't open blockdev
[  926.178062][T13834] input: HID 256c:006d Touch Strip as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.0068/input/input211
[  926.234589][T13329] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  926.241697][T13834] input: HID 256c:006d Dial as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.0068/input/input212
[  926.256641][ T2818] usb 5-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[  926.269689][ T2818] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  926.303202][ T2818] usb 5-1: Product: syz
[  926.482562][ T1658] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  926.488813][T14278] Bluetooth: hci0: command 0x1003 tx timeout
[  926.578021][ T2818] usb 5-1: Manufacturer: syz
[  926.585771][ T2818] usb 5-1: SerialNumber: syz
[  926.600639][ T2818] r8152-cfgselector 5-1: config 0 descriptor??
[  926.607361][T13834] uclogic 0003:256C:006D.0068: input,hiddev96,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.0-1/input0
[  926.633844][T13834] usb 1-1: USB disconnect, device number 57
[  926.822893][T20168] loop1: detected capacity change from 0 to 40427
[  926.886197][T13329] I/O error, dev loop1, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  926.902927][T19200] usb 5-1: config 0 descriptor??
[  926.902951][T20172] loop2: detected capacity change from 0 to 512
[  926.941598][T20172] EXT4-fs: Ignoring removed orlov option
[  926.952649][T20172] /dev/loop2: Can't open blockdev
[  927.104478][  T297] usb 5-1: USB disconnect, device number 56
[  927.122502][T19200] usb 5-1: can't set config #0, error -71
[  927.299929][T20174] loop0: detected capacity change from 0 to 40427
[  927.319232][T20174] F2FS-fs (loop0): invalid crc value
[  927.349757][T20174] F2FS-fs (loop0): Found nat_bits in checkpoint
[  927.428872][T20174] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[  927.852170][T18607] syz-executor: attempt to access beyond end of device
[  927.852170][T18607] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  928.013972][T20199] loop1: detected capacity change from 0 to 512
[  928.023167][T20199] /dev/loop1: Can't open blockdev
[  928.625915][   T28] audit: type=1326 audit(1726128456.140:842): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20206 comm="syz.1.6151" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fcd8057def9 code=0x0
[  929.052595][  T312] usb 5-1: new high-speed USB device number 57 using dummy_hcd
[  929.146840][T20218] loop2: detected capacity change from 0 to 40427
[  929.212877][T13329] I/O error, dev loop2, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  929.302523][  T297] usb 1-1: new high-speed USB device number 58 using dummy_hcd
[  929.462619][  T312] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  929.529105][  T312] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  929.530975][T20222] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  929.539259][  T312] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  929.556884][  T297] usb 1-1: Using ep0 maxpacket: 8
[  929.593561][  T312] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  929.604266][  T312] usb 5-1: config 0 descriptor??
[  929.712520][  T297] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  929.722618][  T297] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  929.731315][  T297] usb 1-1: New USB device found, idVendor=06a3, idProduct=0ccd, bcdDevice= 0.00
[  929.740193][  T297] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  929.748726][  T297] usb 1-1: config 0 descriptor??
[  929.992498][   T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  929.998507][ T1658] Bluetooth: hci0: command 0x1003 tx timeout
[  930.017970][T20231] device ip6gretap0 entered promiscuous mode
[  930.024634][T20231] device ip6gretap0 left promiscuous mode
[  930.322778][  T312] usb 5-1: string descriptor 0 read error: -22
[  930.436930][T20239] loop1: detected capacity change from 0 to 512
[  930.456179][T20239] /dev/loop1: Can't open blockdev
[  930.564643][  T312] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.0069/input/input213
[  930.593556][  T312] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.0069/input/input214
[  930.640995][  T312] input: HID 256c:006d Touch Strip as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.0069/input/input215
[  930.719721][  T312] input: HID 256c:006d Dial as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.0069/input/input216
[  930.869698][  T312] uclogic 0003:256C:006D.0069: input,hiddev96,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.4-1/input0
[  931.151498][T20244] loop3: detected capacity change from 0 to 512
[  931.153740][  T312] usb 5-1: USB disconnect, device number 57
[  931.174470][T20244] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  931.189835][T20244] EXT4-fs (loop3): 1 truncate cleaned up
[  931.193513][T20248] loop2: detected capacity change from 0 to 512
[  931.195995][T20244] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  931.201825][T20248] EXT4-fs: Ignoring removed orlov option
[  931.219834][T20248] /dev/loop2: Can't open blockdev
[  931.415538][T20255] EXT4-fs error (device loop3): htree_dirblock_to_tree:1111: inode #2: block 13: comm syz.3.6162: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[  932.001872][T19031] EXT4-fs (loop3): unmounting filesystem.
[  932.032120][  T297] usb 1-1: USB disconnect, device number 58
[  932.168441][T20263] loop3: detected capacity change from 0 to 40427
[  932.224311][T20263] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  932.347491][T20263] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  932.358026][T20263] F2FS-fs (loop3): Found nat_bits in checkpoint
[  932.385450][T20263] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  932.392368][T20263] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  932.962509][  T297] usb 5-1: new full-speed USB device number 58 using dummy_hcd
[  933.092799][T20291] loop1: detected capacity change from 0 to 512
[  933.126736][T20291] EXT4-fs: Ignoring removed orlov option
[  933.144461][T20291] /dev/loop1: Can't open blockdev
[  933.412659][  T297] usb 5-1: config index 0 descriptor too short (expected 65233, got 154)
[  933.424612][  T297] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  933.446636][  T297] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4
[  933.534525][  T297] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 252, changing to 4
[  933.546394][   T28] audit: type=1400 audit(1726128461.020:843): avc:  denied  { connect } for  pid=20295 comm="syz.1.6176" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  933.752613][  T297] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  933.766705][  T297] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  933.780662][  T297] usb 5-1: Product: syz
[  933.785026][  T297] usb 5-1: Manufacturer: syz
[  933.789483][  T297] usb 5-1: SerialNumber: syz
[  933.802356][T20303] loop0: detected capacity change from 0 to 512
[  933.808945][T20303] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  933.819900][T20303] EXT4-fs (loop0): 1 truncate cleaned up
[  933.825601][T20303] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  934.011766][T20309] EXT4-fs error (device loop0): htree_dirblock_to_tree:1111: inode #2: block 13: comm syz.0.6178: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[  934.282642][  T297] usb 5-1: 2:1 : unknown format tag 0x0 is detected.  processed as MPEG.
[  934.286013][T20311] loop3: detected capacity change from 0 to 40427
[  934.291089][  T297] usb 5-1: found format II with max.bitrate = 0, frame size=2
[  934.305504][  T297] usb 5-1: 2:1 : unknown format tag 0x0 is detected.  processed as MPEG.
[  934.314278][  T297] usb 5-1: found format II with max.bitrate = 0, frame size=2
[  934.328957][T20311] F2FS-fs (loop3): Invalid Fs Meta Ino: node(1) meta(2) root(0)
[  934.385535][T20311] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  934.422703][  T297] usb 5-1: failed to enable PITCH for EP 0x82
[  934.438336][T20311] F2FS-fs (loop3): invalid crc value
[  934.449709][T20311] F2FS-fs (loop3): Found nat_bits in checkpoint
[  934.493081][  T297] usb 5-1: USB disconnect, device number 58
[  934.518831][T20311] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  934.526223][T20311] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  934.628925][T20324] futex_wake_op: syz.3.6180 tries to shift op by -1; fix this program
[  934.642624][   T28] audit: type=1326 audit(1726128462.150:844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20310 comm="syz.3.6180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19ec57def9 code=0x7ffc0000
[  934.666867][   T28] audit: type=1326 audit(1726128462.150:845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20310 comm="syz.3.6180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19ec57def9 code=0x7ffc0000
[  934.671027][T18607] EXT4-fs (loop0): unmounting filesystem.
[  935.088342][T19031] F2FS-fs (loop3): access invalid blkaddr:2048
[  935.192938][T19031] CPU: 0 PID: 19031 Comm: syz-executor Not tainted 6.1.93-syzkaller-00004-g75c9b1955b7e #0
[  935.202761][T19031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  935.212653][T19031] Call Trace:
[  935.215774][T19031]  <TASK>
[  935.218552][T19031]  dump_stack_lvl+0x151/0x1b7
[  935.223068][T19031]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[  935.228360][T19031]  ? f2fs_get_next_page_offset+0x770/0x770
[  935.234004][T19031]  dump_stack+0x15/0x1c
[  935.237995][T19031]  __f2fs_is_valid_blkaddr+0xda6/0x1450
[  935.243381][T19031]  f2fs_is_valid_blkaddr+0x25/0x30
[  935.248325][T19031]  f2fs_map_blocks+0xd32/0x43a0
[  935.253023][T19031]  ? f2fs_map_lock+0x260/0x260
[  935.257613][T19031]  ? xa_load+0x1a1/0x210
[  935.261690][T19031]  ? xas_find_conflict+0x8c0/0x8c0
[  935.266636][T19031]  ? kasan_check_range+0x17a/0x2a0
[  935.271591][T19031]  ? folio_unlock+0x5c/0x70
[  935.275930][T19031]  f2fs_mpage_readpages+0xc65/0x20f0
[  935.281048][T19031]  ? release_firmware_map_entry+0x191/0x191
[  935.286777][T19031]  ? dquot_release_reservation_block+0xa0/0xa0
[  935.292763][T19031]  ? preempt_schedule_irq+0xe7/0x140
[  935.297894][T19031]  ? preempt_schedule_notrace+0x140/0x140
[  935.303453][T19031]  ? __this_cpu_preempt_check+0x13/0x20
[  935.308821][T19031]  ? memcg_rstat_updated+0x4f/0x110
[  935.313860][T19031]  f2fs_readahead+0xfd/0x250
[  935.318280][T19031]  ? blk_start_plug+0x9c/0x130
[  935.322877][T19031]  read_pages+0x1be/0xd40
[  935.327045][T19031]  ? workingset_activation+0x430/0x430
[  935.332339][T19031]  ? folio_add_lru+0x280/0x3f0
[  935.336937][T19031]  ? page_cache_ra_unbounded+0x690/0x690
[  935.342403][T19031]  ? filemap_add_folio+0x18f/0x200
[  935.347360][T19031]  ? __filemap_add_folio+0xd10/0xd10
[  935.352475][T19031]  page_cache_ra_unbounded+0x4c1/0x690
[  935.357773][T19031]  ? readahead_gfp_mask+0x190/0x190
[  935.362802][T19031]  ? __kernel_text_address+0xd/0x40
[  935.367835][T19031]  ? unwind_get_return_address+0x4d/0x90
[  935.373304][T19031]  page_cache_ra_order+0x987/0xc40
[  935.378256][T19031]  ? do_page_cache_ra+0x110/0x110
[  935.383111][T19031]  ? __stack_depot_save+0x36/0x480
[  935.388061][T19031]  ? putname+0xfa/0x150
[  935.392050][T19031]  ondemand_readahead+0x91a/0xee0
[  935.396912][T19031]  ? kasan_set_track+0x4b/0x70
[  935.401508][T19031]  ? kasan_save_free_info+0x2b/0x40
[  935.406547][T19031]  ? ____kasan_slab_free+0x131/0x180
[  935.411669][T19031]  ? do_syscall_64+0x3b/0xb0
[  935.416097][T19031]  ? page_cache_sync_ra+0x450/0x450
[  935.421124][T19031]  ? blk_cgroup_congested+0x132/0x150
[  935.426341][T19031]  page_cache_sync_ra+0x3d6/0x450
[  935.431199][T19031]  f2fs_readdir+0x599/0xc10
[  935.435539][T19031]  ? f2fs_fill_dentries+0xd00/0xd00
[  935.440568][T19031]  ? __this_cpu_preempt_check+0x13/0x20
[  935.445947][T19031]  ? memcg_rstat_updated+0x4f/0x110
[  935.450986][T19031]  ? security_file_permission+0x86/0xb0
[  935.456365][T19031]  iterate_dir+0x265/0x610
[  935.460618][T19031]  ? f2fs_fill_dentries+0xd00/0xd00
[  935.465832][T19031]  __se_sys_getdents64+0x1c1/0x460
[  935.470868][T19031]  ? __x64_sys_getdents64+0x90/0x90
[  935.475895][T19031]  ? filldir+0x670/0x670
[  935.479974][T19031]  ? debug_smp_processor_id+0x17/0x20
[  935.485179][T19031]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  935.491109][T19031]  ? exit_to_user_mode_prepare+0x39/0xa0
[  935.496554][T19031]  __x64_sys_getdents64+0x7b/0x90
[  935.501418][T19031]  x64_sys_call+0x5ae/0x9a0
[  935.505752][T19031]  do_syscall_64+0x3b/0xb0
[  935.510000][T19031]  ? clear_bhb_loop+0x55/0xb0
[  935.514514][T19031]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  935.520244][T19031] RIP: 0033:0x7f19ec5b0093
[  935.524498][T19031] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 52 43 f8 ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 a8 ff ff ff f7 d8
[  935.543941][T19031] RSP: 002b:00007ffe091fb5a8 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9
[  935.552185][T19031] RAX: ffffffffffffffda RBX: 00005555573bb4e0 RCX: 00007f19ec5b0093
[  935.559993][T19031] RDX: 0000000000008000 RSI: 00005555573bb4e0 RDI: 0000000000000005
[  935.567807][T19031] RBP: 00005555573bb4b4 R08: 0000000000000000 R09: 0000000000000000
[  935.575616][T19031] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffa8
[  935.583432][T19031] R13: 0000000000000010 R14: 00005555573bb4b0 R15: 00007ffe091fd850
[  935.591246][T19031]  </TASK>
[  935.743042][T19031] syz-executor: attempt to access beyond end of device
[  935.743042][T19031] loop3: rw=524288, sector=45064, nr_sectors = 8 limit=40427
[  935.773202][ T8257] kworker/u4:7: attempt to access beyond end of device
[  935.773202][ T8257] loop3: rw=2049, sector=45096, nr_sectors = 24 limit=40427
[  935.787673][T19031] syz-executor: attempt to access beyond end of device
[  935.787673][T19031] loop3: rw=0, sector=45064, nr_sectors = 8 limit=40427
[  935.925845][T20325] loop2: detected capacity change from 0 to 40427
[  936.132736][T17081] usb 1-1: new high-speed USB device number 59 using dummy_hcd
[  936.456019][T20351] bridge0: port 1(bridge_slave_0) entered blocking state
[  936.475715][T20351] bridge0: port 1(bridge_slave_0) entered disabled state
[  936.503061][T20351] device bridge_slave_0 entered promiscuous mode
[  936.510181][T12417] device bridge_slave_1 left promiscuous mode
[  936.516352][T17081] usb 1-1: config 0 has no interfaces?
[  936.522515][T12417] bridge0: port 2(bridge_slave_1) entered disabled state
[  936.537447][T12417] device bridge_slave_0 left promiscuous mode
[  936.551193][T12417] bridge0: port 1(bridge_slave_0) entered disabled state
[  936.566822][T12417] device veth1_macvtap left promiscuous mode
[  936.591110][T12417] device veth0_vlan left promiscuous mode
[  936.693176][T17081] usb 1-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[  936.702249][T17081] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  936.710348][T17081] usb 1-1: Product: syz
[  936.722492][T17081] usb 1-1: Manufacturer: syz
[  936.735799][T17081] usb 1-1: SerialNumber: syz
[  936.742656][T17081] r8152-cfgselector 1-1: config 0 descriptor??
[  936.774613][T20351] bridge0: port 2(bridge_slave_1) entered blocking state
[  936.781539][T20351] bridge0: port 2(bridge_slave_1) entered disabled state
[  936.789377][T20351] device bridge_slave_1 entered promiscuous mode
[  937.098794][T17081] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  937.106722][T17081] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  937.121653][T17081] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  937.131650][T17081] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  937.140051][T17081] bridge0: port 1(bridge_slave_0) entered blocking state
[  937.146948][T17081] bridge0: port 1(bridge_slave_0) entered forwarding state
[  937.154519][T17081] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  937.162774][T17081] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  937.170805][T17081] bridge0: port 2(bridge_slave_1) entered blocking state
[  937.177668][T17081] bridge0: port 2(bridge_slave_1) entered forwarding state
[  937.184967][ T2818] usb 5-1: new full-speed USB device number 59 using dummy_hcd
[  937.204150][  T297] usb 1-1: USB disconnect, device number 59
[  937.207062][T17081] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  937.220843][T17081] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  937.229133][T17081] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  937.247042][ T5716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  937.255781][ T5716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  937.264476][ T5716] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  937.271786][ T5716] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  937.280237][T20351] device veth0_vlan entered promiscuous mode
[  937.295532][ T5716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  937.305119][T20351] device veth1_macvtap entered promiscuous mode
[  937.316926][ T5716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  937.330284][T13834] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  937.582559][ T2818] usb 5-1: config index 0 descriptor too short (expected 65233, got 154)
[  937.596223][T20374] loop2: detected capacity change from 0 to 512
[  937.602663][ T2818] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  937.611866][T20374] /dev/loop2: Can't open blockdev
[  937.617653][ T2818] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4
[  937.819659][T20378] loop2: detected capacity change from 0 to 512
[  937.906241][ T2818] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 252, changing to 4
[  937.917509][T20378] /dev/loop2: Can't open blockdev
[  938.093161][ T2818] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  938.116928][ T2818] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  938.129556][ T2818] usb 5-1: Product: syz
[  938.139170][ T2818] usb 5-1: Manufacturer: syz
[  938.143827][ T2818] usb 5-1: SerialNumber: syz
[  938.623094][ T2818] usb 5-1: 2:1 : unknown format tag 0x0 is detected.  processed as MPEG.
[  938.631764][ T2818] usb 5-1: found format II with max.bitrate = 0, frame size=2
[  938.643327][ T2818] usb 5-1: 2:1 : unknown format tag 0x0 is detected.  processed as MPEG.
[  938.659642][ T2818] usb 5-1: found format II with max.bitrate = 0, frame size=2
[  939.085082][ T2818] usb 5-1: failed to enable PITCH for EP 0x82
[  939.099871][T20392] loop3: detected capacity change from 0 to 2048
[  939.134349][ T2818] usb 5-1: USB disconnect, device number 59
[  939.441349][T20392] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  939.651146][T20406] xt_CT: No such helper "snmp_trap"
[  939.889849][T20351] EXT4-fs (loop3): unmounting filesystem.
[  939.968480][T20399] loop4: detected capacity change from 0 to 40427
[  939.979902][T20413] tmpfs: Unknown parameter 'nolazytimeř˙'
[  939.992266][T20399] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  940.004363][T20399] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  940.410117][T20399] F2FS-fs (loop4): Found nat_bits in checkpoint
[  940.495621][T20425] loop3: detected capacity change from 0 to 256
[  940.683633][T20399] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  940.699209][T20399] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  941.919093][T20448] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  942.202491][ T5716] usb 4-1: new full-speed USB device number 57 using dummy_hcd
[  942.246855][T20452] loop4: detected capacity change from 0 to 512
[  942.254007][T20452] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  942.268303][T20452] EXT4-fs (loop4): 1 truncate cleaned up
[  942.273956][T20452] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  942.564187][T20458] EXT4-fs error (device loop4): htree_dirblock_to_tree:1111: inode #2: block 13: comm syz.4.6215: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[  942.862536][ T5716] usb 4-1: config index 0 descriptor too short (expected 65233, got 154)
[  942.871012][ T5716] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  942.879701][ T5716] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4
[  942.890524][ T5716] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 252, changing to 4
[  943.185052][T19569] EXT4-fs (loop4): unmounting filesystem.
[  943.222231][ T5716] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  943.230675][   T28] audit: type=1326 audit(1726128470.740:846): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20466 comm="syz.2.6219" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5b9517def9 code=0x0
[  943.231281][ T5716] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  943.262399][ T5716] usb 4-1: Product: syz
[  943.266555][ T5716] usb 4-1: Manufacturer: syz
[  943.270979][ T5716] usb 4-1: SerialNumber: syz
[  943.672621][ T5716] usb 4-1: 2:1 : unknown format tag 0x0 is detected.  processed as MPEG.
[  943.683250][ T5716] usb 4-1: found format II with max.bitrate = 0, frame size=2
[  943.706372][ T5716] usb 4-1: 2:1 : unknown format tag 0x0 is detected.  processed as MPEG.
[  943.714714][ T5716] usb 4-1: found format II with max.bitrate = 0, frame size=2
[  943.772538][ T5716] usb 4-1: failed to enable PITCH for EP 0x82
[  943.816253][ T5716] usb 4-1: USB disconnect, device number 57
[  943.992465][   T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  943.998568][ T1658] Bluetooth: hci0: command 0x1003 tx timeout
[  944.045582][T20478] loop1: detected capacity change from 0 to 512
[  944.072525][T20478] ext4: Unknown parameter 'subj_role'
[  944.093446][T20482] loop3: detected capacity change from 0 to 512
[  944.107684][T20482] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  944.134043][T20482] EXT4-fs (loop3): 1 truncate cleaned up
[  944.139573][T20482] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  944.400212][T20491] EXT4-fs error (device loop3): htree_dirblock_to_tree:1111: inode #2: block 13: comm syz.3.6224: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[  944.514473][  T297] usb 5-1: new high-speed USB device number 60 using dummy_hcd
[  944.775614][  T297] usb 5-1: Using ep0 maxpacket: 8
[  945.061676][T20351] EXT4-fs (loop3): unmounting filesystem.
[  945.093384][  T297] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  945.275808][  T297] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  945.288650][  T297] usb 5-1: New USB device found, idVendor=06a3, idProduct=0ccd, bcdDevice= 0.00
[  945.297695][  T297] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  945.308884][  T297] usb 5-1: config 0 descriptor??
[  945.417923][  T297] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  945.859865][T20509] loop2: detected capacity change from 0 to 512
[  945.866683][T20511] loop1: detected capacity change from 0 to 256
[  945.866854][T20509] /dev/loop2: Can't open blockdev
[  945.913692][T20513] loop0: detected capacity change from 0 to 512
[  945.920122][T20513] EXT4-fs: Ignoring removed orlov option
[  945.926868][T13329] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  945.937655][T20513] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  945.947466][T20509] loop2: detected capacity change from 0 to 512
[  945.950687][T20513] EXT4-fs error (device loop0): dx_probe:822: inode #2: comm syz.0.6232: Attempting to read directory block (0) that is past i_size (256)
[  945.969986][T20509] /dev/loop2: Can't open blockdev
[  945.979439][T20513] EXT4-fs (loop0): Remounting filesystem read-only
[  945.986267][T20513] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -117
[  945.995600][T20513] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  946.014327][T20513] EXT4-fs (loop0): shut down requested (2)
[  946.020358][T20513] EXT4-fs (loop0): re-mounted. Quota mode: writeback.
[  946.061315][T18607] EXT4-fs (loop0): unmounting filesystem.
[  947.255232][T20523] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  947.472904][  T478] usb 5-1: USB disconnect, device number 60
[  947.472990][   T28] audit: type=1326 audit(1726128474.990:847): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20525 comm="syz.1.6234" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fcd8057def9 code=0x0
[  947.506768][T20532] loop4: detected capacity change from 0 to 512
[  947.524639][T20532] EXT4-fs error (device loop4): ext4_ext_check_inode:520: inode #16: comm syz.4.6237: pblk 0 bad header/extent: too large eh_max - magic f30a, entries 1, max 3630(4), depth 0(0)
[  947.542283][T20532] EXT4-fs error (device loop4): ext4_orphan_get:1401: comm syz.4.6237: couldn't read orphan inode 16 (err -117)
[  947.554467][T20532] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  947.563641][T20532] ext4 filesystem being mounted at /37/file1 supports timestamps until 2038 (0x7fffffff)
[  947.732486][  T312] usb 4-1: new full-speed USB device number 58 using dummy_hcd
[  947.742605][    T6] usb 3-1: new high-speed USB device number 66 using dummy_hcd
[  947.815436][T20532] overlayfs: './file1' not a directory
[  947.825873][T19569] EXT4-fs (loop4): unmounting filesystem.
[  947.843593][T20538] loop4: detected capacity change from 0 to 512
[  947.849872][T20538] ext4: Unknown parameter 'subj_role'
[  948.092518][  T312] usb 4-1: config index 0 descriptor too short (expected 65233, got 154)
[  948.100831][  T312] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  948.109746][  T312] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4
[  948.120394][  T312] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 252, changing to 4
[  948.132530][    T6] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  948.143340][    T6] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  948.152928][    T6] usb 3-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  948.161857][    T6] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  948.170242][    T6] usb 3-1: config 0 descriptor??
[  948.282570][  T312] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  948.291517][  T312] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  948.299311][  T312] usb 4-1: Product: syz
[  948.303323][  T312] usb 4-1: Manufacturer: syz
[  948.310126][  T312] usb 4-1: SerialNumber: syz
[  948.728218][  T312] usb 4-1: 2:1 : unknown format tag 0x0 is detected.  processed as MPEG.
[  948.736635][  T312] usb 4-1: found format II with max.bitrate = 0, frame size=2
[  948.742547][    T6] usbhid 3-1:0.0: can't add hid device: -71
[  948.744304][  T312] usb 4-1: 2:1 : unknown format tag 0x0 is detected.  processed as MPEG.
[  948.750357][    T6] usbhid: probe of 3-1:0.0 failed with error -71
[  948.758322][  T312] usb 4-1: found format II with max.bitrate = 0, frame size=2
[  948.768342][    T6] usb 3-1: USB disconnect, device number 66
[  948.822586][  T312] usb 4-1: failed to enable PITCH for EP 0x82
[  948.846826][  T312] usb 4-1: USB disconnect, device number 58
[  948.856308][T12046] udevd[12046]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  949.187797][T20553] loop1: detected capacity change from 0 to 512
[  949.340413][ T1658] Bluetooth: hci0: command 0x1003 tx timeout
[  949.341438][   T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  949.368270][T20553] EXT4-fs: Ignoring removed orlov option
[  949.552638][T20553] /dev/loop1: Can't open blockdev
[  949.612171][T20562] loop0: detected capacity change from 0 to 512
[  949.657754][T20562] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  949.937753][T20562] EXT4-fs (loop0): 1 truncate cleaned up
[  949.944216][T20562] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  949.969027][T20562] general protection fault, probably for non-canonical address 0xdffffc0000000007: 0000 [#1] PREEMPT SMP KASAN
[  949.980670][T20562] KASAN: null-ptr-deref in range [0x0000000000000038-0x000000000000003f]
[  949.988917][T20562] CPU: 0 PID: 20562 Comm: syz.0.6246 Not tainted 6.1.93-syzkaller-00004-g75c9b1955b7e #0
[  949.989623][T20573] loop3: detected capacity change from 0 to 512
[  949.998544][T20562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  949.998563][T20562] RIP: 0010:__ext4_journal_get_write_access+0xb0/0x690
[  949.998599][T20562] Code: 88 ff 49 8d 5e 30 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 ce 0b d0 ff 48 8b 1b 48 83 c3 38 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 b1 0b d0 ff 4c 8b 23 4d 85 e4 4c
[  949.998614][T20562] RSP: 0018:ffffc90000e474c0 EFLAGS: 00010202
[  949.998632][T20562] RAX: 0000000000000007 RBX: 0000000000000038 RCX: 0000000000040000
[  949.998644][T20562] RDX: ffffc90009b35000 RSI: 00000000000009ee RDI: 00000000000009ef
[  950.062162][T20562] RBP: ffffc90000e47590 R08: ffff888111b2f3f0 R09: 0000000000000001
[  950.069974][T20562] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff110217b8758
[  950.077783][T20562] R13: dffffc0000000000 R14: ffff888111b2f3f0 R15: 0000000000000001
[  950.085615][T20562] FS:  00007fa15bfb36c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  950.094358][T20562] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  950.100783][T20562] CR2: 0000001b2d01dff8 CR3: 0000000123711000 CR4: 00000000003506b0
[  950.108610][T20562] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  950.116410][T20562] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  950.124218][T20562] Call Trace:
[  950.127341][T20562]  <TASK>
[  950.130118][T20562]  ? __die_body+0x62/0xb0
[  950.134285][T20562]  ? die_addr+0x9f/0xd0
[  950.138277][T20562]  ? exc_general_protection+0x317/0x4c0
[  950.143665][T20562]  ? kasan_set_track+0x4b/0x70
[  950.148258][T20562]  ? asm_exc_general_protection+0x27/0x30
[  950.153819][T20562]  ? __ext4_journal_get_write_access+0xb0/0x690
[  950.159890][T20562]  ? __ext4_journal_ensure_credits+0x470/0x470
[  950.165900][T20562]  ext4_reserve_inode_write+0x26d/0x360
[  950.171259][T20562]  ? ext4_mark_iloc_dirty+0x1970/0x1970
[  950.176730][T20562]  ext4_xattr_set_handle+0x5b0/0x1560
[  950.181944][T20562]  ? ext4_xattr_set_entry+0x3ef0/0x3ef0
[  950.187323][T20562]  ? selinux_inode_free_security+0x210/0x210
[  950.193133][T20562]  ext4_initxattrs+0xa7/0x120
[  950.197654][T20562]  security_inode_init_security+0x252/0x390
[  950.203589][T20562]  ? ext4_init_security+0x40/0x40
[  950.208434][T20562]  ? security_dentry_create_files_as+0xc0/0xc0
[  950.214424][T20562]  ? __ext4_set_acl+0x5e0/0x5e0
[  950.219109][T20562]  ? _raw_spin_unlock+0x4c/0x70
[  950.223796][T20562]  ext4_init_security+0x34/0x40
[  950.228482][T20562]  __ext4_new_inode+0x31ef/0x40a0
[  950.233954][T20562]  ? ext4_has_group_desc_csum+0x1f0/0x1f0
[  950.239501][T20562]  ? dquot_initialize+0x20/0x20
[  950.244188][T20562]  ? may_create+0x65a/0x900
[  950.248528][T20562]  ext4_mkdir+0x421/0xce0
[  950.252696][T20562]  ? ext4_symlink+0xc10/0xc10
[  950.257209][T20562]  ? selinux_inode_mkdir+0x22/0x30
[  950.262157][T20562]  ? security_inode_mkdir+0xbc/0x100
[  950.267277][T20562]  vfs_mkdir+0x398/0x570
[  950.271357][T20562]  do_mkdirat+0x1eb/0x450
[  950.275522][T20562]  ? vfs_mkdir+0x570/0x570
[  950.279774][T20562]  ? getname_flags+0x1fd/0x520
[  950.284374][T20562]  __x64_sys_mkdir+0x6e/0x80
[  950.288801][T20562]  x64_sys_call+0x26d/0x9a0
[  950.293140][T20562]  do_syscall_64+0x3b/0xb0
[  950.297395][T20562]  ? clear_bhb_loop+0x55/0xb0
[  950.301906][T20562]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  950.307637][T20562] RIP: 0033:0x7fa15b17def9
[  950.311889][T20562] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  950.331332][T20562] RSP: 002b:00007fa15bfb3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[  950.339589][T20562] RAX: ffffffffffffffda RBX: 00007fa15b335f80 RCX: 00007fa15b17def9
[  950.347386][T20562] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000080
[  950.355285][T20562] RBP: 00007fa15b1f0b76 R08: 0000000000000000 R09: 0000000000000000
[  950.363184][T20562] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  950.370997][T20562] R13: 0000000000000000 R14: 00007fa15b335f80 R15: 00007ffd3d282b88
[  950.378825][T20562]  </TASK>
[  950.381724][T20562] Modules linked in:
[  950.388126][T20573] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  950.391727][T20562] ---[ end trace 0000000000000000 ]---
[  950.406669][T20562] RIP: 0010:__ext4_journal_get_write_access+0xb0/0x690
[  950.407921][T20573] EXT4-fs (loop3): 1 truncate cleaned up
[  950.422626][T20562] Code: 88 ff 49 8d 5e 30 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 ce 0b d0 ff 48 8b 1b 48 83 c3 38 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 b1 0b d0 ff 4c 8b 23 4d 85 e4 4c
[  950.442622][T20573] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  950.453814][T20562] RSP: 0018:ffffc90000e474c0 EFLAGS: 00010202
[  950.463890][T20562] RAX: 0000000000000007 RBX: 0000000000000038 RCX: 0000000000040000
[  950.485635][T20562] RDX: ffffc90009b35000 RSI: 00000000000009ee RDI: 00000000000009ef
[  950.506565][T20562] RBP: ffffc90000e47590 R08: ffff888111b2f3f0 R09: 0000000000000001
[  950.514662][T20562] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff110217b8758
[  950.522581][T20562] R13: dffffc0000000000 R14: ffff888111b2f3f0 R15: 0000000000000001
[  950.530471][T20562] FS:  00007fa15bfb36c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  950.539253][T20562] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  951.172018][T20579] EXT4-fs error (device loop3): htree_dirblock_to_tree:1111: inode #2: block 13: comm syz.3.6249: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[  951.194186][T20562] CR2: 00007ff0cb708178 CR3: 0000000123711000 CR4: 00000000003506b0
[  951.210893][T20562] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  951.257309][T20562] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  951.273490][T20562] Kernel panic - not syncing: Fatal exception
[  951.279620][T20562] Kernel Offset: disabled
[  951.283749][T20562] Rebooting in 86400 seconds..