last executing test programs:

54.168836139s ago: executing program 2 (id=315):
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)
socket$nl_generic(0x11, 0x3, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
dup3(r0, r2, 0x0)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
pselect6(0x40, &(0x7f0000000140)={0x8}, 0x0, &(0x7f0000000280)={0x22}, 0x0, 0x0)
shutdown(r0, 0x0)

53.337829715s ago: executing program 2 (id=325):
syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x4000, &(0x7f00000014c0)={[{@test_dummy_encryption}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x84}}, {@stripe={'stripe', 0x3d, 0x6}}, {@nodioread_nolock}, {@orlov}, {@auto_da_alloc_val}, {@data_err_ignore}, {@oldalloc}]}, 0xf, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
chdir(&(0x7f0000000380)='./file0\x00')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x1000, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x143042, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
getdents(r0, &(0x7f00000000c0)=""/197, 0xc5)
getdents(r0, 0x0, 0x58)

53.179314236s ago: executing program 2 (id=326):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000400)='locks_get_lock_context\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000400)='locks_get_lock_context\x00', r2}, 0x10)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000600)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0)
fcntl$lock(r3, 0x26, &(0x7f0000000000))

53.132784356s ago: executing program 2 (id=327):
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000100)='./file1\x00', 0x0, &(0x7f0000000180)={[{@checkpoint_diasble}, {}, {@acl}, {@alloc_mode_reuse}, {@inline_xattr}, {@noflush_merge}, {@quota}, {@nouser_xattr}, {@checkpoint_diasble}, {@user_xattr}, {@fsync_mode_strict}, {@age_extent_cache}, {@discard}, {@noinline_dentry}]}, 0x1, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0/file0\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000380), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000000c0)='./bus\x00')
lsetxattr$security_capability(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, 0x0, 0x0)

52.799573569s ago: executing program 2 (id=328):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x30000c6, &(0x7f0000000080), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r0 = open(&(0x7f0000000000)='./file1\x00', 0x14927e, 0x93)
fallocate(r0, 0x11, 0x0, 0x8800000)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000013c0)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000900850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kfree\x00', r2}, 0x10)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0)
pwritev2(r3, &(0x7f0000000300)=[{&(0x7f00000005c0)="80c1e329", 0x4}], 0x1, 0xe7b, 0x1, 0x0)

52.423637222s ago: executing program 2 (id=335):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000001c0)={[{@grpquota}, {@nogrpid}, {@quota}]}, 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=")
sched_setscheduler(0x0, 0x2, 0x0)
getpid()
sched_setaffinity(0x0, 0x0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, 0x0)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000003480)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
read$FUSE(r0, &(0x7f0000005440)={0x2020, 0x0, 0x0, <r1=>0x0}, 0x2020)
lchown(&(0x7f0000000000)='./file0\x00', r1, 0xffffffffffffffff)

52.337776142s ago: executing program 32 (id=335):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000001c0)={[{@grpquota}, {@nogrpid}, {@quota}]}, 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=")
sched_setscheduler(0x0, 0x2, 0x0)
getpid()
sched_setaffinity(0x0, 0x0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, 0x0)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000003480)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
read$FUSE(r0, &(0x7f0000005440)={0x2020, 0x0, 0x0, <r1=>0x0}, 0x2020)
lchown(&(0x7f0000000000)='./file0\x00', r1, 0xffffffffffffffff)

51.328323429s ago: executing program 3 (id=344):
r0 = socket(0x840000000002, 0x3, 0xfd)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @remote}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
socketpair(0x29, 0x2, 0x8, 0x0)
sendmmsg$inet(r0, &(0x7f0000005240), 0x4000095, 0x0)

51.024981612s ago: executing program 3 (id=357):
r0 = syz_clone(0x800500, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x5, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
ptrace$getregset(0x4204, r0, 0x1, &(0x7f0000000280)={0x0})

51.009566792s ago: executing program 3 (id=359):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={<r0=>0xffffffffffffffff})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000001c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x2}]}, 0x10)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
sendto$inet6(r1, 0x0, 0x0, 0x240540c7, &(0x7f0000000200)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
sendto$inet6(r1, &(0x7f00000003c0)='\x00', 0x1, 0x20040005, 0x0, 0x0)
ioctl$KVM_SET_NR_MMU_PAGES(0xffffffffffffffff, 0xae44, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

50.935182432s ago: executing program 3 (id=361):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000280)='kfree\x00', r1}, 0x10)
mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0)
mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0)

50.900558043s ago: executing program 3 (id=364):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r0}, 0x10)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0)
ioctl$MON_IOCX_MFETCH(r1, 0xc0109207, &(0x7f0000000180)={0x0, 0x0, 0xfffffffd})
ioctl$MON_IOCH_MFLUSH(r1, 0x9208, 0x0)

50.447650576s ago: executing program 3 (id=366):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='block_plug\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='block_plug\x00', r2}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)

50.396349957s ago: executing program 33 (id=366):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='block_plug\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='block_plug\x00', r2}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)

40.329655491s ago: executing program 5 (id=572):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = gettid()
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = timerfd_create(0x0, 0x0)
timerfd_settime(r2, 0x0, &(0x7f0000000080)={{}, {0x0, 0x3938700}}, 0x0)
readv(r2, &(0x7f00000003c0)=[{&(0x7f0000000000)=""/33, 0x21}], 0x1)

40.209137282s ago: executing program 5 (id=573):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000080)=0x200000000)
preadv(r1, &(0x7f0000000600)=[{&(0x7f0000000280)=""/117, 0x75}], 0x1, 0x0, 0x0)
r2 = getpid()
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)

39.777422886s ago: executing program 5 (id=575):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000000)={0x2c, &(0x7f0000000300)=ANY=[@ANYBLOB="00dc6b"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0003040000000403"], 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0003020000000203"], 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000080)={0x2c, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="000324"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r0, &(0x7f0000000380)={0x2c, 0x0, &(0x7f0000000180)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x818}}, 0x0, 0x0, 0x0}, 0x0)

37.178665075s ago: executing program 5 (id=627):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000640)='./bus\x00', 0xa00000, &(0x7f0000000ac0)={[{@inlinecrypt}, {@errors_remount}, {@resuid}]}, 0x41, 0x53d, &(0x7f0000000080)="$eJzs3c9vI1cdAPDvTOJsdjfFKSBUKlEqWrRbwdqbhrYRQlAucKoElPsSEm8UrR1HsVM2UUVT8R8gJJA4ceKCxIUbEuqBPwBVqgQXxAEBAiHYwgHxo4NmPFZTx07SNrF3489HmvV78+v73ozyPDN++yaAqfV4RDwfETMR8VREVMv5aTndyjMHvfXevPfyWj4lkWUv/i2JpJzX31een42Iq71NYj4ivvbliG8mR+N29vbvrDabjZ0yX++2tuudvf0bm63VjcZGY2t5eenZledWnlm5mZXeVz0X+4kff+nzv/j0t35/6y/Xv50X63MfiUoM1OMs9apeKY5FX36Mds4j2ATMlPWpTLogAACcSn6N/8GI+ERx/V+NmeJqbsDMQP7SuEoHAAAAnIXsCwvx3yQiAwAAAC6sNCIWIklrZV+AhUjTufLZwIfjStpsd7qfut3e3VrPl0UsRiW9vdls3Cz7Ci9GJcnzS2Uf237+6YH8ckQ8HBHfq14u8rW1dnN9ws8+AAAAYFpcHbj//2c1LdInG/L/BAAAAID71+LIDAAAAHBRuOUHAACAi2/w/n9wvH8AAADggfaVF17Ip6z//uv1l/Z277RfurHe6NyptXbXamvtne3aRru9UYzZ1zppf812e/szsbV7t95tdLr1zt7+rVZ7d6t7a/Mdr8AGAAAAxujhj7/2myQiDj57uZiiHAcQ4B3+OOkCAGdJVz+YXkbxhulVmXQBgIlLTlje67yTHIylMAAAwLm49tGjv//33//v2QBcbPr6AMD0eS+//7svgIuhUvQAvDzpYgATMFs+A/hAL3tp1HojB+/41WkjZVnE69XDc1xHAADAeC0UU5LWyvuAhUjTWi3ioYh0MSrJ7c1m42Z5f/DrauVSnl8qtkxO7DMMAAAAAAAAAAAAAAAAAAAAAAAAAPRkWRIZAAAAcKFFpH9OitH8I65Vn1wYfD4wl/yrGn8qMz988ft3V7vdnaV8/t+Ld3nNRUT3B+X8p0e+PgwAAAA4a8nByEW9+/Tyc2mspQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgCrx57+W1/jTOuH/9YkQsDos/G/PF53xUIuLKP5KYPbRdEhEzZxD/4NWIeGRY/CTeyrJXoizFsPiXzzn+YnFohsdPI+LqGcSHafZa3v48P+zvL43Hi8/hf3+z5fR+jW7/0jLyI0U7N6z9eejI3lpDYzz6xk/rvVTlaPxXIx6dHd7+9NvfZET8J47s7T9Zlh2N/42v7++Pqn/2o4hrQ79/ksrhWPVua7ve2du/sdla3WhsNLaWl5eeXXlu5ZmVm/Xbm81G+e/QGN/92M/fGhU/r/+VIfF/99te+3tc/Z8ctdMB/3vj7r0P9ZJHTkAe//oTQ79/52NE/LT87vtkmc6XX+unD3rpwx77yeuPHVf/9eHH/8Tzf/2U9X/qq9/5wylXBQDGoLO3f2e12WzsHJOYP8U6D2Lil/P3RTHeZSJ7pXfm7pfyvNdEfrX69px+rQ6tMxdnHPRn/454d1tlYzkal4rr+dNuNTem0zTRZgkAADgHb1/0T7okAAAAAAAAAAAAAAAAAAAAML0GBv26eh7DiQ3GPJhMVQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjvX/AAAA///WVtuo")
creat(&(0x7f00000000c0)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x63d014, 0x0)
r0 = open(&(0x7f0000000080)='./bus\x00', 0x8102, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='pagemap\x00')
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
pread64(r1, &(0x7f0000001240)=""/102400, 0x19000, 0x2000000000)

36.696406158s ago: executing program 5 (id=631):
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff00000006"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='kmem_cache_free\x00', r1}, 0x18)
pipe2$9p(&(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b00000800395032303030"], 0x15)
r4 = dup(r3)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r4}})

36.547525949s ago: executing program 5 (id=635):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x8, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4)
sendmsg$unix(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)

36.44335101s ago: executing program 34 (id=635):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x8, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4)
sendmsg$unix(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)

21.087868284s ago: executing program 6 (id=933):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00', r2}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001ac0)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112b0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01ac69398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc786b409ac930c90ff90f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d858952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ef6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b6214912a517810200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09e3187a10d905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367638cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734837ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a6d072034cecc457776c5fa1f33b0203c07052c6bc314b0ac5c63bc2083c9cda0b7480e0b17854ffcc76176ce266bc698f7921b8afe798a7a5ed33ab0374455ee368fda99a0e681bf9426831b193395cb01a7332a50aac841cb7d48a1768a7640a9820631ba775a2d4f12e8e717eaaa2a6d14fee0c15f36c203dbc7c06128bec84231d43e152ef19ce027436fb4ebb9fce431b913f4817597a6f53d1626f9d1cb7b36fb18ac19547a8b20ede70c81a75686cea85dcd34408128da7cab045541bc6b9a0a79f63f2e7646356e04b977c9f47467537015240b974184be9c54b7c628ae4d97ebdb06070344468994afbaac71e5ffac2c61d9af66f9de2760a38e968a781528531c1c936a02065be48f1eee77be878873206d65bd0b1241fab9139abd7f40febe81fed3684e6b59273da01f1743c6a5df300ec59c65e8174fc2d95a62ca7b937289ad14107333007eab833a5849eb19f18ae41743dfb949377e"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x18000000000002a0, 0xfe, 0x60000000, &(0x7f0000000100)="b9ff03076844268cb89e14f008004be0ffff00124000632f77fbac141416ac141416441805034d2f87e5940c05ab845013f2325f1a39010702038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000}, 0x2c)

21.057584084s ago: executing program 6 (id=934):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000002000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
r3 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'veth1_to_hsr\x00', <r4=>0x0})
r5 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r1, r4, 0x25, 0x0, @val=@netfilter}, 0x40)
close_range(r0, r5, 0x0)

20.984899315s ago: executing program 6 (id=936):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500001000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r1}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000005b80)=@delchain={0x24, 0x26, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xfff2}}}, 0x24}}, 0x0)
recvmmsg(r2, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}, 0x80}], 0x1, 0x0, 0x0)

20.984359885s ago: executing program 6 (id=937):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89801)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
umount2(&(0x7f00000001c0)='./file0\x00', 0x0)

20.903691055s ago: executing program 6 (id=938):
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x0, &(0x7f0000000280), 0x1, 0x787, &(0x7f0000001000)="$eJzs3ctrXNUfAPDvnSRNk/b3SwRB6yogaKB0YmpsFVxUXIhgoaBr22EyDTWTTMlMShMCtojgRlBxIeimax9159bHVv8LF9JSNS1WXEjkzqOdNjPppM3MBPL5wMmcc++dnPOdcx/nzr3MDWDPmkj/ZCIORcRHScRYfXoSEUPV3GDEidpyt9fX8mlKYmPjzT+S6jK31tfy0fSe1IF64cmI+PH9iMOZzfWWV1bnc8ViYalenqosnJ8qr6weObeQmyvMFRaPTc/MHD3+wvFjOxfrX7+sHrz+8WvPfnPin/eeuPrhT0mciIP1ec1x7JSJmKh/JkPpR3iPV3e6sj5L+t0AHkq6aQ7UtvI4FGMxUM21MdLLlgEA3fJuRGwAAHtM4vgPAHtM43uAW+tr+Ubq7zcSvXXjlYjYX4u/cX2zNmewfs1uf/U66Oit5J4rI0lEjO9A/RMR8cV3b3+Vpqj3g2tpQC9cuhwRZ8YnNu//k033LGzXc1vN3BiuvkzcN3mvHX+gn75Pxz8vthr/Ze6Mf6LF+Ge4xbb7MB68/Weu7UA1baXjv5eb7m273RR/3fhAvfS/6phvKDl7rlhI923/j4jJGBpOy9PVRVuP3CZv/nuzXf3N478/P3nny7T+9PXuEplrg8P3vmc2V8k9atwNNy5HPDXYKv7kTv8nbca/pzqs4/WXPvi83bw0/jTeRtocf3dtXIl4pmX/3+3LZMv7E6eqq8NUY6Vo4dtfPxttV39z/6cprb9xLtALaf+Pbh3/eNJ8v2Z5+3X8fGXsh3bzHhx/6/V/X/JWNb+vPu1irlJZmo7Yl7yxefrRu+9tlBvLp/FPPt16+69V23r9T88Jz3QY/+D1379++Pi7K41/dlv9v/3M1dvzA+3q76z/Z6q5yfqUTvZ/nTbwUT47AAAAAAAAAAAAAAAAAAAAAAAAAOhUJiIORpLJ3slnMtls7Rnej8doplgqVw6fLS0vzkb1WdnjMZRp/NTlWNPvoU7Xfw+/UT56X/n5iHgsIj4dHqmWs/lScbbfwQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA3YE2z/9P/Tbc79YBAF2zv98NAAB6zvEfAPae7R3/R7rWDgCgd5z/A8De0/Hx/0x32wEA9I7zfwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALrs1MmTadr4e30tn5ZnL6wsz5cuHJktlOezC8v5bL60dD47VyrNFQvZfGmh7T+6VHsplkrnZ2Jx+eJUpVCuTJVXVk8vlJYXK6fPLeTmCqcLQz2LDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6V15Znc8Vi4UlmS0zI7ujGbsmMxi7ohkyXcs07yVG+reDAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjl/gsAAP//IIYqoQ==")
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f00005fc000/0x1000)=nil, 0x1000)
creat(&(0x7f00000000c0)='./bus\x00', 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x201000, 0x0)
r0 = open(&(0x7f0000000540)='./bus\x00', 0x4000, 0x0)
preadv2(r0, &(0x7f00000000c0)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x100000000000000d, 0x0, 0x0, 0x0)

20.893845226s ago: executing program 6 (id=939):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000380)={0x1, 0x8000, 0x1})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000040)={0x0, 0x7000, 0x1})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

20.838565146s ago: executing program 35 (id=939):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000380)={0x1, 0x8000, 0x1})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000040)={0x0, 0x7000, 0x1})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2.895468309s ago: executing program 4 (id=1303):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009e00000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r3}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3100, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

2.821662569s ago: executing program 4 (id=1307):
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x41100, 0x40, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7, @void, @value}, 0x94)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, 0x0, 0x0)
bind$inet(r0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000500)='page_pool_state_release\x00', r1}, 0x18)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="1802000000000000000000000000000085000000a000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN_LIVE(0xa, &(0x7f0000000080)={r2, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4}, 0x50)

2.79159452s ago: executing program 4 (id=1309):
open(&(0x7f0000000100)='./file0\x00', 0x80ff, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f000000c3c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x10408}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000f60000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1997e358660e994000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b60000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000056087d7200000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x0, 0x0, {0x0, 0x8}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
dup2(r2, r0)

2.67088098s ago: executing program 4 (id=1315):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, &(0x7f0000000100)="b9590b0000b832000000ba000000000f30b805000000b9006000000f01d9640f01c265410f32c4419e11ec0f01ca48b800800000000000000f23d00f21f8352000000a0f23f80f20c035200000000f22c0c402f941be000000002665400f0097c8ed0000", 0x64}], 0x1, 0x22, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

2.386782133s ago: executing program 1 (id=1327):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r0, 0x400, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='leases_conflict\x00', r2}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000340)='leases_conflict\x00', r3}, 0x18)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0, 0x0)

2.276666863s ago: executing program 1 (id=1328):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r1 = getpid()
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x8)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000080)={0x28, 0x0, 0x0, @host}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
io_uring_register$IORING_REGISTER_PBUF_RING(0xffffffffffffffff, 0x22, &(0x7f0000000380)={&(0x7f0000001000)={[{0x0, 0x0, 0x3}, {&(0x7f0000000140)="b160923999f4bda74417856c145aa0e9061b0ec87d2b9a0ac38938abb0319f133b0de441406654bd35e063f6caeb600b89265960af32238a0bafad329b4be6e7d3c675cc1ad276b2e618f23860316558", 0x50, 0x3}, {&(0x7f0000000040)="1c9616e4ecd512d8e16179c776755f586ad0d3ad6b31938445ea91cce28a02b75efdd783ac1f3d2a7bb0221033db093a4cb4fd6d9448ec669ac5a380651612d3b327e71181915e79858d02e3efa665829066a395dc3ef03e3d98b616", 0x5c}, {&(0x7f00000001c0)="43c85923d3fd5489", 0x8, 0x2}]}, 0x4, 0x4}, 0x1)

1.695824008s ago: executing program 7 (id=1340):
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffed7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10)
add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x52ba, 0xffffffffffffffff)

1.627499428s ago: executing program 7 (id=1341):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='kfree_skb\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='kfree_skb\x00', r2}, 0x10)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000580)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$tipc(r3, &(0x7f0000004440)={&(0x7f0000000ec0)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x2}}, 0x10, 0x0}, 0x0)

1.622469448s ago: executing program 1 (id=1342):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff})
r2 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = fsmount(r2, 0x0, 0x0)
fchdir(r3)
open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)

1.615634549s ago: executing program 7 (id=1343):
r0 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
r1 = add_key$keyring(&(0x7f0000000280), &(0x7f0000000200)={'syz', 0x0}, 0x0, 0x0, r0)
r2 = io_uring_setup(0x153a, &(0x7f00000008c0)={0x0, 0x6ac7, 0x0, 0x0, 0x27c})
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r2, 0x13, &(0x7f0000000940)=[0x83b, 0x80000000], 0x2)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, &(0x7f0000000040)='asymmetric\x00', &(0x7f0000002480)=@chain={'key_or_keyring:', r1})
request_key(&(0x7f0000000000)='asymmetric\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f00000000c0)='vxcan1\x00', r1)
r3 = socket$inet(0x2b, 0x801, 0x0)
connect$inet(r3, &(0x7f0000000080)={0x2, 0x104, @dev={0xac, 0x14, 0x14, 0x32}}, 0x10)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r3, 0x0, 0x48b, &(0x7f00000001c0)={0x2, 'vxcan1\x00', 0x1}, 0x18)

1.573123399s ago: executing program 1 (id=1344):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0xb, 0x8, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000b00), &(0x7f0000000300)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
mount$9p_fd(0x0, 0x0, 0x0, 0x100040, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1}, {}, {0xe}}, [@TCA_INGRESS_BLOCK={0x8}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}}, 0x0)

1.572030499s ago: executing program 4 (id=1345):
ptrace(0x4206, 0x0)
tkill(0x0, 0x12)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000e000000850000000800000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
pipe2$9p(&(0x7f0000001900)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
r3 = dup(r2)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1001)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@noextend}], [], 0x6b}})

1.538298409s ago: executing program 7 (id=1346):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000000c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r0, &(0x7f0000006380)={0x2020, 0x0, <r1=>0x0, <r2=>0x0, <r3=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x2066012}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff00", 0x2000, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x40)
getdents64(r4, 0x0, 0x0)
syz_fuse_handle_req(r0, &(0x7f00000021c0)="7b1713b4c6f02da7493fb6859f0143c68a58166f472c5078104b859bc37f9a49a8f85c9101df3b2736ff9bebcb1a3c2f570b28279b8ff7afdef7451b3d10b4578c2e81784b6e4f410800d997f0689546cee0852e9e9c64c1f95df7b136243cf7aee1b8e7a4e1d6e6fc01337370f0dfc098d975e9a6f90a08f5b845054d1e1fc81adadbf2836ff758bade0484377855b05b3556a91827599638458ad30baea03240b302638b88423ecaba6da1e40f6f1b24d60dde1652f2d5f818af43d49dd55c4eadea945e9b6aa744dca07ec2e00320bef5b045414836941469129670c4cdb953ed61efeeae2ced1b7cb3e7fa4c93cce5623a9e33c69d068b801fd1369aba759e2829c67c705853262fef6669aab956f0f733619dd361be5e1414c7e7ff6218e330156d609fa9f3244a0a4fb678a58e70b86f6dabc3331f755b786c42b4198149941a7a58c83f1f2811209025269c5ffcbe0c34ac98cc091cec2c993bca0aa8400ff9e39cc9fba8dda886f95357957bbad8bb850ab92f7aa9bebcdb0ef188749a1742e5597d199f3ccdc2d807bf757da45acc93e3e9645a1036cb041b3c38dafef367b8dae802bbbc03bacb905d40e1da78591687b416ee380103a670aa8f722c76e13f7f0e3effbb37f15a821b8315fe541e3ffc09289d96db1dfa8861e5da41c812b54ee20ca8b3180f2f46db56954791465cb572de0cce16d789d6fff216ca46977ed724dc0cc8cef7b295ebb2998a5c4662e32ae1001e59f3bfefcd72543bfe1aa6688d65c547089ec0fe1f1d9610095a5a4008b14f46775c368417376ee143856031947db71c455dc40eeeda210fbf258452781ce46e51f6df683a7918770f73d324d9401648d271cb9a7e919401567e400fec420cf363444a78eea03e73176abd6546e1657945aa88f64a21e07fc23edd74512cf89781e8ffe9bb1601ab25d31801332a6c5be9cebb6cb08207bb832106553ea9fc19b4b4f1f0cd55efc2925ffef75e9b12f06b5a7496506a274ca25f88398a1734b7013c3f78a2e49ef0d946a1aff362e37c9b5f5473de11401097722adda87944ee3eeb1bdde60e97484af4d2e5f8b0a9c63bb8bb99461b16edd824add1caf9d5247811cc4f6b48004774f1a4fe4dd125ddbfd8b69ff3ee314aeb445bee9f217a2f5a9e0e84ccd8718471f949086df6cdcbf95e568317e31dd01be1b826cf9a09373b16935fc864794a3886a2f4aacc42135db85f8921916a10aa7111a686979e2a5c9959cafc9774c416c4dfe0b9e06657feb2fbc31e7c11f6e2841680986557c1f2b1ec3c0fcc6a749a3c97a5b370550ab7110e25851b13c0b75a7fb0cd3c4659878209867659c216b467bdcf51e786a59fad084886490fc77e186ab827d844d0ac4682651fc4043f8e87b905532a53017ada44feee1f89f9bc6d2a8b144e721a479f7b90acb91033774f4c12df633548a9097c791ec7e80fa2607c86fce6e9abcae1296528b8488ccf18a4bb0fc9b50c15d294e8d380465465b4eeae26eb6800faba611785cd2ff95ca1923dfa47d5923f89e4eadb612002caceaebbe779c4e3a3833455752eae63689ab8dc03db63d82feeab7f1162eed5909b69ccd5abeb9c071da82cfc76cc692a51d99e0c4bdfa6c81c9878e893a77e1e7105e7910827ddb3353612fa8d5e547b43b5abfe50829c1eb7bfda1731db2a9a1e8f0fc298dfa7009679489f9d9323338b7e59f1e48419ca531d88170a5a1995f576aa125edae9e9ea26f6e9c4bc26323b7db0998c528a7b343ccd87ff44c77e6cfc0a324cc1d4ea79c30015f0caaeccd46e5db580aa5ce8030c2b13b37494557da58abbdc7ce9fc9afa49ce0e8a7a6fa058db210ed654203e7879cf5004ebec57522ed34481b749554b36cd7171209b0763e110096704604f2d3f28c5ddc66c877e3ab63f36137d5a67cbf872aa6af79cb3a66c9040009b5e1c7b718c1b8788156b82d6d800dbe9fc3d16c812a963c73599b79efb89aa74bdbd9b1a2dc0b8ad853f79c0867a3a45d7a1645059171877687a72dd5ed4213c0ab84ef6185e7935346a84450887bdb2b216883e907b13b03c133adc04ab3c5f60209bd90aad3d94443105f08f0ee1b2231e1a1f8cce71de74d5308b78b5d99ce4ad4573faba9fab48bc1615f14d453c67714b99f274de041512b07b885679e6f89f481c28b082084b853c9afcda31def2898284d6ca28fb124df67142821c9705e28093ded60992d9587fb466df839aa2a4973dd48f9372a55da6592646fc918e533955566a2d8dc59277308223aea4dbe0daf839f95516b8995e9eec87df1df9d38693e0824dca7423b08d553b0ae1c5c44533b918eaa02dd17b4c8ce515ae7de410970f670e17b5e3c0a207fb8464d5d442694a271d593fc23ac19619bac32ac17cc6705ce2e6262361eba24277a471602e7ca57cc614ee116e60a9e0b6ac5e3228ea2c650baf1a09e9e5c7a1b25a078d1d11a673d88f6ee33e50d036d7fe4b9c06adc70aede2e35c6738b255690ed3f7a8d2d14e36e360f3bb66978d6cfcfc41887c751c0efc9325d4485a2f561060413fe6af4ce40d87a476201f15a584fc7ba18ddfef5f1d729d5f544c2c6b06befccb444f0408451089f20b06f05ab7d6702b97819b0eff6fb090f21afb3076558e692920053702fc2348f8dade0cb2b007f38d6dcd4ed3bb42553b1bd684791743a1941e5bf2ed234f44be64a95b485a3e949538a40542f25ca4bfce44e291037ab282082f02157a96f4ca0a0c5cd39215fd07461093a4d87a7979f7aa97142bf5b9ef71db537f9acc90f22ca2ded5c1ecd1ba972d05db7f71e8466085c9b3e975fa3a948f2c4049d1a8e46f71157017a3a74ad25e215dcfe7a4c5cb0a7baea0b0ec60c5df82555c553ac60dd39174c721edc0304b836a4de539c3ee55401e13848018f889cc4a0fcd01d9f4978eb730fb1b4a94ede0283f8c95062f01c8c8a3169b2d5c50cdd4f3a248d80a26c950b4036fc6ffefaf5101269fe3594c2cc128220a1d0b5f9f23121f2b184894e129159eaa92d9a30e878839be44d20cbdff3c338cc95795c86121b2b498bd376e895c98d67f6a27eecb46a203aa9de744feedf27b6825cc17aaa098b5ca05cad6bdbe320908ed36bdc8a8f2c777eeb9b037b36c0e36019c264b3e36196501d6cc90e7b1899a72bea5c8a24a5ae62e3684a39a06208bd382cd32acfabd742c76334797fa0c09a2a2a7e1240974afe0f3d6eb44590cf171efb7602009a93bde85cea6701c765dbca7c6a879be41dd08847802d4f59e933df65f727cbb45e3a4a5019f503b6fad7e0338e653f8b2c87aa7f196444e0dc1be6d7c4f0c7ddd663d06ff1365a9c362384a33b0315adbfb2d73359c485cd5410d36d21044bd8d3771c5492803b19f7f3a1a5c3248e66786479fa4416a55855adebeb09528ff5add597790b97bddc16bb9b7b33a1f800701c4293e2c8428dc2684726cfe5539ae0a9bf89e1b6f1989fd0433cc865b308bd0c636402b4b285c290e2439b9ecf0eba156fb6b613ea7f97b04506fe28e9471343c854fdfd48945a7f564acc817e609be8f8a7fdee12e9b592fd8c5c08f51ba8cb95be12cfa497d1539a4b8217818d47ebb3cc669014261530205948fdb9983a0e5759afa9b290ce838102661750ab06d7fe65a39efa6af36c042d2dee36402a6686d58eb144b76033cab4482b8fbdd213a90170939ec98df1fdfca4b37b143a971b9b59fc351098942bba090056c20e8cfbfe8fcbe361d068c98a020f67e807b8db2e45cad83c9970907646c0049c05c1ed657d53d859f1a47bfe6f022be0689de224034d0160b1dbc878ba6dd685911288d7af22ff5eedc1634c36e25f51d0757c7b9c73d7937955da356dea68749d464a75f56c9f6ba36cc1ca8c2f3aa34beae14fba894ca705111cdb19094432c2f6caa0eac78ab09b0cee330f36b1b91a6a5d4896cd15d96c12547826559441cbf578f189f5f04526a4cf76d60144090c2386b747ad50f7962ef2950d2c6f4ff8477ad0681ab24c47ea7ded8c9accff0dfa30489f43f0f3182b88e757fd9a1d82e1c9bb4efe5215518a6e48c688b2dabbd15107c5c6245de0acfd740ea54e0ec212f405f25bc3aafc63009631a4e4749296d47c2bcf25cc95afceb0a1ddb3c6124208f5134981c30489b42eeb864b3123b03106c9b234a465d87c30ef36e00244390de36a5dd93794467ef37bd01b86387855d2ac24e05370212e845082bb22c8fcda0f0bc78ddf971b0b9d69fc50e0d907408e9c9ac4e5099f47db2d0c14d888e363ece768555362a08c408d0119c45f158aad695d455d28e223be2862c19262c9f43eff8855b5a9af4f2cede95e415e2f597bb64c8bb2d608f86b15950ffe2e6bea3cdb221cf8b7eb35e0bdf6638283b09c68cda0bf1ccb9e353a7f0afb58d806923e36b22db68615a7e4e04d0932d928afdc8af3963378ebd5e05058160ac67fadb7a7d9ec498e00f63671b84d880d196c93afb4fc823e7d6576ad824ffb4c90fc780b163a292899ccfcaed81dee2c992787a66800e206df3dfc4a6b441d54ccb1a19a587402a663d510e45a5b1aa96fc467efaf7e71cbbff087f3d2922a133466d5ae9f86b0bc39bb3093b87ac2db941b1fd9e40427402781425d6e8856a2c66cbdd274f4c689758db6dd58ec7d766b177739e8c9173f2b1946be5396aad6d7ed29d058ac231e8c2e6a9077b4a217df4580a2d72bcf0b73e4bd07465deb8798a55ee855b82f1fa7d3748a40485bd90fab94b617d92219c4b65efa022936895e51873058615a19b9d1347120c405c3254f290b4c8b99c8ea9dde3a749ec538421a29d27b48ccd83852abe1a461123e4d36e56508d1827880960362d10835df77f9d4be51f1447cac5ae2017a814de58cd99bcc0c194254b17114ea48f5a0cfe6547686088d527c65180474fd460ffea5d48767ceb65c6fa3d7d3c632591d2d9d65c6c3a35a6ae4dc56322cd84734b0e7a092a4c46c1c607afa6d0e477e8d04e4993e595ba708a0f4466cd8a89fbc06d3cd366007296a9f05b66cfdcd5b30b6745e71d513205d5dbe1e8516d9e9cf133caa994ec0ac2c543d107efd4b9a7d9ee1ee415830a6c2ea17114ea9683726f2c82741f9ad4ac1be6772f0809f18c13f4cfc82fd1b7b3bd29615336003c6784c03fbcae475a58a3c4d68099732c326dfb7643eb150f2354918077bb798b5ecf491cdd0765e3e1ed5d0a37840f1a28f7e188a021781f1896dae7153f9d6639bf66be0c7857d7eccd2a1e6c9fd0cc3594477bb005df9b29f680c966161e37bcec97fc2ef7a2c3bf64e4df5785c9b080c7f9c6d7c515408445d55da499c03ba66369a31157bb03588e84a5303c46cd393c5bd6fbbb8deed94b62d67a9351c259b263c6c4fa65a4dbdd7eee080d82cc5e478c885678edbc9cfce74169ab748d7f4a08aec3e114394fc1d5e361267b8f3fcf38a024928d58158560f7da427680e7611a9f1b8255c67e6ea6b597ebd31bed9fd6f85f9b6ee63d4374c1e50597d1c9f3c56b4266bc632ba66ebecc396f6bead40392dcc138098b4166ab7f8714bd4db0615480705dd200da92dc51ec215844d7599e0a6262e8d5dc6a9452db8994d8b8f19ad4029e0b41b5e13fd6b56230cecea57f3111fe6c78876b3e657fab112968e83a0b64ce9837b89f5dad0d5f0b8b410e3a9a56ab2e9143e90fe371a944989ee206eef777cf4a235333c647e45aab910af492bc7c2213246374251e23accf5818aa2f24823bcba12efe3658e1e2cb49a5d4ffd26453829739647eccd106605921641afe16bbe79c8739062eabeeda4d4a42cb70d84e1e1d3506c7bfba5f5135aaae85b03dc6518eb30d832175cedc5bdca95e600e04902d9eda90c1da4bdd3138ac889398c239068857103ad70b5d1d9fac27c8ccfbcfcf126d9a5441bc963bce4669047ac901a14ca7c7e76f94c77159cdbda5360e04bb539a9d5ccd16a8cc88bacaa5b952c86b163575d7f1cab58f0d612d796b570f3c5debd7d9abde7e24de2c252173f1edc93817192699bddad45eeb41ff398c1bee4d2194f38bf4d2b4ed3a8895476bc441f464753139e204ff5dee7f45ce639d7541c0d396141aeff30cbbfa7157a61993eec98a4356df98665546a1d1e8429fb0c78684000862aac50f7d9a1413e89958f4defd3f087769cafc32bcd6016e496b41b7754cfbe42b352346fd585fb19a80f4af9a19811311b5fc6ea8eb5519a3cf7dbc1a06eed41668e332224c1daa01776e0886044f5a95e5dffc8d9ccce7840eeae97e8cc916db95bdc33fb420e28030c6edb011d5281db1dbeac9bfcaf938a757e3939b025d339e69b9692c8c7352787d399f342e96096e37ca208609e5f93629e36ee442db9fb822ea236683f79875e7dc73ec97f98fe0795f9d83f473cc80a589043a7edd953473684ea4e80f698683a0fc1d8863adc44fc13c27a08921a681ca1ad76207b1a97f8fff7db247ea09b3a6407ea83d82d82d171fc80a8f5fb9f19cd7e94fe121a6a0ef9c4cff7a8689c0abf750dadcc7442c2ca5ed437af5e88e89b0a783a1164cd1eb2a33a64c919d9f08fe5aa7a775352ab6027a7b73d6fef51acebec5516c2a5f2b932b2621bbd2cdb415fce9ba1dbc3de205869fa0423adcedd5570ab0b4b64afafaa458b3840b48f018297aa46426d7893418033f00b5378eac6a70275ec860609b07851b88ecb5da05086adfb80f47c71a77301ca0f1520dfb7a800bc8421abf5eb94942ec818e3a1d45f09ff93e6549b3ef6152c6abe38231b4a82e355e27e363184df51418286d7073cf464eee02310e84b3eccabd2120fcca333130357e1967f67a69f437dcf6a20ca21797230aad086bd4c28348f58b80ec5d27626004533993b9f85897d00bc271a62ab67f92e2eed6d900000000549e8344ad90b47fb5c1ed5908bce94d03bbe98a87a1733b5031f89644c2d35d729e1375969a82f0252859219407c5c87f5d249d5eb8c17001fc7c6dc5d1825851b41e5e937f2c39d7f7196f38f83619da2cddce747bb0e906d0fc13a11fc6c2be3d140ea6da886cd5e194ca9dbff565d2a82e7e82dc5a36084bf02029ea05a9cfe1f3dc80489b426a14372232940ffad8124bd515f0a73fa85c2aa0cd51d76a0cc6e75ccc35b702a4fed4d2e2828d98939406ddc6df1048f0a22611859d6bfcbb0873d102e4b8a86b5d9af8056447f6c1552a603d9f67009fa070db73a01e1b4adbe4e841d0b9a92d148b626c386b25687817e5ec07dbbfa1d62d078578fe21d546414e3c5e29e8e086d7e542a2eb74a67127e7f171e076bbdd62767aae3db467db1df13b3121023bcee33f814d767a9ef14651f76ec89910ed33e9804df8619f69ad06bf0559b00d4efbf6f44e922d50a18ffa25d8ac58dec53a93642186c0ca81b07fe5c14c9c13397649a53ebfcec118e5bb84db053e6e505d07a09bb50f33906e7febac3c85ca337111dbfcb7b9becccaaefa3d857d48f0b3d8646d70fdcf2f1dfb89cc3ba1394cb5de24d999c88235418bc0f20d4036bd0113d298b91c44fe042d3b8e4070e3f828499972524601c4725389122c7fc3e38eb799f7b755f23bd5362880b9275e58eab2c8f42e583890cb84e17f35025d1d76dd28171bee561d21451b4b2ebf23b923221c9ea06b924815889d2b605af66539c3b0ffc30c7170a5581727f0faddb257cb6ab28b3456737d3588fa3bce0ba6a2a5c3c94301fa8a4e6db358731bd3a4a62b42181e04241010d7bc3e973b9fe428175ec8f8e6cbd4e53c8bd957621acb1e42504e6f8a7bb30c382058fc9dcd0cd0ba0b789c316cd58d7b5606cc2a66c872f10e6663346d572ecc37ad1c3d8146a137e35e54096ddc2a5e2d26765d75615fecd09b864b29adfe92763ab54272365f56feeb9b57059744e765485ee322cb879fd3c8fd8bc4727d860995c548bcd41852349f1b2227f5a1f39b24549693fb05c04ba8f190673d11eb27d0bf628489f9b8049f5f3a1e1fed97ba9881da0031ef5960b6b0af825cfae8252b931f6151cba9bf889a5c74051a176c56d3cbb8915d3f28f8f684629bd1e3f87f27909b4e8eca6b88cdd60f3b5bbe0641a469e396080fdd2feeac7a11703b758f1815f100ab2ca4403af34a655f4c35e62778c276c96bb94a3d9f58f3bbd7ae6c4f133f7c4199f18d02d66598a54769415b376bb04b520881f23b22b32685ea1ea0dc179ab2f33f07c7039d1a5eedd1905d2a8c7d3c9686758ba5aafdd74f36da7f5522aff5c40e565b50cdd92ce353c3d6c97ce87f0495bdb95d70ea52c8c26b87cd337fd2283b88d7301c32f26833451b8f7c2ee5f44eec58d9eef2a39b3021a29c8747d36a2dbca6c0c085399bb720000000000000009d67e17060abad89c7d8b8970244c2f11ad2f4ae878a3676659b77178a9b651b12cf9c21e658a32999d596af4648f636df4de8c037d1fa63b1a685e8850156bf99e00666dbc03d3e3b44018659743127f91d44c99b578b86a44f3bcf1523c8cb45accc3c5fedfd7796411eddfc3a7a6b7c57ae10fd4bd3fe9f662dc59747ac4b7cc2584ae3ce2e42a41066dd0d560f1b4c83edc57121dade5e397380bec5f40b5d0beb14aef21b2c68ccfd0eb4959b5e7f5b5779903963298e3c9a2141f145137de1d604d9124c3c4f60a4d54da38a7c32ef2632fe66a8ce8e95ee95a570e18e9fbd44884afe291550839dd61e65c952a3f5c6b61850d1c2a77e18fde734a305b407cf6dbf17afd66da6e42f0e8f66092df46c79b44711f6e8aafa831fa1188beea696672b0e94cc3cae584b30dccf053634f792c2d9f4c87e306991b407949f2870b525d123f9ca23142a0ee13d05f51ed4ff2653727ad5bf16453276b2d5e7d7a8a0a1c4847cb61ac4b08d9abee25165a120d156775a534a62f9af3a3b62726101b94ae1e14352262f017c5361b3341952d194a6a2d470e60df3fde61d343e0af8fdff36ad976af6732b732ceb69344550555174fa280153e08f74d81f4ee69c1eb44a3468e8cf78bf7c1663dae3d31553466faa207b8e9887cb54209fac0b6f6d12d9588351c76e6bad884799afe856a25b5fe737d0ba737a0f1a12b4eb3ede48a0c38e6787ab42fca1c7f2ab42fa6104d5a99aa36b73ac3622ccae122524c28a6557cb7d0a7c7eb5de795647dca0621fc2c9599441dae7cc2a8631252abb5e0f22e9355e0a156a1ab7b1641e345045e8303b5f6dda5c3c1cc2637700cea25c004460d101fc42ad78ae477739a4efbacc57272cfafae15292dc3b2800d9f42002c2062af9a1f329e11140f8317242c04ac1f11cdb45f5f9ab18877daa214c151fb9ac54e3e010b5e7944d7217442d5c4fc29956c1333cb932424096f5b6afe1128db53f7171be4372be8bae538bcb3e4a2eb29608678735a667135e0f2660956e9e2a3ed862209efe65d9ab2fbbf88e5d3384fb3362af00e1ec6b4d3ca40df442b70951026438877189c4b0ae136a9a35c131fdf19115e8dc1ee2b938bfbfdb3808aebbe7dfbbd3510c7070388f5813e8bc63be744b99116c4b84ea37d57c5da7a80cc883aa915d84a249ebfa78ceb124c63b3a0720b19483189ee50824e8581556f0520e434803204cd0f3dd09fc97c979f9a7e3f8e5eca8fccde98fc4939551338235c0c6378faade0d18f7050f29189485e01ec120239373c5478cd19ab27570921415a6680924baf9c5829f3f2115460d1fceb8a026fa1a0a0047fe1cd6fcf1861dd3784e006abfddfe79461c5001e4e32d99c5bc203c21f8c711c5ecccf8941093d95a8db73722bb7511443fb2670244cc1249492e92fc4bf7e06ec6f08c5c6931929d58232b551957b771ea5e4a932b037904b81916e662e3fe95af894e80f699e5c00ab664f381bd9c0bd41322a8b3cf367577429fa52c0f1c44ffc626c215e7103cba05bff4931d9a202c1eb9068f44983d1e0c6d9fb5fed738561651e854a3c1b362ae354a0b4a270386ed2dbef093bd82f07f25edfae31901cb86fd214576b25f769bcb215214c63026b2581a8d17779aae03ba310f3243b3631f4b01c9e3eb342c3bdb44d8e47cdc1683e3b1cfffef72e385cc8831f99425fc406575170e1c106618d5429144a436b9e92d241d8118b5cbe0dca5e8ddd86e671e13080eddcf8dee9e317d192a3a5386378de9b1ecd8cf5439cfbe9f65965e5a5f6c145627ac23fe30c2e06e623b0eca15b225b32b65ce568b656cec0e0d6752fdebffd39c7538472ad7a195b56fcad3fab80016ff006df6b01d785191e4fca143b14ce68b32571476a779515ccb14d35cf9aabd4849c03c9bf12a42cfc2a7146ed6c25892a9d1c48f95314f641142d38cd882e54534d69b3fcc18044309e6debef6dc79d7737956418b955d33737115b44360e0bac14b71e2e64f0c8aea428dce5b65e210c108f832a6041c0aab116488e5863cd1039dc8af537908be3541352bdad303de43387503d19d7c0f0390bdc5b95f1dfb0701fd0e14a22c210837cc0a1cb059de474f4476bfe9bddfe3e7977fb299e82d9eefb18111f7c4a5fbd406fca720fec69340d978f4c9832204d67f6fa5793325e04d4af84acde0b56158e4c606394286a4b3cfc04a426a665529b753e1ce2d6c613159844bd069a67b5b96cb8ec993f05a8e252ed3d8ed63d524af0845f519f9d47b85a773f37031cb91055fb963db50e6a1e368f10a82fa40ac055e0201c6d29661eadb76f8154ef9c1cc210ccf1ccb063e8c00324ed6a14fdefa0167a9abb04debbbf5e7b8a57a7772373c765947f0f67b5130d77a6ca6ab166147d4eba97b4ddf1465d25b02f4430227b5713a29fd84664bfdfa5fc450e48f5263eaca67c16033b79bf1cb819511cf16bae6ffd5d05a7d9cc93067b6f2512fea2424a9c7d178f653ffa7ce1c00924707e3817c7cd461cb2a8cc5eadc40821258eaad7720ee3976c5a60025c317480016e5e5bd884f3646651f3bdc1185ec1a4112eb24ba5b3b6f94ac66322042d4bc48cb5befabfcf950cf8a0165fba3fa019324b53fb56bbfaec7f4ec733e84c22f841c1c9c1dc51dd3ac4887e155ac4095a6b8846c8f401f3c2d48d4de18906193a9f05ed59e3b0add8bc27c0bad8418ccbb842123ce1d39fdeeaa7984dfba9ef121ab4d4d35de076262636f3815708e4bcf31e634a290b13317425b1a4a2e4ebf8537092c7e524c126faa9622bf1337168e003857805dd420a51816fea3cd37c34e483f64a2da3ab67442314ffff40727835a1bc7b9971ccb5f83183cf1a135defd468907b988d97028f904c4d9c712f7d0ed6abe4d80712a7b7e06efcbe6a5b83e32beb1556326af7a97437c35c6a706c6cf4403b98f5134547ac167fd1abcb9245ec3450202ab80e553952412032a6c3cfa64441d4aecabd1e182c50bf67801fd3b44b40648ac9926bbbd7095425a429f2a9550c2fd1267cbf6156897b705255cadf1c7f233f4effd788b3f446dba19e68bbf8b42ff6caf984a4eb51328ab5e2bc28366e8b4df4df967a166470a00", 0x2000, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000083c0)=ANY=[@ANYBLOB="38040000000000000000000000000000020000000020000001000000000000000100000000000000ff0700000000000001000000900c00000200000000000000ffffffff0000000040000000000000000500000000000000ffffff7f00000000040000000000000006000000070000000100008000a0000005", @ANYRES32=r2, @ANYRES32=r3, @ANYBLOB="a8d7000004000000000000000300000000000000ce000000000000000100000004"], 0x0, 0x0, 0x0})

1.537743189s ago: executing program 1 (id=1347):
sched_setscheduler(0x0, 0x2, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@dev={0xac, 0x14, 0x14, 0x36}, @in=@remote, 0x4e22, 0xfffd, 0x0, 0x0, 0xa, 0x0, 0x0, 0x73, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfffffffffffffff9, 0xffffffffffffffff}, {0x8000000000, 0x0, 0x1}, 0xd44, 0x6e6bb7, 0x0, 0x0, 0x0, 0x1}}, 0xb8}}, 0x4040000)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0)
bind$netlink(r0, &(0x7f0000000140)={0x10, 0x0, 0xfffffffd, 0x1}, 0xc)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000003c0)={{{@in=@broadcast, @in=@multicast2, 0x4e20, 0x0, 0x800, 0x0, 0x2}, {0x7, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, {}, 0x0, 0x0, 0x1, 0x0, 0x3, 0x3}, {{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x2b}, 0x0, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x200000}}, 0xe8)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c)
sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001c00"], 0x14}}, 0x4080)

1.491553539s ago: executing program 4 (id=1357):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000000)={0x2c, &(0x7f0000000300)=ANY=[@ANYBLOB="00dc6b"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10)
syz_usb_control_io(r0, 0x0, &(0x7f0000000e80)={0x84, &(0x7f0000000a00)={0x20, 0x16, 0x97, "05427006d4c60bab8ee49579bf95a53ad4c34d97eaeea7c507bc96be3527474433bac9cc94511f803f8bbdb2f7b8bd1ac0deddd0c855f7a088cbb9db46032cbc105b4ef1a75a1a454c840c305be5bd819561014ad3a17b1a69d7fed9bc20d7e92e06915454c8bf6ceb4658539f6c12b4136eb41f83e2e1a142fbdfdfba87bef81903dc26919bfdc0a613b6e2539bbe38a151a708b0d2e7"}, &(0x7f0000000ac0)={0x0, 0xa, 0x1, 0x7f}, &(0x7f0000000b00)={0x0, 0x8, 0x1, 0xf5}, &(0x7f0000000b40)={0x20, 0x0, 0x4, {0x2, 0x2}}, &(0x7f0000000500)=ANY=[@ANYBLOB="20000400000080008000cc805de9d156ff7a2de3dfcc28b6cdfa094ce9199f4ff5a002f3651e825033d892b8f1a71d031830853133"], &(0x7f0000000bc0)={0x40, 0x7, 0x2, 0x1}, &(0x7f0000000c00)={0x40, 0x9, 0x1, 0x1}, &(0x7f0000000c40)={0x40, 0xb, 0x2, "dbac"}, &(0x7f0000000c80)={0x40, 0xf, 0x2, 0x9}, &(0x7f0000000cc0)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, &(0x7f0000000d00)={0x40, 0x17, 0x6, @broadcast}, &(0x7f0000000d40)={0x40, 0x19, 0x2, "deac"}, &(0x7f0000000d80)={0x40, 0x1a, 0x2, 0x72a9}, &(0x7f0000000dc0)={0x40, 0x1c, 0x1, 0x5}, &(0x7f0000000e00)={0x40, 0x1e, 0x1, 0xd}, &(0x7f0000000e40)={0x40, 0x21, 0x1, 0x6}})
syz_usb_control_io$cdc_ecm(0xffffffffffffffff, &(0x7f00000012c0)={0x14, &(0x7f0000001200)={0x20, 0xe, 0x5f, {0x5f, 0xb, "1ad05c4bc33663b68399369b1c5b91c3bc6c4d9420607ee953380e88826d208340bd90572083f7c5b05ebc5392d9905ebf59ced1624fc1326de2aa85c33e34cc258f639e2f7872666018e0b8bf631570048df11306a9b137e1a75fd783"}}, 0x0}, &(0x7f0000001480)={0x1c, &(0x7f0000001300)=ANY=[@ANYBLOB="000ebe000000ba9519e02e6583bb12645c3370099aec903fca863aac85771e5767c460576a901dfe97024f00ec1b06000000fb6296230d172770eed534cc477f1b141d70bcf3517d4966905c51d8a5589aab79726d3e000db67975dbc052a6468d567132dcdbe4b3a54554924b504646c43c1d1a284cd810f43436e11b3c31f89de1d00af09c8f2c2b021ac0c99e4f2ff1e1ee1937eb995c1a8899103f95580e74cd1d7ab725e828291ebde4d99c64a72fb0d1a36738edff112753d36101b374a58798d4"], &(0x7f0000001400)={0x0, 0xa, 0x1, 0x9}, &(0x7f0000001440)={0x0, 0x8, 0x1, 0x3}})
syz_usb_control_io(r0, 0x0, 0x0)

1.489683259s ago: executing program 1 (id=1348):
r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x28de, 0x1102, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xd0, 0x0, [{{0x9, 0x4, 0x0, 0x4, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x1, 0xf9, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0x0, 0x50}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000040)={0x2c, &(0x7f0000000200)=ANY=[@ANYBLOB="200b4000000028b1"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$cdc_ecm(0xffffffffffffffff, &(0x7f00000005c0)={0x14, &(0x7f00000001c0)={0x0, 0x0, 0xe, {0xe, 0x0, "6c46936e41c5838bf3d423ab"}}, 0x0}, 0x0)
write$char_usb(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$hidraw(&(0x7f0000002300), 0x1, 0x14a042)
syz_open_dev$hidraw(&(0x7f0000002300), 0x0, 0x0)

1.40103698s ago: executing program 7 (id=1349):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001c00)=@base={0xb, 0x5, 0x7, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000008c0)='sys_enter\x00', r1}, 0x10)
setresuid(0x0, 0xee01, 0x0)

1.370597311s ago: executing program 7 (id=1350):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x75, 0x1c, 0x1, 0x10, 0xfe6, 0x9800, 0xd19a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x29, 0x2, 0x2, 0xb4, 0x8c, 0xbb, 0x0, [], [{{0x9, 0x5, 0x4, 0x2, 0x10, 0x0, 0xfa}}, {{0x9, 0x5, 0x82, 0x2, 0x40}}]}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000580)={0x44, &(0x7f0000000340)={0x20, 0x24, 0x6, "24461d208426"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)

1.255533371s ago: executing program 8 (id=1351):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x7, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000b00), &(0x7f00000003c0)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94)
pipe2$9p(&(0x7f0000001900)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r4}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
r5 = dup(r3)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r5}, 0x2c, {[], [], 0x6b}})

1.255222231s ago: executing program 8 (id=1352):
mount$9p_fd(0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)=ANY=[])
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cmdline\x00')
preadv(r3, &(0x7f00000000c0)=[{&(0x7f00000010c0)=""/4097, 0x1001}], 0x1, 0x0, 0x0)

1.240444921s ago: executing program 8 (id=1353):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r1 = getpid()
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x8)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000080)={0x28, 0x0, 0x0, @host}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
io_uring_register$IORING_REGISTER_PBUF_RING(0xffffffffffffffff, 0x22, &(0x7f0000000380)={&(0x7f0000001000)={[{0x0, 0x0, 0x3}, {&(0x7f0000000140)="b160923999f4bda74417856c145aa0e9061b0ec87d2b9a0ac38938abb0319f133b0de441406654bd35e063f6caeb600b89265960af32238a0bafad329b4be6e7d3c675cc1ad276b2e618f23860316558", 0x50, 0x3}, {&(0x7f0000000040)="1c9616e4ecd512d8e16179c776755f586ad0d3ad6b31938445ea91cce28a02b75efdd783ac1f3d2a7bb0221033db093a4cb4fd6d9448ec669ac5a380651612d3b327e71181915e79858d02e3efa665829066a395dc3ef03e3d98b616", 0x5c}, {&(0x7f00000001c0)="43c85923d3fd5489", 0x8, 0x2}]}, 0x4, 0x4}, 0x1)

912.712964ms ago: executing program 8 (id=1354):
syz_mount_image$ext4(&(0x7f0000000280)='ext2\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000000, &(0x7f00000001c0)={[{@noinit_itable}, {@nobarrier}]}, 0xff, 0x26d, &(0x7f00000003c0)="$eJzs3T9oM2UcB/DfXRJj3gapugjiHxARLZS6CS66KBSkFBFBhYqIk7RCbXGycXJR0Fmlk0sRN6ujuBQXwbVqh7o4WBwsDjpELpeU1KbaNOmdb+/zgXDP5Xnunif0vs9zy/UCqKzZiHgiImoRMRcRjYhIhhvcn39m+7vbrb2ViG732d+SXrt8Pzc4biYiOhHxWER9ULe5++LhH/tPP/TeRuPBT3dfaBX1+4YdHR48c/zJ0rtfLD66mfa/a/e3w79jmpojvqsnEXdcRWf/E0m97BFwEctvff5Dlvs7I+KBXv4bkfYj+8H6Ld804pGPzzv2w1+/v7vIsQLT1+02sjWw0wUqJ+3dAyfpfETk5TSdn8/v4X+s3UhfX1t/c+61tY3VV8ueqYBpaUccPPVV88uZXvn9k/z/UsvzD1xfWf6fW975KSsf18oeDVCIe/JNlv+5l7cejn/J/1KR4wIKk+f/7V7yrf9QLRdZ/0/788rHBBRjjPzfWtSYgDFd8t59/PUfuC7kH6pL/uEaawwKnZHV8g/VJf9QXfIP1TWcfwCgWrrNsp9ABspS9vwDAAAAAAAAAAAAAAAAAACctd3aWxl8pnri5vlV334UcfRkRNRH9V/rvY948PqRG78nWbMTSX7YRF66b8ITTOizkp++vu3ncvv/7t6rOe87p3db57XbWo3oZI0X6vWz11/Sv/4u7/b/qG+8MmEHY0j7mRn2+PPF9T/KXzvl9r+4H/F1Nv8sZPNP+x9//zTu6m1Hzz/t4X+xfElveKUaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADATePvAAAA//+ZcGsX")
mkdir(&(0x7f00000003c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x45)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000100), 0x208e24b)
creat(&(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x10)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x4, 0x1)
creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x4)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents64(r1, &(0x7f0000000200)=""/179, 0xb3)

758.103494ms ago: executing program 8 (id=1355):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000600)='sys_enter\x00', r1}, 0x10)
time(0x0)

683.685535ms ago: executing program 8 (id=1356):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, &(0x7f0000000100)="b9590b0000b832000000ba000000000f30b805000000b9006000000f01d9640f01c265410f32c4419e11ec0f01ca48b800800000000000000f23d00f21f8352000000a0f23f80f20c035200000000f22c0c402f941be000000002665400f0097c8ed0000", 0x64}], 0x1, 0x22, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

414.157507ms ago: executing program 0 (id=1362):
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000040), 0xfe, 0x76a, &(0x7f0000000fc0)="$eJzs3d9rW1UcAPDvTdt17aatIOh8KghaGEvtrJuCDxMfRHAw0Ge3kGZlNm1Gk461FNwQwRdBxQdBX/bsj/nmqz9e9b/wQTamdsOJD1K5adJla9KlW5MI+XzgNOfce9Nzvjn3nnuSe0kC6FsT6Z9MxKGI+CiJGKstTyJiqJobjDixud3t9bV8mpLY2Hjzj6S6za31tXw0PCd1oFZ4MiJ+fD/icGZ7veWV1flcsVhYqpWnKgvnp8orq0fOLeTmCnOFxWPTMzNHj79w/NjexfrXL6sHr3/82rPfnPjnvSeufvhTEifiYG1dYxx7ZSImaq/JUPoS3uXVva6sx5JeN4AHkh6aA5tHeRyKsRio5loY6WbLAIBOeTciNgCAPpM4/wNAn6l/DnBrfS1fT739RKK7brwSEfs3469f39xcM1i7Zre/eh109FZy15WRJCLG96D+iYj44ru3v0pTdOg6JEAzly5HxJnxie3jf7LtnoXdeq6NbSbuKRv/oHu+T+c/Lzab/2W25j/RZP4z3OTYfRD3P/4z1/agmpbS+d/LDfe23W6Iv2Z8oFZ6pDrnG0rOnisW0rHt0YiYjKHhtDy9Qx2TN/+92Wpd4/zvz0/e+TKtP328s0Xm2uDw3c+ZzVVyDxNzoxuXI54abBZ/stX/SYv576k263j9pQ8+b7UujT+Nt562x99ZG1cinmna/3fuaEt2vD9xqro7TNV3iia+/fWz0Vb1N/Z/mtL66+8FuiHt/9Gd4x9PGu/XLO++jp+vjP3Qat3942++/+9L3qrm99WWXcxVKkvTEfuSN7YvP3rnufVyffs0/smnmx//O+3/6XvCM23GP3j9968fPP7OSuOf3VX/7z5z9fb8QKv62+v/mWpusraknfGv3QY+zGsHAAAAAAAAAAAAAAAAAAAAAAAAAO3KRMTBSDLZrXwmk81u/ob34zGaKZbKlcNnS8uLs1H9rezxGMrUv+pyrOH7UKdr34dfLx+9p/x8RDwWEZ8Oj1TL2XypONvr4AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg5kCL3/9P/Tbc69YBAB2zv9cNAAC6zvkfAPrP7s7/Ix1rBwDQPd7/A0D/cf4HgP7j/A8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECHnTp5Mk0bf6+v5dPy7IWV5fnShSOzhfJ8dmE5n82Xls5n50qluWIhmy8ttPxHlzYfiqXS+ZlYXL44VSmUK1PlldXTC6Xlxcrpcwu5ucLpwlDXIgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA9pVXVudzxWJhSUZGRmYr0zhKjPRugAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4n/svAAD//9EyKso=")
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000040))
socket$inet(0x2, 0x1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
alarm(0x7)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.numa_stat\x00', 0x275a, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0x8004587d, 0x0)

147.648349ms ago: executing program 0 (id=1363):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r1}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0xbb)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000540)='inet_sock_set_state\x00', r3}, 0x10)
listen(r2, 0x3)
listen(r0, 0x0)

130.1498ms ago: executing program 0 (id=1364):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/96, 0x128000, 0x800}, 0x20)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000140)=0x20, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', <r2=>0x0})
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f00000003c0)=0x40, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000100)=0x20, 0x4)
bind$xdp(r0, &(0x7f00000002c0)={0x2c, 0x8, r2}, 0x10)
sendmsg$sock(r0, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x24004050)

76.7427ms ago: executing program 0 (id=1365):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=@base={0x5, 0x4, 0x4, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4)
sendmsg$unix(r3, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)

50.92922ms ago: executing program 0 (id=1366):
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000380)={0xaa, 0x8})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
r1 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_ZEROPAGE(r1, 0xc018aa06, &(0x7f0000000100)={{&(0x7f00003ea000/0x400000)=nil, 0x400000}, 0x1})

0s ago: executing program 0 (id=1367):
mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffffed7a000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000f7850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
getresuid(&(0x7f00000000c0), &(0x7f00000001c0), &(0x7f0000000180))
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

kernel console output (not intermixed with test programs):

avc:  denied  { mount } for  pid=1302 comm="syz.4.380" name="/" dev="overlay" ino=486 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   44.903714][   T28] audit: type=1400 audit(1741960451.140:307): avc:  denied  { unmount } for  pid=291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   44.950614][  T994] usb 6-1: new full-speed USB device number 2 using dummy_hcd
[   44.987413][   T28] audit: type=1400 audit(1741960451.230:308): avc:  denied  { remount } for  pid=1310 comm="syz.0.383" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[   45.058062][ T1319] netlink: 'syz.0.392': attribute type 13 has an invalid length.
[   45.132660][  T994] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[   45.141316][  T994] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4
[   45.152220][  T994] usb 6-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4
[   45.165410][  T994] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   45.174656][  T994] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   45.189690][  T994] usb 6-1: Product: syz
[   45.195578][   T39] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   45.203012][  T994] usb 6-1: Manufacturer: syz
[   45.207451][  T994] usb 6-1: SerialNumber: syz
[   45.229489][ T1331] netlink: 12 bytes leftover after parsing attributes in process `syz.1.397'.
[   45.319065][ T1338] device pim6reg1 entered promiscuous mode
[   45.392605][   T39] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   45.404468][   T39] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[   45.418640][   T39] usb 5-1: New USB device found, idVendor=1223, idProduct=3f07, bcdDevice= 0.00
[   45.430177][   T39] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   45.439123][  T994] usb 6-1: 2:1 : no or invalid class specific endpoint descriptor
[   45.450243][   T39] usb 5-1: config 0 descriptor??
[   45.455610][  T994] usb 6-1: 2:1 : unknown format tag 0x0 is detected.  processed as MPEG.
[   45.464375][  T994] usb 6-1: found format II with max.bitrate = 128, frame size=0
[   45.474606][  T994] usb 6-1: 2:1: All rates were zero
[   45.495175][  T994] usb 6-1: USB disconnect, device number 2
[   45.710743][ T1212] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   45.770622][    T6] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   45.885146][   T39] ortek 0003:1223:3F07.0005: unknown main item tag 0x6
[   45.892471][   T39] ortek 0003:1223:3F07.0005: report_id 29495 is invalid
[   45.899298][   T39] ortek 0003:1223:3F07.0005: item 0 2 1 8 parsing failed
[   45.907295][   T39] ortek: probe of 0003:1223:3F07.0005 failed with error -22
[   45.920712][ T1212] usb 1-1: Using ep0 maxpacket: 16
[   45.936002][ T1212] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   45.960955][    T6] usb 2-1: Using ep0 maxpacket: 8
[   45.966436][ T1212] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[   45.980218][ T1212] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[   45.990860][ T1212] usb 1-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[   46.004133][    T6] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[   46.013189][    T6] usb 2-1: config 179 has no interface number 0
[   46.019603][    T6] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[   46.031159][    T6] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[   46.042687][    T6] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[   46.054992][    T6] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[   46.067787][    T6] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[   46.090703][ T1212] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   46.102297][    T6] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[   46.104655][  T994] usb 5-1: USB disconnect, device number 3
[   46.112625][ T1212] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   46.126329][    T6] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   46.135221][ T1212] usb 1-1: Product: syz
[   46.141218][ T1212] usb 1-1: Manufacturer: syz
[   46.141422][ T1342] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[   46.145801][ T1212] usb 1-1: SerialNumber: syz
[   46.280655][   T39] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[   46.462132][   T39] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   46.473473][   T39] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   46.483326][   T39] usb 6-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[   46.492370][   T39] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   46.506317][   T39] usb 6-1: config 0 descriptor??
[   46.578528][  T994] usb 2-1: USB disconnect, device number 4
[   46.578639][    C0] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[   46.593383][    C0] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[   46.863128][ T1401] loop4: detected capacity change from 0 to 512
[   46.884056][ T1403] device pim6reg1 entered promiscuous mode
[   46.893898][ T1401] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: comm syz.4.428: inode #1: comm syz.4.428: iget: illegal inode #
[   46.910421][ T1401] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz.4.428: error while reading EA inode 1 err=-117
[   46.924259][ T1401] EXT4-fs (loop4): 1 orphan inode deleted
[   46.925268][   T39] cp2112 0003:10C4:EA90.0006: item fetching failed at offset 3/7
[   46.930328][ T1401] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[   46.939266][   T39] cp2112 0003:10C4:EA90.0006: parse failed
[   46.959533][   T39] cp2112: probe of 0003:10C4:EA90.0006 failed with error -22
[   47.060025][  T291] EXT4-fs (loop4): unmounting filesystem.
[   47.132486][   T39] usb 6-1: USB disconnect, device number 3
[   47.440673][   T19] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[   47.515636][ T1424] netlink: 96 bytes leftover after parsing attributes in process `syz.4.435'.
[   47.631748][   T19] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   47.643128][   T19] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[   47.660402][ T1426] loop4: detected capacity change from 0 to 40427
[   47.673219][   T19] usb 7-1: New USB device found, idVendor=1223, idProduct=3f07, bcdDevice= 0.00
[   47.683139][   T19] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   47.692779][ T1426] F2FS-fs (loop4): invalid crc value
[   47.693519][ T1428] netlink: 4 bytes leftover after parsing attributes in process `syz.5.437'.
[   47.707798][   T19] usb 7-1: config 0 descriptor??
[   47.715224][ T1426] F2FS-fs (loop4): Found nat_bits in checkpoint
[   47.722773][ T1428] device veth1_macvtap left promiscuous mode
[   47.766579][ T1426] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   47.812848][ T1429] f2fs_ckpt-7:4: attempt to access beyond end of device
[   47.812848][ T1429] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   47.847881][   T28] kauditd_printk_skb: 1 callbacks suppressed
[   47.847898][   T28] audit: type=1400 audit(1741960454.090:310): avc:  denied  { setopt } for  pid=1436 comm="syz.5.439" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   48.023649][ T1443] device pim6reg1 entered promiscuous mode
[   48.035851][   T28] audit: type=1400 audit(1741960454.280:311): avc:  denied  { read } for  pid=1444 comm="syz.5.443" path="socket:[21083]" dev="sockfs" ino=21083 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   48.119422][   T19] ortek 0003:1223:3F07.0007: unknown main item tag 0x6
[   48.130696][   T19] ortek 0003:1223:3F07.0007: report_id 29495 is invalid
[   48.148248][   T19] ortek 0003:1223:3F07.0007: item 0 2 1 8 parsing failed
[   48.156404][   T19] ortek: probe of 0003:1223:3F07.0007 failed with error -22
[   48.325686][   T39] usb 7-1: USB disconnect, device number 2
[   48.458861][   T19] usb 1-1: USB disconnect, device number 4
[   48.563645][   T28] audit: type=1400 audit(1741960454.810:312): avc:  denied  { create } for  pid=1471 comm="syz.0.453" name="#16" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[   48.584715][   T28] audit: type=1400 audit(1741960454.810:313): avc:  denied  { link } for  pid=1471 comm="syz.0.453" name="#16" dev="tmpfs" ino=196 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[   48.607582][   T28] audit: type=1400 audit(1741960454.810:314): avc:  denied  { rename } for  pid=1471 comm="syz.0.453" name="#17" dev="tmpfs" ino=196 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[   48.637407][    T6] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[   48.844101][    T6] usb 5-1: Using ep0 maxpacket: 8
[   48.851606][    T6] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[   48.863051][    T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   48.874058][ T1490] netlink: 96 bytes leftover after parsing attributes in process `syz.1.467'.
[   48.884410][    T6] usb 5-1: config 0 descriptor??
[   48.910034][   T28] audit: type=1400 audit(1741960455.150:315): avc:  denied  { append } for  pid=1492 comm="syz.1.458" name="kvm" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[   49.223620][ T1517] loop5: detected capacity change from 0 to 256
[   49.234646][ T1517] FAT-fs (loop5): bogus number of FAT sectors
[   49.243228][ T1517] FAT-fs (loop5): Can't find a valid FAT filesystem
[   49.269878][   T28] audit: type=1326 audit(1741960455.510:316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1515 comm="syz.1.468" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7fd8f8d169 code=0x0
[   49.295852][    T6] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[   49.318949][    T6] asix 5-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9
[   49.347460][    T6] asix: probe of 5-1:0.0 failed with error -71
[   49.372737][    T6] usb 5-1: USB disconnect, device number 4
[   49.374480][   T28] audit: type=1400 audit(1741960455.620:317): avc:  denied  { create } for  pid=1525 comm="syz.1.471" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   49.488587][ T1531] loop1: detected capacity change from 0 to 128
[   49.510385][   T28] audit: type=1400 audit(1741960455.750:318): avc:  denied  { write } for  pid=1532 comm="syz.5.474" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   49.574233][ T1531] syz.1.473: attempt to access beyond end of device
[   49.574233][ T1531] loop1: rw=2049, sector=145, nr_sectors = 87 limit=128
[   49.665987][   T28] audit: type=1400 audit(1741960455.910:319): avc:  denied  { write } for  pid=1543 comm="syz.5.480" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   49.687433][  T959] kworker/u4:6: attempt to access beyond end of device
[   49.687433][  T959] loop1: rw=1, sector=241, nr_sectors = 800 limit=128
[   49.703067][  T959] kworker/u4:6: attempt to access beyond end of device
[   49.703067][  T959] loop1: rw=1, sector=145, nr_sectors = 96 limit=128
[   50.051323][ T1571] loop4: detected capacity change from 0 to 512
[   50.055302][ T1564] loop0: detected capacity change from 0 to 40427
[   50.079522][ T1571] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   50.083823][ T1564] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[   50.102751][ T1564] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[   50.112070][ T1564] F2FS-fs (loop0): invalid crc value
[   50.119837][ T1564] F2FS-fs (loop0): Found nat_bits in checkpoint
[   50.140207][ T1571] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[   50.157033][ T1571] ext4 filesystem being mounted at /113/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   50.215471][ T1564] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[   50.223803][ T1564] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   50.225105][  T291] EXT4-fs (loop4): unmounting filesystem.
[   50.302050][ T1564] syz.0.488: attempt to access beyond end of device
[   50.302050][ T1564] loop0: rw=2049, sector=77824, nr_sectors = 952 limit=40427
[   50.408743][  T384] syz-executor: attempt to access beyond end of device
[   50.408743][  T384] loop0: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[   50.423090][   T10] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[   50.434516][   T10] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[   50.540615][ T1278] usb 5-1: new full-speed USB device number 5 using dummy_hcd
[   50.741778][ T1278] usb 5-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[   50.753947][ T1278] usb 5-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[   50.764999][ T1278] usb 5-1: config 0 interface 0 has no altsetting 0
[   50.772506][ T1278] usb 5-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[   50.787322][ T1278] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   50.796152][  T994] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[   50.806863][ T1278] usb 5-1: config 0 descriptor??
[   50.990648][  T994] usb 2-1: Using ep0 maxpacket: 16
[   50.998863][  T994] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   51.032279][  T994] usb 2-1: config 0 has no interfaces?
[   51.040128][  T994] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[   51.092334][  T994] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   51.141262][  T994] usb 2-1: config 0 descriptor??
[   51.186520][ T1633] netlink: 24 bytes leftover after parsing attributes in process `syz.0.514'.
[   51.221838][ T1278] hid-steam 0003:28DE:1102.0008: unknown main item tag 0x0
[   51.230893][ T1278] hid-steam 0003:28DE:1102.0008: unknown main item tag 0x0
[   51.239912][ T1278] hid-steam 0003:28DE:1102.0008: : USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.4-1/input0
[   51.252579][ T1278] hid-steam 0003:28DE:1102.0009: unknown main item tag 0x0
[   51.259982][ T1278] hid-steam 0003:28DE:1102.0009: unknown main item tag 0x0
[   51.269570][ T1278] hid-steam 0003:28DE:1102.0009: hidraw0: USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.4-1/input0
[   51.349418][  T994] usb 2-1: USB disconnect, device number 5
[   51.355532][ T1278] hid-steam 0003:28DE:1102.0008: Steam Controller 'XXXXXXXXXX' connected
[   51.371432][ T1278] input: Steam Controller as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:28DE:1102.0008/input/input5
[   51.433969][ T1588] input: Steam Controller as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:28DE:1102.0008/input/input6
[   51.466538][ T1278] usb 5-1: USB disconnect, device number 5
[   51.476140][ T1278] hid-steam 0003:28DE:1102.0008: Steam Controller 'XXXXXXXXXX' disconnected
[   52.363020][ T1695] loop5: detected capacity change from 0 to 256
[   52.455835][ T1698] netlink: 'syz.6.536': attribute type 4 has an invalid length.
[   52.495739][ T1698] netlink: 'syz.6.536': attribute type 4 has an invalid length.
[   52.533573][ T1702] loop5: detected capacity change from 0 to 256
[   52.548866][ T1702] FAT-fs (loop5): Unrecognized mount option "ìoûZǺ
[   52.548866][ T1702] e=1" or missing value
[   52.607761][ T1702] loop5: detected capacity change from 0 to 128
[   52.778659][ T1712] loop5: detected capacity change from 0 to 512
[   52.812331][ T1712] EXT4-fs (loop5): #blocks per group too big: 65535
[   52.827742][  T994] kernel write not supported for file bpf-prog (pid: 994 comm: kworker/1:4)
[   53.015332][   T28] kauditd_printk_skb: 10 callbacks suppressed
[   53.015349][   T28] audit: type=1400 audit(1741960459.260:330): avc:  denied  { getattr } for  pid=1740 comm="syz.6.555" name="/" dev="incremental-fs" ino=293 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[   53.101582][ T1747] netlink: 32 bytes leftover after parsing attributes in process `syz.6.557'.
[   53.110518][ T1747] netem: unknown loss type 13
[   53.115446][ T1747] netem: change failed
[   53.143145][ T1750] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=782551099 (25041635168 ns) > initial count (15596343840 ns). Using initial count to start timer.
[   53.240603][  T994] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[   53.425227][  T994] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   53.453768][  T994] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   53.480742][  T994] usb 5-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[   53.513564][  T994] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   53.532055][  T994] usb 5-1: config 0 descriptor??
[   53.676702][ T1786] loop6: detected capacity change from 0 to 256
[   53.703704][ T1786] FAT-fs (loop6): Unrecognized mount option "ìoûZǺ
[   53.703704][ T1786] e=1" or missing value
[   53.748971][   T28] audit: type=1400 audit(1741960459.990:331): avc:  denied  { write } for  pid=1735 comm="syz.4.552" name="ip6_mr_vif" dev="proc" ino=4026532341 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[   53.765863][ T1786] loop6: detected capacity change from 0 to 128
[   53.896342][ T1791] xt_hashlimit: size too large, truncated to 1048576
[   53.948501][ T1792] xt_hashlimit: size too large, truncated to 1048576
[   53.981706][  T994] cp2112 0003:10C4:EA90.000A: unknown global tag 0xc
[   53.991569][  T994] cp2112 0003:10C4:EA90.000A: item 0 1 1 12 parsing failed
[   54.022190][  T994] cp2112 0003:10C4:EA90.000A: parse failed
[   54.028450][  T994] cp2112: probe of 0003:10C4:EA90.000A failed with error -22
[   54.185187][    T6] usb 5-1: USB disconnect, device number 6
[   54.510635][  T397] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[   54.629753][   T28] audit: type=1400 audit(1741960460.870:332): avc:  denied  { write } for  pid=1815 comm="syz.6.584" name="001" dev="devtmpfs" ino=166 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[   54.640688][  T994] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[   54.669686][   T28] audit: type=1400 audit(1741960460.870:333): avc:  denied  { map } for  pid=1815 comm="syz.6.584" path="/dev/bus/usb/003/001" dev="devtmpfs" ino=166 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[   54.712252][ T1818] futex_wake_op: syz.6.585 tries to shift op by -1; fix this program
[   54.731939][  T397] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   54.758607][  T397] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   54.777223][  T397] usb 6-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[   54.792102][   T28] audit: type=1400 audit(1741960461.040:334): avc:  denied  { connect } for  pid=1824 comm="syz.4.588" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   54.811609][ T1812] loop1: detected capacity change from 0 to 40427
[   54.818114][  T397] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   54.826404][ T1812] F2FS-fs (loop1): Invalid Fs Meta Ino: node(0) meta(2) root(0)
[   54.827155][  T397] usb 6-1: config 0 descriptor??
[   54.845707][ T1812] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[   54.856651][ T1812] F2FS-fs (loop1): invalid crc value
[   54.860699][  T994] usb 1-1: Using ep0 maxpacket: 8
[   54.868420][  T994] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[   54.877523][  T994] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   54.878878][ T1812] F2FS-fs (loop1): Found nat_bits in checkpoint
[   54.898957][  T994] usb 1-1: config 0 descriptor??
[   54.961162][ T1812] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[   54.968298][ T1812] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[   54.998532][ T1812] syz.1.582: attempt to access beyond end of device
[   54.998532][ T1812] loop1: rw=2051, sector=36912, nr_sectors = 8152 limit=40427
[   55.022864][ T1812] syz.1.582: attempt to access beyond end of device
[   55.022864][ T1812] loop1: rw=2051, sector=45096, nr_sectors = 85976 limit=40427
[   55.045013][ T1812] F2FS-fs (loop1): Issue discard(4614, 4614, 1019) failed, ret: -5
[   55.045055][ T1812] F2FS-fs (loop1): Issue discard(5637, 5637, 10747) failed, ret: -5
[   55.190671][   T19] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[   55.317025][  T994] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[   55.327786][  T994] asix 1-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffe0
[   55.338867][  T994] asix: probe of 1-1:0.0 failed with error -32
[   55.347524][  T994] usb 1-1: USB disconnect, device number 5
[   55.401659][   T19] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   55.418181][   T19] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   55.428219][   T19] usb 5-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[   55.440149][   T19] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   55.457459][   T19] usb 5-1: config 0 descriptor??
[   55.586435][   T28] audit: type=1326 audit(1741960461.830:335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1859 comm="syz.1.599" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7fd8f8d169 code=0x0
[   55.867511][   T19] cp2112 0003:10C4:EA90.000C: item fetching failed at offset 3/7
[   55.880879][   T19] cp2112 0003:10C4:EA90.000C: parse failed
[   55.891663][   T19] cp2112: probe of 0003:10C4:EA90.000C failed with error -22
[   55.897375][ T1866] netlink: 'syz.0.601': attribute type 4 has an invalid length.
[   55.943011][ T1868] loop0: detected capacity change from 0 to 16
[   55.965191][ T1868] erofs: (device loop0): mounted with root inode @ nid 36.
[   55.993549][ T1868] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop0 ino=46
[   56.021083][ T1868] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop0 ino=46
[   56.060481][  T397] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:256C:006D.000B/input/input7
[   56.084937][   T19] usb 5-1: USB disconnect, device number 7
[   56.099397][  T397] uclogic 0003:256C:006D.000B: input,hiddev96,hidraw0: USB HID v0.00 Device [HID 256c:006d] on usb-dummy_hcd.5-1/input0
[   56.173694][ T1874] netlink: 4 bytes leftover after parsing attributes in process `syz.0.605'.
[   56.184568][ T1874] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.195202][ T1874] device bridge_slave_1 left promiscuous mode
[   56.201715][ T1874] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.277141][  T397] usb 6-1: USB disconnect, device number 4
[   56.496269][   T28] audit: type=1400 audit(1741960462.740:336): avc:  denied  { getopt } for  pid=1894 comm="syz.6.615" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   56.523336][ T1893] input: syz1 as /devices/virtual/input/input8
[   56.529820][   T28] audit: type=1400 audit(1741960462.770:337): avc:  denied  { write } for  pid=1892 comm="syz.1.614" name="uinput" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[   56.784181][ T1923] netlink: 12 bytes leftover after parsing attributes in process `syz.4.626'.
[   56.838839][ T1925] loop5: detected capacity change from 0 to 512
[   56.887967][ T1925] EXT4-fs error (device loop5): ext4_do_update_inode:5226: inode #16: comm syz.5.627: corrupted inode contents
[   56.901001][ T1925] EXT4-fs (loop5): Remounting filesystem read-only
[   56.908118][ T1925] EXT4-fs error (device loop5): ext4_dirty_inode:6091: inode #16: comm syz.5.627: mark_inode_dirty error
[   56.922076][ T1925] EXT4-fs (loop5): Remounting filesystem read-only
[   56.929097][ T1925] EXT4-fs error (device loop5): ext4_do_update_inode:5226: inode #16: comm syz.5.627: corrupted inode contents
[   56.944362][ T1925] EXT4-fs (loop5): Remounting filesystem read-only
[   56.951798][ T1925] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #16: comm syz.5.627: mark_inode_dirty error
[   56.968871][ T1925] EXT4-fs (loop5): Remounting filesystem read-only
[   56.978417][ T1925] EXT4-fs error (device loop5): ext4_do_update_inode:5226: inode #16: comm syz.5.627: corrupted inode contents
[   56.992278][ T1925] EXT4-fs (loop5): Remounting filesystem read-only
[   56.999624][ T1925] EXT4-fs error (device loop5) in ext4_orphan_del:305: Corrupt filesystem
[   57.010387][ T1925] EXT4-fs (loop5): Remounting filesystem read-only
[   57.041762][ T1925] EXT4-fs error (device loop5): ext4_do_update_inode:5226: inode #16: comm syz.5.627: corrupted inode contents
[   57.065693][ T1932] loop4: detected capacity change from 0 to 512
[   57.072382][ T1925] EXT4-fs (loop5): Remounting filesystem read-only
[   57.078981][ T1925] EXT4-fs error (device loop5): ext4_truncate:4313: inode #16: comm syz.5.627: mark_inode_dirty error
[   57.091891][ T1925] EXT4-fs (loop5): Remounting filesystem read-only
[   57.096512][ T1932] EXT4-fs (loop4): #blocks per group too big: 65535
[   57.099082][ T1925] EXT4-fs error (device loop5) in ext4_process_orphan:347: Corrupt filesystem
[   57.117513][ T1925] EXT4-fs (loop5): Remounting filesystem read-only
[   57.124780][ T1925] EXT4-fs (loop5): 1 truncate cleaned up
[   57.131399][ T1925] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[   57.141825][  T959] Quota error (device loop5): do_check_range: Getting dqdh_entries 15 out of range 0-14
[   57.142169][ T1925] ext4 filesystem being mounted at /35/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   57.151666][  T959] EXT4-fs error (device loop5): ext4_release_dquot:6805: comm kworker/u4:6: Failed to release dquot type 1
[   57.176636][  T959] EXT4-fs (loop5): Remounting filesystem read-only
[   57.205875][   T28] audit: type=1400 audit(1741960463.450:338): avc:  denied  { map } for  pid=1924 comm="syz.5.627" path="/35/bus/bus" dev="devtmpfs" ino=119 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   57.264451][ T1936] loop0: detected capacity change from 0 to 512
[   57.269151][ T1190] EXT4-fs error (device loop5): ext4_readdir:260: inode #2: block 3: comm syz-executor: path /35/bus: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=4096 fake=0
[   57.271619][ T1936] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   57.303853][ T1190] EXT4-fs (loop5): Remounting filesystem read-only
[   57.310997][ T1936] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #16: comm syz.0.630: invalid indirect mapped block 83886080 (level 1)
[   57.326157][ T1936] EXT4-fs (loop0): Remounting filesystem read-only
[   57.328134][ T1190] EXT4-fs (loop5): unmounting filesystem.
[   57.333299][ T1936] EXT4-fs (loop0): 1 orphan inode deleted
[   57.345178][ T1936] EXT4-fs (loop0): 1 truncate cleaned up
[   57.350766][ T1936] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[   57.401091][  T384] EXT4-fs (loop0): unmounting filesystem.
[   57.801890][ T1956] netlink: 'syz.1.640': attribute type 4 has an invalid length.
[   57.804113][ T1950] loop6: detected capacity change from 0 to 8192
[   57.830626][  T397] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[   57.973540][ T1961] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.980990][ T1961] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.988430][ T1961] device bridge_slave_0 entered promiscuous mode
[   57.995603][ T1961] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.003019][ T1961] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.010632][ T1961] device bridge_slave_1 entered promiscuous mode
[   58.022231][  T397] usb 1-1: Using ep0 maxpacket: 32
[   58.029882][   T28] kauditd_printk_skb: 3 callbacks suppressed
[   58.029901][   T28] audit: type=1400 audit(1741960464.270:342): avc:  denied  { mounton } for  pid=1974 comm="syz.4.647" path="/proc/290/task" dev="proc" ino=25741 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[   58.036251][  T397] usb 1-1: config 0 has an invalid interface number: 184 but max is 0
[   58.121881][  T397] usb 1-1: config 0 has no interface number 0
[   58.138310][  T397] usb 1-1: config 0 interface 184 has no altsetting 0
[   58.156710][  T397] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[   58.183075][  T397] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   58.191621][ T1984] loop6: detected capacity change from 0 to 512
[   58.200300][  T397] usb 1-1: Product: syz
[   58.204379][  T397] usb 1-1: Manufacturer: syz
[   58.223448][  T397] usb 1-1: SerialNumber: syz
[   58.240721][  T397] usb 1-1: config 0 descriptor??
[   58.248520][ T1984] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[   58.248599][  T397] smsc75xx v1.0.0
[   58.261715][ T1984] ext4 filesystem being mounted at /77/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   58.296764][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   58.304823][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   58.321662][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   58.332669][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   58.343749][  T365] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.351089][  T365] bridge0: port 1(bridge_slave_0) entered forwarding state
[   58.360067][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   58.368875][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   58.377507][  T365] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.384412][  T365] bridge0: port 2(bridge_slave_1) entered forwarding state
[   58.403867][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   58.411919][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   58.419928][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   58.436593][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   58.446244][   T43] device bridge_slave_1 left promiscuous mode
[   58.453785][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.462488][   T43] device bridge_slave_0 left promiscuous mode
[   58.468624][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.477476][   T43] device veth0_vlan left promiscuous mode
[   58.550678][  T994] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[   58.577232][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   58.585650][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   58.593294][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   58.607100][ T1961] device veth0_vlan entered promiscuous mode
[   58.615935][ T1990] loop4: detected capacity change from 0 to 2048
[   58.621084][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   58.638763][ T1961] device veth1_macvtap entered promiscuous mode
[   58.649769][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   58.661087][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   58.671570][ T1990] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[   58.680100][ T1990] ext4 filesystem being mounted at /135/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   58.730708][  T994] usb 7-1: Using ep0 maxpacket: 16
[   58.737150][  T994] usb 7-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 110, changing to 10
[   58.767062][  T994] usb 7-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid maxpacket 24941, setting to 1024
[   58.797522][  T994] usb 7-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[   58.828451][  T994] usb 7-1: config 0 interface 0 has no altsetting 0
[   58.837144][  T994] usb 7-1: New USB device found, idVendor=045e, idProduct=05da, bcdDevice= 0.00
[   58.846341][  T994] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   58.859170][  T397] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[   58.866844][  T994] usb 7-1: config 0 descriptor??
[   58.880619][  T397] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[   58.908194][ T2001] loop7: detected capacity change from 0 to 128
[   59.013539][ T1990] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.651: bg 0: block 345: padding at end of block bitmap is not set
[   59.029418][ T1990] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 2048 with error 117
[   59.042623][ T1990] EXT4-fs (loop4): This should not happen!! Data will be lost
[   59.042623][ T1990] 
[   59.056518][ T2007] loop1: detected capacity change from 0 to 512
[   59.097366][ T2007] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c01c, mo2=0002]
[   59.105671][ T2007] System zones: 0-2, 18-18, 34-34
[   59.146420][  T365] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 2065 with max blocks 2040 with error 28
[   59.168080][ T2007] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.657: bg 0: block 248: padding at end of block bitmap is not set
[   59.183825][  T365] EXT4-fs (loop4): This should not happen!! Data will be lost
[   59.183825][  T365] 
[   59.193793][  T365] EXT4-fs (loop4): Total free blocks count 0
[   59.199866][  T365] EXT4-fs (loop4): Free/Dirty block details
[   59.206536][  T365] EXT4-fs (loop4): free_blocks=0
[   59.212023][ T2007] Quota error (device loop1): write_blk: dquota write failed
[   59.219508][  T365] EXT4-fs (loop4): dirty_blocks=2048
[   59.224674][  T365] EXT4-fs (loop4): Block reservation details
[   59.231100][ T2007] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[   59.249643][ T2007] EXT4-fs error (device loop1): ext4_acquire_dquot:6782: comm syz.1.657: Failed to acquire dquot type 1
[   59.262930][ T2007] EXT4-fs (loop1): 1 truncate cleaned up
[   59.268580][ T2007] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   59.277815][ T2007] ext4 filesystem being mounted at /149/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   59.297720][  T994] hid (null): invalid report_count 13149
[   59.315811][  T994] hid-generic 0003:045E:05DA.000D: invalid report_count 13149
[   59.331903][   T28] audit: type=1400 audit(1741960465.580:343): avc:  denied  { remount } for  pid=2006 comm="syz.1.657" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   59.352430][  T994] hid-generic 0003:045E:05DA.000D: item 0 2 1 9 parsing failed
[   59.359895][ T2007] EXT4-fs (loop1): re-mounted. Quota mode: writeback.
[   59.366871][  T994] hid-generic: probe of 0003:045E:05DA.000D failed with error -22
[   59.388886][  T294] EXT4-fs (loop1): unmounting filesystem.
[   59.394819][ T2007] syz.1.657 (2007) used greatest stack depth: 20104 bytes left
[   59.440182][ T2021] devpts: called with bogus options
[   59.473871][ T2023] loop1: detected capacity change from 0 to 256
[   59.504304][ T2015] loop7: detected capacity change from 0 to 40427
[   59.513892][  T994] usb 7-1: USB disconnect, device number 3
[   59.519985][ T2015] F2FS-fs (loop7): Invalid log_blocksize (268), supports only 12
[   59.530301][ T2015] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[   59.556200][ T2015] F2FS-fs (loop7): invalid crc value
[   59.590040][ T2015] F2FS-fs (loop7): Found nat_bits in checkpoint
[   59.598689][ T2027] bridge: RTM_NEWNEIGH with invalid ether address
[   59.646902][   T28] audit: type=1400 audit(1741960465.890:344): avc:  denied  { mount } for  pid=2033 comm="syz.1.667" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[   59.677629][ T2015] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0
[   59.684723][ T2015] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[   59.689735][   T28] audit: type=1400 audit(1741960465.890:345): avc:  denied  { bind } for  pid=2035 comm="syz.4.668" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[   59.712740][  T397] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -71
[   59.731130][ T2041] loop1: detected capacity change from 0 to 256
[   59.739694][  T397] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -71
[   59.750419][   T28] audit: type=1400 audit(1741960465.890:346): avc:  denied  { name_bind } for  pid=2035 comm="syz.4.668" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[   59.761078][ T2041] exfat: Deprecated parameter 'utf8'
[   59.777855][  T397] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[   59.788477][ T2041] exfat: Deprecated parameter 'utf8'
[   59.794635][  T397] smsc75xx: probe of 1-1:0.184 failed with error -71
[   59.803210][ T2015] syz.7.661: attempt to access beyond end of device
[   59.803210][ T2015] loop7: rw=2049, sector=77824, nr_sectors = 952 limit=40427
[   59.807674][  T397] usb 1-1: USB disconnect, device number 6
[   59.830519][ T2041] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x3ca7b50d, utbl_chksum : 0xe619d30d)
[   59.856357][   T28] audit: type=1400 audit(1741960466.100:347): avc:  denied  { write } for  pid=2040 comm="syz.1.670" name="/" dev="loop1" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   59.878505][   T28] audit: type=1400 audit(1741960466.100:348): avc:  denied  { add_name } for  pid=2040 comm="syz.1.670" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   59.899488][   T28] audit: type=1400 audit(1741960466.100:349): avc:  denied  { associate } for  pid=2040 comm="syz.1.670" name="bus" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[   59.936925][ T1961] syz-executor: attempt to access beyond end of device
[   59.936925][ T1961] loop7: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[   59.952448][  T959] F2FS-fs (loop7): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[   59.962527][  T959] F2FS-fs (loop7): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[   60.032154][ T1259] EXT4-fs (loop6): unmounting filesystem.
[   60.115694][ T2047] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[   60.298452][ T2063] syz.6.679[2063] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   60.298530][ T2063] syz.6.679[2063] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   60.850612][   T19] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[   61.070763][   T19] usb 8-1: Using ep0 maxpacket: 32
[   61.089780][   T19] usb 8-1: config 0 has an invalid interface number: 184 but max is 0
[   61.107688][   T19] usb 8-1: config 0 has no interface number 0
[   61.121853][   T19] usb 8-1: config 0 interface 184 has no altsetting 0
[   61.142982][   T19] usb 8-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[   61.153228][   T19] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   61.161474][   T19] usb 8-1: Product: syz
[   61.165666][   T19] usb 8-1: Manufacturer: syz
[   61.170258][   T19] usb 8-1: SerialNumber: syz
[   61.189402][   T19] usb 8-1: config 0 descriptor??
[   61.197722][   T19] smsc75xx v1.0.0
[   61.550621][ T1212] usb 7-1: new full-speed USB device number 4 using dummy_hcd
[   61.728368][ T2148] netlink: 24 bytes leftover after parsing attributes in process `syz.1.720'.
[   61.747377][ T2148] sch_tbf: burst 88 is lower than device veth3 mtu (1514) !
[   61.756867][ T1212] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   61.767316][ T1212] usb 7-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[   61.791833][ T1212] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[   61.801593][   T19] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[   61.813188][ T1212] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   61.821606][   T19] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[   61.831224][ T1212] usb 7-1: Product: syz
[   61.835676][ T1212] usb 7-1: Manufacturer: syz
[   61.840329][ T1212] usb 7-1: SerialNumber: syz
[   62.062723][ T1212] usb 7-1: USB disconnect, device number 4
[   62.647910][   T19] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -71
[   62.665193][   T19] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -71
[   62.685510][   T19] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[   62.706906][   T19] smsc75xx: probe of 8-1:0.184 failed with error -71
[   62.710285][ T2171] netlink: 32 bytes leftover after parsing attributes in process `syz.0.715'.
[   62.723572][   T19] usb 8-1: USB disconnect, device number 2
[   62.822092][ T2183] input: syz0 as /devices/virtual/input/input9
[   62.946134][ T2190] loop0: detected capacity change from 0 to 512
[   62.957720][ T2190] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   62.983967][ T2190] EXT4-fs error (device loop0): ext4_orphan_get:1426: comm syz.0.725: bad orphan inode 131083
[   63.001549][ T2190] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   63.045395][  T384] EXT4-fs (loop0): unmounting filesystem.
[   63.097147][ T2200] syz.0.729[2200] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   63.097238][ T2200] syz.0.729[2200] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   63.152220][ T2204] loop4: detected capacity change from 0 to 1024
[   63.171034][ T2204] EXT4-fs: Ignoring removed orlov option
[   63.176670][ T2204] EXT4-fs: Ignoring removed nomblk_io_submit option
[   63.228665][ T2204] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[   63.280651][   T28] kauditd_printk_skb: 3 callbacks suppressed
[   63.280671][   T28] audit: type=1400 audit(1741960469.520:353): avc:  denied  { execute } for  pid=2203 comm="syz.4.731" path="/148/file1/bus" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   63.378172][  T291] EXT4-fs (loop4): unmounting filesystem.
[   63.762961][   T28] audit: type=1400 audit(1741960470.010:354): avc:  denied  { read } for  pid=2236 comm="syz.6.743" name="binder0" dev="binder" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[   63.830675][   T28] audit: type=1400 audit(1741960470.010:355): avc:  denied  { open } for  pid=2236 comm="syz.6.743" path="/dev/binderfs/binder0" dev="binder" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[   63.864965][ T2243] netlink: 24 bytes leftover after parsing attributes in process `syz.1.746'.
[   63.870612][   T28] audit: type=1400 audit(1741960470.030:356): avc:  denied  { mount } for  pid=2236 comm="syz.6.743" name="/" dev="bdev" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bdev_t tclass=filesystem permissive=1
[   63.920685][   T28] audit: type=1400 audit(1741960470.030:357): avc:  denied  { ioctl } for  pid=2236 comm="syz.6.743" path="/dev/binderfs/binder0" dev="binder" ino=16 ioctlcmd=0x6201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[   64.168644][ T2258] loop1: detected capacity change from 0 to 2048
[   64.189301][ T2235] loop4: detected capacity change from 0 to 40427
[   64.240095][ T2235] F2FS-fs (loop4): fault_injection options not supported
[   64.250881][ T2258] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[   64.293195][ T2261] loop6: detected capacity change from 0 to 8192
[   64.310048][ T2235] F2FS-fs (loop4): invalid crc value
[   64.310466][ T2261] FAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   64.326466][ T2268] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[   64.328242][ T2258] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   64.334727][   T28] audit: type=1400 audit(1741960470.570:358): avc:  denied  { append } for  pid=2257 comm="syz.1.753" name="file1" dev="loop1" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   64.353423][ T2258] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 5 with error 28
[   64.384894][ T2258] EXT4-fs (loop1): This should not happen!! Data will be lost
[   64.384894][ T2258] 
[   64.401353][ T2235] F2FS-fs (loop4): Found nat_bits in checkpoint
[   64.415620][   T28] audit: type=1400 audit(1741960470.660:359): avc:  denied  { mounton } for  pid=2260 comm="syz.6.754" path="/100/file1/file1" dev="loop6" ino=1048623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=file permissive=1
[   64.439415][ T2258] EXT4-fs (loop1): Total free blocks count 0
[   64.459915][ T2258] EXT4-fs (loop1): Free/Dirty block details
[   64.490859][ T2258] EXT4-fs (loop1): free_blocks=2415919104
[   64.523753][ T2258] EXT4-fs (loop1): dirty_blocks=16
[   64.534495][ T2258] EXT4-fs (loop1): Block reservation details
[   64.540330][ T2258] EXT4-fs (loop1): i_reserved_data_blocks=1
[   64.556963][   T28] audit: type=1400 audit(1741960470.800:360): avc:  denied  { bind } for  pid=2282 comm="syz.0.763" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   64.560306][ T2283] tipc: Failed to remove unknown binding: 66,1,1/0:595413697/595413698
[   64.593784][ T2283] tipc: Failed to remove unknown binding: 66,1,1/0:595413697/595413698
[   64.610772][ T2235] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   64.639460][ T2290] xt_hashlimit: max too large, truncated to 1048576
[   64.679965][   T43] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[   64.707213][ T2235] syz.4.742: attempt to access beyond end of device
[   64.707213][ T2235] loop4: rw=2049, sector=77856, nr_sectors = 136 limit=40427
[   64.733796][ T2235] syz.4.742: attempt to access beyond end of device
[   64.733796][ T2235] loop4: rw=2049, sector=45096, nr_sectors = 80 limit=40427
[   64.756159][ T2235] syz.4.742: attempt to access beyond end of device
[   64.756159][ T2235] loop4: rw=2049, sector=77856, nr_sectors = 16 limit=40427
[   64.789819][  T291] syz-executor: attempt to access beyond end of device
[   64.789819][  T291] loop4: rw=2049, sector=45176, nr_sectors = 8 limit=40427
[   64.935305][ T2309] loop4: detected capacity change from 0 to 128
[   64.947686][ T2309] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[   64.956823][ T2309] ext4 filesystem being mounted at /156/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   64.972460][ T2309] syz.4.771 (pid 2309) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[   64.989848][  T291] EXT4-fs (loop4): unmounting filesystem.
[   65.037864][ T2317] netlink: 20 bytes leftover after parsing attributes in process `syz.0.775'.
[   65.051169][  T397] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[   65.067365][ T2319] loop0: detected capacity change from 0 to 128
[   65.098988][   T28] audit: type=1400 audit(1741960471.340:361): avc:  denied  { create } for  pid=2320 comm="syz.4.778" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[   65.152002][ T2323] netlink: 96 bytes leftover after parsing attributes in process `syz.4.780'.
[   65.153162][ T2325] loop0: detected capacity change from 0 to 256
[   65.184636][ T2327] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[   65.196985][ T2325] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[   65.251924][  T397] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   65.270597][  T397] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   65.280413][  T397] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[   65.300606][  T397] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   65.320842][  T397] usb 2-1: config 0 descriptor??
[   65.442530][ T2329] loop4: detected capacity change from 0 to 40427
[   65.449746][ T2329] F2FS-fs (loop4): fault_injection options not supported
[   65.457132][ T2329] F2FS-fs (loop4): Image doesn't support compression
[   65.464116][ T2329] F2FS-fs (loop4): Image doesn't support compression
[   65.471714][ T2329] F2FS-fs (loop4): invalid crc value
[   65.478117][ T2329] F2FS-fs (loop4): Found nat_bits in checkpoint
[   65.517521][ T2329] F2FS-fs (loop4): Start checkpoint disabled!
[   65.524406][ T2329] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[   65.554450][ T2338] netlink: 24 bytes leftover after parsing attributes in process `syz.6.785'.
[   65.573175][ T2328] syz.4.782: attempt to access beyond end of device
[   65.573175][ T2328] loop4: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[   65.623281][   T43] kworker/u4:2: attempt to access beyond end of device
[   65.623281][   T43] loop4: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[   65.652299][ T2344] device pim6reg1 entered promiscuous mode
[   65.690648][  T994] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[   65.735432][  T397] cp2112 0003:10C4:EA90.000E: unknown global tag 0xc
[   65.750825][  T397] cp2112 0003:10C4:EA90.000E: item 0 1 1 12 parsing failed
[   65.760208][  T397] cp2112 0003:10C4:EA90.000E: parse failed
[   65.770425][  T397] cp2112: probe of 0003:10C4:EA90.000E failed with error -22
[   65.781130][   T28] audit: type=1400 audit(1741960472.030:362): avc:  denied  { map } for  pid=2347 comm="syz.4.788" path="socket:[25561]" dev="sockfs" ino=25561 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   65.871725][  T994] usb 1-1: config index 0 descriptor too short (expected 45, got 36)
[   65.879667][  T994] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[   65.909896][  T994] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[   65.935672][ T2356] Zero length message leads to an empty skb
[   65.939294][   T19] usb 2-1: USB disconnect, device number 6
[   65.941884][  T994] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   65.984149][  T994] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   65.993609][  T994] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   66.006592][  T994] usb 1-1: config 0 descriptor??
[   66.013979][ T2334] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[   66.055159][ T2350] loop7: detected capacity change from 0 to 40427
[   66.067952][ T2350] F2FS-fs (loop7): fault_injection options not supported
[   66.090490][ T2350] F2FS-fs (loop7): invalid crc value
[   66.123172][ T2350] F2FS-fs (loop7): Found nat_bits in checkpoint
[   66.193466][ T2367] netlink: 152 bytes leftover after parsing attributes in process `syz.6.798'.
[   66.223962][ T2350] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[   66.278762][ T2350] overlayfs: failed to resolve './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa': -2
[   66.325624][ T1961] syz-executor: attempt to access beyond end of device
[   66.325624][ T1961] loop7: rw=2049, sector=45096, nr_sectors = 24 limit=40427
[   66.431638][  T994] plantronics 0003:047F:FFFF.000F: unknown main item tag 0xd
[   66.451158][  T994] plantronics 0003:047F:FFFF.000F: No inputs registered, leaving
[   66.471487][  T994] plantronics 0003:047F:FFFF.000F: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[   66.722067][ T2348] loop4: detected capacity change from 0 to 131072
[   66.731613][  T994] usb 1-1: USB disconnect, device number 7
[   66.761251][ T2348] F2FS-fs (loop4): Zoned block device path is missing
[   66.767895][ T2348] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[   66.800812][ T2348] F2FS-fs (loop4): Test dummy encryption mode enabled
[   66.989239][ T2378] loop7: detected capacity change from 0 to 40427
[   67.011140][ T2378] F2FS-fs (loop7): Invalid log_blocksize (268), supports only 12
[   67.029270][ T2378] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[   67.085529][ T2378] F2FS-fs (loop7): Found nat_bits in checkpoint
[   67.171012][ T2378] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0
[   67.177899][ T2378] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[   67.388571][ T2378] syz.7.801: attempt to access beyond end of device
[   67.388571][ T2378] loop7: rw=0, sector=50168, nr_sectors = 8 limit=40427
[   67.499196][ T1961] syz-executor: attempt to access beyond end of device
[   67.499196][ T1961] loop7: rw=2051, sector=57344, nr_sectors = 16384 limit=40427
[   67.518622][ T1961] syz-executor: attempt to access beyond end of device
[   67.518622][ T1961] loop7: rw=2051, sector=50176, nr_sectors = 3072 limit=40427
[   67.533615][ T1961] F2FS-fs (loop7): Issue discard(7168, 7168, 2048) failed, ret: -5
[   67.533650][ T1961] F2FS-fs (loop7): Issue discard(6272, 6272, 384) failed, ret: -5
[   67.548142][ T2413] netlink: 8 bytes leftover after parsing attributes in process `syz.0.817'.
[   67.601808][ T2418] loop0: detected capacity change from 0 to 512
[   67.619984][ T2418] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[   67.659380][ T2418] EXT4-fs error (device loop0): ext4_orphan_get:1400: inode #17: comm syz.0.817: iget: bad i_size value: -6917529027641081756
[   67.678712][ T2418] EXT4-fs error (device loop0): ext4_orphan_get:1405: comm syz.0.817: couldn't read orphan inode 17 (err -117)
[   67.698584][ T2418] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[   67.751393][  T384] EXT4-fs (loop0): unmounting filesystem.
[   68.061098][ T2464] device veth0_to_bond entered promiscuous mode
[   68.089792][ T2463] syz.7.837 (2463) used greatest stack depth: 19432 bytes left
[   68.097596][ T2464] netlink: 4 bytes leftover after parsing attributes in process `syz.6.830'.
[   68.124333][ T2464] device veth0_to_bond left promiscuous mode
[   68.180306][ T2475] loop4: detected capacity change from 0 to 128
[   68.219916][ T2475] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[   68.248669][ T2475] ext4 filesystem being mounted at /165/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   68.317130][  T291] EXT4-fs (loop4): unmounting filesystem.
[   68.368781][   T28] kauditd_printk_skb: 8 callbacks suppressed
[   68.368798][   T28] audit: type=1400 audit(1741960474.610:371): avc:  denied  { create } for  pid=2493 comm="syz.4.848" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[   68.410820][ T2494] device batadv_slave_1 entered promiscuous mode
[   68.421844][ T2494] device batadv_slave_0 entered promiscuous mode
[   68.438074][   T28] audit: type=1400 audit(1741960474.650:372): avc:  denied  { ioctl } for  pid=2493 comm="syz.4.848" path="socket:[27835]" dev="sockfs" ino=27835 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[   68.461462][ T2493] device batadv_slave_0 left promiscuous mode
[   68.473987][ T2493] device batadv_slave_1 left promiscuous mode
[   68.626675][ T2508] futex_wake_op: syz.0.855 tries to shift op by -1; fix this program
[   68.736850][   T28] audit: type=1400 audit(1741960474.980:373): avc:  denied  { setattr } for  pid=2512 comm="syz.0.858" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   68.798953][ T2517] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12 sclass=netlink_route_socket pid=2517 comm=syz.1.860
[   69.400212][ T2554] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only
[   69.432618][ T2554] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[   69.650229][ T2549] loop1: detected capacity change from 0 to 40427
[   69.684065][ T2549] F2FS-fs (loop1): fault_injection options not supported
[   69.708218][ T2549] F2FS-fs (loop1): invalid crc value
[   69.739695][ T2549] F2FS-fs (loop1): Found nat_bits in checkpoint
[   69.774354][ T2562] loop6: detected capacity change from 0 to 40427
[   69.801477][ T2562] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12
[   69.815158][ T2562] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[   69.834197][ T2562] F2FS-fs (loop6): invalid crc value
[   69.870214][ T2549] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   69.878201][ T2562] F2FS-fs (loop6): Found nat_bits in checkpoint
[   69.951402][ T2562] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[   69.958566][ T2562] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[   70.012281][ T2549] overlayfs: failed to resolve './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa': -2
[   70.085618][  T294] syz-executor: attempt to access beyond end of device
[   70.085618][  T294] loop1: rw=2049, sector=45096, nr_sectors = 24 limit=40427
[   70.113186][ T2586] netlink: 24 bytes leftover after parsing attributes in process `syz.7.886'.
[   70.143056][ T2562] syz.6.877: attempt to access beyond end of device
[   70.143056][ T2562] loop6: rw=2049, sector=77824, nr_sectors = 952 limit=40427
[   70.204028][ T2589] cgroup: fork rejected by pids controller in /syz4
[   70.273548][ T1259] syz-executor: attempt to access beyond end of device
[   70.273548][ T1259] loop6: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[   70.291252][   T10] F2FS-fs (loop6): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[   70.304328][   T10] F2FS-fs (loop6): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[   70.600684][ T2618] xt_hashlimit: size too large, truncated to 1048576
[   70.653568][ T2624] xt_hashlimit: size too large, truncated to 1048576
[   70.656511][   T28] audit: type=1400 audit(1741960476.900:374): avc:  denied  { mounton } for  pid=2622 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[   70.821261][ T2622] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.829259][ T2622] bridge0: port 1(bridge_slave_0) entered disabled state
[   70.837200][ T2622] device bridge_slave_0 entered promiscuous mode
[   70.851736][ T2622] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.865095][ T2622] bridge0: port 2(bridge_slave_1) entered disabled state
[   70.878215][ T2622] device bridge_slave_1 entered promiscuous mode
[   71.009878][ T2622] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.016821][ T2622] bridge0: port 2(bridge_slave_1) entered forwarding state
[   71.024087][ T2622] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.030981][ T2622] bridge0: port 1(bridge_slave_0) entered forwarding state
[   71.062219][  T959] device bridge_slave_1 left promiscuous mode
[   71.068843][  T959] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.077952][  T959] device bridge_slave_0 left promiscuous mode
[   71.085605][  T959] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.102296][  T959] device veth1_macvtap left promiscuous mode
[   71.108268][  T959] device veth0_vlan left promiscuous mode
[   71.151157][   T28] audit: type=1400 audit(1741960477.400:375): avc:  denied  { wake_alarm } for  pid=2633 comm="syz.0.903" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   71.180598][   T28] audit: type=1400 audit(1741960477.400:376): avc:  denied  { create } for  pid=2632 comm="syz.7.905" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[   71.311052][  T365] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.318582][  T365] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.336124][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   71.352043][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   71.359853][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   71.368563][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   71.376967][  T365] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.383861][  T365] bridge0: port 1(bridge_slave_0) entered forwarding state
[   71.393175][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   71.410942][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   71.421279][  T365] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.428481][  T365] bridge0: port 2(bridge_slave_1) entered forwarding state
[   71.444576][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   71.452821][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   71.479033][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   71.495073][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   71.510259][ T2622] device veth0_vlan entered promiscuous mode
[   71.517950][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   71.526587][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   71.539813][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   71.547294][ T2629] loop1: detected capacity change from 0 to 131072
[   71.560265][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   71.581449][ T2629] F2FS-fs (loop1): Zoned block device path is missing
[   71.590245][ T2629] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[   71.592010][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   71.610919][ T2629] F2FS-fs (loop1): Test dummy encryption mode enabled
[   71.627897][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   71.636479][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   71.659639][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   71.674978][ T2622] device veth1_macvtap entered promiscuous mode
[   71.705586][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   71.715747][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   71.738237][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   71.740472][   T28] audit: type=1400 audit(1741960477.980:377): avc:  denied  { read write } for  pid=2651 comm="syz.6.912" name="uhid" dev="devtmpfs" ino=263 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[   71.772129][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   71.775249][   T19] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0
[   71.784095][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   71.798792][   T19] hid-generic 0000:0000:0000.0010: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[   71.850165][   T28] audit: type=1400 audit(1741960478.020:378): avc:  denied  { open } for  pid=2651 comm="syz.6.912" path="/dev/uhid" dev="devtmpfs" ino=263 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[   72.098418][ T2676] netlink: 96 bytes leftover after parsing attributes in process `syz.7.922'.
[   72.221769][ T2687] loop1: detected capacity change from 0 to 512
[   72.252955][ T2687] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   72.282576][ T2687] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #16: comm syz.1.925: invalid indirect mapped block 83886080 (level 1)
[   72.285865][ T2660] loop4: detected capacity change from 0 to 40427
[   72.298195][ T2687] EXT4-fs (loop1): Remounting filesystem read-only
[   72.310323][ T2687] EXT4-fs (loop1): 1 orphan inode deleted
[   72.319954][ T2660] F2FS-fs (loop4): fault_injection options not supported
[   72.336776][ T2687] EXT4-fs (loop1): 1 truncate cleaned up
[   72.343704][ T2660] F2FS-fs (loop4): invalid crc value
[   72.348931][ T2687] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   72.376080][ T2660] F2FS-fs (loop4): Found nat_bits in checkpoint
[   72.421637][ T2686] loop7: detected capacity change from 0 to 40427
[   72.430880][ T2686] F2FS-fs (loop7): Invalid Fs Meta Ino: node(0) meta(2) root(0)
[   72.445563][ T2686] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[   72.452132][  T294] EXT4-fs (loop1): unmounting filesystem.
[   72.457693][ T2686] F2FS-fs (loop7): invalid crc value
[   72.471829][ T2660] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   72.479494][ T2686] F2FS-fs (loop7): Found nat_bits in checkpoint
[   72.511487][ T2660] overlayfs: failed to resolve './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa': -2
[   72.548464][ T2686] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0
[   72.556013][ T2686] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e4
[   72.556132][ T2622] syz-executor: attempt to access beyond end of device
[   72.556132][ T2622] loop4: rw=2049, sector=45096, nr_sectors = 24 limit=40427
[   72.609471][ T2686] syz.7.926: attempt to access beyond end of device
[   72.609471][ T2686] loop7: rw=2051, sector=36912, nr_sectors = 8152 limit=40427
[   72.623509][ T2686] syz.7.926: attempt to access beyond end of device
[   72.623509][ T2686] loop7: rw=2051, sector=45096, nr_sectors = 85976 limit=40427
[   72.637967][ T2686] F2FS-fs (loop7): Issue discard(4614, 4614, 1019) failed, ret: -5
[   72.638003][ T2686] F2FS-fs (loop7): Issue discard(5637, 5637, 10747) failed, ret: -5
[   72.741480][  T994] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[   72.938158][  T994] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   72.949035][  T994] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   72.959510][  T994] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[   72.968442][  T994] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   72.981013][  T994] usb 2-1: config 0 descriptor??
[   73.016778][   T28] audit: type=1400 audit(1741960479.260:379): avc:  denied  { mounton } for  pid=2726 comm="syz.6.937" path="/146/file0" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[   73.184813][ T2732] netem: incorrect gi model size
[   73.192082][ T2732] netem: change failed
[   73.303415][ T2735] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.311036][ T2735] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.318749][ T2735] device bridge_slave_0 entered promiscuous mode
[   73.326130][ T2735] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.333094][ T2735] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.340518][ T2735] device bridge_slave_1 entered promiscuous mode
[   73.408553][ T2735] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.415437][ T2735] bridge0: port 2(bridge_slave_1) entered forwarding state
[   73.422639][ T2735] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.429512][ T2735] bridge0: port 1(bridge_slave_0) entered forwarding state
[   73.456507][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   73.464431][   T10] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.472697][   T10] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.492762][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   73.501083][   T10] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.508025][   T10] bridge0: port 1(bridge_slave_0) entered forwarding state
[   73.516527][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   73.524864][   T10] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.531753][   T10] bridge0: port 2(bridge_slave_1) entered forwarding state
[   73.540416][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   73.559390][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   73.598103][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   73.616453][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   73.624753][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   73.632651][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   73.640945][ T2735] device veth0_vlan entered promiscuous mode
[   73.659270][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   73.669475][  T959] device bridge_slave_1 left promiscuous mode
[   73.682334][  T959] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.699421][  T959] device bridge_slave_0 left promiscuous mode
[   73.705773][  T959] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.747289][  T959] device veth1_macvtap left promiscuous mode
[   73.754154][  T959] device veth0_vlan left promiscuous mode
[   73.888617][ T2755] loop7: detected capacity change from 0 to 8192
[   73.974112][ T2735] device veth1_macvtap entered promiscuous mode
[   74.004634][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   74.018350][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   74.202319][  T994] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0011/input/input11
[   74.225336][  T994] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0011/input/input12
[   74.241967][  T994] uclogic 0003:256C:006D.0011: input,hiddev96,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.1-1/input0
[   74.384214][ T2783] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[   74.407937][   T19] usb 2-1: USB disconnect, device number 7
[   74.430649][  T994] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[   74.612023][  T994] usb 8-1: Using ep0 maxpacket: 32
[   74.620301][  T994] usb 8-1: config index 0 descriptor too short (expected 29220, got 36)
[   74.637001][  T994] usb 8-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[   74.650739][  T994] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 81
[   74.662654][  T994] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[   74.690597][  T994] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[   74.706506][  T994] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[   74.720702][  T994] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[   74.730457][  T994] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[   74.743553][  T994] usb 8-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[   74.752844][  T994] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   74.777536][  T994] usb 8-1: config 0 descriptor??
[   74.990381][  T994] usblp 8-1:0.0: usblp0: USB Bidirectional printer dev 3 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[   75.011970][  T994] usb 8-1: USB disconnect, device number 3
[   75.020348][  T994] usblp0: removed
[   75.329736][ T2809] xt_hashlimit: size too large, truncated to 1048576
[   75.382323][ T2812] xt_hashlimit: size too large, truncated to 1048576
[   75.644010][ T2825] loop0: detected capacity change from 0 to 128
[   75.719816][ T2828] loop7: detected capacity change from 0 to 2048
[   75.823478][ T2828] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none.
[   75.870692][ T2828] ext4 filesystem being mounted at /59/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   75.978185][ T2838] cgroup: fork rejected by pids controller in /syz1
[   76.347853][ T2807] loop8: detected capacity change from 0 to 131072
[   76.370923][ T2807] F2FS-fs (loop8): Zoned block device path is missing
[   76.389355][ T2807] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock
[   76.416057][ T2807] F2FS-fs (loop8): Test dummy encryption mode enabled
[   76.481200][ T2828] EXT4-fs error (device loop7): ext4_validate_block_bitmap:438: comm syz.7.979: bg 0: block 345: padding at end of block bitmap is not set
[   76.516074][ T2828] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 2048 with error 117
[   76.558885][ T2856] loop4: detected capacity change from 0 to 512
[   76.597416][ T2828] EXT4-fs (loop7): This should not happen!! Data will be lost
[   76.597416][ T2828] 
[   76.620882][ T2856] EXT4-fs: Ignoring removed mblk_io_submit option
[   76.642881][ T2856] EXT4-fs: Ignoring removed bh option
[   76.665450][ T2856] EXT4-fs (loop4): Test dummy encryption mode enabled
[   76.690291][ T2853] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.702075][ T2856] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   76.729985][ T2853] bridge0: port 1(bridge_slave_0) entered disabled state
[   76.755967][ T2856] EXT4-fs (loop4): 1 truncate cleaned up
[   76.757820][ T2853] device bridge_slave_0 entered promiscuous mode
[   76.768901][ T2856] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[   76.786901][ T2853] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.789337][   T43] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 2065 with max blocks 2040 with error 28
[   76.802745][ T2853] bridge0: port 2(bridge_slave_1) entered disabled state
[   76.834052][ T2853] device bridge_slave_1 entered promiscuous mode
[   76.839862][   T43] EXT4-fs (loop7): This should not happen!! Data will be lost
[   76.839862][   T43] 
[   76.864037][   T43] EXT4-fs (loop7): Total free blocks count 0
[   76.887062][   T43] EXT4-fs (loop7): Free/Dirty block details
[   76.908469][   T43] EXT4-fs (loop7): free_blocks=0
[   76.940929][   T43] EXT4-fs (loop7): dirty_blocks=2048
[   76.956422][   T43] EXT4-fs (loop7): Block reservation details
[   76.984599][ T2622] EXT4-fs (loop4): unmounting filesystem.
[   77.020475][ T2872] syz.4.992[2872] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   77.020605][ T2872] syz.4.992[2872] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   77.031367][ T2853] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.049704][ T2853] bridge0: port 2(bridge_slave_1) entered forwarding state
[   77.056983][ T2853] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.063875][ T2853] bridge0: port 1(bridge_slave_0) entered forwarding state
[   77.126420][  T959] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   77.143771][ T2877] serio: Serial port ptm0
[   77.148127][  T959] bridge0: port 1(bridge_slave_0) entered disabled state
[   77.174541][  T959] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.201930][  T959] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   77.217156][   T28] audit: type=1400 audit(1741960483.460:380): avc:  denied  { write } for  pid=2882 comm="syz.0.998" path="socket:[29390]" dev="sockfs" ino=29390 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   77.231116][  T959] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   77.260883][  T959] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.267883][  T959] bridge0: port 1(bridge_slave_0) entered forwarding state
[   77.288917][   T28] audit: type=1400 audit(1741960483.520:381): avc:  denied  { write } for  pid=2884 comm="syz.8.999" path="socket:[29892]" dev="sockfs" ino=29892 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   77.311650][  T959] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   77.320369][  T959] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   77.336837][  T959] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.343960][  T959] bridge0: port 2(bridge_slave_1) entered forwarding state
[   77.370719][  T959] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   77.396814][  T959] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   77.414488][  T959] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   77.440012][  T959] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   77.487064][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   77.503275][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   77.524712][ T2853] device veth0_vlan entered promiscuous mode
[   77.549976][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   77.563622][ T2904] loop8: detected capacity change from 0 to 2048
[   77.567706][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   77.615685][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   77.624353][ T2904] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none.
[   77.631003][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   77.635306][ T2904] ext4 filesystem being mounted at /11/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   77.649962][   T28] audit: type=1326 audit(1741960483.880:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2913 comm="syz.7.1011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f97c238d169 code=0x7ffc0000
[   77.665662][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   77.684116][   T28] audit: type=1326 audit(1741960483.880:383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2913 comm="syz.7.1011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f97c238d169 code=0x7ffc0000
[   77.730568][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   77.739741][ T2853] device veth1_macvtap entered promiscuous mode
[   77.773989][  T959] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   77.783301][  T959] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   77.795564][   T28] audit: type=1326 audit(1741960483.880:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2913 comm="syz.7.1011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f97c238d169 code=0x7ffc0000
[   77.829290][  T959] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   77.836740][ T2917] loop4: detected capacity change from 0 to 512
[   77.845573][  T959] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   77.853567][   T28] audit: type=1326 audit(1741960483.880:385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2913 comm="syz.7.1011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f97c238d169 code=0x7ffc0000
[   77.861096][  T959] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   77.913724][ T2904] EXT4-fs error (device loop8): ext4_validate_block_bitmap:438: comm syz.8.1006: bg 0: block 345: padding at end of block bitmap is not set
[   77.928636][ T2904] EXT4-fs (loop8): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 2048 with error 117
[   77.937723][   T28] audit: type=1326 audit(1741960483.950:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2913 comm="syz.7.1011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f97c238d169 code=0x7ffc0000
[   77.945660][ T2904] EXT4-fs (loop8): This should not happen!! Data will be lost
[   77.945660][ T2904] 
[   77.968107][ T2917] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   78.011424][   T28] audit: type=1326 audit(1741960483.950:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2913 comm="syz.7.1011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f97c238d169 code=0x7ffc0000
[   78.035332][   T28] audit: type=1326 audit(1741960483.950:388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2913 comm="syz.7.1011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f97c238d169 code=0x7ffc0000
[   78.061275][ T2917] EXT4-fs (loop4): 1 orphan inode deleted
[   78.066932][ T2917] EXT4-fs (loop4): 1 truncate cleaned up
[   78.072659][ T2917] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[   78.081391][   T28] audit: type=1326 audit(1741960483.950:389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2913 comm="syz.7.1011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f97c238d169 code=0x7ffc0000
[   78.116189][ T2917] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1012'.
[   78.128976][ T2917] netlink: 43 bytes leftover after parsing attributes in process `syz.4.1012'.
[   78.138940][ T2917] netlink: 'syz.4.1012': attribute type 5 has an invalid length.
[   78.146837][ T2917] netlink: 43 bytes leftover after parsing attributes in process `syz.4.1012'.
[   78.175719][  T365] EXT4-fs (loop8): Delayed block allocation failed for inode 15 at logical offset 2065 with max blocks 2040 with error 28
[   78.191681][ T2622] EXT4-fs (loop4): unmounting filesystem.
[   78.197557][  T365] EXT4-fs (loop8): This should not happen!! Data will be lost
[   78.197557][  T365] 
[   78.207717][  T365] EXT4-fs (loop8): Total free blocks count 0
[   78.214463][  T365] EXT4-fs (loop8): Free/Dirty block details
[   78.220628][  T365] EXT4-fs (loop8): free_blocks=0
[   78.225464][  T365] EXT4-fs (loop8): dirty_blocks=2048
[   78.232985][  T365] EXT4-fs (loop8): Block reservation details
[   78.270625][   T19] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[   78.408879][ T2956] loop0: detected capacity change from 0 to 512
[   78.416050][ T2956] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[   78.426114][ T2956] EXT4-fs (loop0): warning: checktime reached, running e2fsck is recommended
[   78.435564][ T2956] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a84ec01c, mo2=0002]
[   78.470587][   T19] usb 2-1: Using ep0 maxpacket: 32
[   78.478605][   T19] usb 2-1: config 0 has an invalid interface number: 184 but max is 0
[   78.490854][ T2956] System zones: 0-2, 18-18, 34-34
[   78.496657][   T19] usb 2-1: config 0 has no interface number 0
[   78.511913][   T19] usb 2-1: config 0 interface 184 has no altsetting 0
[   78.519525][ T2956] EXT4-fs warning (device loop0): ext4_update_dynamic_rev:1087: updating to rev 1 because of new feature flag, running e2fsck is recommended
[   78.535920][ T2956] EXT4-fs (loop0): 1 truncate cleaned up
[   78.541644][ T2956] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[   78.560607][   T19] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[   78.569522][   T19] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   78.583683][   T19] usb 2-1: Product: syz
[   78.598296][   T19] usb 2-1: Manufacturer: syz
[   78.612285][   T19] usb 2-1: SerialNumber: syz
[   78.619425][ T2970] xt_hashlimit: size too large, truncated to 1048576
[   78.622254][   T19] usb 2-1: config 0 descriptor??
[   78.654849][   T19] smsc75xx v1.0.0
[   78.661467][ T2972] xt_hashlimit: size too large, truncated to 1048576
[   78.779979][  T384] EXT4-fs (loop0): unmounting filesystem.
[   78.865859][ T2977] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[   78.945442][ T2983] xt_hashlimit: max too large, truncated to 1048576
[   79.254238][   T19] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[   79.290359][   T19] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[   79.523000][ T2993] loop7: detected capacity change from 0 to 40427
[   79.545831][ T2993] F2FS-fs (loop7): fault_injection options not supported
[   79.570358][ T2993] F2FS-fs (loop7): invalid crc value
[   79.601585][ T2993] F2FS-fs (loop7): Found nat_bits in checkpoint
[   79.610840][ T3013] loop8: detected capacity change from 0 to 1024
[   79.657372][ T3013] EXT4-fs: Ignoring removed orlov option
[   79.680871][ T3013] EXT4-fs: Ignoring removed nomblk_io_submit option
[   79.719827][ T2993] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[   79.730201][ T3013] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none.
[   79.900333][ T2993] syz.7.1036: attempt to access beyond end of device
[   79.900333][ T2993] loop7: rw=2049, sector=77856, nr_sectors = 136 limit=40427
[   79.959780][ T2735] EXT4-fs (loop8): unmounting filesystem.
[   79.967282][ T2993] syz.7.1036: attempt to access beyond end of device
[   79.967282][ T2993] loop7: rw=2049, sector=45096, nr_sectors = 80 limit=40427
[   80.010714][ T2993] syz.7.1036: attempt to access beyond end of device
[   80.010714][ T2993] loop7: rw=2049, sector=77856, nr_sectors = 16 limit=40427
[   80.087997][ T1961] syz-executor: attempt to access beyond end of device
[   80.087997][ T1961] loop7: rw=2049, sector=45176, nr_sectors = 8 limit=40427
[   80.128403][   T19] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -71
[   80.148208][   T19] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -71
[   80.170596][   T19] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[   80.188730][   T19] smsc75xx: probe of 2-1:0.184 failed with error -71
[   80.210093][   T19] usb 2-1: USB disconnect, device number 8
[   80.307392][ T3033] loop8: detected capacity change from 0 to 512
[   80.340274][ T3033] EXT4-fs: Ignoring removed mblk_io_submit option
[   80.356242][ T3033] EXT4-fs: Ignoring removed bh option
[   80.371816][ T3033] EXT4-fs (loop8): Test dummy encryption mode enabled
[   80.378462][ T3033] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[   80.423175][ T3033] EXT4-fs (loop8): 1 truncate cleaned up
[   80.428662][ T3033] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[   80.513906][ T2735] EXT4-fs (loop8): unmounting filesystem.
[   80.732029][ T3064] bridge0: port 3(syz_tun) entered blocking state
[   80.752351][ T3064] bridge0: port 3(syz_tun) entered disabled state
[   80.761236][ T3064] device syz_tun entered promiscuous mode
[   80.767084][ T3064] bridge0: port 3(syz_tun) entered blocking state
[   80.773397][ T3064] bridge0: port 3(syz_tun) entered forwarding state
[   80.912865][ T3080] loop0: detected capacity change from 0 to 8192
[   81.203833][ T3104] netlink: 152 bytes leftover after parsing attributes in process `syz.8.1080'.
[   81.345244][ T3110] bridge0: port 2(syz_tun) entered blocking state
[   81.358327][ T3110] bridge0: port 2(syz_tun) entered disabled state
[   81.378900][ T3110] device syz_tun entered promiscuous mode
[   81.397593][ T3110] bridge0: port 2(syz_tun) entered blocking state
[   81.403956][ T3110] bridge0: port 2(syz_tun) entered forwarding state
[   81.592124][ T3121] loop0: detected capacity change from 0 to 2048
[   81.645017][ T3121] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   81.662647][ T3121] ext4 filesystem being mounted at /183/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   81.813225][ T3135] loop1: detected capacity change from 0 to 256
[   81.936119][ T3140] serio: Serial port ptm0
[   82.094719][ T3121] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.1088: bg 0: block 345: padding at end of block bitmap is not set
[   82.121701][ T3121] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 2048 with error 117
[   82.148746][ T3121] EXT4-fs (loop0): This should not happen!! Data will be lost
[   82.148746][ T3121] 
[   82.276611][ T3137] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 2065 with max blocks 2040 with error 28
[   82.303352][ T3137] EXT4-fs (loop0): This should not happen!! Data will be lost
[   82.303352][ T3137] 
[   82.323664][ T3137] EXT4-fs (loop0): Total free blocks count 0
[   82.355448][ T3137] EXT4-fs (loop0): Free/Dirty block details
[   82.356982][ T3159] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   82.378840][ T3137] EXT4-fs (loop0): free_blocks=0
[   82.379548][ T3159] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   82.402844][ T3137] EXT4-fs (loop0): dirty_blocks=2048
[   82.428121][ T3137] EXT4-fs (loop0): Block reservation details
[   82.441758][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[   82.455930][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   82.485590][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[   82.511617][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   82.537997][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   82.564677][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   82.583006][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   82.600109][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   82.719199][ T3169] netlink: 152 bytes leftover after parsing attributes in process `syz.4.1102'.
[   82.774347][ T3172] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1104'.
[   82.889249][   T28] kauditd_printk_skb: 2326 callbacks suppressed
[   82.889266][   T28] audit: type=1400 audit(1741960489.130:2716): avc:  denied  { relabelfrom } for  pid=3183 comm="syz.8.1109" name="NETLINK" dev="sockfs" ino=31250 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   82.922214][   T28] audit: type=1400 audit(1741960489.130:2717): avc:  denied  { relabelto } for  pid=3183 comm="syz.8.1109" name="NETLINK" dev="sockfs" ino=31250 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=netlink_netfilter_socket permissive=1
[   83.165250][ T3203] device macsec0 entered promiscuous mode
[   83.210921][ T3211] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3211 comm=syz.0.1122
[   83.305303][ T3218] netlink: 'syz.4.1125': attribute type 10 has an invalid length.
[   83.313197][ T3218] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1125'.
[   83.370169][ T3214] fuse: root generation should be zero
[   83.485711][ T3236] device pim6reg1 entered promiscuous mode
[   83.517573][ T3238] netlink: 152 bytes leftover after parsing attributes in process `syz.7.1131'.
[   83.621485][ T3245] overlayfs: missing 'lowerdir'
[   83.683941][ T3249] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1136'.
[   83.786052][ T3256] syz.7.1139[3256] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   83.786135][ T3256] syz.7.1139[3256] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   83.805242][ T3258] loop0: detected capacity change from 0 to 512
[   83.838993][ T3258] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   83.872562][ T3258] EXT4-fs (loop0): 1 truncate cleaned up
[   83.878149][ T3258] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[   83.914427][  T384] EXT4-fs (loop0): unmounting filesystem.
[   83.931186][ T3265] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3265 comm=syz.4.1142
[   83.957089][ T3269] loop7: detected capacity change from 0 to 512
[   83.969491][ T3272] loop1: detected capacity change from 0 to 128
[   83.976037][ T3269] EXT4-fs: Ignoring removed mblk_io_submit option
[   83.986607][ T3269] EXT4-fs: Ignoring removed bh option
[   84.005306][ T3269] EXT4-fs (loop7): Test dummy encryption mode enabled
[   84.017444][ T3269] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[   84.029882][ T3272] syz.1.1144: attempt to access beyond end of device
[   84.029882][ T3272] loop1: rw=2049, sector=145, nr_sectors = 896 limit=128
[   84.052426][ T3269] EXT4-fs (loop7): 1 truncate cleaned up
[   84.057916][ T3269] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback.
[   84.060686][ T3272] syz.1.1144: attempt to access beyond end of device
[   84.060686][ T3272] loop1: rw=524288, sector=145, nr_sectors = 896 limit=128
[   84.154543][ T3286] loop1: detected capacity change from 0 to 2048
[   84.155855][ T1961] EXT4-fs (loop7): unmounting filesystem.
[   84.181463][ T3286] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[   84.201702][ T3286] ext4 filesystem being mounted at /8/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   84.273122][ T3295] 9pnet: p9_errstr2errno: server reported unknown error 
[   84.403653][ T3286] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.1152: bg 0: block 345: padding at end of block bitmap is not set
[   84.423277][ T3286] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 2048 with error 117
[   84.436323][ T3286] EXT4-fs (loop1): This should not happen!! Data will be lost
[   84.436323][ T3286] 
[   84.484676][ T3318] overlayfs: missing 'lowerdir'
[   84.520060][ T3323] loop0: detected capacity change from 0 to 128
[   84.553493][ T3323] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   84.569156][ T3323] ext4 filesystem being mounted at /202/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   84.593501][  T365] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 2065 with max blocks 2040 with error 28
[   84.606586][  T365] EXT4-fs (loop1): This should not happen!! Data will be lost
[   84.606586][  T365] 
[   84.616699][  T365] EXT4-fs (loop1): Total free blocks count 0
[   84.624364][  T365] EXT4-fs (loop1): Free/Dirty block details
[   84.630182][  T365] EXT4-fs (loop1): free_blocks=0
[   84.635556][  T365] EXT4-fs (loop1): dirty_blocks=2048
[   84.640961][  T365] EXT4-fs (loop1): Block reservation details
[   84.697810][  T384] EXT4-fs (loop0): unmounting filesystem.
[   84.851345][   T28] audit: type=1400 audit(1741960491.100:2718): avc:  denied  { map } for  pid=3350 comm="syz.1.1178" path="/dev/binderfs/binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[   84.876989][ T3351] binder_alloc: 3350: binder_alloc_buf size 4096 failed, no address space
[   84.885659][ T3351] binder_alloc: allocated: 8 (num: 1 largest: 8), free: 4088 (num: 1 largest: 4088)
[   84.886250][ T3353] device pim6reg1 entered promiscuous mode
[   84.906363][ T3355] loop0: detected capacity change from 0 to 2048
[   84.914175][   T28] audit: type=1400 audit(1741960491.120:2719): avc:  denied  { call } for  pid=3350 comm="syz.1.1178" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[   84.935784][ T3325] loop7: detected capacity change from 0 to 40427
[   84.947979][ T3325] F2FS-fs (loop7): fault_injection options not supported
[   84.957490][ T3355] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   84.968431][ T3325] F2FS-fs (loop7): Image doesn't support compression
[   84.975536][ T3355] ext4 filesystem being mounted at /207/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   84.981033][ T3325] F2FS-fs (loop7): Image doesn't support compression
[   84.993243][ T3325] F2FS-fs (loop7): invalid crc value
[   85.000195][ T3325] F2FS-fs (loop7): Found nat_bits in checkpoint
[   85.053513][ T3325] F2FS-fs (loop7): Start checkpoint disabled!
[   85.060281][ T3325] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e6
[   85.110674][ T3365] loop1: detected capacity change from 0 to 512
[   85.117109][ T3365] EXT4-fs: Ignoring removed mblk_io_submit option
[   85.140582][ T3365] EXT4-fs: Ignoring removed bh option
[   85.143199][ T3324] syz.7.1166: attempt to access beyond end of device
[   85.143199][ T3324] loop7: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[   85.159357][ T3365] EXT4-fs (loop1): Test dummy encryption mode enabled
[   85.180636][ T3365] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   85.203843][  T365] kworker/u4:5: attempt to access beyond end of device
[   85.203843][  T365] loop7: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[   85.223556][ T3365] EXT4-fs (loop1): 1 truncate cleaned up
[   85.237497][ T3365] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   85.271746][ T3373] binder: BINDER_SET_CONTEXT_MGR already set
[   85.280639][ T3373] binder: 3372:3373 ioctl 4018620d 4000000001c0 returned -16
[   85.356168][ T2853] EXT4-fs (loop1): unmounting filesystem.
[   85.435731][   T28] audit: type=1400 audit(1741960491.680:2720): avc:  denied  { append } for  pid=3379 comm="syz.1.1190" name="001" dev="devtmpfs" ino=178 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[   85.530013][ T3355] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.1180: bg 0: block 345: padding at end of block bitmap is not set
[   85.546196][ T3355] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 2048 with error 117
[   85.564292][ T3355] EXT4-fs (loop0): This should not happen!! Data will be lost
[   85.564292][ T3355] 
[   85.602813][ T3394] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=782551099 (25041635168 ns) > initial count (15596343840 ns). Using initial count to start timer.
[   85.654772][ T3366] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 2065 with max blocks 2040 with error 28
[   85.691644][ T3366] EXT4-fs (loop0): This should not happen!! Data will be lost
[   85.691644][ T3366] 
[   85.712188][ T3366] EXT4-fs (loop0): Total free blocks count 0
[   85.719725][ T3366] EXT4-fs (loop0): Free/Dirty block details
[   85.724578][ T3406] loop8: detected capacity change from 0 to 1024
[   85.731348][ T3366] EXT4-fs (loop0): free_blocks=0
[   85.776592][ T3366] EXT4-fs (loop0): dirty_blocks=2048
[   85.789475][ T3366] EXT4-fs (loop0): Block reservation details
[   85.814005][ T3406] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[   85.879448][ T3396] loop1: detected capacity change from 0 to 40427
[   85.889851][ T3396] F2FS-fs (loop1): fault_injection options not supported
[   85.897279][ T3396] F2FS-fs (loop1): Image doesn't support compression
[   85.904107][ T3396] F2FS-fs (loop1): Image doesn't support compression
[   85.916348][ T3396] F2FS-fs (loop1): invalid crc value
[   85.922730][ T3396] F2FS-fs (loop1): Found nat_bits in checkpoint
[   85.970433][ T3396] F2FS-fs (loop1): Start checkpoint disabled!
[   85.977265][ T3396] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[   86.027429][ T3395] syz.1.1196: attempt to access beyond end of device
[   86.027429][ T3395] loop1: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[   86.029795][ T2735] EXT4-fs (loop8): unmounting filesystem.
[   86.101860][  T959] kworker/u4:6: attempt to access beyond end of device
[   86.101860][  T959] loop1: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[   86.116292][    T6] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[   86.124628][ T3420] loop0: detected capacity change from 0 to 512
[   86.139543][ T3420] EXT4-fs: Ignoring removed mblk_io_submit option
[   86.145971][ T3420] EXT4-fs: Ignoring removed bh option
[   86.170707][ T3420] EXT4-fs (loop0): Test dummy encryption mode enabled
[   86.177323][ T3420] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   86.244309][ T3420] EXT4-fs (loop0): 1 truncate cleaned up
[   86.260414][ T3420] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[   86.310586][    T6] usb 8-1: Using ep0 maxpacket: 16
[   86.325318][    T6] usb 8-1: config 0 has no interfaces?
[   86.340574][    T6] usb 8-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[   86.349620][    T6] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   86.387128][  T384] EXT4-fs (loop0): unmounting filesystem.
[   86.397166][    T6] usb 8-1: config 0 descriptor??
[   86.550113][ T3445] loop8: detected capacity change from 0 to 2048
[   86.570273][ T3447] loop1: detected capacity change from 0 to 128
[   86.598355][ T3447] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[   86.606786][   T28] audit: type=1326 audit(1741960492.840:2721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3449 comm="syz.0.1215" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f12ac78d169 code=0x0
[   86.619463][   T39] usb 8-1: USB disconnect, device number 4
[   86.638130][ T3445] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none.
[   86.647080][ T3447] ext4 filesystem being mounted at /22/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   86.662967][ T3445] ext4 filesystem being mounted at /68/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   86.692242][ T2853] EXT4-fs (loop1): unmounting filesystem.
[   86.761483][ T3459] loop4: detected capacity change from 0 to 128
[   86.808030][ T3459] syz.4.1217: attempt to access beyond end of device
[   86.808030][ T3459] loop4: rw=2049, sector=145, nr_sectors = 896 limit=128
[   86.843516][ T3459] syz.4.1217: attempt to access beyond end of device
[   86.843516][ T3459] loop4: rw=524288, sector=145, nr_sectors = 896 limit=128
[   86.897314][ T3445] EXT4-fs error (device loop8): ext4_validate_block_bitmap:438: comm syz.8.1213: bg 0: block 345: padding at end of block bitmap is not set
[   86.917207][ T3445] EXT4-fs (loop8): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 2048 with error 117
[   86.935491][ T3445] EXT4-fs (loop8): This should not happen!! Data will be lost
[   86.935491][ T3445] 
[   86.965657][ T3466] loop4: detected capacity change from 0 to 512
[   86.987693][ T3466] EXT4-fs: Ignoring removed mblk_io_submit option
[   86.988490][ T3460] EXT4-fs (loop8): Delayed block allocation failed for inode 15 at logical offset 2065 with max blocks 2040 with error 28
[   86.994502][ T3466] EXT4-fs: Ignoring removed bh option
[   87.007151][ T3460] EXT4-fs (loop8): This should not happen!! Data will be lost
[   87.007151][ T3460] 
[   87.012932][ T3466] EXT4-fs (loop4): Test dummy encryption mode enabled
[   87.028643][ T3466] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   87.037848][ T3460] EXT4-fs (loop8): Total free blocks count 0
[   87.044486][ T3460] EXT4-fs (loop8): Free/Dirty block details
[   87.050190][ T3466] EXT4-fs (loop4): 1 truncate cleaned up
[   87.050219][ T3466] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[   87.068650][ T3460] EXT4-fs (loop8): free_blocks=0
[   87.073826][ T3460] EXT4-fs (loop8): dirty_blocks=2048
[   87.079182][ T3460] EXT4-fs (loop8): Block reservation details
[   87.128262][ T2622] EXT4-fs (loop4): unmounting filesystem.
[   87.247462][ T3473] loop7: detected capacity change from 0 to 8192
[   87.266783][ T3479] loop8: detected capacity change from 0 to 512
[   87.275388][ T3479] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[   87.295464][ T3479] EXT4-fs (loop8): 1 truncate cleaned up
[   87.310744][ T3479] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[   87.346249][ T2735] EXT4-fs (loop8): unmounting filesystem.
[   87.413864][ T3488] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   87.421340][ T3488] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   87.449150][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[   87.473629][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   87.485548][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[   87.498616][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   87.517894][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   87.528379][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   87.539270][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   87.543883][ T3501] loop4: detected capacity change from 0 to 2048
[   87.548748][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   87.564303][ T3497] bridge: RTM_NEWNEIGH with invalid ether address
[   87.612092][ T3501] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[   87.630822][ T3501] ext4 filesystem being mounted at /74/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   87.705067][ T3515] loop7: detected capacity change from 0 to 512
[   87.727933][ T3518] loop0: detected capacity change from 0 to 512
[   87.760147][ T3515] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[   87.791063][ T3518] EXT4-fs: Ignoring removed bh option
[   87.796661][ T3520] loop8: detected capacity change from 0 to 512
[   87.819317][ T3515] EXT4-fs (loop7): 1 truncate cleaned up
[   87.823933][ T3520] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[   87.825002][ T3515] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback.
[   87.836545][ T3518] EXT4-fs error (device loop0): __ext4_iget:5057: inode #15: block 1803188595: comm syz.0.1241: invalid block
[   87.844495][ T3501] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.1235: bg 0: block 345: padding at end of block bitmap is not set
[   87.856691][ T3518] EXT4-fs error (device loop0): ext4_orphan_get:1405: comm syz.0.1241: couldn't read orphan inode 15 (err -117)
[   87.882578][ T3518] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   87.892303][ T3501] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 2048 with error 117
[   87.909236][ T3520] EXT4-fs (loop8): 1 truncate cleaned up
[   87.920816][ T3501] EXT4-fs (loop4): This should not happen!! Data will be lost
[   87.920816][ T3501] 
[   87.922531][ T3520] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[   87.942155][   T28] audit: type=1400 audit(1741960494.190:2722): avc:  denied  { setattr } for  pid=3517 comm="syz.0.1241" path="/213/file0/cgroup.controllers" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   87.969838][ T1961] EXT4-fs (loop7): unmounting filesystem.
[   87.989770][   T28] audit: type=1400 audit(1741960494.190:2723): avc:  denied  { append } for  pid=3517 comm="syz.0.1241" name="loop0" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   87.990336][ T3520] raw_sendmsg: syz.8.1249 forgot to set AF_INET. Fix it!
[   88.030789][ T3518] loop0: detected capacity change from 512 to 0
[   88.041638][ T3526] EXT4-fs error (device loop0): ext4_xattr_ibody_get:603: inode #18: comm syz.0.1241: corrupted in-inode xattr
[   88.054174][   T28] audit: type=1400 audit(1741960494.300:2724): avc:  denied  { setattr } for  pid=3519 comm="syz.8.1249" name="file1" dev="loop8" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   88.090976][  T321] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 2065 with max blocks 2040 with error 28
[   88.093728][ T2735] EXT4-fs (loop8): unmounting filesystem.
[   88.103772][  T321] EXT4-fs (loop4): This should not happen!! Data will be lost
[   88.103772][  T321] 
[   88.103794][  T321] EXT4-fs (loop4): Total free blocks count 0
[   88.103810][  T321] EXT4-fs (loop4): Free/Dirty block details
[   88.103821][  T321] EXT4-fs (loop4): free_blocks=0
[   88.103832][  T321] EXT4-fs (loop4): dirty_blocks=2048
[   88.103844][  T321] EXT4-fs (loop4): Block reservation details
[   88.167632][  T384] EXT4-fs (loop0): unmounting filesystem.
[   88.288617][ T3534] syz.0.1245[3534] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   88.288679][ T3534] syz.0.1245[3534] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   88.385070][ T3541] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[   88.405984][ T3541] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[   88.421904][ T3541] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   88.429175][ T3541] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   88.449698][ T3541] device macsec0 left promiscuous mode
[   88.474923][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[   88.484021][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   88.497768][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[   88.509182][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   88.521144][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   88.530248][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   88.543092][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   88.555399][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   88.568533][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth3: link becomes ready
[   88.579038][  T365] IPv6: ADDRCONF(NETDEV_CHANGE): veth2: link becomes ready
[   88.644014][ T3562] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1258'.
[   88.680678][ T1278] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[   88.770654][   T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   88.802886][ T3571] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1262'.
[   88.860657][ T1278] usb 9-1: Using ep0 maxpacket: 32
[   88.872524][ T1278] usb 9-1: config 0 has an invalid interface number: 2 but max is 0
[   88.886038][ T3577] loop1: detected capacity change from 0 to 512
[   88.893003][ T3577] EXT4-fs: Ignoring removed bh option
[   88.904506][ T3579] loop7: detected capacity change from 0 to 512
[   88.911044][ T1278] usb 9-1: config 0 has no interface number 0
[   88.920403][ T3579] EXT4-fs: Ignoring removed mblk_io_submit option
[   88.927186][ T3579] EXT4-fs: Ignoring removed bh option
[   88.933024][ T1278] usb 9-1: config 0 interface 2 has no altsetting 0
[   88.934826][ T3579] EXT4-fs (loop7): Test dummy encryption mode enabled
[   88.950348][ T1278] usb 9-1: New USB device found, idVendor=086a, idProduct=0003, bcdDevice=f0.3f
[   88.952856][ T3577] EXT4-fs error (device loop1): __ext4_iget:5057: inode #15: block 1803188595: comm syz.1.1264: invalid block
[   88.962160][ T1278] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   88.972752][   T28] audit: type=1400 audit(1741960495.220:2725): avc:  denied  { unlink } for  pid=84 comm="syslogd" name="messages.0" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   88.979013][ T1278] usb 9-1: Product: syz
[   89.002624][ T3579] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[   89.006068][ T1278] usb 9-1: Manufacturer: syz
[   89.017199][ T3577] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.1264: couldn't read orphan inode 15 (err -117)
[   89.020927][ T1278] usb 9-1: SerialNumber: syz
[   89.034808][ T3577] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[   89.038152][ T1278] usb 9-1: config 0 descriptor??
[   89.052181][ T3579] EXT4-fs (loop7): 1 truncate cleaned up
[   89.057884][ T3579] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback.
[   89.105808][ T2853] EXT4-fs (loop1): unmounting filesystem.
[   89.141021][ T3589] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   89.148779][ T3589] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   89.173232][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[   89.182963][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   89.201239][ T1961] EXT4-fs (loop7): unmounting filesystem.
[   89.220173][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[   89.242232][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   89.258991][ T1278] usb 9-1: invalid MIDI in EP 0
[   89.271302][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   89.283685][ T1278] snd-usb-audio: probe of 9-1:0.2 failed with error -22
[   89.293162][ T3597] loop4: detected capacity change from 0 to 256
[   89.308953][ T1278] usb 9-1: USB disconnect, device number 2
[   89.310146][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   89.324022][ T3597] exfat: Unknown parameter '/dev/bus/usb/00#/00#'
[   89.336833][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   89.346551][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   89.507873][ T3608] loop1: detected capacity change from 0 to 8192
[   89.541885][ T1380] udevd[1380]: error opening ATTR{/sys/devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.2/sound/card0/controlC0/../uevent} for writing: No such file or directory
[   89.541974][ T3608] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   89.578368][ T3601] loop7: detected capacity change from 0 to 40427
[   89.587542][ T3601] F2FS-fs (loop7): fault_injection options not supported
[   89.596052][ T3601] F2FS-fs (loop7): invalid crc value
[   89.612859][ T3601] F2FS-fs (loop7): Found nat_bits in checkpoint
[   89.702312][ T3624] device pim6reg1 entered promiscuous mode
[   89.718736][ T3601] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[   89.745130][ T3601] overlayfs: conflicting lowerdir path
[   89.752237][   T28] audit: type=1400 audit(1741960496.000:2726): avc:  denied  { rmdir } for  pid=3600 comm="syz.7.1269" name="work" dev="loop7" ino=25 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[   89.754401][ T3601] overlayfs: conflicting lowerdir path
[   89.801445][ T1961] syz-executor: attempt to access beyond end of device
[   89.801445][ T1961] loop7: rw=2049, sector=45096, nr_sectors = 24 limit=40427
[   89.968666][   T28] audit: type=1400 audit(1741960496.210:2727): avc:  denied  { mounton } for  pid=3633 comm="syz.7.1293" path="/105/file0" dev="tmpfs" ino=576 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1
[   90.166394][ T3643] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   90.212737][ T3643] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   90.294799][  T959] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[   90.321302][  T959] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   90.350027][  T959] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[   90.371305][  T959] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   90.390227][  T959] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   90.420830][  T959] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   90.445384][  T959] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   90.463891][  T959] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   90.481204][  T959] IPv6: ADDRCONF(NETDEV_CHANGE): veth3: link becomes ready
[   90.509247][  T959] IPv6: ADDRCONF(NETDEV_CHANGE): veth2: link becomes ready
[   90.749957][ T3659] loop7: detected capacity change from 0 to 128
[   90.836495][ T3663] loop4: detected capacity change from 0 to 512
[   90.868455][ T3663] EXT4-fs: Ignoring removed nobh option
[   90.882214][ T3663] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   90.947848][ T3663] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[   90.951960][ T3674] loop1: detected capacity change from 0 to 128
[   90.963561][ T3663] ext4 filesystem being mounted at /92/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   90.965250][ T3674] EXT4-fs (loop1): VFS: Found ext4 filesystem with invalid superblock checksum.  Run e2fsck?
[   90.984316][   T28] audit: type=1400 audit(1741960497.220:2728): avc:  denied  { setattr } for  pid=3662 comm="syz.4.1298" path="/92/file0" dev="loop4" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   91.009134][ T3663] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.1298: bg 0: block 224: padding at end of block bitmap is not set
[   91.031195][ T3663] EXT4-fs (loop4): Remounting filesystem read-only
[   91.049439][ T2622] EXT4-fs (loop4): unmounting filesystem.
[   91.310672][ T3550] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[   91.372870][   T28] audit: type=1400 audit(1741960497.620:2729): avc:  denied  { mounton } for  pid=3712 comm="syz.8.1317" path="/85/file0" dev="incremental-fs" ino=488 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   91.511747][ T3550] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   91.529271][ T3550] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   91.557822][ T3550] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   91.590273][ T3550] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   91.609451][ T3550] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   91.627232][ T3550] usb 1-1: config 0 descriptor??
[   91.690390][   T28] audit: type=1400 audit(1741960497.930:2730): avc:  denied  { create } for  pid=3737 comm="syz.8.1329" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1
[   91.728062][   T28] audit: type=1400 audit(1741960497.960:2731): avc:  denied  { sys_admin } for  pid=3737 comm="syz.8.1329" capability=21  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[   91.827027][ T3745] xt_hashlimit: max too large, truncated to 1048576
[   92.042595][ T3550] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x0
[   92.050195][ T3550] plantronics 0003:047F:FFFF.0012: No inputs registered, leaving
[   92.069675][ T3550] plantronics 0003:047F:FFFF.0012: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[   92.204664][ T3760] syz.7.1338[3760] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   92.204773][ T3760] syz.7.1338[3760] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   92.392184][ T3770] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   92.730657][ T3550] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[   92.751850][ T1278] usb 2-1: new full-speed USB device number 9 using dummy_hcd
[   92.862964][ T1212] usb 1-1: USB disconnect, device number 8
[   92.890622][   T24] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[   92.911846][ T3550] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   92.922802][ T3550] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   92.935487][ T3550] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[   92.942039][ T1278] usb 2-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[   92.944558][ T3550] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   92.955877][ T1278] usb 2-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[   92.965501][ T3550] usb 5-1: config 0 descriptor??
[   92.977819][ T1278] usb 2-1: config 0 interface 0 has no altsetting 0
[   92.984311][ T1278] usb 2-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[   92.993228][ T1278] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   93.002054][ T1278] usb 2-1: config 0 descriptor??
[   93.080594][   T24] usb 8-1: Using ep0 maxpacket: 16
[   93.085828][ T3800] loop8: detected capacity change from 0 to 128
[   93.086940][   T24] usb 8-1: config 0 has an invalid interface number: 41 but max is 0
[   93.099869][   T24] usb 8-1: config 0 has no interface number 0
[   93.105852][   T24] usb 8-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[   93.115550][   T24] usb 8-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[   93.116905][ T3800] EXT4-fs (loop8): mounting ext2 file system using the ext4 subsystem
[   93.125438][   T24] usb 8-1: config 0 interface 41 has no altsetting 0
[   93.128999][   T24] usb 8-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[   93.136718][ T3800] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none.
[   93.140001][   T24] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   93.149779][ T3800] ext2 filesystem being mounted at /96/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   93.157842][   T24] usb 8-1: Product: syz
[   93.202713][   T24] usb 8-1: Manufacturer: syz
[   93.207174][   T24] usb 8-1: SerialNumber: syz
[   93.214676][   T24] usb 8-1: config 0 descriptor??
[   93.219813][ T3788] raw-gadget.3 gadget.7: fail, usb_ep_enable returned -22
[   93.227798][ T3788] raw-gadget.3 gadget.7: fail, usb_ep_enable returned -22
[   93.230594][ T2735] EXT4-fs (loop8): unmounting filesystem.
[   93.423666][ T1278] hid-steam 0003:28DE:1102.0014: unknown main item tag 0x0
[   93.436722][ T1278] hid-steam 0003:28DE:1102.0014: unknown main item tag 0x0
[   93.444821][ T1278] hid-steam 0003:28DE:1102.0014: : USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.1-1/input0
[   93.445677][ T3788] raw-gadget.3 gadget.7: fail, usb_ep_enable returned -22
[   93.457562][ T1278] hid-steam 0003:28DE:1102.0015: unknown main item tag 0x0
[   93.469728][ T1278] hid-steam 0003:28DE:1102.0015: unknown main item tag 0x0
[   93.477405][ T3788] raw-gadget.3 gadget.7: fail, usb_ep_enable returned -22
[   93.486581][ T1278] hid-steam 0003:28DE:1102.0015: hidraw0: USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.1-1/input0
[   93.590630][ T1278] hid-steam 0003:28DE:1102.0014: Steam Controller 'XXXXXXXXXX' connected
[   93.607061][ T3550] usb 5-1: string descriptor 0 read error: -71
[   93.612760][ T1278] input: Steam Controller as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:28DE:1102.0014/input/input13
[   93.616070][ T3550] uclogic 0003:256C:006D.0013: failed retrieving string descriptor #200: -71
[   93.632574][ T3781] input: Steam Controller as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:28DE:1102.0014/input/input14
[   93.653761][ T3550] uclogic 0003:256C:006D.0013: failed retrieving pen parameters: -71
[   93.670854][ T1278] usb 2-1: USB disconnect, device number 9
[   93.674565][ T3550] uclogic 0003:256C:006D.0013: failed probing pen v2 parameters: -71
[   93.703721][ T3550] uclogic 0003:256C:006D.0013: failed probing parameters: -71
[   93.715904][ T3818] loop0: detected capacity change from 0 to 2048
[   93.719099][ T3550] uclogic: probe of 0003:256C:006D.0013 failed with error -71
[   93.733779][ T1278] hid-steam 0003:28DE:1102.0014: Steam Controller 'XXXXXXXXXX' disconnected
[   93.743480][ T3550] usb 5-1: USB disconnect, device number 8
[   93.770830][ T3818] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   93.799429][  T384] EXT4-fs (loop0): unmounting filesystem.
[   93.873302][   T28] kauditd_printk_skb: 5 callbacks suppressed
[   93.873324][   T28] audit: type=1400 audit(1741960500.120:2737): avc:  denied  { bind } for  pid=3825 comm="syz.0.1364" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[   93.927779][   T28] audit: type=1400 audit(1741960500.140:2738): avc:  denied  { write } for  pid=3825 comm="syz.0.1364" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[   94.012141][   T87] ==================================================================
[   94.020055][   T87] BUG: KASAN: use-after-free in mutex_lock+0xa4/0x1e0
[   94.026646][   T87] Write of size 8 at addr ffff88813131ac50 by task acpid/87
[   94.033855][   T87] 
[   94.036340][   T87] CPU: 0 PID: 87 Comm: acpid Tainted: G        W          6.1.128-syzkaller-00010-g27895588a299 #0
[   94.046956][   T87] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   94.057070][   T87] Call Trace:
[   94.060188][   T87]  <TASK>
[   94.062970][   T87]  dump_stack_lvl+0x151/0x1b7
[   94.067490][   T87]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   94.072773][   T87]  ? _printk+0xd1/0x111
[   94.076913][   T87]  ? __virt_addr_valid+0x242/0x2f0
[   94.081956][   T87]  print_report+0x158/0x4e0
[   94.086281][   T87]  ? do_syscall_64+0x3b/0xb0
[   94.090798][   T87]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   94.096701][   T87]  ? __virt_addr_valid+0x242/0x2f0
[   94.101649][   T87]  ? kasan_complete_mode_report_info+0x90/0x1b0
[   94.107725][   T87]  ? mutex_lock+0xa4/0x1e0
[   94.111978][   T87]  kasan_report+0x13c/0x170
[   94.116316][   T87]  ? mutex_lock+0xa4/0x1e0
[   94.120573][   T87]  kasan_check_range+0x294/0x2a0
[   94.125888][   T87]  __kasan_check_write+0x14/0x20
[   94.130655][   T87]  mutex_lock+0xa4/0x1e0
[   94.134822][   T87]  ? kvmalloc_node+0x221/0x640
[   94.139420][   T87]  ? bit_wait_io_timeout+0x120/0x120
[   94.144541][   T87]  ? kasan_save_alloc_info+0x1f/0x30
[   94.149656][   T87]  steam_input_open+0x91/0x1a0
[   94.154443][   T87]  ? steam_input_register+0xa70/0xa70
[   94.159647][   T87]  ? __kasan_check_write+0x14/0x20
[   94.164710][   T87]  ? mutex_lock_interruptible+0xb1/0x1e0
[   94.170165][   T87]  ? __kasan_check_write+0x14/0x20
[   94.175129][   T87]  input_open_device+0x1a5/0x310
[   94.179894][   T87]  ? kobject_get_unless_zero+0x229/0x320
[   94.185444][   T87]  evdev_open+0x3df/0x620
[   94.189612][   T87]  chrdev_open+0x4f7/0x620
[   94.193858][   T87]  ? cd_forget+0x170/0x170
[   94.198114][   T87]  ? fsnotify_perm+0x3e5/0x5b0
[   94.202713][   T87]  ? cd_forget+0x170/0x170
[   94.206978][   T87]  do_dentry_open+0x891/0x1250
[   94.211661][   T87]  vfs_open+0x73/0x80
[   94.215566][   T87]  path_openat+0x2532/0x2d60
[   94.219994][   T87]  ? kasan_save_alloc_info+0x1f/0x30
[   94.225130][   T87]  ? slab_post_alloc_hook+0x53/0x2c0
[   94.230315][   T87]  ? getname+0x19/0x20
[   94.234309][   T87]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   94.240854][   T87]  ? do_filp_open+0x480/0x480
[   94.245453][   T87]  do_filp_open+0x230/0x480
[   94.249792][   T87]  ? vfs_tmpfile+0x480/0x480
[   94.254225][   T87]  ? alloc_fd+0x4fe/0x5a0
[   94.258385][   T87]  do_sys_openat2+0x151/0x870
[   94.263176][   T87]  ? set_current_blocked+0x40/0x40
[   94.268142][   T87]  ? do_sys_open+0x220/0x220
[   94.273251][   T87]  ? __fdget_pos+0x204/0x390
[   94.278019][   T87]  ? ksys_read+0x24f/0x2c0
[   94.282502][   T87]  __x64_sys_openat+0x243/0x290
[   94.287481][   T87]  ? __ia32_sys_open+0x270/0x270
[   94.292523][   T87]  ? debug_smp_processor_id+0x17/0x20
[   94.298915][   T87]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   94.305014][   T87]  ? exit_to_user_mode_prepare+0x39/0xa0
[   94.310584][   T87]  x64_sys_call+0x6bf/0x9a0
[   94.315025][   T87]  do_syscall_64+0x3b/0xb0
[   94.319287][   T87]  ? clear_bhb_loop+0x55/0xb0
[   94.323798][   T87]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   94.330040][   T87] RIP: 0033:0x7f2d410ce9a4
[   94.334269][   T87] Code: 24 20 48 8d 44 24 30 48 89 44 24 28 64 8b 04 25 18 00 00 00 85 c0 75 2c 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 60 48 8b 15 55 a4 0d 00 f7 d8 64 89 02 48 83
[   94.354406][   T87] RSP: 002b:00007fff5d3bffd0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   94.362678][   T87] RAX: ffffffffffffffda RBX: 00007fff5d3c02b8 RCX: 00007f2d410ce9a4
[   94.370462][   T87] RDX: 0000000000080800 RSI: 00007fff5d3c01b8 RDI: 00000000ffffff9c
[   94.378276][   T87] RBP: 00007fff5d3c01b8 R08: 00000000000000f4 R09: 00007fff5d3c01b8
[   94.386361][   T87] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000080800
[   94.394191][   T87] R13: 0000000000000020 R14: 00007fff5d3c02b8 R15: 00007fff5d3c01b8
[   94.402091][   T87]  </TASK>
[   94.404951][   T87] 
[   94.407115][   T87] Allocated by task 1278:
[   94.411370][   T87]  kasan_set_track+0x4b/0x70
[   94.415817][   T87]  kasan_save_alloc_info+0x1f/0x30
[   94.420746][   T87]  __kasan_kmalloc+0x9c/0xb0
[   94.425168][   T87]  __kmalloc_node_track_caller+0xb3/0x1e0
[   94.430725][   T87]  devm_kmalloc+0x55/0x180
[   94.434978][   T87]  steam_probe+0x12e/0xbe0
[   94.439676][   T87]  hid_device_probe+0x292/0x3a0
[   94.444352][   T87]  really_probe+0x2b8/0x920
[   94.448710][   T87]  __driver_probe_device+0x1a0/0x310
[   94.453908][   T87]  driver_probe_device+0x54/0x3d0
[   94.458757][   T87]  __device_attach_driver+0x2e3/0x490
[   94.463969][   T87]  bus_for_each_drv+0x183/0x200
[   94.468653][   T87]  __device_attach+0x312/0x510
[   94.473251][   T87]  device_initial_probe+0x1a/0x20
[   94.478212][   T87]  bus_probe_device+0xbe/0x1e0
[   94.482804][   T87]  device_add+0xb60/0xf10
[   94.486965][   T87]  hid_add_device+0x3ad/0x510
[   94.491481][   T87]  usbhid_probe+0xc1f/0xff0
[   94.495818][   T87]  usb_probe_interface+0x5b6/0xa90
[   94.500766][   T87]  really_probe+0x2b8/0x920
[   94.505193][   T87]  __driver_probe_device+0x1a0/0x310
[   94.510312][   T87]  driver_probe_device+0x54/0x3d0
[   94.515173][   T87]  __device_attach_driver+0x2e3/0x490
[   94.520386][   T87]  bus_for_each_drv+0x183/0x200
[   94.525070][   T87]  __device_attach+0x312/0x510
[   94.530102][   T87]  device_initial_probe+0x1a/0x20
[   94.534963][   T87]  bus_probe_device+0xbe/0x1e0
[   94.539566][   T87]  device_add+0xb60/0xf10
[   94.543730][   T87]  usb_set_configuration+0x190f/0x1e80
[   94.549026][   T87]  usb_generic_driver_probe+0x8b/0x150
[   94.554326][   T87]  usb_probe_device+0x144/0x260
[   94.559010][   T87]  really_probe+0x2b8/0x920
[   94.563345][   T87]  __driver_probe_device+0x1a0/0x310
[   94.568466][   T87]  driver_probe_device+0x54/0x3d0
[   94.573328][   T87]  __device_attach_driver+0x2e3/0x490
[   94.578542][   T87]  bus_for_each_drv+0x183/0x200
[   94.583243][   T87]  __device_attach+0x312/0x510
[   94.587828][   T87]  device_initial_probe+0x1a/0x20
[   94.592692][   T87]  bus_probe_device+0xbe/0x1e0
[   94.597286][   T87]  device_add+0xb60/0xf10
[   94.601447][   T87]  usb_new_device+0xf2f/0x1820
[   94.606044][   T87]  hub_event+0x2db1/0x4830
[   94.610299][   T87]  process_one_work+0x73d/0xcb0
[   94.615027][   T87]  worker_thread+0xa60/0x1260
[   94.619500][   T87]  kthread+0x26d/0x300
[   94.623416][   T87]  ret_from_fork+0x1f/0x30
[   94.627659][   T87] 
[   94.629830][   T87] Freed by task 1278:
[   94.633658][   T87]  kasan_set_track+0x4b/0x70
[   94.638075][   T87]  kasan_save_free_info+0x2b/0x40
[   94.642938][   T87]  ____kasan_slab_free+0x131/0x180
[   94.647885][   T87]  __kasan_slab_free+0x11/0x20
[   94.652489][   T87]  __kmem_cache_free+0x21d/0x410
[   94.657254][   T87]  kfree+0x7a/0xf0
[   94.660813][   T87]  release_nodes+0xf1/0x230
[   94.665297][   T87]  devres_release_all+0x148/0x1a0
[   94.670145][   T87]  device_release_driver_internal+0x5bb/0x870
[   94.676050][   T87]  device_release_driver+0x19/0x20
[   94.680995][   T87]  bus_remove_device+0x2fa/0x360
[   94.685768][   T87]  device_del+0x663/0xe90
[   94.689947][   T87]  hid_destroy_device+0x68/0x110
[   94.694713][   T87]  usbhid_disconnect+0x9e/0xc0
[   94.699307][   T87]  usb_unbind_interface+0x1fa/0x8c0
[   94.704350][   T87]  device_release_driver_internal+0x53e/0x870
[   94.710366][   T87]  device_release_driver+0x19/0x20
[   94.715317][   T87]  bus_remove_device+0x2fa/0x360
[   94.720087][   T87]  device_del+0x663/0xe90
[   94.724261][   T87]  usb_disable_device+0x380/0x720
[   94.729150][   T87]  usb_disconnect+0x32a/0x890
[   94.733628][   T87]  hub_event+0x1ed8/0x4830
[   94.737976][   T87]  process_one_work+0x73d/0xcb0
[   94.742836][   T87]  worker_thread+0xa60/0x1260
[   94.747337][   T87]  kthread+0x26d/0x300
[   94.751245][   T87]  ret_from_fork+0x1f/0x30
[   94.755622][   T87] 
[   94.757760][   T87] Last potentially related work creation:
[   94.763444][   T87]  kasan_save_stack+0x3b/0x60
[   94.768029][   T87]  __kasan_record_aux_stack+0xb4/0xc0
[   94.773323][   T87]  kasan_record_aux_stack_noalloc+0xb/0x10
[   94.778982][   T87]  kvfree_call_rcu+0x9f/0x800
[   94.783526][   T87]  neigh_destroy+0x429/0x560
[   94.787907][   T87]  neigh_cleanup_and_release+0x73/0x1b0
[   94.793293][   T87]  neigh_remove_one+0x4d5/0x560
[   94.797974][   T87]  ___neigh_create+0x447/0x1db0
[   94.802661][   T87]  __neigh_create+0x32/0x40
[   94.807001][   T87]  ip6_finish_output2+0x9d0/0x1850
[   94.811951][   T87]  ip6_finish_output+0x50f/0xa60
[   94.816720][   T87]  ip6_output+0x1f7/0x4c0
[   94.820899][   T87]  ndisc_send_skb+0x7cf/0xdc0
[   94.825402][   T87]  ndisc_send_rs+0x47d/0x5f0
[   94.829851][   T87]  addrconf_rs_timer+0x2d1/0x600
[   94.834781][   T87]  call_timer_fn+0x3b/0x2d0
[   94.839233][   T87]  __run_timers+0x72a/0xa10
[   94.843654][   T87]  run_timer_softirq+0x69/0xf0
[   94.848350][   T87]  handle_softirqs+0x1db/0x650
[   94.853010][   T87]  __irq_exit_rcu+0x52/0xf0
[   94.857301][   T87]  irq_exit_rcu+0x9/0x10
[   94.861373][   T87]  sysvec_apic_timer_interrupt+0xa9/0xc0
[   94.866836][   T87]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[   94.872739][   T87] 
[   94.874909][   T87] The buggy address belongs to the object at ffff88813131ac00
[   94.874909][   T87]  which belongs to the cache kmalloc-512 of size 512
[   94.888803][   T87] The buggy address is located 80 bytes inside of
[   94.888803][   T87]  512-byte region [ffff88813131ac00, ffff88813131ae00)
[   94.901836][   T87] 
[   94.903989][   T87] The buggy address belongs to the physical page:
[   94.910242][   T87] page:ffffea0004c4c600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x131318
[   94.920390][   T87] head:ffffea0004c4c600 order:2 compound_mapcount:0 compound_pincount:0
[   94.928655][   T87] flags: 0x4000000000010200(slab|head|zone=1)
[   94.934587][   T87] raw: 4000000000010200 ffffea000441f400 dead000000000002 ffff888100042f00
[   94.942990][   T87] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[   94.951402][   T87] page dumped because: kasan: bad access detected
[   94.957744][   T87] page_owner tracks the page as allocated
[   94.963283][   T87] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd2a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 302, tgid 302 (kworker/1:2), ts 23173702471, free_ts 0
[   94.982940][   T87]  post_alloc_hook+0x213/0x220
[   94.987530][   T87]  prep_new_page+0x1b/0x110
[   94.991869][   T87]  get_page_from_freelist+0x3a98/0x3b10
[   94.997251][   T87]  __alloc_pages+0x234/0x610
[   95.001685][   T87]  alloc_slab_page+0x6c/0xf0
[   95.006118][   T87]  new_slab+0x90/0x3e0
[   95.010124][   T87]  ___slab_alloc+0x6f9/0xb80
[   95.014652][   T87]  __slab_alloc+0x5d/0xa0
[   95.018809][   T87]  __kmem_cache_alloc_node+0x207/0x2a0
[   95.024111][   T87]  __kmalloc_node_track_caller+0xa2/0x1e0
[   95.029655][   T87]  __alloc_skb+0x125/0x2d0
[   95.033923][   T87]  ndisc_alloc_skb+0xf3/0x2d0
[   95.038426][   T87]  ndisc_send_rs+0x264/0x5f0
[   95.042962][   T87]  addrconf_dad_completed+0x8c4/0xdb0
[   95.048163][   T87]  addrconf_dad_work+0xd95/0x16b0
[   95.053021][   T87]  process_one_work+0x73d/0xcb0
[   95.057885][   T87] page_owner free stack trace missing
[   95.063187][   T87] 
[   95.065343][   T87] Memory state around the buggy address:
[   95.070824][   T87]  ffff88813131ab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   95.078714][   T87]  ffff88813131ab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   95.086700][   T87] >ffff88813131ac00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   95.094687][   T87]                                                  ^
[   95.101197][   T87]  ffff88813131ac80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   95.109098][   T87]  ffff88813131ad00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   95.116995][   T87] ==================================================================
[   95.128852][   T24] CoreChips 8-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0
[   95.150221][   T87] Disabling lock debugging due to kernel taint
[   95.156974][   T87] hid 0003:28DE:1102.0014: No HID_FEATURE_REPORT submitted -  nothing to read
[   95.165876][   T87] hid 0003:28DE:1102.0014: No HID_FEATURE_REPORT submitted -  nothing to read
[   95.180637][   T87] hid 0003:28DE:1102.0014: No HID_FEATURE_REPORT submitted -  nothing to read
[   95.189523][   T87] hid 0003:28DE:1102.0014: No HID_FEATURE_REPORT submitted -  nothing to read
[   95.198374][   T87] hid 0003:28DE:1102.0014: No HID_FEATURE_REPORT submitted -  nothing to read
[   96.361533][   T24] CoreChips 8-1:0.41 (unnamed net_device) (uninitialized): Failed to send software reset:ffffffb9
[   96.372640][   T24] CoreChips 8-1:0.41 (unnamed net_device) (uninitialized): Failed to reset PHY: -71
[   96.381850][   T24] CoreChips: probe of 8-1:0.41 failed with error -71
[   96.389892][   T24] usb 8-1: USB disconnect, device number 5