last executing test programs:

2.586817298s ago: executing program 4 (id=673):
syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1810714, &(0x7f00000000c0)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x200000}}, {@user_xattr}, {@grpjquota_path}, {@errors_remount}, {@prjquota}, {@usrjquota}, {@usrjquota}, {@min_batch_time={'min_batch_time', 0x3d, 0x5}}, {@nodiscard}]}, 0xff, 0x468, &(0x7f0000000780)="$eJzs289vFFUcAPDvzG4BQdmKiIIgVTRp/NHSgsrBxGg08aCJiR7wWNtCkIUaWhMhjVZj8GhIvBuPJv4FnjwZ9WTiFY8mhoQoMQG9uGZ2Z0q77JbWbtlN9/NJBt6befve+3bmzb6dtxtA3xrK/kki7o6IyxFRaWSXFxhq/Hfj2vzk39fmJ5Oo1d78I6mXu35tfrKWK163I69zOI1IP03yRmJgabWz5y+cnqhWp8/l+dG5M++Nzp6/8PSpMxMnp09Onx0/duzokbHnnh1/pkWvf7u01jiz+K7v+3Bm/95X3770+uTxS+/8+E3W3z0HGsezONZa5+0MZYH/2fjbNB97vNONddm/tZtxJuVu94bVKkVEOR+cl6MSpbh58irxyidd7RywobJ79tb2hxdqwCaWRLd7AHRH8Uafff4ttjs09egJV19sfADK4r6Rb40j5UjzMgMb2P5QRBxf+OfLbIum5xC1Fs8NAADW67ts/vNUq/lfGnuWlNuZrw0NRsS9EbErIu6LiN0RcX9EvewDEfHgGtsfasrfOv9Mr/yvwFYpm/89n69tLZ//FbO/GCzluXvq8Q8kJ05Vpw/nf5PhGNia5cdaVV5U8fIvn7drf+n8L9uy9ou5YF7JlXLjAd22Ys/UxNxEpyalVz+O2FduFX+yuBKQRMTeiNi3tqp3FolTT3y9v12h28e/gg6sM9W+KiqZX4im+AvJyuuTo9uiOn14tLgqbvXTzxffaNf+uuLvgOz8b19+/TeVqPyVLF2vnV088MJq27j462dtP1OWV3/9L8qu/y3JW/U13S35vg8m5ubOjUVsSV6r55ftH7/52iJflM/iHz7Uevzvyl+Txf9QRGQX8YGIeDgiDubn7pGIeDQiDq0Q/w8vPfZuu2O9cP6nWt7/Fq//weXnf+2J0unvv23X/uruf0frqeF8T/3+dxvtu1PcRpuuZgAAANjE0vp345N0ZDGdpiMjje/w747taXVmdu7JEzPvn51qfId+MAbS4klXZcnz0LFkIa+xkR/PnxUXx4/kz42/KN1Vz49MzlSnuhw79LsdbcZ/5vdSt3sHbDi/14L+1Tz+0y71A7jzvP9D/zL+oX8Z/9C/Wo3/j5ry1gJgM6pVut0DoHvM/6F/Gf/Qv4x/6Evr+V3/RiXKK/x6X6JXEpH2RDd6JnGwh0ZTuQOju8s3JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgA75LwAA///foPki")
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x15)
write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000100)={0x18}, 0x18)
statfs(&(0x7f0000000040)='./file0\x00', 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x7, 0x10012, 0xffffffffffffffff, 0x0)

2.376782192s ago: executing program 4 (id=675):
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./bus\x00', 0x0, &(0x7f0000000180)={[{@nodiscard}, {}, {@acl}, {@alloc_mode_reuse}, {@block_mode}, {@disable_roll_forward}, {@background_gc_on}, {@nouser_xattr}, {@checkpoint_diasble}, {@user_xattr}, {@fsync_mode_strict}, {@adaptive_mode}, {@jqfmt_vfsold}, {@noinline_dentry}]}, 0x1, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0)
ioctl$F2FS_IOC_SET_PIN_FILE(r0, 0x4004f50d, &(0x7f0000000180)=0xfffffff9)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000280)={0x0, 0x1, 0x1ff9, 0x2000003})
r1 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x2000, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f00000001c0)=0x20)

1.829321584s ago: executing program 4 (id=680):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket(0x10, 0x3, 0x0)
connect$netlink(r2, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
sendmsg$nl_route_sched(r2, &(0x7f0000000080)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000001540)=@newtaction={0x18, 0x30, 0x829, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0)

1.721603486s ago: executing program 4 (id=681):
r0 = socket$inet6(0xa, 0x3, 0x6)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000188500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x2d)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendmmsg(r0, &(0x7f0000000480), 0x2e9, 0x0)

1.656862643s ago: executing program 4 (id=693):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000540)='kmem_cache_free\x00', r1}, 0x10)
setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4)
syz_emit_ethernet(0xbe, &(0x7f0000000480)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @broadcast}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x2, "6f1a8b372f82a1ab347f68f743f41fba716c6bdd430de41668007030fc537b64", "f38fe6d4589d7e09558a75fb526d1e5496374c9962723ebc7dec60a9bb9e3527a7927cb41769bcc57d54c7feb4f8fcf2", "ea0aa542f98042dc74d18fb9861f1d8abca03d101aa49b59f5631e00", {"6aafb19ea18c280bc658cc13a988070b", "afd7cfeb5f512fa9842cfdbb38cc9535"}}}}}}}, 0x0)

1.59297355s ago: executing program 4 (id=685):
lstat(0x0, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12013f00000000407f04ffff00000000000109022d000100000000090400001503000000092140000001220f00090581", @ANYRES32], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0)
ioctl$HIDIOCGUSAGE(r1, 0x501c4814, &(0x7f0000000480)={0x3, 0xffffffff, 0x0, 0x8000})

1.467974794s ago: executing program 2 (id=691):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000140), 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_SETSEL(r1, 0x5452, &(0x7f0000000040))

1.375530705s ago: executing program 2 (id=698):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000540)='kmem_cache_free\x00', r1}, 0x10)
setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4)
syz_emit_ethernet(0xbe, &(0x7f0000000480)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @broadcast}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x2, "6f1a8b372f82a1ab347f68f743f41fba716c6bdd430de41668007030fc537b64", "f38fe6d4589d7e09558a75fb526d1e5496374c9962723ebc7dec60a9bb9e3527a7927cb41769bcc57d54c7feb4f8fcf2", "ea0aa542f98042dc74d18fb9861f1d8abca03d101aa49b59f5631e00", {"6aafb19ea18c280bc658cc13a988070b", "afd7cfeb5f512fa9842cfdbb38cc9535"}}}}}}}, 0x0)

1.365730836s ago: executing program 2 (id=699):
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000080)='./file1\x00', 0x0, &(0x7f0000000240)=ANY=[], 0x1, 0x1208, &(0x7f0000002780)="$eJzs3E9rHGUcB/BftoltU/NHrdX2oA968TQ0OXgSJEgKkj1IbYRWEKZ2osuOu8vOElhRW09eBd+FePQmiG8gF1+Dt1w89iCOsNM/id2qBc029vO5zI/5zXef52FhYZZ5Zv+Nrz/p7lTZTj6K1txctAYR6XaKFK2466Wt5nj12tZGu715OaVLG1fWXk8pLb/84/uffffKT6Mz732//MPJ2Fv9YP/X9V/2zu2d3//9ysedKnWq1OuPUp6u9/uj/HpZnIhO1c1Seqcs8qpInV5VDA/2007ZHwzGKe/dWFocDIuqSnlvnLrFOI36aTQcp/yjvNNLWZalpcXgoRb+/uT2t7fruo6o64V4Kuq6rk/HYpyJp2MpluNWRDwTz8ZzcTaej3PxQrwY5ydXHdUSAAAAAAAAAAAAAAAAAAAA4MnwV/v/V2LV/n8AAAAAAAAAAAAAAAAAAAA4Au9evba10W5vXk7pVET51e727nZzbPobO9GJMoq4GCvxW0x2/zea+tLb7c2LaWI1vixv3snf3N0+cTi/NnmdwJ38/KR3N7/W5NPh/MlYPJhfj5U4O3389Sn5hW8iXnv1QD6Llfj5w+hHGTcmY9/Pf7GW0lu3mjnFvfEvTK4DAACA/4Ms3TP1/j3LHtZv8o/w/8Cf7u/n48L8bNdORDX+tJuXZTE8XJx64Izinxet/+iTW/GYLPC4Facfj2kcq2LWv0wchftf+qxnAgAAAAAAAAAAwKP4154ZjLmIB1vzMeXJsjfj82w2qwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgD/YgWMBAAAAAGH+1ml0bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwE0BAAD//7PKyQ8=")
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
chdir(&(0x7f00000000c0)='./bus\x00')
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents(r0, &(0x7f0000000080)=""/43, 0x2b)
getdents(r0, 0xfffffffffffffffd, 0xbb)

1.206369654s ago: executing program 2 (id=703):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0], 0x0, 0x3, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10)
unlink(0x0)

1.157455799s ago: executing program 2 (id=706):
syz_mount_image$ext4(&(0x7f00000006c0)='ext4\x00', &(0x7f0000000700)='./file0\x00', 0x8413, &(0x7f0000000500)={[{@oldalloc}, {@discard}, {@usrjquota_path={'usrjquota', 0x3d, './file0'}}, {@noblock_validity}]}, 0x0, 0x526, &(0x7f00000014c0)="$eJzs3c9vG1kdAPDvOHa2adJNFjjASnQLuyitoHay0e5GHJZFQnBaCVjuJSROFMWJq9jZbaIVm4o/AAkhQOIEFy5I/AFIaCUuHBFSJTiDAIEQtHAACTrI9jjNDzvxpo7dJp+PNJ333sz4+57bGc+bmc4L4MJ6I5sepml6IyIms/JcNn2ykdmNuBYRD+6/u9iYkkjTt/6eRJKVtT8rbXomxlubND/gq1+K+EZyNG5te2dtoVIpb2b5Un39dqm2vXNzdX1hpbxS3pibm311/rX5V+ZnHqd5y+NZ4kpEvP6FP3/v2z/54uu/+Mw7f7j11+vfTFp1fi8OteMDyh+3sNX0Qlw6VLZ5ymBPovz+xFhv29zN/okAADBYjfPSD2Xn+TdiMkaOP50FAAAAnkLp5ybiv0n73t0Ro13KAQAAgKdILiImIskVs+d9JyKXKxaj+QzvR+JyrlKt1T+9XN3aWGosi5iKQm55tVKeyZ4VnopC0sjPNtOP8i8fys9FxHMR8d3JsWa+uFitLA374gcAAABcEOOH+v//mmz1/3uQO/PKAQAAAP0zFVcLw64DAAAAcLamhl0BAAAA4Mzp/wMAAMC59uU332xMaXv866W3t7fWqm/fXCrX1orrW4vFxerm7eJKtbrSfGff+rEftjd04MbWnVK9XKuXats7t9arWxv1W6sHhsAGAAAABui5F97/XRIRu58da04No/uW/ycbJ2BoFQTOTD5i5GDJ6NGVfv9sa/6nwdQJGIyRYVcAGJr86TcdTSJ2+1kXYLC89w9ITlje9eGdX2fzT/S3PgAAQP9Nf6z7/f/jB/jbNf4fPOXsxHBxuf8PF1fz/n+HR/46crIA50rh9GcAqXMHOB8e+/7/ifwfIgAAGLaJ5pTkitnlvYnI5YrFiCvNYQEKyfJqpTwTEc9GxG8nC8808rPNLZMT+wwAAAAAAAAAAAAAAAAAAAAAAAAAQEuaJpECAAAA51pE7i/JL1vv8p+efGni8PWB0eTfk5ENEfrOD9/6/p2Fen1ztlH+j73y+g+y8peHcQUDAAAAOKzdT2/34wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgnx7cf3exPQ0y7t8+HxFTneLn41JzfikKEXH5n0nk922XRMRIH+Lv3o2Ij3aKnzSqtReyU/yxs48fU9m30Cn+eB/iw0X2fuP480an/S8X15rzzvtfPuJA/rS6H/9i7/g30mX/v9JjjOfv/azUNf7diOfznY8/7fhJl/gv9hj/61/b2em2LP1RxHTH35/kQKxSff12qba9c3N1fWGlvFLemJubfXX+tflX5mdKy6uVcvZnxxjf+fjPHx7X/std4k+d0P6Xemz//+7duf/hVrLQKf71FzvE/9WPszWOxs9lv32fytKN5dPt9G4rvd/Vn/7m6nHtX+rS/pP+/q/32P4bX/nWH3tcFQAYgNr2ztpCpVLePLeJRi/9CaiGxMAS+eh15feOLnohTh09TdO0sU89RuWT46Nfy/bas/sOk72S4R6XAACA/nt09j/smgAAAAAAAAAAAAAAAAAAAMDFNYhXsh2OubuXSvrxCm0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgL74fwAAAP//qOXmyQ==")
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00')

1.046399082s ago: executing program 3 (id=708):
sendmsg$key(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x10}}, 0x0)
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040), 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x0)
r1 = openat$incfs(r0, &(0x7f0000000080)='.pending_reads\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0x80106725, 0x20000000)

948.866483ms ago: executing program 3 (id=712):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000200))
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f00000001c0)={'filter\x00', 0x7, 0x4, 0x418, 0x8800, 0x2, 0x220, 0x330, 0x330, 0x330, 0x4, 0x0, {[{{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@link_local, @multicast1, @dev}}}, {{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@random="14faede8deed", @mac=@broadcast, @private, @multicast1}}}, {{@arp={@empty, @local, 0x0, 0x0, 0x0, 0x0, {@mac=@remote}, {@mac=@dev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'ipvlan1\x00', 'syz_tun\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@broadcast, @empty, @local, @remote}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x468)

910.212617ms ago: executing program 3 (id=715):
mount$9p_fd(0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@version_u}]}})
syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000000)='./file0\x00', 0x400, &(0x7f0000000180)=ANY=[@ANYBLOB="6572726f72733d72656d6f756e742d726f2c757466383d302c757365667265652c646973636172642c757466383d312c756e695f786c6174653d302c73686f72746e616d653d77696e39352c756e695f786c6174653d302c756e695f786c6174653d302c0008442895b66131b4e4d54b2ba6ae54da0e13047e9f62fbb85ccc774b3ec4c81a1a985232d16d0d934460e920a59172e764c68194b9d9d0be76c595bac1fc5a0a8256a7b77e071e9bdd6100f9ae"], 0xfd, 0x274, &(0x7f0000000500)="$eJzs3MGLG1UYAPDPbNvdbmmzBxEUxIde9BLa9S8I0oK4oKyNqAdh6mY17JgsmbgSEdubV/+O4tGboP4De/HmXbwsguClBzHSJONm10BbaZzV/H4Q5su8+fLeTGbCNwN5R29/+dHebtHYzQZRW0tRi7gT9yI27kdTT0yXtXF8IWbdiZcu/fbjs2++8+5rza2t69sp3WjefHkzpXTluW8/+eyr578fXHrr6yvfrMbhxntHv27+dPjU4dNHf9wsP703SFm61esNslt5O+10ir1GSm/k7axop063aPdPtO/mvf39Ycq6O5fX9/vtokhZd5j22sM06KVBf5iyD7JONzUajXR5PZbNyiNntO5ub2fNhQyGKlyct7Lfb2Yrcxtbd/+NQQEAZ0tV9f+HnSJ1itR9UP1fC/X/4qj/l8H9+n99ev2epP4HAAAAAAAAAAAAAID/gnujUX00GtXLZflajYi1iCjfVz1OFsP3v9xm/ri3FpF/cdA6aE2Wk/bmbnQij3ZcPR/x+/h8mJrEN17dun41jW3Ed/ntaf7tg9ZKrJb5pY35+dcm+elk/vlYn+1/M+rx5Pz8zbn5F+LFF2byG1GPH96PXuSxMz6vj/M/v5bSK69vncq/ON4OAAAA/g8a6S9/u38ftzdSOW3IqfbJyuPnA1F/wPOBU/fX5+KZc9XtNwAAACyTYvjpXpbn7b7g0QKHbuFBLSIq6v2XiDgbB+GxBj9/PLnqH2bjqn+ZAACAx+246K96JAAAAAAAAAAAAAAAAAAAALC8HnbysHL7fzL32Ex3K9XsJQAAAAAAAAAAAAAAAAAAAAAAAJwNfwYAAP//xsMhSw==")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.io_serviced_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000080), 0x10010)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000005, 0x10012, r0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)

636.214778ms ago: executing program 3 (id=717):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0], 0x0, 0x3, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10)
unlink(0x0)

595.902373ms ago: executing program 3 (id=719):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x2040d0, &(0x7f0000000200), 0xfb, 0x497, &(0x7f0000000f40)="$eJzs3E1sFFUcAPD/bFtQvloRP0DUKhqJHy0UFA4mfiQmHtSY6AGPaykEWaihNRHSSDUELyZK4t1ovJh48eLBkyejnky8eNC7ISGGi+hpzezOrNvt7nZZtt2W/n7JsO9N3+57/5l5O2/mMRvAujWa/pNEbImI3yNiOCIKjQVGqy/Xrs5N/nN1bjKJcvm1v5L0bfH31bnJvGiSvW6uZgbTl8KFJJ5tUu/M2XMni6XS1JksPz576u3xmbPnnjhxqnh86vjU6YnDhw8e2H/oqYknexLnbWlbd703vXvni29cennyyKU3f/o6qWt0fRy9MRTzdduk0cO9razvttalk8G2RQvL3hg6tjGi0lGHKv1/OAYubKv9bThe+KCvjQOWVblcLk+0/vN8GbiJJdHvFgD9kZ/o0+vffFmhoceqcOW56gVQGve1bKle9AzWLlSHGq5ve2kuIo7M//tZusSy3IcAAFjo+3T883iz8V8h7qwrty2bGxrJ5lK2R8TtEbEjIu6IqJS9KyLuvs76Rxvyi8c/hctdBdahdPz3dDa3lS9ZvXmRkYEst7US/1By7ERpal+2TfbG0MY0v7/ppydRmQSKXz9uVf9o3fgvXdL687Fg1o7LgxsXvudocbZ4w4FnrrwfsWuwWfzZBF42h7UzInZ1WceJR7/avXDNQC21dPxttJ9n6kj584hHqvt/PhrizyXt5yfHb4nS1L7x/KhY7OdfLr7aqv4bir8H0v2/qenxX4t/JKmfr51Z9BEblqrj4h8ftrymGY14Jro4/jckry+o/N3i7OyZ/REbkpcWr6+7wZ3n8/Jp/Hv3NO//2+P/LXFPRKQH8b0RcV9E3J/tuwci4sGI2NMm/h+ff+itNvH3df9/c3Lnseh0/+f7oXog1I6IpRIDJ3/4rlX9nX3/Hayk9mZrOvn+67SBXW42AAAAWFMKEbElksJYLV0ojI1V/w//jthUKE3PzD52bPqd00erzwiMxFAhv9M1nOUju/85Us1Xrr4nKq8R57P7pQey+8afDtxayY9NTpeO9jt4WOc2t+j/qT8H+t06YNn1YB4NWKPa9f8vDq1gQ4AV1/3538gB1rolerEfbICbmLM4rF/N+v/5PrQDWHmtz/9ThgZwk6t18k86KFz3uFfjw5vA2uMkD+vX0v3/leX6/Sugfzp/in+1JJJkwZr4MqL9u5L+t7mLxEeroxmtE1FYFc3oOlFcHc24jsRgx79qcbZ8vlgq/fbtjVTa728mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA3vgvAAD//xWj4/0=")
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000280)='ext4_drop_inode\x00', r1}, 0x10)
open(&(0x7f0000000040)='./bus\x00', 0x147042, 0x0)

549.666538ms ago: executing program 0 (id=722):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r0, &(0x7f0000000100), 0x6)

524.880081ms ago: executing program 0 (id=723):
sendmsg$key(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x10}}, 0x0)
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040), 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x0)
r1 = openat$incfs(r0, &(0x7f0000000080)='.pending_reads\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0x80106725, 0x20000000)

524.402741ms ago: executing program 0 (id=724):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000060018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
chown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)

498.630424ms ago: executing program 1 (id=725):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000540)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r2 = getpgid(0x0)
sched_rr_get_interval(r2, &(0x7f0000000200))

482.982716ms ago: executing program 0 (id=727):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000007000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000fdffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10)
bpf$MAP_CREATE(0x300000000000000, &(0x7f0000000100)=@base={0x18, 0x4, 0x41, 0x0, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4003, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x48)

409.251914ms ago: executing program 1 (id=728):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000940)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000001c0)='sched_kthread_work_queue_work\x00', r1}, 0x10)
socketpair(0x11, 0xa, 0x0, &(0x7f0000001080))

409.058224ms ago: executing program 0 (id=729):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
timer_create(0x0, 0x0, &(0x7f0000000000))
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

385.013847ms ago: executing program 0 (id=730):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='itimer_state\x00', r0}, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000f2ffffff00000000ff000000850000002a000000850000005000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='itimer_state\x00', r1}, 0x10)
alarm(0x8000000000000001)

191.043718ms ago: executing program 3 (id=731):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000000)=@x86={0xd, 0x0, 0x9, 0x0, 0x400, 0x8, 0x5, 0x6c, 0x1, 0x0, 0x10, 0x14, 0x0, 0xfffffff6, 0x9, 0x8, 0x0, 0x6, 0x6, '\x00', 0x7, 0x2})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fd7000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0xa, 0x0, 0x0)
ioctl$KVM_SET_NESTED_STATE(r2, 0x4080aebf, &(0x7f0000003680)={{0x4, 0x0, 0x80, {0x0, 0xd000}}, "cb31455c9ea4288a70a2a6bb8068fd95dd041cf5b177a3bffe992dfbbdf959487337b92336ce1de32e7695c411c0bf9f852d2d71192f33001fd51f5b396a55cb98699a09d21648c4cb30d9d7e3e397c7a3c041c76c72385a46c48c5302848c3696facce956952c2a85822ddf20434ccee5806294ed563ff3a972cddf6ef16ddace933d8a5adea40cd3ad40c9873c29368838e815ff59723519154856b2d5cd9cd79a97dc2fa08dada1175817886e5f9e7aa3dca783a44c667a4806826570ec6acb57d65efc313a384e11fb633dee17ee600145f2cb3103384606140021be766fcb7fa029f0513bbb466177ca1068192550bbf4e6f5694aec747a16e27688a988fa595bca1761b8e88a7dbcaeaf97a8b7b53058b1faf880dd6f1b6eb4c7beb0582b4007f1a67db1352407adbe1456bf762c94fd825b9419d74f63cdeb6c6976de1890d773f0c8088d2bd48a838cf5b87f5ddf926352960fb978874b0f175acfa55ddfe84de3fc9f75b58bf7a35f33d3c43ed5e3224e92751fa1b43f94f64b681163ef1360a3f3bb7403afc67a188b2104b45c5814aaa9e218552498bf85f4b221d9acc32a331f5f8c109cc9f335ff4e418ab30b54b99d5376cd928c431fc8211fcbaf64716afdc4b6d0417e04d5723e4675d282b36bef3a3a19e855029ec7c33830a6df19332b63e9d8a0f22d96ac230c67657a4e7f7afab91dc0ce751b68980e5a4f6d9d6d9b98802ba9d8576640eea61b8c308a1745df61560e56108bececa3016d93246fdc8b768634e8319b1ffde103c07378f8f4927baba05e992a4b5af0958a7e495e7ce53f7917451d15a963ca14f5cdc4563775688b6533a4b97e0f84b0a33c30077b20805c1f42cc7815efada97ad59ac486bc9e0ee386b49cb97b47fbf8f919f06c75a49636795054b5ebee3e91602c90d7f4db49220affe56d56b96e4f662b2bf36dae482ffc7ba21cbc55e21b73309d6b7aa5509defcb77c236e43b579c61eae5c8d8f8fa71ad876b96069f2e4352c8aaf16e299d21edf5434c0cd9b25cdc9210fb0de759b1dd3fc7fe4c7118bbde72a5617dff21f7a5036448fba7fe41aaee0c289cd076d757e47b0713b236f6f141ba0112c9312b3ec853aabafdf1eb2cbb517d2d7352725f557214d27d9a340af0128fc960a4ea64c933b0d8dd226b6e024471aaac8a7074b2a8695ab990fabba5bf315d246fbfe4260f1fffe54814e33b6235c5b4095437298858909bcbd40a8a286d1bedb06b7b1775bce0a5bca19b0a5c2fa8dbf87b55ae0a43c5086422e5bacb94047e150451f5996420b0d4a697f59decb49900b2b9c13aade536933e14d672c21a35cb68572c3de02f3147414eff4b8674b91f7aebf35f056a8d388f67f8ef7cfaf6b28fe745831ef41def1839791647016932c70685752851327f1837d2f1e9d8f93443eefed2317119c8152ca451a5d3aeb253fb484283f52e5db9f61f059ad3c217a860ee0571d254483501b00699208c7fa5571cf58b9715c954115bc2db0af28361938bb95ced7370c8cbb6141ef62fdbf369dfc4eccd98ab9886d79a52cbf91a27dd0f4b29940492e860fb94654dea54fad6290570760e3b59a0cf28053732472dc313b5fedfc583fc702a880971dc61286370aaf167810455cce7654dc4325a41d9d1944abcdc4d81378f1e96a8f94cd95b886a01f086e379601504219d57d531ba34e1ba0905785fb629c61f6b940a652cdee9dbef12b7fcde087b92816db3386a5769049ba00788e31de4ddbb8b56de1fbe3a5e671728effda7cfd0b650cf5df2faf22470812efbbb548e47cbf36c64e05a7877820f08948ceedb35e12a4a143ee0101a7bf0a00a4062b50c39020669700adf739a6f75352a45fd1373d3e85c3867170373f0c7a794d8590f4c22ae62d438ec365b0f6a15cb2ffe0fc6f57185e1760761bd4370027c01dfad0502f00b6898115df3c530d0b0b4a64e623fd580b528a733e4c881cf5843a975a97f92a7833527887c79fa8eec82b9526a15c6c5f2972083ce8aec735810580ffa4ea2cef4823aee044dd70927f7c07bba18b930006aa86ae7399ac6b4c24bc9d6a6ab0c5b428d7255d4d983eadf97e10c1b00867da29ac981acb453073a37236e7ae808e7759b2e0cffc3ec43afb1e95cd090a7d4b9225a0e3cbebfe49b93846ab603891e2da7d85a04bf42d12d16a97c965bc4911d3ba7a9ca505794d8744fef00a436089de67aa8b480070230dfb002eb91edaff428d4908a87afae418dff7ca59aefe1ad8f6935f309fe7985c2310881659c60a66a5e50242497ba1cd5d2bd79496ccd23f9fd901afc6622829cb3701caa50f96e09e3b23bfa3181b74ec7dae2e42c9caab43e49ae1d922a1a1eb3682de026323d9215fcec42c54401a1af81450830a4b784ed1c7922734bf3632409147680dd3fabcef296353705bb5c0e650e12905a05db1e7923923a96ddc783fc1ed46e2010416c37d9d149ad73e808bd6e4464f62893024a8501803b6c88fc55c8bbc1da7cbf580b5a81fb7c61455ae3a8aaec303fba12e0f2b51ed5e8bd31db40e8bdbd00e7b1ddd364766c974d813d86fc88a27bf82bba60c62e5f0f6af6bda3390f8e72a2811baf3d6325e70d9a3b59cab1abe95290ecb87985567e1243504c038de9d4d100ea64eec45208cd8d2474e646f7d81eed6d59b8b0859552b6fc088d874cde3e75ee30243dc9d88ed5b577851a5bd9e2a453287025777fcac19ac33e1c94b4ad272f1055b16b842a6bd6168fb45f1f74ed2467020df5431068a5f2cbeaa6ac1841308c7c9f752aa06927f91fdf18ef9d9e942367e5ecac0abf4d3b8fc7b80238c0e7faf2ea7d3f5271028fc558a44799bde63168becc67c5531e843336fb16ab618d37f95a91937b824bf896b044146bc3a5e264a8f23ddd00729cd9aa56d9a9a24b7ab96ae021b193d8874d43ff4b723d86b7564e550378599c3e0c7a2b3d447ad76eb4cd699733d970a5ab218429a1af81df9c8013d6d16a6bcb019f6ace4461cdaa785d20ea027cfa53d521bb91ad2c04aaa6c0f268b14924803977633280c7b7beb14c88fae542b7a13e96253259e7296e37276da88891c14664340e84ae732edbd71e67047e476735b220ca231de31a380ece372db632ec3cb3ef5ac97ec41148febd2acb15cde1ee5e990ea0aaa95c2df39e2111dd1185d14a194e22d34fda8f54e99d3a73e5a231682c726d40816e048c1d059bf3bb9ee2b5f895365d95aa28f6adbf6e16469926b4d8ee7f04c7dbafaa444df5b88596c17874f0efe35e5ada1a69634f4b430f852d33b032f823c5deb54f47a7a4adb1adf56d5440b7a917580004c13e0b36c8e0a203a2be3f8fffd9efef3af19389a12c67859d4381ac0a02da18e25931b41216b731de25e1245482c84d45de1cddbce2109322a3428bff692012573fe9efd02109dbf35c5d3a287dec105cf3f1a2e5f0b1cc08c7b4759766d25d0f7b42c3ea8bf8101e61159a2ba7602e9c7947cf936ac39bf59b24084709fd61d704bbdba7d282aac778b7ec1dcaf984527c8112d56e75ab774d1598d9816abc77b0e693880beca5f330c626774ab5cb6967fb0ea8e14efce120947092c3b6f8a22f07cad22e971418092481fcad36ecf0cfd6bc3864115b8507c13554584f1f6fee5ee07eb6a091638d8e7781c1c006166e0f987f9f4de535e9f3df1db8c9328e9a19a73c76059ab4edfe9eda7f16cc6b869229bafb179d194e20ccc6f9338183b673de8138ddab9a0907278f6eaacc55bf59a450ebc10e0b88c82d9f0deca86ff771f46509250fde94e0c94256b77616d099862ddc9b341838d634a9dc4b55a88fcc6248901135f6aa76365433e7e534e0e5ae8eec2a63df62c3e244a40481189ff54122698c7e2da2c829b2eec9efc9894ee05be04ae6dd48406eaace17827e38bf38b414059aded0343e0711a8d864ff41a8d9ed40fb2aa1a3f4014f691cd0e8af62445a021820ff03afa8a192ee255862f306851df1de96ce36cafb6a60b7069db7aa96fd1ffb2fb01e6247f770304dffe4b1c8d0eeb336dd6806d6ab5d418953b1cae7cbbf53766b61e4aad5cfce8255b78af26f9bd11283a9c7d12cd63b82cd2b506fd4061d1e16fc7c713d80763c3b0aa0faadcd9b7d676101aad80e1ca00369297e1f714003ab8d0b545c335014a522a25a767950963ef821425b79b521076166d0df3ef358c7d60d99cc85463c186e8faf16af79785680382e4cc93f6594f8c4461e0988c08717640df24a5f357db22432fcae21702dc792d201212fb3791e0164bb3d433a8268ec96df73766fdba42965e00e619246cba5d96eb853a7c22c34d2fe5e5d3f3ccf9c627d069517b743cd07f6f7b444074bb9a50269f2e03309c58930e56a9583eb00c37fbcdd391972261f41756c10c8899fcd036e2017e088ef9e6ec31f795d55b3bba214c53c98fc9318e4ade0e7e6fd259aa277fed54c27e5210787a5f6937f56fdbe1da5113f059061ca590ddf536a55cb91ac6ed41cb9c0418b115b29f5e823c1b0ee7c2b3982087763545b34e2c945d587ebce69bbe299a7f52b674f351977370fc700474bc15d7e6ef98c14258ecf401a4f3bba1a9aa76c5ab0b8819fe6efe3fba1899909e5e48554299150ee272451b56142d12ae2bb4942db430239701d494917f2c939a6fb9d98d4751a6f2c4537ec870342d223343a9bd7b8d8c99aff8cbfa298395551185f35dec120228073a1e496a58b59d9ac5986249a7c6db9398395cbf341c08ee910700e2daa042dba1846fef59c72ce872bba2046a14fcf9a47a5686d62bfba76309a9865c26e5fa41dd872fc749fdc57953105ace4978f9eb788c8d061c853ad0313e51e732c5d7bc05e752443c8e99b8e81c688befdb5b14c3cc2f96eb8ce8290303e483992fcbece1ff278d0dc036ad437b6cbc695c7741ba4556e242146d40843c73deaf8fceba40e4a4acd739b3031848b17a210a1ff0dc1908b77c4bb94543af52e1fe2a090c8f217428d02336303f7952c3ddefa7c81850676e7f4cc3d32c3937281fa5ab279c3fe39f92ba077dadb8c2c3df17cc511bd33c41cb161d24aea154f0f5902c94b56fe072d321a983668bd9f4838878e66ec44cb233d7d0ca908a794c844ff8b3ba4c57f6c5fc2f3a54db448b013f0c4998bbc6ed0409b3368391cb28c6df4a909fff90f308ff38c758ff7d8a2920bc221236d89b3b76de44e8ce649b32f5135a0217ba9036a8edddee97d7ba15f2c21fb7d3cae3eb6ef09dd03eed650489c83b5ba5dd9daf7a86cf0544fb8a58e46b860e3e42e10cd6f1c4f81179eb2c3ba611793a32abb4c0768db90e8bdd1694efaa9c2b45c89d203fdfb8b926b6a0d666d91b93065a83184fc2065961f2308056241b66f427c0f0aabc75852c90f0624cf036d537032ca8d73325d2ae2a79a7292c240c34584bb881fe5d468a051cbc0bde061f9eddfb758cd2dfba296eef549e5c4ede097111216a0ec60f90e8d6f5dd843c82e15f505f8c74e854ba9cd386249d552978eb8135a5f8c79c3ceb8dd5828b0218ffe40f375d6cf3ff2f47c276c8169ab98336582a852c1535018fb2306aca6b8c9f9e38d64c66a722762b76c69d4ca6c14bd6992549e4eec17287fce194467f972d9200c3d1ac4fd4a8f2620e2e4281d28c099946ed90789ba122705326390d3e058ceed24044e542efb36416272eadf6304f30efa0b7bc1ae5be92fe50e591ee6f725726e917ec113506920beb2aa53b39f1d76b31500", "cfb220c7d481332f3f1f8079dfe27e23185fd67a407358db7892789f96b7fa9b14daa48617a10d8a91b820ecbaa470ec0bb1f3cbce7f70ec70b19a4cad082229c2788f8611d7dc306d9a45761a97828c36ed87ebde5d4a3e1609c1422a8ae2f7cca428ebdb0dd38b90b9598a353b18a600bf35a369e6e3e5abb0a1c5c0c0e48e014e7ef1b7d768b3c5657f1adfbb7ff2985082b16c99eb83ec3660990dcf1106efa6b7f8a4798fec811c2c85faec0235c83b7093b3d02367421abc40a554e0b0d7fc1bcaece4222c594f8d20e368fe625ca433c75486fe5c94103cd17291349ee12b877602936688666f82ecd8f4f83d50bb1650e08b96cd25ad147c4c956c98649806a3736d072c8d97c6e3a46a7c18535df8d828b86662400d8e9cc861fa1dd5dc193892d3168396c499e07b279fb76c7e289f2fd955691363bc1de74536dc571817615c88b0d594a136966c129e424ccb7ef1c7c7461eac7ca5f03d72ea4c9c3d1156ee4cb1bb70e097357588b5c49f6716bbae1bd118104b42786f09a3b9f7cb80f383cadfd0c462096ff2bb637b7cf79764b6a4b7ffc5d87c1f063fb48e7f08ad5af534c70079f12f28e8921abbd4280801cdf6101ea494768b1274afd0eea5939843d56022a83590920fe446d56412c02fd70d085f92dbf7e0e236b8175d7faae06e0c50f7402174023ce4b996564e945c416fa823f2f9c3213ac50b20bd1fd55bb8d9fe70ee31ea2f404ae0fcbf857bebcc9196c8c622059fea2e248e4058905b69fb98be312d3193ea1d8ff653173e8c2371371b77a5bea45b3cd6fba19b6336f94ec04c8f86d24e9ca959874577d7ca0baf3c4ff30b554bc3ccc06df46d925373fbf7863e2cf684d3bc9603ab72b851ca4728294de87f2dec6f23ca9e43ed2e5cbba662d13137fc1ce0f6ae6aeb974f72f4b750825fafb67715e425f40c7da83b92d4249a0a4e96b789cceb7b07f38cb83f72dd093a345ab3cb8ae760fc14e40ea182a0d7fe1facc62a1ab0902349fd7e27bb0cd349fb5053f4734823abf020739b4b43bb11f5d69b61295068df31177959903c2ea1bb82d24eeaa93d0d4738d5d15b2a401e7ebe0d3cfbd45b2db2882cdb41408aaa718f8320fbb7f9da4f68d0eebeef175442e807e9908132731fe5e268582dcc6dffa4251ebb7121db8e412089fa9d8af9919799547a26b6b8eb44c28f1ce5f9a3021fe30841be204c1b4b3813dccae6baeef9b51de413cbec46bb0cd95d3793cdc9bfe6cdd96ce0c4aa4a25e1cbbeeee6c9fa558b279048c7e31d07b125bac68d4e1f4253bd4dc7824cf3d722c94cf2b8f61bc8155731f072fd447082b181a13ffb8c08a1d568298c5de2d969fae2bea070a9e2688f294e76b8c200dfb993ec19778eb56ae3127c1116ccc85ef8806fdcb9ee0cb66ff03fbb0fa6c52b9b101b3830fc1650efa859163a264b4059092e5dc9a415ec09bfd1460f142fe5ef00beb6aa9032bd0de97aefc6f65e8cfeea761b3d8174caf528b6627682ff4d4450cb0f34251fc000ed01dd538ef13260984f44703b89dfb511bfb538d0b1c8aded964e1bcc5ca57437468b14a31ec0000a17e4d24369c40500449c37e7dccedba3eceb59d827dace246b5c48afb6a5988e64c560b3dc76c32d831f51cdbc5cfc4364ac8b25372b87c92bacfedc6bc8feb44098dbebc89cda03c59e4c58a31372bd574704b9e788834b9f83c6703f6709efad97c4ce499ea580dae1de282a019247cb3dce5c1906322e6d3ca5157ea6428bc42416936fac194efe136089c07faf7adf1e923003f1dc63fcbc634b389a4f351a6acee785e23c6bb04ca2f265be1e634362b87c6f9fd369bbe62a1db6b286c7ffde6370bb4d6e9e0cc3ec451e1a99d134726c9075e71319d3a683e91e4b900061c0e6d086481069cd32f4cde7816f8e3a0ac6428a7488f31f06ee0da10df3ed0c150d29085879d064f914407f60018bb588735663647bfeda930407d69abef3f72fd461c2b85b00988b412a180fd267fc646a86d297e7e40912607157b6fa873df6442579b1523d8117f0c06c87adf75843b8bff30a5bfb4fe1e9846b7fdd58774641baf9cc9c4e38e53ed24a9d9e9dbc7657aa9b220a8545852b0409f5c0812e953823e841967bf55059acc7a4600818134359e72cfae0d04a0738ac8acca133d6395a455b22cdd6f901d4cdea1cf17415f7d7895a4b65f80d2f7c5c60a0dc04b40c9ae5ffc922e074a82afd704673e1766d19db9f60eab0238fb4a3169a08aded607847e5d752d4e24c4914b95bac3892bcfc2076f16a7f07583f0d418b9dec03afdb2e93335a392e1b1ef2910eb2a4b6a63fe61641f3c02bef73cd7e4a77a6f30ae821598c3160511603541bea89022b54f321c2a55cdeeb19335d78a821ab6ca0f36588a9a79a41e2123905a491d658c2a1caeee998c995bb0f816c92c5dc2b862183f80b9f9786c9c5524723c944d11f6894c7f008ab8194f577e22c03631d2a33205f508ea49653e7600639242dbaba704f700ac227f32dc575c559a0a1f4fe0cf6c22fbf7e1ca2ab4b1e4724e8379021e3c9a7c1509c6a413bd7d9c98938e440762eda2546d636597defa86c1ad31126a1182d365f858927d140fb0a97f80adcc5f4ed5efe11ac503453917a263f1d64692348d30f382e85e464ef7616067a42df5de1a1b622fabefe2ca4ceffa4801f7a02fdef40644cd1d079590d900727628d54b44db7ac700d8d664f7eea12837fcf347360d8e43a354fe51b4c49e8fcda3c322b738ed2b800b5cc06e22c72af2a67ee7bc8ae894e841f2cf2b0a7e381caf944bf4e91ded63b6f82f7474e4f81e986fff7e5339b8e9f60103a1af81833e120f0c88893ecabac044a4a2867cda4fdcb084459a00507aa9e5a8e761a72df3322a1ae8cd918b4994c23bdb1e459b4f21651bd7fa067a00e2a2877bf6b29f289ed8018e0a78f6fb4ded9749640e0e37f6381b320ab72da404f3d70d60152f6fa6738932387b83250cb3148141edb52f109bfd4bda8054959db01f4c550609a63c08cf01ecd110cfc6f0055638c0dde039d2ac2daafe59e561f9f08a8830c3f661e4325de63e98f4a4216ec3b83fd200201ed3f647147611424286ffc6c4a8aca64a6874743242d4feeaa9153de06e51c512d9cab7ae712c6424069f3e5db4ddebe9b48b5f6caa741162edf97674d2368e03a387f798151a4b9b9fa9e3a5838a343133158364a9fe3bb4b9a3c464c0c54a4c64ca774ad200925ac6bf59508c10a8574afde9b821741af43ec64cedc13aa220b39772195283506dfe899dd6a7b37eb21f154056a2df3564ef2bb918a928651de88c3613b84e7960bddd7b46b1304deb30f57b6fe5a3b4788629e91bcc2456a72fabb16b47da71624d2e9081de748b3387f52da4bb094782326dcfde0827e2d674e41bb375247d349cade9c704e5431785009b0e53f1b45c70b237c9432e07e4c7a8464ed11608a3d2184338dd9e6f6ef4b3d751e979667b6a3953c89aff4eead7a978071a912b3de21a85a5849c57933cf53cd74a610f3e60f699766fbc7e0bb8a891a429c77bb6f3b6f9f8eb0b1bd9588ef2ce98fdf0a0838e4b0bed807d8b673093c717feec8d697e32542274887d039db7a2daed5d52c8e9767443229f8003c5d67e907376ea2f393484fa70deee159cb56f8d097b8fe2736e95f540137e20725f0940a8d049068ead4c46bb3771a671bb00de88931e03445a55868de0c220db05cbda9f996d5fe7c1070efe5e718fed4d4cb4ecacad3d6b643bc0ffe9a71b720ba7b5adbbdefe29106ef6a6ffe4547f5d02bec312147df0abe80efb2d5e598fc7c8b268e58b59e0d75728e9a18126f013c963ddc92d251405f857fe3a5cbacf443be7772975b7bf4f6d7ed6f80dfcc47a88c6d19120942adb5385be6ef3c0d7e396bcac5affc8f9276d6cd1a0b069aed72a98cde8ea7aabe6cc091b19efcfaf9368dfeb3087a05a42e3b893dae5ffeb72e6ac06e995a2a75ea0b5f7876247bb4c38cf3f0153f1f7473b522f1c440b632270e2b1d654d3a5ae16cb788482760d34ca79c8951b29c628e21029715683a3e6f8f77c5d89ecdae37e0190f79c4c1dbc9d0160e359cd6c94d6662ed53bb01a83374ff593c823acc59241b11f020902069fc0054a9b26cb320bef4fb1f8cc5bd8ae76eb029afab731b9876bc4e8708a8315512823cff1f9375d284ce66e53d4efad6c76d17bb532fc938b8f80c13ce86b5ba3e540164bc5a5d47cd321c241d8740f453ef95bd3878d578561ad6ce20877ffbd44062dce8df1d048d8d5e4045be647886108cbb1f0b26a8b74b66858afedb830a161bb02bde4c46a688a0ea3a7018ce24666aab0f422ede2f78ea29f77e28d87c744cba0285ce33d0d9ac45774829699de6d725a9b6db6e7d03ad4ec9d075c386e68ca0bcd9e9911d741ed0168cbddb87a7918a964d206629da4e887277b0ef7d3f9c7082f3f15f29a0dfb39f3b0877a5ec3ac4343e0d808f5aee8f1869923aab6dfc3016821c013109f34aece6183994b853d0e9561375c02cdd26b1b55194757341929a8038864cedd6b5a3b8b51ade44637044c4ebddb190f173969a0ca4cf5d42153763a0b91da0110ae7a25204850927d81b00176d4568a3d444d8029bd010df784e3f673fe855601ec4f1b26b2df58841e6a65f0db66373f63cc14a8b07dfc52ac9957eb542d05ed687c79519609de96df18b63cb294b534ddf7d2e8f41bcc1e5a006191c4db057b6709f0a96f18e7e8f67b8be2a19c015b9c4b0b3f42e4de366b71f8da8888809473c3c7a02a1158e375f29997a43bc7118ca4d1abb8f8f21972fc589aaa3d73a4d40a1e1705e169ac6e56cff50d89fc45b6863c8fc67bb2b5939a7f33072539ba4c24077be5711ba368bf7efd4897931531d388eb5c2e56bef337777150dd59518652145c9594e110e41d2615196c6b197916c88cc2814e13a3a922b4ecb044bf31cc90e0bfe0ce07de29188bbcb0ec1a12b509f52582fbb948c3cbe0c6964f46991cec0704bfac08aec6ad8ddfc36dc68c7f547c5ee6af4a8d55c79e3dc1c49b045379811f81e9a185a92cd37ae4ee32c5d3c82d36d6202a6c84fd231fe467071d42072827fd77afa5d757e6f37247f783ef09bdfd7536b666e84bc4bb878005b7829293a04ba090272dec844f4ef0e934617c08518bdc6b915ac6f3f03e4a6ab88e21c3f21f93b31d95ea3b9228e0031cb69795de5abd19c4cb4a0cf2984e53ca391cc66e33ee0d510151670331fa264753704fea5e4b1760f74890c49a74a47e0da13155c5470013d53dea0f05b5e088f1511c209f5be940232318af2757951d399e32eb862d915784713baa8ba93645caf04ba78fa3cf600ff92b9c5be58ad87438a340bac00a5ea9fb17e39478ba61fe36335e48d8c5a0b25f024cbd2ec7f217d0f260951da396dc13a2a74cd90df4b52db686e3b34d27cfa4cebd7bf59cbcfaf4007dc943a1da6e0bd1799a21ab449d7bb42935e50c839c5b567c59742436af15bc8d46095520dcd9273ae2b6f3c1cc2b4311ac9e5d297f0940b1552c5955adb302022022bb7457978998b56328629b7725dfbe3dedb37f37af0697a4471d1d6ff6bec633a38540adeba903f3eaaec5785fbb3c6a598f49dbd9ff93c67dea1ef39a614331b119fa8efccc8bac01595fb95a2a57eec9fc6c6fe82782aa89ea971866fd9a3bca4010182092ab6d1e2b49b964be9e3bb13bd6b77850e435f55a5d46e5bcb3330c7edefd31c33f61275e516"})

190.647219ms ago: executing program 1 (id=742):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/65, 0x328000, 0x800}, 0x20)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

100.136929ms ago: executing program 1 (id=732):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000000)={0x8, 0x0, &(0x7f00000003c0)=[@increfs], 0x0, 0x0, 0x0})
dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x10, 0x0, &(0x7f00000002c0)=[@request_death={0x400c6313}], 0x0, 0x0, 0x0})

76.731182ms ago: executing program 1 (id=734):
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000ffc000/0x4000)=nil)
munmap(&(0x7f0000ff3000/0xb000)=nil, 0xb000)
mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f0000002000/0x4000)=nil)
prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000ffc000/0x4000)=nil)
prlimit64(0x0, 0x2, &(0x7f0000001fc0)={0x8, 0xc2}, 0x0)
brk(0x20ffc004)

863.71µs ago: executing program 1 (id=735):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'gretap0\x00', <r1=>0x0})
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x1000}, 0x4)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000080)=0xf3e, 0x62)
sendto$packet(r0, &(0x7f00000000c0)="3f033608260812002c001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @multicast}, 0x14)
syz_emit_ethernet(0x66, &(0x7f0000000180)={@link_local, @multicast, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x2f, 0x0, @multicast2, @private=0xffffffff}, {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4305}}}}}}, 0x0)

0s ago: executing program 2 (id=736):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000fbff000000000000001d8500000007000000a50000002a00000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='kmem_cache_free\x00', r0}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000cfc5b610560400f07ff3010203010902"], 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8943, 0x0)

kernel console output (not intermixed with test programs):

ouch 0003:1FD2:6007.000B: unknown main item tag 0x0
[   49.586914][   T20] hid-multitouch 0003:1FD2:6007.000B: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.3-1/input0
[   49.598682][  T328] usb 2-1: device descriptor read/all, error -71
[   49.638568][  T987] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   49.662111][  T987] EXT4-fs (loop0): 1 truncate cleaned up
[   49.667629][  T987] EXT4-fs (loop0): mounted filesystem without journal. Opts: debug_want_extra_isize=0x000000000000002e,nombcache,inode_readahead_blks=0x0000000000000002,stripe=0x0000000002004000,max_batch_time=0x0000000000000002,max_batch_time=0x0000000000000004,,errors=continue. Quota mode: none.
[   49.754417][  T989] loop2: detected capacity change from 0 to 40427
[   49.782341][  T338] usb 4-1: USB disconnect, device number 3
[   49.821228][  T989] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[   49.828949][  T989] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[   49.842897][  T996] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[   49.850880][  T989] F2FS-fs (loop2): Found nat_bits in checkpoint
[   49.873524][  T989] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[   49.880703][  T989] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   49.912420][  T834] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix.
[   49.912439][  T834] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix.
[   49.920012][  T834] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix.
[   49.927360][  T834] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix.
[   49.934798][  T834] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix.
[   49.935495][   T30] audit: type=1400 audit(1729570417.641:382): avc:  denied  { remove_name } for  pid=83 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   49.942178][  T834] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix.
[   49.949796][   T30] audit: type=1400 audit(1729570417.641:383): avc:  denied  { rename } for  pid=83 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   49.972084][  T834] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix.
[   49.979334][   T30] audit: type=1400 audit(1729570417.641:384): avc:  denied  { create } for  pid=83 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   50.058843][ T1003] loop1: detected capacity change from 0 to 512
[   50.139974][ T1003] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[   50.152835][ T1003] ext4 filesystem being mounted at /62/file0 supports timestamps until 2038 (0x7fffffff)
[   50.157295][ T1007] netlink: 8 bytes leftover after parsing attributes in process `syz.2.256'.
[   50.168638][ T1003] EXT4-fs (loop1): re-mounted. Opts: (null). Quota mode: writeback.
[   50.182769][ T1007] netlink: 4 bytes leftover after parsing attributes in process `syz.2.256'.
[   50.243015][   T30] audit: type=1400 audit(1729570417.951:385): avc:  denied  { create } for  pid=1008 comm="syz.2.259" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   50.267510][   T30] audit: type=1400 audit(1729570417.951:386): avc:  denied  { connect } for  pid=1008 comm="syz.2.259" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   50.287937][   T30] audit: type=1400 audit(1729570417.951:387): avc:  denied  { ioctl } for  pid=1008 comm="syz.2.259" path="socket:[17353]" dev="sockfs" ino=17353 ioctlcmd=0x7437 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   50.335900][   T30] audit: type=1326 audit(1729570418.041:388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1016 comm="syz.1.262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55b1f5eff9 code=0x7ffc0000
[   50.363316][   T30] audit: type=1326 audit(1729570418.041:389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1016 comm="syz.1.262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=38 compat=0 ip=0x7f55b1f5eff9 code=0x7ffc0000
[   50.394064][   T30] audit: type=1326 audit(1729570418.041:390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1016 comm="syz.1.262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55b1f5eff9 code=0x7ffc0000
[   50.532042][ T1022] loop1: detected capacity change from 0 to 40427
[   50.618423][ T1022] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[   50.626212][ T1022] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[   50.628190][  T313] usbhid 5-1:0.0: can't add hid device: -71
[   50.635311][ T1022] F2FS-fs (loop1): invalid crc value
[   50.640636][  T313] usbhid: probe of 5-1:0.0 failed with error -71
[   50.650457][ T1022] F2FS-fs (loop1): Found nat_bits in checkpoint
[   50.654680][  T313] usb 5-1: USB disconnect, device number 6
[   50.677685][ T1022] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[   50.684629][ T1022] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   50.704060][ T1022] attempt to access beyond end of device
[   50.704060][ T1022] loop1: rw=2049, want=45104, limit=40427
[   50.720713][  T320] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[   50.728096][    T6] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[   50.729908][  T320] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[   50.869414][ T1035] loop1: detected capacity change from 0 to 1024
[   50.928930][ T1035] EXT4-fs (loop1): Test dummy encryption mode enabled
[   51.018175][  T313] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[   51.039069][  T302] bridge0: port 3(syz_tun) entered disabled state
[   51.046132][  T302] device syz_tun left promiscuous mode
[   51.051533][  T302] bridge0: port 3(syz_tun) entered disabled state
[   51.088150][    T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   51.099569][    T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   51.109202][    T6] usb 4-1: New USB device found, idVendor=046d, idProduct=c71b, bcdDevice= 0.00
[   51.118015][    T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   51.135539][    T6] usb 4-1: config 0 descriptor??
[   51.141282][ T1038] loop2: detected capacity change from 0 to 512
[   51.181420][ T1038] EXT4-fs (loop2): Mount option "nouser_xattr" will be removed by 3.5
[   51.181420][ T1038] Contact linux-ext4@vger.kernel.org if you think we should keep it.
[   51.181420][ T1038] 
[   51.199578][ T1038] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   51.211591][ T1038] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   51.223640][ T1038] EXT4-fs (loop2): 1 orphan inode deleted
[   51.229663][ T1038] EXT4-fs (loop2): 1 truncate cleaned up
[   51.231358][ T1039] bridge0: port 1(bridge_slave_0) entered blocking state
[   51.235228][ T1038] EXT4-fs (loop2): mounted filesystem without journal. Opts: discard,acl,dioread_nolock,errors=remount-ro,nouser_xattr,lazytime,. Quota mode: none.
[   51.242082][ T1039] bridge0: port 1(bridge_slave_0) entered disabled state
[   51.264149][ T1039] device bridge_slave_0 entered promiscuous mode
[   51.274195][ T1039] bridge0: port 2(bridge_slave_1) entered blocking state
[   51.281174][ T1039] bridge0: port 2(bridge_slave_1) entered disabled state
[   51.288411][ T1039] device bridge_slave_1 entered promiscuous mode
[   51.340052][  T430] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   51.347275][  T430] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   51.355814][  T430] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   51.366824][  T430] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   51.375026][  T430] bridge0: port 1(bridge_slave_0) entered blocking state
[   51.381893][  T430] bridge0: port 1(bridge_slave_0) entered forwarding state
[   51.388235][  T313] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   51.389273][  T430] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   51.399666][  T313] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   51.416443][  T313] usb 5-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[   51.425323][  T313] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   51.436931][  T313] usb 5-1: config 0 descriptor??
[   51.442445][  T430] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   51.450537][  T430] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   51.458758][  T430] bridge0: port 2(bridge_slave_1) entered blocking state
[   51.465594][  T430] bridge0: port 2(bridge_slave_1) entered forwarding state
[   51.473058][  T430] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   51.483805][  T430] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   51.498146][  T430] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   51.509623][  T430] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   51.517327][  T430] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   51.524920][  T430] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   51.534822][ T1039] device veth0_vlan entered promiscuous mode
[   51.544826][  T430] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   51.553895][ T1039] device veth1_macvtap entered promiscuous mode
[   51.562952][  T430] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   51.573379][  T430] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   51.581317][  T328] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[   51.605579][ T1047] netlink: 8 bytes leftover after parsing attributes in process `syz.1.270'.
[   51.615386][    T6] logitech-djreceiver 0003:046D:C71B.000C: item fetching failed at offset 5/7
[   51.617904][ T1047] netlink: 4 bytes leftover after parsing attributes in process `syz.1.270'.
[   51.625179][    T6] logitech-djreceiver 0003:046D:C71B.000C: logi_dj_probe: parse failed
[   51.641378][    T6] logitech-djreceiver: probe of 0003:046D:C71B.000C failed with error -22
[   51.758682][  T320] device bridge_slave_1 left promiscuous mode
[   51.764669][  T320] bridge0: port 2(bridge_slave_1) entered disabled state
[   51.771866][  T320] device bridge_slave_0 left promiscuous mode
[   51.777798][  T320] bridge0: port 1(bridge_slave_0) entered disabled state
[   51.785497][  T320] device veth1_macvtap left promiscuous mode
[   51.791349][  T320] device veth0_vlan left promiscuous mode
[   51.829545][   T39] usb 4-1: USB disconnect, device number 4
[   51.888394][   T20] Bluetooth: hci0: command 0x1003 tx timeout
[   51.894429][  T658] Bluetooth: hci0: sending frame failed (-49)
[   51.929374][  T313] hid-steam 0003:28DE:1142.000D: item fetching failed at offset 4/5
[   51.937331][  T313] hid-steam 0003:28DE:1142.000D: steam_probe:parse of hid interface failed
[   51.946264][  T313] hid-steam: probe of 0003:28DE:1142.000D failed with error -22
[   51.958133][    T6] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[   51.978541][  T328] usb 3-1: config index 0 descriptor too short (expected 106, got 36)
[   51.986542][  T328] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 95, changing to 10
[   51.997694][  T328] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 25189, setting to 1024
[   52.008810][  T328] usb 3-1: New USB device found, idVendor=1b1c, idProduct=1b3e, bcdDevice= 0.00
[   52.017638][  T328] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   52.026637][  T328] usb 3-1: config 0 descriptor??
[   52.140264][   T20] usb 5-1: USB disconnect, device number 7
[   52.338218][    T6] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   52.349571][    T6] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   52.354287][ T1052] loop3: detected capacity change from 0 to 512
[   52.359395][    T6] usb 2-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[   52.374319][    T6] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   52.385560][    T6] usb 2-1: config 0 descriptor??
[   52.399711][ T1052] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[   52.410671][ T1052] ext4 filesystem being mounted at /8/file0 supports timestamps until 2038 (0x7fffffff)
[   52.429774][ T1052] EXT4-fs (loop3): re-mounted. Opts: (null). Quota mode: writeback.
[   52.519538][  T328] hid-generic 0003:1B1C:1B3E.000E: hidraw0: USB HID v0.00 Device [HID 1b1c:1b3e] on usb-dummy_hcd.2-1/input0
[   52.721891][   T20] usb 3-1: USB disconnect, device number 7
[   52.868807][    T6] hid-multitouch 0003:1FD2:6007.000F: unknown main item tag 0x0
[   52.876721][    T6] hid-multitouch 0003:1FD2:6007.000F: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.1-1/input0
[   52.928161][  T328] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[   52.998118][  T338] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[   53.077169][   T20] usb 2-1: USB disconnect, device number 10
[   53.178126][  T328] usb 4-1: Using ep0 maxpacket: 16
[   53.238101][  T338] usb 5-1: Using ep0 maxpacket: 8
[   53.298148][  T328] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[   53.306823][  T328] usb 4-1: config 1 has an invalid descriptor of length 239, skipping remainder of the config
[   53.317150][  T328] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[   53.326611][  T328] usb 4-1: config 1 has no interface number 1
[   53.332658][  T328] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[   53.345372][  T328] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 65, changing to 10
[   53.356296][  T328] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid maxpacket 17232, setting to 1024
[   53.366339][  T338] usb 5-1: config index 0 descriptor too short (expected 5924, got 36)
[   53.375286][  T338] usb 5-1: config 250 has an invalid interface number: 228 but max is -1
[   53.384998][  T338] usb 5-1: config 250 has 1 interface, different from the descriptor's value: 0
[   53.393853][  T338] usb 5-1: config 250 has no interface number 0
[   53.399953][  T338] usb 5-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[   53.411315][  T338] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[   53.421527][  T338] usb 5-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0
[   53.431607][  T338] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0
[   53.441663][  T338] usb 5-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[   53.454949][  T338] usb 5-1: config 250 interface 228 has no altsetting 0
[   53.528231][  T328] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   53.537125][  T328] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   53.544916][  T328] usb 4-1: Product: syz
[   53.548899][  T328] usb 4-1: Manufacturer: syz
[   53.553300][  T328] usb 4-1: SerialNumber: syz
[   53.578151][  T338] usb 5-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[   53.589169][  T338] usb 5-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[   53.597244][  T338] usb 5-1: Product: syz
[   53.601377][  T338] usb 5-1: SerialNumber: syz
[   53.638794][  T338] hub 5-1:250.228: bad descriptor, ignoring hub
[   53.644856][  T338] hub: probe of 5-1:250.228 failed with error -5
[   53.758201][  T327] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[   53.849180][  T338] usblp 5-1:250.228: usblp0: USB Bidirectional printer dev 8 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[   53.900007][  T328] usb 4-1: USB disconnect, device number 5
[   53.968143][    T6] Bluetooth: hci0: command 0x1001 tx timeout
[   53.974005][  T658] Bluetooth: hci0: sending frame failed (-49)
[   54.128160][  T327] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   54.138888][  T327] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   54.148864][  T327] usb 3-1: New USB device found, idVendor=046d, idProduct=c71b, bcdDevice= 0.00
[   54.157708][  T327] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   54.166207][  T327] usb 3-1: config 0 descriptor??
[   54.344844][  T338] hid-generic 0008:0E00:0008.0010: unknown main item tag 0x0
[   54.352322][  T338] hid-generic 0008:0E00:0008.0010: unknown main item tag 0x0
[   54.360238][  T338] hid-generic 0008:0E00:0008.0010: unknown main item tag 0x0
[   54.367491][  T338] hid-generic 0008:0E00:0008.0010: unknown main item tag 0x0
[   54.374911][  T338] hid-generic 0008:0E00:0008.0010: unknown main item tag 0x0
[   54.382314][  T338] hid-generic 0008:0E00:0008.0010: unknown main item tag 0x0
[   54.389813][  T338] hid-generic 0008:0E00:0008.0010: unknown main item tag 0x0
[   54.397057][  T338] hid-generic 0008:0E00:0008.0010: unknown main item tag 0x0
[   54.404436][  T338] hid-generic 0008:0E00:0008.0010: unknown main item tag 0x0
[   54.411841][  T338] hid-generic 0008:0E00:0008.0010: unknown main item tag 0x0
[   54.419182][  T338] hid-generic 0008:0E00:0008.0010: unknown main item tag 0x0
[   54.426430][  T338] hid-generic 0008:0E00:0008.0010: unknown main item tag 0x0
[   54.433806][  T338] hid-generic 0008:0E00:0008.0010: unknown main item tag 0x0
[   54.441195][  T338] hid-generic 0008:0E00:0008.0010: unknown main item tag 0x0
[   54.448530][  T338] hid-generic 0008:0E00:0008.0010: unknown main item tag 0x0
[   54.455863][  T338] hid-generic 0008:0E00:0008.0010: unknown main item tag 0x0
[   54.463422][ T1070] usb 5-1: reset high-speed USB device number 8 using dummy_hcd
[   54.471053][  T338] hid-generic 0008:0E00:0008.0010: unknown main item tag 0x0
[   54.478538][  T338] hid-generic 0008:0E00:0008.0010: unknown main item tag 0x0
[   54.484912][ T1086] loop3: detected capacity change from 0 to 40427
[   54.485766][  T338] hid-generic 0008:0E00:0008.0010: unknown main item tag 0x0
[   54.499512][  T338] hid-generic 0008:0E00:0008.0010: unknown main item tag 0x0
[   54.506712][  T338] hid-generic 0008:0E00:0008.0010: unknown main item tag 0x0
[   54.514292][  T338] hid-generic 0008:0E00:0008.0010: unknown main item tag 0x0
[   54.521658][  T338] hid-generic 0008:0E00:0008.0010: unknown main item tag 0x0
[   54.528911][  T338] hid-generic 0008:0E00:0008.0010: unknown main item tag 0x0
[   54.536046][  T338] hid-generic 0008:0E00:0008.0010: unknown main item tag 0x0
[   54.543302][  T338] hid-generic 0008:0E00:0008.0010: unknown main item tag 0x0
[   54.550483][  T338] hid-generic 0008:0E00:0008.0010: unknown main item tag 0x0
[   54.557681][  T338] hid-generic 0008:0E00:0008.0010: unknown main item tag 0x0
[   54.558651][ T1086] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[   54.564900][  T338] hid-generic 0008:0E00:0008.0010: unknown main item tag 0x0
[   54.572800][ T1086] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[   54.579636][  T338] hid-generic 0008:0E00:0008.0010: unknown main item tag 0x0
[   54.588793][ T1086] F2FS-fs (loop3): invalid crc value
[   54.594842][  T338] hid-generic 0008:0E00:0008.0010: unknown main item tag 0x0
[   54.601802][ T1086] F2FS-fs (loop3): Found nat_bits in checkpoint
[   54.607302][  T338] hid-generic 0008:0E00:0008.0010: unknown main item tag 0x0
[   54.621000][  T338] hid-generic 0008:0E00:0008.0010: unknown main item tag 0x0
[   54.628229][  T338] hid-generic 0008:0E00:0008.0010: unknown main item tag 0x0
[   54.629400][  T327] logitech-djreceiver 0003:046D:C71B.0011: item fetching failed at offset 5/7
[   54.635503][  T338] hid-generic 0008:0E00:0008.0010: unknown main item tag 0x0
[   54.655074][  T338] hid-generic 0008:0E00:0008.0010: hidraw0: <UNKNOWN> HID v8a.5d Device [syz1] on syz0
[   54.655206][  T327] logitech-djreceiver 0003:046D:C71B.0011: logi_dj_probe: parse failed
[   54.676247][  T327] logitech-djreceiver: probe of 0003:046D:C71B.0011 failed with error -22
[   54.685399][ T1086] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[   54.692646][ T1086] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   54.702203][   T30] kauditd_printk_skb: 32 callbacks suppressed
[   54.702214][   T30] audit: type=1400 audit(1729570422.411:423): avc:  denied  { mount } for  pid=1084 comm="syz.3.285" name="/" dev="loop3" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   54.740067][ T1086] attempt to access beyond end of device
[   54.740067][ T1086] loop3: rw=2049, want=45104, limit=40427
[   54.755264][   T30] audit: type=1400 audit(1729570422.471:424): avc:  denied  { unmount } for  pid=905 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   54.756671][  T430] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[   54.783527][  T430] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[   54.849137][   T26] usb 3-1: USB disconnect, device number 8
[   54.968153][   T39] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[   55.138134][ T1070] usb 5-1: failed to restore interface 228 altsetting 255 (error=-71)
[   55.146317][    T6] usb 5-1: USB disconnect, device number 8
[   55.153392][    T6] usblp0: removed
[   55.328213][   T39] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   55.338942][   T39] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   55.348471][   T39] usb 2-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[   55.357415][   T39] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   55.370010][   T39] usb 2-1: config 0 descriptor??
[   55.448825][   T30] audit: type=1400 audit(1729570423.161:425): avc:  denied  { bind } for  pid=1112 comm="syz.3.295" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   55.486449][   T30] audit: type=1400 audit(1729570423.181:426): avc:  denied  { listen } for  pid=1112 comm="syz.3.295" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   55.521319][   T30] audit: type=1326 audit(1729570423.221:427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1116 comm="syz.2.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58407c0ff9 code=0x7ffc0000
[   55.544759][   T30] audit: type=1326 audit(1729570423.221:428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1116 comm="syz.2.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58407c0ff9 code=0x7ffc0000
[   55.568337][   T30] audit: type=1326 audit(1729570423.221:429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1116 comm="syz.2.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=201 compat=0 ip=0x7f58407c0ff9 code=0x7ffc0000
[   55.591471][   T30] audit: type=1326 audit(1729570423.221:430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1116 comm="syz.2.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58407c0ff9 code=0x7ffc0000
[   55.615700][   T30] audit: type=1326 audit(1729570423.221:431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1116 comm="syz.2.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58407c0ff9 code=0x7ffc0000
[   55.654306][   T30] audit: type=1326 audit(1729570423.361:432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1122 comm="syz.3.301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcded55dff9 code=0x7ffc0000
[   55.693131][ T1125] netlink: 24 bytes leftover after parsing attributes in process `syz.3.302'.
[   55.765260][ T1133] loop2: detected capacity change from 0 to 256
[   55.848886][   T39] hid-steam 0003:28DE:1142.0012: item fetching failed at offset 4/5
[   55.856913][   T39] hid-steam 0003:28DE:1142.0012: steam_probe:parse of hid interface failed
[   55.870762][ T1133] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x72685a33, utbl_chksum : 0xe619d30d)
[   55.883287][   T39] hid-steam: probe of 0003:28DE:1142.0012 failed with error -22
[   55.969718][ T1139] loop2: detected capacity change from 0 to 256
[   56.004838][ T1135] loop4: detected capacity change from 0 to 40427
[   56.048110][   T39] Bluetooth: hci0: command 0x1009 tx timeout
[   56.056790][  T327] usb 2-1: USB disconnect, device number 11
[   56.066585][ T1135] F2FS-fs (loop4): invalid crc value
[   56.073366][ T1135] F2FS-fs (loop4): Found nat_bits in checkpoint
[   56.086838][ T1144] loop2: detected capacity change from 0 to 256
[   56.094112][ T1144] exfat: Deprecated parameter 'namecase'
[   56.101161][ T1144] exfat: Deprecated parameter 'namecase'
[   56.112605][ T1135] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[   56.145262][ T1144] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x1fdf94bc, utbl_chksum : 0xe619d30d)
[   56.427029][ T1159] netlink: 24 bytes leftover after parsing attributes in process `syz.4.316'.
[   56.455089][ T1161] loop4: detected capacity change from 0 to 2048
[   56.555106][ T1161] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a802c018, mo2=0002]
[   56.564681][ T1161] System zones: 0-7
[   56.569112][ T1161] EXT4-fs (loop4): mounted filesystem without journal. Opts: abort,debug,,errors=continue. Quota mode: none.
[   56.594370][ T1168] loop1: detected capacity change from 0 to 256
[   56.612459][ T1170] loop3: detected capacity change from 0 to 256
[   56.623266][ T1168] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x72685a33, utbl_chksum : 0xe619d30d)
[   56.782938][ T1182] loop1: detected capacity change from 0 to 128
[   56.860734][ T1172] loop4: detected capacity change from 0 to 40427
[   56.877090][ T1172] F2FS-fs (loop4): invalid crc value
[   56.883484][ T1172] F2FS-fs (loop4): Found nat_bits in checkpoint
[   56.923942][ T1172] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   56.964771][ T1172] attempt to access beyond end of device
[   56.964771][ T1172] loop4: rw=2049, want=45104, limit=40427
[   56.988569][  T301] attempt to access beyond end of device
[   56.988569][  T301] loop4: rw=2049, want=45112, limit=40427
[   57.016507][ T1188] loop1: detected capacity change from 0 to 128
[   57.087848][ T1188] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   57.108190][ T1188] ext4 filesystem being mounted at /10/file1 supports timestamps until 2038 (0x7fffffff)
[   57.211831][ T1195] loop4: detected capacity change from 0 to 16
[   57.262079][ T1197] loop1: detected capacity change from 0 to 2048
[   57.289598][ T1195] erofs: (device loop4): mounted with root inode @ nid 36.
[   57.356776][ T1209] loop4: detected capacity change from 0 to 256
[   57.384021][ T1197] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a802c018, mo2=0002]
[   57.393546][ T1197] System zones: 0-7
[   57.397690][ T1197] EXT4-fs (loop1): mounted filesystem without journal. Opts: abort,debug,,errors=continue. Quota mode: none.
[   57.440775][ T1217] loop4: detected capacity change from 0 to 128
[   57.514404][ T1213] loop2: detected capacity change from 0 to 40427
[   57.529097][ T1221] netlink: 16 bytes leftover after parsing attributes in process `syz.1.341'.
[   57.593363][ T1213] F2FS-fs (loop2): invalid crc value
[   57.607826][ T1213] F2FS-fs (loop2): Found nat_bits in checkpoint
[   57.628156][  T327] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[   57.642297][ T1229] loop4: detected capacity change from 0 to 128
[   57.670808][ T1213] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   57.695877][ T1229] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   57.713297][ T1213] attempt to access beyond end of device
[   57.713297][ T1213] loop2: rw=2049, want=45104, limit=40427
[   57.724437][ T1229] ext4 filesystem being mounted at /72/file1 supports timestamps until 2038 (0x7fffffff)
[   57.740082][  T834] attempt to access beyond end of device
[   57.740082][  T834] loop2: rw=2049, want=45112, limit=40427
[   57.836654][ T1234] tipc: Started in network mode
[   57.843763][ T1234] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[   57.853299][ T1234] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[   57.861548][ T1234] tipc: Enabled bearer <udp:s>, priority 10
[   58.028164][  T327] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   58.039393][  T327] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   58.049207][  T327] usb 4-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00
[   58.058270][  T327] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   58.066867][  T327] usb 4-1: config 0 descriptor??
[   58.090918][ T1248] netlink: 8 bytes leftover after parsing attributes in process `syz.4.351'.
[   58.096663][ T1251] loop2: detected capacity change from 0 to 2048
[   58.118674][ T1248] netlink: 4 bytes leftover after parsing attributes in process `syz.4.351'.
[   58.149149][ T1251] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a802c018, mo2=0002]
[   58.157102][ T1251] System zones: 0-7
[   58.161271][ T1251] EXT4-fs (loop2): mounted filesystem without journal. Opts: abort,debug,,errors=continue. Quota mode: none.
[   58.244306][ T1263] netlink: 24 bytes leftover after parsing attributes in process `syz.1.355'.
[   58.273234][ T1267] loop2: detected capacity change from 0 to 128
[   58.378513][ T1269] loop1: detected capacity change from 0 to 40427
[   58.399927][ T1273] bridge0: port 3(vlan2) entered blocking state
[   58.405972][ T1273] bridge0: port 3(vlan2) entered disabled state
[   58.440490][ T1275] loop2: detected capacity change from 0 to 128
[   58.450437][ T1269] F2FS-fs (loop1): invalid crc value
[   58.462140][ T1277] netlink: 8 bytes leftover after parsing attributes in process `syz.4.362'.
[   58.471703][ T1269] F2FS-fs (loop1): Found nat_bits in checkpoint
[   58.474639][ T1275] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   58.498353][ T1275] ext4 filesystem being mounted at /59/file1 supports timestamps until 2038 (0x7fffffff)
[   58.530410][  T327] isku 0003:1E7D:319C.0013: hidraw0: USB HID v0.00 Device [HID 1e7d:319c] on usb-dummy_hcd.3-1/input0
[   58.542107][ T1269] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   58.579408][ T1269] attempt to access beyond end of device
[   58.579408][ T1269] loop1: rw=2049, want=45104, limit=40427
[   58.594951][ T1039] attempt to access beyond end of device
[   58.594951][ T1039] loop1: rw=2049, want=45112, limit=40427
[   58.638907][ T1289] loop4: detected capacity change from 0 to 512
[   58.671381][ T1293] loop2: detected capacity change from 0 to 512
[   58.689999][ T1296] loop1: detected capacity change from 0 to 512
[   58.709641][ T1289] EXT4-fs (loop4): Ignoring removed mblk_io_submit option
[   58.715321][ T1293] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[   58.716632][ T1289] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[   58.735568][ T1289] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b002c118, mo2=0002]
[   58.744391][ T1289] System zones: 1-12
[   58.753763][ T1296] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[   58.765542][ T1293] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #17: comm syz.2.371: iget: bad i_size value: -6917529027641081756
[   58.768144][ T1289] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2219: inode #15: comm syz.4.370: corrupted in-inode xattr
[   58.778821][ T1296] ext4 filesystem being mounted at /20/file0 supports timestamps until 2038 (0x7fffffff)
[   58.795585][ T1289] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz.4.370: couldn't read orphan inode 15 (err -117)
[   58.800231][ T1293] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz.2.371: couldn't read orphan inode 17 (err -117)
[   58.823992][ T1293] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[   58.833776][ T1289] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsold,data_err=abort,debug,noload,mblk_io_submit,commit=0x0000000000000005,init_itable=0x0000000000000601,debug,,errors=continue. Quota mode: none.
[   58.858368][   T39] tipc: Node number set to 1
[   58.943448][  T327] usb 4-1: USB disconnect, device number 6
[   59.472652][ T1325] loop3: detected capacity change from 0 to 128
[   59.479419][ T1320] loop2: detected capacity change from 0 to 512
[   59.510223][ T1325] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   59.520681][ T1325] ext4 filesystem being mounted at /29/file1 supports timestamps until 2038 (0x7fffffff)
[   59.579926][ T1320] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[   59.610822][ T1320] ext4 filesystem being mounted at /65/file0 supports timestamps until 2038 (0x7fffffff)
[   59.622596][ T1338] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=1338 comm=syz.4.383
[   59.660437][ T1340] Zero length message leads to an empty skb
[   59.670889][ T1320] EXT4-fs error (device loop2): ext4_add_entry:2484: inode #2: comm syz.2.390: Directory hole found for htree leaf block 0
[   59.765766][ T1336] loop3: detected capacity change from 0 to 40427
[   59.785133][   T30] kauditd_printk_skb: 71 callbacks suppressed
[   59.785148][   T30] audit: type=1326 audit(1729570427.491:504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1351 comm="syz.4.395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec92110ff9 code=0x7ffc0000
[   59.814325][   T30] audit: type=1326 audit(1729570427.491:505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1351 comm="syz.4.395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec92110ff9 code=0x7ffc0000
[   59.851427][   T30] audit: type=1326 audit(1729570427.491:506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1351 comm="syz.4.395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fec92110ff9 code=0x7ffc0000
[   59.874678][   T30] audit: type=1326 audit(1729570427.491:507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1351 comm="syz.4.395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec92110ff9 code=0x7ffc0000
[   59.905065][ T1336] F2FS-fs (loop3): invalid crc value
[   59.915250][ T1336] F2FS-fs (loop3): Found nat_bits in checkpoint
[   59.991434][   T30] audit: type=1326 audit(1729570427.491:508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1351 comm="syz.4.395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec92110ff9 code=0x7ffc0000
[   60.024053][ T1336] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   60.041992][   T30] audit: type=1326 audit(1729570427.491:509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1351 comm="syz.4.395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fec92110ff9 code=0x7ffc0000
[   60.060382][ T1376] loop2: detected capacity change from 0 to 2048
[   60.072305][   T30] audit: type=1326 audit(1729570427.501:510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1351 comm="syz.4.395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec92110ff9 code=0x7ffc0000
[   60.099623][   T30] audit: type=1326 audit(1729570427.501:511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1351 comm="syz.4.395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fec92110ff9 code=0x7ffc0000
[   60.123358][   T30] audit: type=1326 audit(1729570427.551:512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1351 comm="syz.4.395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec92110ff9 code=0x7ffc0000
[   60.148265][   T30] audit: type=1326 audit(1729570427.551:513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1351 comm="syz.4.395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fec92110ff9 code=0x7ffc0000
[   60.172766][ T1336] attempt to access beyond end of device
[   60.172766][ T1336] loop3: rw=2049, want=45104, limit=40427
[   60.185218][ T1371] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.192260][ T1371] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.200020][ T1371] device bridge_slave_0 entered promiscuous mode
[   60.206922][ T1371] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.213979][ T1371] bridge0: port 2(bridge_slave_1) entered disabled state
[   60.222135][ T1371] device bridge_slave_1 entered promiscuous mode
[   60.237293][  T905] attempt to access beyond end of device
[   60.237293][  T905] loop3: rw=2049, want=45112, limit=40427
[   60.241607][ T1376] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   60.258827][   T20] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[   60.304092][ T1376] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   60.328400][ T1376] overlayfs: failed to set xattr on upper
[   60.344122][ T1376] overlayfs: ...falling back to index=off,metacopy=off.
[   60.381349][ T1385] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[   60.422149][  T430] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   60.429917][  T430] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   60.438614][  T430] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   60.446942][  T430] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   60.465895][  T430] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.472762][  T430] bridge0: port 1(bridge_slave_0) entered forwarding state
[   60.487381][  T430] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   60.497096][ T1391] loop2: detected capacity change from 0 to 512
[   60.506852][  T430] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   60.515511][   T20] usb 5-1: Using ep0 maxpacket: 32
[   60.521559][  T430] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   60.531358][  T430] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.538210][  T430] bridge0: port 2(bridge_slave_1) entered forwarding state
[   60.559845][  T430] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   60.579223][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   60.587330][ T1391] EXT4-fs error (device loop2): ext4_xattr_block_get:546: inode #2: comm syz.2.409: corrupted xattr block 255
[   60.609195][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   60.616850][ T1391] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117
[   60.625762][ T1391] EXT4-fs (loop2): mounted filesystem without journal. Opts: data_err=abort,noblock_validity,dioread_lock,init_itable,auto_da_alloc,grpjquota=.noload,barrier=0x0000000000000007,jqfmt=vfsv1,grpid,,,errors=continue. Quota mode: writeback.
[   60.630771][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   60.661107][   T20] usb 5-1: config index 0 descriptor too short (expected 29220, got 36)
[   60.669636][ T1391] EXT4-fs error (device loop2): ext4_xattr_block_get:546: inode #2: comm syz.2.409: corrupted xattr block 255
[   60.681674][   T20] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[   60.690525][   T20] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81
[   60.690732][ T1393] loop3: detected capacity change from 0 to 40427
[   60.699851][ T1391] SELinux: (dev loop2, type ext4) getxattr errno 117
[   60.706194][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   60.719201][   T20] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[   60.719517][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   60.729961][   T20] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[   60.745899][ T1371] device veth0_vlan entered promiscuous mode
[   60.746034][ T1393] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504)
[   60.758596][ T1393] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[   60.761083][   T20] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[   60.767553][ T1393] F2FS-fs (loop3): invalid crc value
[   60.777959][   T20] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[   60.792020][   T20] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[   60.793844][ T1393] F2FS-fs (loop3): Found nat_bits in checkpoint
[   60.805210][   T20] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[   60.832746][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   60.844109][ T1371] device veth1_macvtap entered promiscuous mode
[   60.856811][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   60.860155][   T20] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   60.873387][ T1393] F2FS-fs (loop3): Start checkpoint disabled!
[   60.886700][   T20] usb 5-1: config 0 descriptor??
[   60.893144][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   60.901534][ T1393] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[   60.908653][ T1393] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[   60.940600][ T1393] attempt to access beyond end of device
[   60.940600][ T1393] loop3: rw=2049, want=53256, limit=40427
[   60.969741][ T1408] syz.0.396 uses obsolete (PF_INET,SOCK_PACKET)
[   60.991202][  T430] attempt to access beyond end of device
[   60.991202][  T430] loop3: rw=2049, want=40992, limit=40427
[   61.049042][  T320] device bridge_slave_1 left promiscuous mode
[   61.054991][  T320] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.063115][  T320] device bridge_slave_0 left promiscuous mode
[   61.069313][  T320] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.077315][  T320] device veth1_macvtap left promiscuous mode
[   61.083457][  T320] device veth0_vlan left promiscuous mode
[   61.159591][   T20] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 9 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[   61.200884][ T1422] loop3: detected capacity change from 0 to 128
[   61.205866][   T20] usb 5-1: USB disconnect, device number 9
[   61.213754][   T20] usblp0: removed
[   61.239648][ T1422] EXT4-fs (loop3): Ignoring removed nobh option
[   61.246842][ T1422] EXT4-fs (loop3): mounted filesystem without journal. Opts: nobh,inode_readahead_blks=0x0000000000008000,,errors=continue. Quota mode: none.
[   61.261348][ T1422] ext4 filesystem being mounted at /33/mnt supports timestamps until 2038 (0x7fffffff)
[   61.261603][    T6] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   61.476096][ T1435] loop3: detected capacity change from 0 to 512
[   61.509512][ T1435] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[   61.520416][ T1435] ext4 filesystem being mounted at /35/file0 supports timestamps until 2038 (0x7fffffff)
[   61.535641][ T1435] EXT4-fs error (device loop3): ext4_add_entry:2484: inode #2: comm syz.3.422: Directory hole found for htree leaf block 0
[   61.558122][    T6] usb 1-1: Using ep0 maxpacket: 8
[   61.614423][ T1443] loop3: detected capacity change from 0 to 2048
[   61.688164][    T6] usb 1-1: config index 0 descriptor too short (expected 5924, got 36)
[   61.696384][    T6] usb 1-1: config 250 has an invalid interface number: 228 but max is -1
[   61.704917][    T6] usb 1-1: config 250 has 1 interface, different from the descriptor's value: 0
[   61.714099][    T6] usb 1-1: config 250 has no interface number 0
[   61.715013][ T1443] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   61.720890][    T6] usb 1-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[   61.742076][    T6] usb 1-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[   61.752549][    T6] usb 1-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0
[   61.762829][    T6] usb 1-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0
[   61.773082][    T6] usb 1-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[   61.786608][    T6] usb 1-1: config 250 interface 228 has no altsetting 0
[   61.792537][ T1443] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   61.813240][ T1443] overlayfs: failed to set xattr on upper
[   61.818951][ T1443] overlayfs: ...falling back to index=off,metacopy=off.
[   61.908182][    T6] usb 1-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[   61.917116][    T6] usb 1-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[   61.925365][    T6] usb 1-1: Product: syz
[   61.929543][    T6] usb 1-1: SerialNumber: syz
[   61.989510][    T6] hub 1-1:250.228: bad descriptor, ignoring hub
[   61.997208][    T6] hub: probe of 1-1:250.228 failed with error -5
[   62.208948][    T6] usblp 1-1:250.228: usblp0: USB Bidirectional printer dev 4 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[   62.341207][ T1479] loop4: detected capacity change from 0 to 512
[   62.425409][ T1479] EXT4-fs error (device loop4): ext4_xattr_block_get:546: inode #2: comm syz.4.437: corrupted xattr block 255
[   62.428144][  T338] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[   62.442840][ T1479] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -117
[   62.448354][   T39] Bluetooth: hci0: command 0x1003 tx timeout
[   62.453016][ T1479] EXT4-fs (loop4): mounted filesystem without journal. Opts: data_err=abort,noblock_validity,dioread_lock,init_itable,auto_da_alloc,grpjquota=.noload,barrier=0x0000000000000007,jqfmt=vfsv1,grpid,,,errors=continue. Quota mode: writeback.
[   62.458304][  T658] Bluetooth: hci0: sending frame failed (-49)
[   62.481063][ T1479] EXT4-fs error (device loop4): ext4_xattr_block_get:546: inode #2: comm syz.4.437: corrupted xattr block 255
[   62.498995][ T1479] SELinux: (dev loop4, type ext4) getxattr errno 117
[   62.678116][  T338] usb 3-1: Using ep0 maxpacket: 16
[   62.737235][ T1486] xt_hashlimit: size too large, truncated to 1048576
[   62.798189][  T338] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[   62.806848][  T338] usb 3-1: config 1 has an invalid descriptor of length 239, skipping remainder of the config
[   62.817307][  T338] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[   62.826337][  T338] usb 3-1: config 1 has no interface number 1
[   62.832542][  T338] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[   62.845434][  T338] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 65, changing to 10
[   62.856553][  T338] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid maxpacket 17232, setting to 1024
[   62.910665][ T1492] loop3: detected capacity change from 0 to 512
[   62.968469][ T1492] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[   62.979800][ T1492] EXT4-fs error (device loop3): ext4_orphan_get:1397: inode #17: comm syz.3.441: iget: bad i_size value: -6917529027641081756
[   62.992911][ T1492] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz.3.441: couldn't read orphan inode 17 (err -117)
[   63.004807][ T1414] usb 1-1: reset high-speed USB device number 4 using dummy_hcd
[   63.007086][ T1492] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[   63.023316][  T338] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   63.032525][  T338] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   63.040467][  T338] usb 3-1: Product: syz
[   63.044501][  T338] usb 3-1: Manufacturer: syz
[   63.049011][  T338] usb 3-1: SerialNumber: syz
[   63.390592][  T338] usb 3-1: USB disconnect, device number 9
[   63.457977][ T1499] loop4: detected capacity change from 0 to 2048
[   63.496046][ T1499] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   63.531457][ T1499] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   63.546888][ T1499] overlayfs: failed to set xattr on upper
[   63.552926][ T1499] overlayfs: ...falling back to index=off,metacopy=off.
[   63.633332][ T1517] loop3: detected capacity change from 0 to 512
[   63.679317][ T1515] loop4: detected capacity change from 0 to 128
[   63.688206][ T1414] usb 1-1: failed to restore interface 228 altsetting 255 (error=-71)
[   63.689827][ T1517] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[   63.707028][    T6] usb 1-1: USB disconnect, device number 4
[   63.708209][ T1517] ext4 filesystem being mounted at /47/file0 supports timestamps until 2038 (0x7fffffff)
[   63.713433][    T6] usblp0: removed
[   63.728567][ T1515] EXT4-fs (loop4): Ignoring removed nobh option
[   63.740441][ T1515] EXT4-fs (loop4): mounted filesystem without journal. Opts: nobh,inode_readahead_blks=0x0000000000008000,,errors=continue. Quota mode: none.
[   63.755056][ T1515] ext4 filesystem being mounted at /107/mnt supports timestamps until 2038 (0x7fffffff)
[   63.831699][ T1524] bridge0: port 3(vlan2) entered blocking state
[   63.837819][ T1524] bridge0: port 3(vlan2) entered disabled state
[   63.921010][ T1541] xt_hashlimit: size too large, truncated to 1048576
[   64.222519][ T1553] loop3: detected capacity change from 0 to 512
[   64.253301][ T1553] EXT4-fs error (device loop3): ext4_xattr_block_get:546: inode #2: comm syz.3.464: corrupted xattr block 255
[   64.265131][ T1553] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117
[   64.273451][ T1553] EXT4-fs (loop3): mounted filesystem without journal. Opts: data_err=abort,noblock_validity,dioread_lock,init_itable,auto_da_alloc,grpjquota=.noload,barrier=0x0000000000000007,jqfmt=vfsv1,grpid,,,errors=continue. Quota mode: writeback.
[   64.297033][ T1553] EXT4-fs error (device loop3): ext4_xattr_block_get:546: inode #2: comm syz.3.464: corrupted xattr block 255
[   64.308802][ T1553] SELinux: (dev loop3, type ext4) getxattr errno 117
[   64.448297][ T1561] loop2: detected capacity change from 0 to 128
[   64.508464][ T1561] EXT4-fs (loop2): Ignoring removed nobh option
[   64.515443][ T1561] EXT4-fs (loop2): mounted filesystem without journal. Opts: nobh,inode_readahead_blks=0x0000000000008000,,errors=continue. Quota mode: none.
[   64.529933][  T338] Bluetooth: hci0: command 0x1001 tx timeout
[   64.529998][ T1561] ext4 filesystem being mounted at /93/mnt supports timestamps until 2038 (0x7fffffff)
[   64.535771][  T658] Bluetooth: hci0: sending frame failed (-49)
[   64.708277][   T39] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[   64.908130][  T338] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[   64.958131][   T39] usb 1-1: Using ep0 maxpacket: 16
[   65.118193][   T39] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[   65.126712][   T39] usb 1-1: config 1 has an invalid descriptor of length 239, skipping remainder of the config
[   65.136848][   T39] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[   65.145539][   T39] usb 1-1: config 1 has no interface number 1
[   65.151507][   T39] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[   65.164039][   T39] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 65, changing to 10
[   65.174941][   T39] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid maxpacket 17232, setting to 1024
[   65.388211][   T39] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   65.397059][   T39] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   65.404890][   T39] usb 1-1: Product: syz
[   65.408904][   T39] usb 1-1: Manufacturer: syz
[   65.413276][   T39] usb 1-1: SerialNumber: syz
[   65.518188][  T338] usb 3-1: New USB device found, idVendor=05f3, idProduct=0240, bcdDevice=1b.24
[   65.527024][  T338] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   65.534858][  T338] usb 3-1: Product: syz
[   65.538843][  T338] usb 3-1: Manufacturer: syz
[   65.543250][  T338] usb 3-1: SerialNumber: syz
[   65.548271][  T338] usb 3-1: config 0 descriptor??
[   65.779712][   T39] usb 1-1: USB disconnect, device number 5
[   65.789281][  T387] udevd[387]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[   65.791316][    T6] usb 3-1: USB disconnect, device number 10
[   66.192981][ T1582] xt_hashlimit: size too large, truncated to 1048576
[   66.560474][ T1597] loop0: detected capacity change from 0 to 40427
[   66.608381][  T335] Bluetooth: hci0: command 0x1009 tx timeout
[   66.618139][    T6] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[   66.628142][   T39] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[   66.635454][  T338] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[   66.658707][ T1597] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504)
[   66.665531][ T1597] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[   66.673711][ T1597] F2FS-fs (loop0): fault_injection options not supported
[   66.680737][ T1597] F2FS-fs (loop0): fault_type options not supported
[   66.687967][ T1597] F2FS-fs (loop0): invalid crc value
[   66.694528][ T1597] F2FS-fs (loop0): Found nat_bits in checkpoint
[   66.716336][ T1597] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[   66.723268][ T1597] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   66.740696][ T1597] attempt to access beyond end of device
[   66.740696][ T1597] loop0: rw=2049, want=53264, limit=40427
[   66.752376][ T1597] attempt to access beyond end of device
[   66.752376][ T1597] loop0: rw=2049, want=53272, limit=40427
[   66.766265][ T1597] attempt to access beyond end of device
[   66.766265][ T1597] loop0: rw=2049, want=53288, limit=40427
[   66.858257][    T6] usb 3-1: Using ep0 maxpacket: 8
[   66.898136][   T39] usb 4-1: Using ep0 maxpacket: 32
[   66.978179][    T6] usb 3-1: config index 0 descriptor too short (expected 5924, got 36)
[   66.986308][    T6] usb 3-1: config 250 has an invalid interface number: 228 but max is -1
[   66.994613][    T6] usb 3-1: config 250 has 1 interface, different from the descriptor's value: 0
[   67.003516][    T6] usb 3-1: config 250 has no interface number 0
[   67.009578][    T6] usb 3-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[   67.021048][    T6] usb 3-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[   67.031297][    T6] usb 3-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0
[   67.041502][    T6] usb 3-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0
[   67.048219][  T338] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   67.051546][    T6] usb 3-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[   67.051575][    T6] usb 3-1: config 250 interface 228 has no altsetting 0
[   67.062354][   T39] usb 4-1: config index 0 descriptor too short (expected 29220, got 36)
[   67.090641][  T338] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   67.100278][  T338] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   67.112871][   T39] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[   67.121304][  T338] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   67.130129][   T39] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81
[   67.139014][  T338] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   67.147038][   T39] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[   67.156732][   T39] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[   67.166339][  T338] usb 5-1: config 0 descriptor??
[   67.171162][   T39] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[   67.180758][   T39] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[   67.188230][    T6] usb 3-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[   67.190302][   T39] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[   67.199489][    T6] usb 3-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[   67.212547][   T39] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[   67.220191][    T6] usb 3-1: Product: syz
[   67.229357][   T39] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   67.234392][    T6] usb 3-1: SerialNumber: syz
[   67.241740][   T39] usb 4-1: config 0 descriptor??
[   67.289064][    T6] hub 3-1:250.228: bad descriptor, ignoring hub
[   67.295150][    T6] hub: probe of 3-1:250.228 failed with error -5
[   67.499830][    T6] usblp 3-1:250.228: usblp0: USB Bidirectional printer dev 11 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[   67.519029][   T39] usblp 4-1:0.0: usblp1: USB Bidirectional printer dev 7 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[   67.532237][   T39] usb 4-1: USB disconnect, device number 7
[   67.540474][   T39] usblp1: removed
[   67.648939][  T338] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0
[   67.656273][  T338] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0
[   67.663769][  T338] plantronics 0003:047F:FFFF.0014: No inputs registered, leaving
[   67.672540][  T338] plantronics 0003:047F:FFFF.0014: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[   67.761955][   T30] kauditd_printk_skb: 57 callbacks suppressed
[   67.761969][   T30] audit: type=1326 audit(1729570435.471:571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1610 comm="syz.0.483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa214cc6ff9 code=0x7ffc0000
[   67.791497][   T30] audit: type=1326 audit(1729570435.471:572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1610 comm="syz.0.483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa214cc6ff9 code=0x7ffc0000
[   67.815053][   T30] audit: type=1326 audit(1729570435.501:573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1610 comm="syz.0.483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa214cc6ff9 code=0x7ffc0000
[   67.838261][   T30] audit: type=1326 audit(1729570435.521:574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1610 comm="syz.0.483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa214cc6ff9 code=0x7ffc0000
[   67.861506][   T30] audit: type=1326 audit(1729570435.521:575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1610 comm="syz.0.483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa214cc6ff9 code=0x7ffc0000
[   67.884732][   T30] audit: type=1326 audit(1729570435.551:576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1610 comm="syz.0.483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=34 compat=0 ip=0x7fa214cc6ff9 code=0x7ffc0000
[   67.929282][    T6] usb 5-1: USB disconnect, device number 10
[   68.308292][ T1591] usb 3-1: reset high-speed USB device number 11 using dummy_hcd
[   68.390546][ T1627] syz.3.489[1627] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   68.390591][ T1627] syz.3.489[1627] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   68.403462][   T30] audit: type=1400 audit(1729570436.121:577): avc:  denied  { write } for  pid=1626 comm="syz.3.489" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   68.468815][   T30] audit: type=1400 audit(1729570436.181:578): avc:  denied  { create } for  pid=1634 comm="syz.4.493" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[   68.474846][ T1635] blk_update_request: I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   68.500261][ T1635] F2FS-fs (loop9): Unable to read 1th superblock
[   68.506464][ T1635] blk_update_request: I/O error, dev loop9, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   68.517246][ T1635] F2FS-fs (loop9): Unable to read 2th superblock
[   68.531669][   T30] audit: type=1400 audit(1729570436.241:579): avc:  denied  { unlink } for  pid=301 comm="syz-executor" name="file0" dev="tmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[   68.537030][ T1637] loop4: detected capacity change from 0 to 128
[   68.607906][ T1637] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   68.618601][ T1637] ext4 filesystem being mounted at /117/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff)
[   68.715661][ T1653] input: syz0 as /devices/virtual/input/input5
[   68.723803][   T30] audit: type=1400 audit(1729570436.441:580): avc:  denied  { read } for  pid=86 comm="acpid" name="event3" dev="devtmpfs" ino=608 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   68.747955][   T20] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[   68.797509][ T1661] loop0: detected capacity change from 0 to 2048
[   68.859735][ T1661] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   68.903070][ T1659] loop4: detected capacity change from 0 to 40427
[   68.929361][ T1659] F2FS-fs (loop4): Invalid Fs Meta Ino: node(1) meta(2) root(0)
[   68.937954][ T1659] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[   68.949289][ T1659] F2FS-fs (loop4): invalid crc value
[   68.955636][ T1659] F2FS-fs (loop4): Found nat_bits in checkpoint
[   68.978165][   T20] usb 4-1: Using ep0 maxpacket: 8
[   68.994327][ T1659] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[   69.001405][ T1659] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   69.008801][ T1591] usb 3-1: failed to restore interface 228 altsetting 255 (error=-71)
[   69.020771][   T39] usb 3-1: USB disconnect, device number 11
[   69.036879][   T39] usblp0: removed
[   69.098185][   T20] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   69.112633][ T1659] attempt to access beyond end of device
[   69.112633][ T1659] loop4: rw=34817, want=77856, limit=40427
[   69.123853][   T20] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   69.133586][   T20] usb 4-1: New USB device found, idVendor=054c, idProduct=0ce6, bcdDevice= 0.00
[   69.143081][   T20] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   69.151738][   T20] usb 4-1: config 0 descriptor??
[   69.263765][  T301] attempt to access beyond end of device
[   69.263765][  T301] loop4: rw=2049, want=45104, limit=40427
[   69.629357][   T20] playstation 0003:054C:0CE6.0015: unknown main item tag 0x0
[   69.635076][ T1690] loop4: detected capacity change from 0 to 40427
[   69.637961][   T20] playstation 0003:054C:0CE6.0015: unknown main item tag 0x0
[   69.650236][   T20] playstation 0003:054C:0CE6.0015: unknown main item tag 0x0
[   69.657417][   T20] playstation 0003:054C:0CE6.0015: unknown main item tag 0x0
[   69.665059][   T20] playstation 0003:054C:0CE6.0015: unknown main item tag 0x0
[   69.672348][   T20] playstation 0003:054C:0CE6.0015: unknown main item tag 0x0
[   69.679557][   T20] playstation 0003:054C:0CE6.0015: unknown main item tag 0x0
[   69.687178][   T20] playstation 0003:054C:0CE6.0015: hidraw0: USB HID v0.00 Device [HID 054c:0ce6] on usb-dummy_hcd.3-1/input0
[   69.818100][ T1690] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[   69.825696][ T1690] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[   69.848190][    T6] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[   69.899893][ T1690] F2FS-fs (loop4): invalid crc value
[   70.018915][ T1690] F2FS-fs (loop4): Found nat_bits in checkpoint
[   70.380120][ T1690] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[   70.386975][ T1690] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   71.148179][   T20] playstation 0003:054C:0CE6.0015: Invalid byte count transferred, expected 20 got 0
[   71.164766][ T1705] syz.2.520[1705] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   71.164842][ T1705] syz.2.520[1705] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   71.165542][   T20] playstation 0003:054C:0CE6.0015: Failed to retrieve DualSense pairing info: -22
[   71.204416][ T1690] Invalid ELF header len 1
[   71.214404][   T10] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[   71.223661][   T20] playstation 0003:054C:0CE6.0015: Failed to get MAC address from DualSense
[   71.232586][   T10] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[   71.245375][   T20] playstation 0003:054C:0CE6.0015: Failed to create dualsense.
[   71.254828][   T20] playstation: probe of 0003:054C:0CE6.0015 failed with error -22
[   71.285956][ T1706] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.292993][ T1706] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.300366][ T1706] device bridge_slave_0 entered promiscuous mode
[   71.311974][ T1706] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.318879][ T1706] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.326047][ T1706] device bridge_slave_1 entered promiscuous mode
[   71.428788][  T328] usb 4-1: reset high-speed USB device number 8 using dummy_hcd
[   71.440623][ T1706] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.447494][ T1706] bridge0: port 2(bridge_slave_1) entered forwarding state
[   71.454597][ T1706] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.461387][ T1706] bridge0: port 1(bridge_slave_0) entered forwarding state
[   71.485926][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   71.496424][   T10] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.513931][   T10] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.535047][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   71.543096][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.549966][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   71.563403][ T1729] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[   71.570712][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   71.578895][   T10] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.585719][   T10] bridge0: port 2(bridge_slave_1) entered forwarding state
[   71.593016][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   71.604361][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   71.616342][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   71.627838][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   71.635733][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   71.643277][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   71.651687][ T1706] device veth0_vlan entered promiscuous mode
[   71.663741][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   71.672592][ T1706] device veth1_macvtap entered promiscuous mode
[   71.682330][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   71.694080][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   71.720689][ T1735] syz.0.530[1735] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   71.720760][ T1735] syz.0.530[1735] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   71.735925][ T1736] loop1: detected capacity change from 0 to 512
[   71.782349][ T1736] EXT4-fs (loop1): Ignoring removed oldalloc option
[   71.796485][ T1736] EXT4-fs (loop1): Journaled quota options ignored when QUOTA feature is enabled
[   71.807449][ T1736] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock
[   71.817788][ T1736] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock
[   71.827746][ T1736] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 1 overlaps superblock
[   71.838518][  T320] device bridge_slave_1 left promiscuous mode
[   71.844579][ T1736] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   71.852403][  T320] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.859379][ T1736] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c040e01c, mo2=0000]
[   71.867435][  T320] device bridge_slave_0 left promiscuous mode
[   71.874054][ T1736] EXT4-fs (loop1): orphan cleanup on readonly fs
[   71.881205][ T1736] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.519: bg 0: block 34: padding at end of block bitmap is not set
[   71.883621][  T320] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.907717][ T1736] EXT4-fs error (device loop1): ext4_acquire_dquot:6187: comm syz.1.519: Failed to acquire dquot type 1
[   71.937783][ T1736] EXT4-fs (loop1): 1 truncate cleaned up
[   71.952160][ T1736] EXT4-fs (loop1): mounted filesystem without journal. Opts: oldalloc,discard,usrjquota=./file0,noblock_validity,,errors=continue. Quota mode: writeback.
[   71.952603][ T1738] loop2: detected capacity change from 0 to 40427
[   71.981282][  T320] device veth0_vlan left promiscuous mode
[   72.032589][ T1738] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[   72.045818][ T1738] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[   72.060965][ T1738] F2FS-fs (loop2): invalid crc value
[   72.067527][ T1738] F2FS-fs (loop2): Found nat_bits in checkpoint
[   72.105025][ T1738] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[   72.112123][ T1738] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   72.147067][ T1738] Invalid ELF header len 1
[   72.156810][   T45] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[   72.166014][   T45] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[   72.348225][    T6] usb 1-1: device descriptor read/64, error -71
[   72.388120][  T328] usb 4-1: device descriptor read/64, error -71
[   72.548482][  T328] usb 4-1: device reset changed ep0 maxpacket size!
[   72.555047][   T20] usb 4-1: USB disconnect, device number 8
[   72.705047][ T1736] syz.1.519 (1736) used greatest stack depth: 19760 bytes left
[   72.710849][   T20] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[   72.714409][ T1756] input: syz0 as /devices/virtual/input/input6
[   72.828226][    T6] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   72.839363][    T6] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   72.852411][    T6] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   72.861476][    T6] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   72.870187][    T6] usb 1-1: config 0 descriptor??
[   72.958258][   T20] usb 4-1: Using ep0 maxpacket: 16
[   73.078164][   T20] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   73.088910][   T20] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[   73.098530][   T20] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[   73.108031][   T20] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 166
[   73.117666][   T20] usb 4-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22
[   73.178125][   T26] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[   73.208217][   T20] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   73.217116][   T20] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[   73.224934][   T20] usb 4-1: SerialNumber: syz
[   73.248236][ T1748] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[   73.268659][   T20] cdc_acm 4-1:1.0: Control and data interfaces are not separated!
[   73.276567][   T20] cdc_acm: probe of 4-1:1.0 failed with error -12
[   73.348921][    T6] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0
[   73.356273][    T6] plantronics 0003:047F:FFFF.0016: No inputs registered, leaving
[   73.365009][    T6] plantronics 0003:047F:FFFF.0016: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[   73.418133][   T26] usb 2-1: Using ep0 maxpacket: 16
[   73.473160][   T39] usb 4-1: USB disconnect, device number 9
[   73.538181][   T26] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   73.548087][   T26] usb 2-1: config 0 has no interfaces?
[   73.569463][    T6] Bluetooth: hci0: command 0x1003 tx timeout
[   73.575331][  T658] Bluetooth: hci0: sending frame failed (-49)
[   73.628554][    T6] usb 1-1: USB disconnect, device number 6
[   73.708193][   T26] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[   73.717104][   T26] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   73.724885][   T26] usb 2-1: Product: syz
[   73.728922][   T26] usb 2-1: Manufacturer: syz
[   73.733368][   T26] usb 2-1: SerialNumber: syz
[   73.738508][   T26] r8152-cfgselector 2-1: config 0 descriptor??
[   74.013134][ T1766] loop3: detected capacity change from 0 to 128
[   74.033586][ T1770] blk_update_request: I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   74.044497][ T1770] F2FS-fs (loop5): Unable to read 1th superblock
[   74.051598][ T1770] blk_update_request: I/O error, dev loop5, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   74.063114][ T1770] F2FS-fs (loop5): Unable to read 2th superblock
[   74.066906][ T1766] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   74.079939][ T1766] ext4 filesystem being mounted at /67/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff)
[   74.200014][   T26] usb 2-1: USB disconnect, device number 12
[   74.388128][    T6] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[   74.448105][   T39] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[   74.628141][    T6] usb 3-1: Using ep0 maxpacket: 32
[   74.718135][   T39] usb 1-1: Using ep0 maxpacket: 8
[   74.748158][    T6] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   74.760033][    T6] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[   74.771645][    T6] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   74.781494][   T30] kauditd_printk_skb: 34 callbacks suppressed
[   74.781507][   T30] audit: type=1326 audit(1729570442.491:613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1785 comm="syz.1.547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfa2d28ff9 code=0x7ffc0000
[   74.783567][    T6] usb 3-1: config 0 descriptor??
[   74.811314][   T30] audit: type=1326 audit(1729570442.521:614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1785 comm="syz.1.547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfa2d28ff9 code=0x7ffc0000
[   74.847400][   T30] audit: type=1326 audit(1729570442.551:615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1785 comm="syz.1.547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=152 compat=0 ip=0x7fbfa2d28ff9 code=0x7ffc0000
[   74.849237][    T6] hub 3-1:0.0: USB hub found
[   74.878690][   T30] audit: type=1326 audit(1729570442.551:616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1785 comm="syz.1.547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfa2d28ff9 code=0x7ffc0000
[   74.902116][   T30] audit: type=1326 audit(1729570442.551:617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1785 comm="syz.1.547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfa2d28ff9 code=0x7ffc0000
[   74.925511][   T39] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   74.937145][   T30] audit: type=1326 audit(1729570442.551:618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1785 comm="syz.1.547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=218 compat=0 ip=0x7fbfa2d28ff9 code=0x7ffc0000
[   74.961552][   T39] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   74.971516][   T39] usb 1-1: New USB device found, idVendor=054c, idProduct=0ce6, bcdDevice= 0.00
[   74.980561][   T30] audit: type=1326 audit(1729570442.551:619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1785 comm="syz.1.547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfa2d28ff9 code=0x7ffc0000
[   75.003862][   T30] audit: type=1326 audit(1729570442.551:620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1785 comm="syz.1.547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfa2d28ff9 code=0x7ffc0000
[   75.003873][   T39] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   75.039082][   T39] usb 1-1: config 0 descriptor??
[   75.058157][    T6] hub 3-1:0.0: 2 ports detected
[   75.509733][   T39] playstation 0003:054C:0CE6.0017: unknown main item tag 0x0
[   75.516955][   T39] playstation 0003:054C:0CE6.0017: unknown main item tag 0x0
[   75.524728][   T39] playstation 0003:054C:0CE6.0017: unknown main item tag 0x0
[   75.531994][   T39] playstation 0003:054C:0CE6.0017: unknown main item tag 0x0
[   75.538232][    T6] hub 3-1:0.0: set hub depth failed
[   75.539648][   T39] playstation 0003:054C:0CE6.0017: unknown main item tag 0x0
[   75.552171][   T39] playstation 0003:054C:0CE6.0017: unknown main item tag 0x0
[   75.559505][   T39] playstation 0003:054C:0CE6.0017: unknown main item tag 0x0
[   75.567304][   T39] playstation 0003:054C:0CE6.0017: hidraw0: USB HID v0.00 Device [HID 054c:0ce6] on usb-dummy_hcd.0-1/input0
[   75.582833][    T6] usb 3-1: USB disconnect, device number 12
[   75.648194][  T338] Bluetooth: hci0: command 0x1001 tx timeout
[   75.654073][  T658] Bluetooth: hci0: sending frame failed (-49)
[   75.718152][   T39] playstation 0003:054C:0CE6.0017: Invalid byte count transferred, expected 20 got 0
[   75.724046][ T1797] loop3: detected capacity change from 0 to 2048
[   75.731305][   T39] playstation 0003:054C:0CE6.0017: Failed to retrieve DualSense pairing info: -22
[   75.743546][   T39] playstation 0003:054C:0CE6.0017: Failed to get MAC address from DualSense
[   75.752738][   T39] playstation 0003:054C:0CE6.0017: Failed to create dualsense.
[   75.761736][   T39] playstation: probe of 0003:054C:0CE6.0017 failed with error -22
[   75.800160][ T1797] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   75.951713][   T20] usb 1-1: USB disconnect, device number 7
[   76.038153][ T1725] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[   76.065506][ T1809] loop2: detected capacity change from 0 to 128
[   76.100566][ T1809] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   76.112447][ T1809] ext4 filesystem being mounted at /112/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff)
[   76.192683][ T1808] loop3: detected capacity change from 0 to 40427
[   76.206703][ T1808] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[   76.214539][ T1808] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[   76.223562][ T1808] F2FS-fs (loop3): invalid crc value
[   76.230237][ T1808] F2FS-fs (loop3): Found nat_bits in checkpoint
[   76.272722][ T1808] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[   76.279731][ T1808] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   76.300958][ T1808] Invalid ELF header len 1
[   76.311847][   T45] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[   76.321004][   T45] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[   76.398354][ T1725] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   76.409773][ T1725] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   76.422843][ T1725] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   76.431894][ T1725] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   76.440550][ T1725] usb 2-1: config 0 descriptor??
[   76.798167][   T20] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[   76.898108][   T26] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[   76.908985][ T1725] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0
[   76.916357][ T1725] plantronics 0003:047F:FFFF.0018: No inputs registered, leaving
[   76.925130][ T1725] plantronics 0003:047F:FFFF.0018: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[   77.048147][   T20] usb 4-1: Using ep0 maxpacket: 16
[   77.138720][   T26] usb 3-1: Using ep0 maxpacket: 16
[   77.178406][   T20] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   77.188390][   T20] usb 4-1: config 0 has no interfaces?
[   77.191096][   T39] usb 2-1: USB disconnect, device number 13
[   77.298169][   T26] usb 3-1: unable to get BOS descriptor or descriptor too short
[   77.368207][   T20] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[   77.377301][   T20] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   77.378174][   T26] usb 3-1: config 71 has an invalid interface number: 197 but max is 0
[   77.385058][   T20] usb 4-1: Product: syz
[   77.393483][   T26] usb 3-1: config 71 has no interface number 0
[   77.397118][   T20] usb 4-1: Manufacturer: syz
[   77.403865][   T26] usb 3-1: config 71 interface 197 altsetting 8 endpoint 0xD has invalid maxpacket 1024, setting to 64
[   77.407704][   T20] usb 4-1: SerialNumber: syz
[   77.418923][   T26] usb 3-1: config 71 interface 197 altsetting 8 bulk endpoint 0x3 has invalid maxpacket 16
[   77.424465][   T20] r8152-cfgselector 4-1: config 0 descriptor??
[   77.438315][   T26] usb 3-1: config 71 interface 197 has no altsetting 0
[   77.678210][   T26] usb 3-1: string descriptor 0 read error: -22
[   77.684340][   T26] usb 3-1: New USB device found, idVendor=0079, idProduct=57a7, bcdDevice=89.59
[   77.693222][   T26] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   77.718187][ T1827] raw-gadget.2 gadget: fail, usb_ep_enable returned -22
[   77.728789][   T20] Bluetooth: hci0: command 0x1009 tx timeout
[   77.739152][  T320] usb 4-1: config 0 descriptor??
[   77.844697][ T1834] loop1: detected capacity change from 0 to 40427
[   77.933655][   T26] usb 4-1: USB disconnect, device number 10
[   77.939415][  T320] usb 4-1: can't set config #0, error -71
[   77.945658][ T1834] F2FS-fs (loop1): Invalid Fs Meta Ino: node(1) meta(2) root(0)
[   77.953846][ T1834] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[   77.968593][ T1834] F2FS-fs (loop1): invalid crc value
[   77.975258][ T1834] F2FS-fs (loop1): Found nat_bits in checkpoint
[   77.987219][   T39] usb 3-1: USB disconnect, device number 13
[   78.007758][ T1834] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[   78.014714][ T1834] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   78.074531][ T1834] attempt to access beyond end of device
[   78.074531][ T1834] loop1: rw=34817, want=77856, limit=40427
[   78.166413][ T1706] attempt to access beyond end of device
[   78.166413][ T1706] loop1: rw=2049, want=45104, limit=40427
[   78.350487][ T1846] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[   78.529897][ T1855] loop2: detected capacity change from 0 to 512
[   78.569076][ T1855] EXT4-fs (loop2): 1 truncate cleaned up
[   78.574639][ T1855] EXT4-fs (loop2): mounted filesystem without journal. Opts: bsdgroups,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=continue,grpjquota=,errors=remount-ro,nobarrier,. Quota mode: writeback.
[   78.628225][   T20] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[   78.642834][ T1859] loop0: detected capacity change from 0 to 256
[   78.696827][ T1859] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[   78.902087][   T20] usb 2-1: Using ep0 maxpacket: 8
[   78.914080][ T1878] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   78.924954][ T1878] F2FS-fs (loop7): Unable to read 1th superblock
[   78.932351][ T1878] blk_update_request: I/O error, dev loop7, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   78.943358][ T1878] F2FS-fs (loop7): Unable to read 2th superblock
[   78.975795][   T30] audit: type=1400 audit(1729570446.681:621): avc:  denied  { nlmsg_write } for  pid=1882 comm="syz.3.587" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[   79.028232][   T20] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   79.044775][   T20] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   79.047516][ T1872] loop0: detected capacity change from 0 to 40427
[   79.054851][   T20] usb 2-1: New USB device found, idVendor=054c, idProduct=0ce6, bcdDevice= 0.00
[   79.069814][   T20] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   79.078817][   T20] usb 2-1: config 0 descriptor??
[   79.092959][ T1872] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(2) root(0)
[   79.100904][ T1872] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[   79.109792][ T1872] F2FS-fs (loop0): invalid crc value
[   79.116233][ T1872] F2FS-fs (loop0): Found nat_bits in checkpoint
[   79.158327][ T1872] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[   79.165276][ T1872] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   79.226564][ T1893] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.233777][ T1893] bridge0: port 1(bridge_slave_0) entered disabled state
[   79.241387][ T1893] device bridge_slave_0 entered promiscuous mode
[   79.248548][ T1893] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.252313][ T1872] attempt to access beyond end of device
[   79.252313][ T1872] loop0: rw=34817, want=77856, limit=40427
[   79.255427][ T1893] bridge0: port 2(bridge_slave_1) entered disabled state
[   79.273683][ T1893] device bridge_slave_1 entered promiscuous mode
[   79.315169][ T1893] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.322034][ T1893] bridge0: port 2(bridge_slave_1) entered forwarding state
[   79.329149][ T1893] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.335899][ T1893] bridge0: port 1(bridge_slave_0) entered forwarding state
[   79.356633][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   79.364210][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[   79.371517][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[   79.389355][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   79.397394][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.404270][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   79.411666][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   79.411703][ T1371] attempt to access beyond end of device
[   79.411703][ T1371] loop0: rw=2049, want=45104, limit=40427
[   79.420025][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.437419][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   79.459738][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   79.478029][ T1893] device veth0_vlan entered promiscuous mode
[   79.485175][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   79.493992][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   79.502823][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   79.510522][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   79.517755][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   79.531886][  T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   79.540939][ T1893] device veth1_macvtap entered promiscuous mode
[   79.550759][  T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   79.560582][   T20] playstation 0003:054C:0CE6.0019: unknown main item tag 0x0
[   79.567792][   T20] playstation 0003:054C:0CE6.0019: unknown main item tag 0x0
[   79.580960][   T20] playstation 0003:054C:0CE6.0019: unknown main item tag 0x0
[   79.589006][   T20] playstation 0003:054C:0CE6.0019: unknown main item tag 0x0
[   79.596222][   T20] playstation 0003:054C:0CE6.0019: unknown main item tag 0x0
[   79.603727][   T20] playstation 0003:054C:0CE6.0019: unknown main item tag 0x0
[   79.616081][  T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   79.635997][   T20] playstation 0003:054C:0CE6.0019: unknown main item tag 0x0
[   79.653476][   T20] playstation 0003:054C:0CE6.0019: hidraw0: USB HID v0.00 Device [HID 054c:0ce6] on usb-dummy_hcd.1-1/input0
[   79.690825][ T1905] bridge0: port 1(bridge_slave_0) entered disabled state
[   79.705045][ T1908] loop0: detected capacity change from 0 to 16
[   79.711661][ T1905] bridge0: port 2(bridge_slave_1) entered disabled state
[   79.746748][   T30] audit: type=1326 audit(1729570447.451:622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1911 comm="syz.2.599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58407c0ff9 code=0x7ffc0000
[   79.776859][   T10] device bridge_slave_1 left promiscuous mode
[   79.783403][   T10] bridge0: port 2(bridge_slave_1) entered disabled state
[   79.788180][   T20] playstation 0003:054C:0CE6.0019: Invalid byte count transferred, expected 20 got 0
[   79.790530][ T1908] erofs: (device loop0): mounted with root inode @ nid 36.
[   79.812014][   T10] device bridge_slave_0 left promiscuous mode
[   79.817634][   T20] playstation 0003:054C:0CE6.0019: Failed to retrieve DualSense pairing info: -22
[   79.835947][   T20] playstation 0003:054C:0CE6.0019: Failed to get MAC address from DualSense
[   79.836183][   T10] bridge0: port 1(bridge_slave_0) entered disabled state
[   79.845833][   T20] playstation 0003:054C:0CE6.0019: Failed to create dualsense.
[   79.859841][   T10] device veth1_macvtap left promiscuous mode
[   79.862449][ T1916] loop3: detected capacity change from 0 to 512
[   79.865773][   T10] device veth0_vlan left promiscuous mode
[   79.874846][   T20] playstation: probe of 0003:054C:0CE6.0019 failed with error -22
[   79.920734][ T1921] loop2: detected capacity change from 0 to 256
[   79.941359][ T1921] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[   79.971239][ T1916] EXT4-fs (loop3): 1 truncate cleaned up
[   79.977068][ T1916] EXT4-fs (loop3): mounted filesystem without journal. Opts: bsdgroups,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=continue,grpjquota=,errors=remount-ro,nobarrier,. Quota mode: writeback.
[   80.024545][   T20] usb 2-1: USB disconnect, device number 14
[   80.128537][   T30] kauditd_printk_skb: 13 callbacks suppressed
[   80.128553][   T30] audit: type=1400 audit(1729570447.831:636): avc:  denied  { write } for  pid=1929 comm="syz.0.606" name="ppp" dev="devtmpfs" ino=134 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[   80.237426][ T1928] loop3: detected capacity change from 0 to 40427
[   80.279364][ T1928] F2FS-fs (loop3): Invalid Fs Meta Ino: node(1) meta(2) root(0)
[   80.290436][ T1928] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[   80.305989][ T1928] F2FS-fs (loop3): invalid crc value
[   80.314776][ T1928] F2FS-fs (loop3): Found nat_bits in checkpoint
[   80.335838][ T1937] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.342736][ T1937] bridge0: port 1(bridge_slave_0) entered disabled state
[   80.350010][ T1937] device bridge_slave_0 entered promiscuous mode
[   80.355187][ T1928] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[   80.356904][ T1937] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.363357][ T1928] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   80.370449][ T1937] bridge0: port 2(bridge_slave_1) entered disabled state
[   80.384636][ T1937] device bridge_slave_1 entered promiscuous mode
[   80.411675][ T1893] attempt to access beyond end of device
[   80.411675][ T1893] loop3: rw=2049, want=45104, limit=40427
[   80.482843][ T1937] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.489719][ T1937] bridge0: port 2(bridge_slave_1) entered forwarding state
[   80.496823][ T1937] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.503604][ T1937] bridge0: port 1(bridge_slave_0) entered forwarding state
[   80.562323][  T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   80.583090][  T320] bridge0: port 1(bridge_slave_0) entered disabled state
[   80.618168][  T320] bridge0: port 2(bridge_slave_1) entered disabled state
[   80.630702][ T1948] loop0: detected capacity change from 0 to 40427
[   80.643351][ T1950] bridge0: port 1(bridge_slave_0) entered disabled state
[   80.651692][ T1950] bridge0: port 2(bridge_slave_1) entered disabled state
[   80.672464][  T320] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   80.682120][  T320] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.684574][ T1948] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(2) root(0)
[   80.688994][  T320] bridge0: port 1(bridge_slave_0) entered forwarding state
[   80.689231][  T320] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   80.711986][  T320] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.716996][ T1948] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[   80.718851][  T320] bridge0: port 2(bridge_slave_1) entered forwarding state
[   80.727906][ T1948] F2FS-fs (loop0): invalid crc value
[   80.736105][  T320] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   80.747057][  T320] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   80.765469][  T469] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   80.777859][ T1948] F2FS-fs (loop0): Found nat_bits in checkpoint
[   80.801964][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   80.810461][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   80.828614][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   80.840650][ T1937] device veth0_vlan entered promiscuous mode
[   80.841520][ T1964] loop1: detected capacity change from 0 to 256
[   80.873474][ T1966] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3
[   80.875204][ T1937] device veth1_macvtap entered promiscuous mode
[   80.892043][ T1964] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[   80.897581][  T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   80.912973][ T1948] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[   80.927304][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   80.951064][ T1948] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   80.963388][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   80.997943][ T1371] attempt to access beyond end of device
[   80.997943][ T1371] loop0: rw=2049, want=45104, limit=40427
[   81.068943][   T10] device bridge_slave_1 left promiscuous mode
[   81.074907][   T10] bridge0: port 2(bridge_slave_1) entered disabled state
[   81.092280][   T10] device bridge_slave_0 left promiscuous mode
[   81.102216][   T10] bridge0: port 1(bridge_slave_0) entered disabled state
[   81.110527][   T10] device veth0_vlan left promiscuous mode
[   81.198178][  T328] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[   81.288339][   T20] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[   81.498178][ T1725] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[   81.528262][   T20] usb 3-1: Using ep0 maxpacket: 8
[   81.568232][  T328] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   81.578243][  T328] usb 4-1: config 0 interface 0 altsetting 129 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   81.589103][  T328] usb 4-1: config 0 interface 0 altsetting 129 endpoint 0x81 has invalid wMaxPacketSize 0
[   81.598887][  T328] usb 4-1: config 0 interface 0 has no altsetting 0
[   81.605219][  T328] usb 4-1: New USB device found, idVendor=0c12, idProduct=0005, bcdDevice= 0.00
[   81.614187][  T328] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   81.622930][  T328] usb 4-1: config 0 descriptor??
[   81.658253][   T20] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   81.669502][   T20] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   81.679427][   T20] usb 3-1: New USB device found, idVendor=054c, idProduct=0ce6, bcdDevice= 0.00
[   81.691374][   T20] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   81.699914][   T20] usb 3-1: config 0 descriptor??
[   81.737012][ T1990] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.744081][ T1990] bridge0: port 1(bridge_slave_0) entered disabled state
[   81.748159][ T1725] usb 1-1: Using ep0 maxpacket: 16
[   81.751356][ T1990] device bridge_slave_0 entered promiscuous mode
[   81.762584][ T1990] bridge0: port 2(bridge_slave_1) entered blocking state
[   81.769668][ T1990] bridge0: port 2(bridge_slave_1) entered disabled state
[   81.776800][ T1990] device bridge_slave_1 entered promiscuous mode
[   81.821206][ T1990] bridge0: port 2(bridge_slave_1) entered blocking state
[   81.828085][ T1990] bridge0: port 2(bridge_slave_1) entered forwarding state
[   81.835152][ T1990] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.841957][ T1990] bridge0: port 1(bridge_slave_0) entered forwarding state
[   81.861119][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   81.869029][   T10] bridge0: port 1(bridge_slave_0) entered disabled state
[   81.876181][   T10] bridge0: port 2(bridge_slave_1) entered disabled state
[   81.885328][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   81.894119][   T10] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.900986][   T10] bridge0: port 1(bridge_slave_0) entered forwarding state
[   81.903484][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   81.916509][   T10] bridge0: port 2(bridge_slave_1) entered blocking state
[   81.923393][   T10] bridge0: port 2(bridge_slave_1) entered forwarding state
[   81.938210][ T1725] usb 1-1: unable to get BOS descriptor or descriptor too short
[   81.946634][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   81.954454][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   81.979348][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   81.987530][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   81.995679][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   82.003262][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   82.012062][ T1990] device veth0_vlan entered promiscuous mode
[   82.019539][   T10] tipc: Disabling bearer <udp:s>
[   82.024467][   T10] tipc: Left network mode
[   82.028919][ T1725] usb 1-1: config 71 has an invalid interface number: 197 but max is 0
[   82.033463][  T430] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   82.037209][ T1725] usb 1-1: config 71 has no interface number 0
[   82.047033][ T1990] device veth1_macvtap entered promiscuous mode
[   82.051041][ T1725] usb 1-1: config 71 interface 197 altsetting 8 endpoint 0xD has invalid maxpacket 1024, setting to 64
[   82.062607][  T430] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   82.067889][ T1725] usb 1-1: config 71 interface 197 altsetting 8 bulk endpoint 0x3 has invalid maxpacket 16
[   82.085695][ T1725] usb 1-1: config 71 interface 197 has no altsetting 0
[   82.095906][  T430] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   82.104900][  T328] zeroplus 0003:0C12:0005.001A: item fetching failed at offset 1/5
[   82.113710][  T328] zeroplus 0003:0C12:0005.001A: parse failed
[   82.119609][  T328] zeroplus: probe of 0003:0C12:0005.001A failed with error -22
[   82.157293][ T2000] loop1: detected capacity change from 0 to 512
[   82.188943][   T20] playstation 0003:054C:0CE6.001B: unknown main item tag 0x0
[   82.196278][   T20] playstation 0003:054C:0CE6.001B: unknown main item tag 0x0
[   82.203494][   T20] playstation 0003:054C:0CE6.001B: unknown main item tag 0x0
[   82.213008][ T2000] EXT4-fs (loop1): Mount option "noacl" will be removed by 3.5
[   82.213008][ T2000] Contact linux-ext4@vger.kernel.org if you think we should keep it.
[   82.213008][ T2000] 
[   82.218117][   T20] playstation 0003:054C:0CE6.001B: unknown main item tag 0x0
[   82.233222][ T2000] EXT4-fs (loop1): Ignoring removed bh option
[   82.243648][   T20] playstation 0003:054C:0CE6.001B: unknown main item tag 0x0
[   82.243674][   T20] playstation 0003:054C:0CE6.001B: unknown main item tag 0x0
[   82.251699][ T2000] EXT4-fs (loop1): Ignoring removed nobh option
[   82.261361][   T20] playstation 0003:054C:0CE6.001B: unknown main item tag 0x0
[   82.264546][ T2000] EXT4-fs (loop1): Unrecognized mount option "euid<00000000000000000000" or missing value
[   82.274353][   T20] playstation 0003:054C:0CE6.001B: hidraw0: USB HID v0.00 Device [HID 054c:0ce6] on usb-dummy_hcd.2-1/input0
[   82.318675][   T39] usb 4-1: USB disconnect, device number 11
[   82.355688][   T30] audit: type=1326 audit(1729570450.061:637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2006 comm="syz.1.633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfa2d28ff9 code=0x7ffc0000
[   82.380028][ T1725] usb 1-1: string descriptor 0 read error: -22
[   82.386073][ T1725] usb 1-1: New USB device found, idVendor=0079, idProduct=57a7, bcdDevice=89.59
[   82.397046][   T30] audit: type=1326 audit(1729570450.061:638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2006 comm="syz.1.633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbfa2d28ff9 code=0x7ffc0000
[   82.420540][ T1725] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   82.432449][   T30] audit: type=1326 audit(1729570450.061:639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2006 comm="syz.1.633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfa2d28ff9 code=0x7ffc0000
[   82.456260][ T1988] raw-gadget.2 gadget: fail, usb_ep_enable returned -22
[   82.463156][   T20] playstation 0003:054C:0CE6.001B: Invalid byte count transferred, expected 20 got 0
[   82.472750][  T328] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[   82.480594][   T20] playstation 0003:054C:0CE6.001B: Failed to retrieve DualSense pairing info: -22
[   82.493029][   T20] playstation 0003:054C:0CE6.001B: Failed to get MAC address from DualSense
[   82.501692][   T20] playstation 0003:054C:0CE6.001B: Failed to create dualsense.
[   82.509113][   T30] audit: type=1326 audit(1729570450.061:640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2006 comm="syz.1.633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbfa2d28ff9 code=0x7ffc0000
[   82.532890][   T20] playstation: probe of 0003:054C:0CE6.001B failed with error -22
[   82.543456][   T30] audit: type=1326 audit(1729570450.061:641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2006 comm="syz.1.633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfa2d28ff9 code=0x7ffc0000
[   82.567301][   T30] audit: type=1326 audit(1729570450.061:642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2006 comm="syz.1.633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbfa2d28ff9 code=0x7ffc0000
[   82.590535][   T30] audit: type=1326 audit(1729570450.091:643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2006 comm="syz.1.633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfa2d28ff9 code=0x7ffc0000
[   82.613963][   T30] audit: type=1326 audit(1729570450.101:644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2006 comm="syz.1.633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbfa2d28ff9 code=0x7ffc0000
[   82.637366][   T30] audit: type=1326 audit(1729570450.131:645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2006 comm="syz.1.633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfa2d28ff9 code=0x7ffc0000
[   82.669945][ T2009] loop1: detected capacity change from 0 to 40427
[   82.686486][ T2009] F2FS-fs (loop1): Invalid Fs Meta Ino: node(1) meta(2) root(0)
[   82.699408][   T10] device bridge_slave_1 left promiscuous mode
[   82.705463][   T10] bridge0: port 2(bridge_slave_1) entered disabled state
[   82.705627][ T1725] usb 3-1: USB disconnect, device number 14
[   82.712666][ T2009] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[   82.726811][   T10] device bridge_slave_0 left promiscuous mode
[   82.738157][  T328] usb 5-1: Using ep0 maxpacket: 16
[   82.738246][   T10] bridge0: port 1(bridge_slave_0) entered disabled state
[   82.754676][ T2009] F2FS-fs (loop1): invalid crc value
[   82.761013][   T10] device veth0_vlan left promiscuous mode
[   82.767056][   T20] usb 1-1: USB disconnect, device number 8
[   82.769671][ T2009] F2FS-fs (loop1): Found nat_bits in checkpoint
[   82.805137][ T2009] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[   82.812312][ T2009] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   82.840636][ T1706] attempt to access beyond end of device
[   82.840636][ T1706] loop1: rw=2049, want=45104, limit=40427
[   82.878191][  T328] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   82.888523][  T328] usb 5-1: config 0 has no interfaces?
[   82.984707][ T2026] loop1: detected capacity change from 0 to 512
[   83.019937][ T2026] EXT4-fs (loop1): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,nobarrier,errors=continue,,errors=continue. Quota mode: writeback.
[   83.036916][ T2026] ext4 filesystem being mounted at /25/file0 supports timestamps until 2038 (0x7fffffff)
[   83.068221][  T328] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[   83.077188][  T328] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   83.085175][  T328] usb 5-1: Product: syz
[   83.089256][  T328] usb 5-1: Manufacturer: syz
[   83.093685][  T328] usb 5-1: SerialNumber: syz
[   83.098928][  T328] r8152-cfgselector 5-1: config 0 descriptor??
[   83.250652][ T2038] loop1: detected capacity change from 0 to 512
[   83.290718][ T2038] EXT4-fs error (device loop1): ext4_orphan_get:1397: inode #15: comm syz.1.653: casefold flag without casefold feature
[   83.303303][ T2038] EXT4-fs error (device loop1): ext4_orphan_get:1402: comm syz.1.653: couldn't read orphan inode 15 (err -117)
[   83.316311][ T2038] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[   83.560047][  T328] usb 5-1: USB disconnect, device number 11
[   84.068947][ T2042] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[   84.079368][ T2047] loop3: detected capacity change from 0 to 512
[   84.105787][ T2050] netlink: 24 bytes leftover after parsing attributes in process `syz.1.645'.
[   84.140360][ T2061] loop2: detected capacity change from 0 to 512
[   84.176840][ T2061] EXT4-fs (loop2): Mount option "noacl" will be removed by 3.5
[   84.176840][ T2061] Contact linux-ext4@vger.kernel.org if you think we should keep it.
[   84.176840][ T2061] 
[   84.195236][ T2047] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[   84.232047][ T2047] ext4 filesystem being mounted at /8/file1 supports timestamps until 2038 (0x7fffffff)
[   84.258276][ T2061] EXT4-fs (loop2): Ignoring removed bh option
[   84.270707][ T2061] EXT4-fs (loop2): Ignoring removed nobh option
[   84.311019][ T2061] EXT4-fs (loop2): Unrecognized mount option "euid<00000000000000000000" or missing value
[   84.321621][ T2047] EXT4-fs error (device loop3): ext4_get_first_dir_block:3603: inode #12: block 32: comm syz.3.647: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[   84.343895][ T2047] EXT4-fs error (device loop3): ext4_get_first_dir_block:3606: inode #12: comm syz.3.647: directory missing '.'
[   84.438098][   T20] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[   84.530967][ T2079] loop2: detected capacity change from 0 to 512
[   84.627374][ T2070] loop0: detected capacity change from 0 to 40427
[   84.645051][ T2079] EXT4-fs error (device loop2): ext4_find_inline_data_nolock:164: inode #12: comm syz.2.660: inline data xattr refers to an external xattr inode
[   84.659837][ T2070] F2FS-fs (loop0): invalid crc value
[   84.663578][ T2079] EXT4-fs (loop2): Remounting filesystem read-only
[   84.676004][ T2079] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz.2.660: couldn't read orphan inode 12 (err -117)
[   84.688126][   T20] usb 2-1: Using ep0 maxpacket: 16
[   84.693684][ T2079] EXT4-fs (loop2): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,user_xattr,grpjquota=,errors=remount-ro,prjquota,usrjquota=,usrjquota=,min_batch_time=0x0000000000000005,nodiscard,. Quota mode: writeback.
[   84.716955][ T2070] F2FS-fs (loop0): Found nat_bits in checkpoint
[   84.771751][ T2070] F2FS-fs (loop0): Start checkpoint disabled!
[   84.777522][ T2077] loop3: detected capacity change from 0 to 40427
[   84.778551][ T2070] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[   84.798517][ T2077] F2FS-fs (loop3): invalid crc value
[   84.805487][ T2077] F2FS-fs (loop3): Found nat_bits in checkpoint
[   84.811738][   T20] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   84.822574][   T20] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   84.844793][   T20] usb 2-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[   84.854127][   T20] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   84.865922][   T20] usb 2-1: config 0 descriptor??
[   84.871322][ T2077] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[   84.881277][ T2090] netlink: 24 bytes leftover after parsing attributes in process `syz.4.664'.
[   84.917524][  T320] attempt to access beyond end of device
[   84.917524][  T320] loop0: rw=2049, want=40968, limit=40427
[   84.919949][ T2089] loop2: detected capacity change from 0 to 512
[   84.931901][ T2092] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[   84.958722][ T1893] attempt to access beyond end of device
[   84.958722][ T1893] loop3: rw=2049, want=45104, limit=40427
[   85.003672][ T2089] EXT4-fs (loop2): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,nobarrier,errors=continue,,errors=continue. Quota mode: writeback.
[   85.021768][ T2089] ext4 filesystem being mounted at /9/file0 supports timestamps until 2038 (0x7fffffff)
[   85.143989][ T2104] loop2: detected capacity change from 0 to 512
[   85.176376][ T2104] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[   85.200092][ T2104] ext4 filesystem being mounted at /10/file1 supports timestamps until 2038 (0x7fffffff)
[   85.216359][ T2116] loop4: detected capacity change from 0 to 512
[   85.236054][ T2104] EXT4-fs error (device loop2): ext4_get_first_dir_block:3603: inode #12: block 32: comm syz.2.669: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[   85.256800][ T2104] EXT4-fs error (device loop2): ext4_get_first_dir_block:3606: inode #12: comm syz.2.669: directory missing '.'
[   85.293124][ T2116] EXT4-fs error (device loop4): ext4_find_inline_data_nolock:164: inode #12: comm syz.4.673: inline data xattr refers to an external xattr inode
[   85.308450][ T2116] EXT4-fs (loop4): Remounting filesystem read-only
[   85.315013][ T2116] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz.4.673: couldn't read orphan inode 12 (err -117)
[   85.327343][ T2116] EXT4-fs (loop4): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,user_xattr,grpjquota=,errors=remount-ro,prjquota,usrjquota=,usrjquota=,min_batch_time=0x0000000000000005,nodiscard,. Quota mode: writeback.
[   85.359124][   T20] hid-multitouch 0003:1FD2:6007.001C: unknown main item tag 0x0
[   85.376957][   T20] hid-multitouch 0003:1FD2:6007.001C: item fetching failed at offset 4/5
[   85.385550][   T20] hid-multitouch: probe of 0003:1FD2:6007.001C failed with error -22
[   85.428114][ T1725] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[   85.458885][ T2124] netlink: 24 bytes leftover after parsing attributes in process `syz.2.676'.
[   85.560548][   T20] usb 2-1: USB disconnect, device number 15
[   85.639089][ T2122] loop4: detected capacity change from 0 to 40427
[   85.678121][ T1725] usb 1-1: Using ep0 maxpacket: 16
[   85.733172][ T2122] F2FS-fs (loop4): invalid crc value
[   85.748841][ T2122] F2FS-fs (loop4): Found nat_bits in checkpoint
[   85.786143][ T2122] F2FS-fs (loop4): Start checkpoint disabled!
[   85.792883][ T2122] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[   85.818342][ T1725] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   85.832815][ T1725] usb 1-1: config 0 has no interfaces?
[   85.851849][ T2127] loop2: detected capacity change from 0 to 40427
[   85.869835][ T2127] F2FS-fs (loop2): invalid crc value
[   85.876550][ T2127] F2FS-fs (loop2): Found nat_bits in checkpoint
[   85.896892][  T430] attempt to access beyond end of device
[   85.896892][  T430] loop4: rw=2049, want=40968, limit=40427
[   85.911978][ T2127] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[   85.951960][ T1937] attempt to access beyond end of device
[   85.951960][ T1937] loop2: rw=2049, want=45104, limit=40427
[   86.008497][ T1725] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[   86.017673][ T1725] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   86.026005][ T1725] usb 1-1: Product: syz
[   86.032411][ T1725] usb 1-1: Manufacturer: syz
[   86.040706][ T1725] usb 1-1: SerialNumber: syz
[   86.047054][ T1725] r8152-cfgselector 1-1: config 0 descriptor??
[   86.214775][ T2159] loop2: detected capacity change from 0 to 512
[   86.259309][ T2159] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #15: comm syz.2.686: casefold flag without casefold feature
[   86.272091][ T2159] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz.2.686: couldn't read orphan inode 15 (err -117)
[   86.284051][ T2159] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[   86.321862][   T30] kauditd_printk_skb: 11 callbacks suppressed
[   86.321876][   T30] audit: type=1400 audit(1729570454.031:657): avc:  denied  { ioctl } for  pid=2166 comm="syz.1.690" path="/37/file0/.pending_reads" dev="incremental-fs" ino=2 ioctlcmd=0x6725 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   86.369521][   T30] audit: type=1400 audit(1729570454.071:658): avc:  denied  { write } for  pid=2172 comm="syz.1.696" name="snmp" dev="proc" ino=4026532778 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[   86.377245][ T2173] loop1: detected capacity change from 0 to 128
[   86.429136][   T30] audit: type=1400 audit(1729570454.141:659): avc:  denied  { ioctl } for  pid=2183 comm="syz.3.700" path="socket:[23535]" dev="sockfs" ino=23535 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   86.429241][ T2184] netlink: 36 bytes leftover after parsing attributes in process `syz.3.700'.
[   86.465149][   T39] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[   86.488986][ T2173] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   86.490347][ T2182] loop2: detected capacity change from 0 to 8192
[   86.506787][ T2182] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   86.513475][ T2173] ext4 filesystem being mounted at /38/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff)
[   86.520082][  T335] usb 1-1: USB disconnect, device number 9
[   86.577717][   T26] kernel write not supported for file /82/net/snmp (pid: 26 comm: kworker/1:0)
[   86.599600][ T2191] loop3: detected capacity change from 0 to 512
[   86.630166][ T2199] loop2: detected capacity change from 0 to 512
[   86.650631][ T2191] EXT4-fs error (device loop3): ext4_orphan_get:1397: inode #15: comm syz.3.705: casefold flag without casefold feature
[   86.663997][ T2199] EXT4-fs (loop2): Ignoring removed oldalloc option
[   86.664509][ T2191] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz.3.705: couldn't read orphan inode 15 (err -117)
[   86.670934][ T2199] EXT4-fs (loop2): Journaled quota options ignored when QUOTA feature is enabled
[   86.691975][ T2191] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[   86.702986][ T2199] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock
[   86.712993][ T2199] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock
[   86.722707][ T2199] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 1 overlaps superblock
[   86.732613][ T2199] EXT4-fs (loop2): revision level too high, forcing read-only mode
[   86.742750][ T2199] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c040e01c, mo2=0000]
[   86.750855][ T2199] EXT4-fs (loop2): orphan cleanup on readonly fs
[   86.757525][ T2199] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.706: bg 0: block 34: padding at end of block bitmap is not set
[   86.772103][ T2199] Quota error (device loop2): write_blk: dquota write failed
[   86.780724][ T2199] Quota error (device loop2): qtree_write_dquot: Error -28 occurred while creating quota
[   86.785379][ T2207] syz.1.711[2207] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   86.790495][ T2199] EXT4-fs error (device loop2): ext4_acquire_dquot:6187: comm syz.2.706: Failed to acquire dquot type 1
[   86.805565][ T2207] syz.1.711[2207] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   86.842062][ T2199] EXT4-fs (loop2): 1 truncate cleaned up
[   86.849046][ T2199] EXT4-fs (loop2): mounted filesystem without journal. Opts: oldalloc,discard,usrjquota=./file0,noblock_validity,,errors=continue. Quota mode: writeback.
[   86.880120][ T2217] loop3: detected capacity change from 0 to 128
[   86.908133][   T39] usb 5-1: config index 0 descriptor too short (expected 45, got 36)
[   86.916143][   T39] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[   86.939297][   T39] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[   86.950341][   T39] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   86.963067][   T39] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   86.972085][   T39] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   86.988312][   T39] usb 5-1: config 0 descriptor??
[   87.018626][ T2154] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[   87.201553][ T2227] loop3: detected capacity change from 0 to 512
[   87.263335][ T2241] syz.0.724[2241] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   87.263405][ T2241] syz.0.724[2241] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   87.279121][   T30] audit: type=1326 audit(1729570454.991:660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2242 comm="syz.1.725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfa2d28ff9 code=0x7ffc0000
[   87.320762][   T30] audit: type=1326 audit(1729570454.991:661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2242 comm="syz.1.725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfa2d28ff9 code=0x7ffc0000
[   87.361812][ T2227] EXT4-fs error (device loop3): ext4_orphan_get:1423: comm syz.3.719: bad orphan inode 17
[   87.420291][ T2227] ext4_test_bit(bit=16, block=4) = 1
[   87.435528][ T2227] is_bad_inode(inode)=0
[   87.440376][ T2227] NEXT_ORPHAN(inode)=0
[   87.444286][ T2227] max_ino=32
[   87.447383][ T2227] i_nlink=1
[   87.450760][   T30] audit: type=1326 audit(1729570454.991:662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2242 comm="syz.1.725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=121 compat=0 ip=0x7fbfa2d28ff9 code=0x7ffc0000
[   87.484337][ T2227] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   87.488954][   T39] plantronics 0003:047F:FFFF.001D: unknown main item tag 0x0
[   87.512100][   T39] plantronics 0003:047F:FFFF.001D: unknown main item tag 0x0
[   87.526789][ T2227] EXT4-fs error (device loop3): ext4_validate_block_bitmap:429: comm syz.3.719: bg 0: block 7: invalid block bitmap
[   87.528163][   T39] plantronics 0003:047F:FFFF.001D: unknown main item tag 0x0
[   87.548227][   T30] audit: type=1326 audit(1729570454.991:663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2242 comm="syz.1.725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfa2d28ff9 code=0x7ffc0000
[   87.556193][   T39] plantronics 0003:047F:FFFF.001D: unknown main item tag 0x0
[   87.602627][   T30] audit: type=1326 audit(1729570454.991:664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2242 comm="syz.1.725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfa2d28ff9 code=0x7ffc0000
[   87.608141][   T39] plantronics 0003:047F:FFFF.001D: unknown main item tag 0x0
[   87.666613][   T39] plantronics 0003:047F:FFFF.001D: unknown main item tag 0x0
[   87.674631][   T39] plantronics 0003:047F:FFFF.001D: unknown main item tag 0x0
[   87.684070][   T39] plantronics 0003:047F:FFFF.001D: unknown main item tag 0x0
[   87.693315][   T39] plantronics 0003:047F:FFFF.001D: unknown main item tag 0x0
[   87.711581][   T39] plantronics 0003:047F:FFFF.001D: unknown main item tag 0x0
[   87.719169][   T39] plantronics 0003:047F:FFFF.001D: unknown main item tag 0x0
[   87.726730][   T39] plantronics 0003:047F:FFFF.001D: unknown main item tag 0x0
[   87.735104][   T39] plantronics 0003:047F:FFFF.001D: unknown main item tag 0x0
[   87.742867][ T2263] mmap: syz.1.734 (2263): VmData 29020160 exceed data ulimit 8. Update limits or use boot option ignore_rlimit_data.
[   87.755065][   T39] plantronics 0003:047F:FFFF.001D: unknown main item tag 0x0
[   87.762402][   T39] plantronics 0003:047F:FFFF.001D: unknown main item tag 0x0
[   87.784819][   T39] plantronics 0003:047F:FFFF.001D: No inputs registered, leaving
[   87.799293][  T335] ==================================================================
[   87.807177][  T335] BUG: KASAN: use-after-free in __list_del_entry_valid+0x2f/0x120
[   87.814812][  T335] Read of size 8 at addr ffff88812012a108 by task kworker/1:3/335
[   87.822460][  T335] 
[   87.824704][  T335] CPU: 1 PID: 335 Comm: kworker/1:3 Not tainted 5.15.167-syzkaller-02003-g5e4635681cf1 #0
[   87.834428][  T335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   87.844325][  T335] Workqueue: events binder_deferred_func
[   87.849967][  T335] Call Trace:
[   87.853101][  T335]  <TASK>
[   87.855861][  T335]  dump_stack_lvl+0x151/0x1c0
[   87.860382][  T335]  ? io_uring_drop_tctx_refs+0x190/0x190
[   87.865841][  T335]  ? panic+0x760/0x760
[   87.869745][  T335]  ? kasan_quarantine_put+0x34/0x1a0
[   87.874864][  T335]  print_address_description+0x87/0x3b0
[   87.880247][  T335]  kasan_report+0x179/0x1c0
[   87.884586][  T335]  ? _raw_spin_lock+0xa4/0x1b0
[   87.889197][  T335]  ? __list_del_entry_valid+0x2f/0x120
[   87.894480][  T335]  ? __list_del_entry_valid+0x2f/0x120
[   87.899773][  T335]  __asan_report_load8_noabort+0x14/0x20
[   87.905245][  T335]  __list_del_entry_valid+0x2f/0x120
[   87.910367][  T335]  binder_release_work+0xcd/0x680
[   87.915238][  T335]  binder_deferred_func+0x1847/0x1bc0
[   87.920519][  T335]  ? read_word_at_a_time+0x12/0x20
[   87.925468][  T335]  process_one_work+0x6bb/0xc10
[   87.930307][  T335]  worker_thread+0xad5/0x12a0
[   87.934809][  T335]  ? _raw_spin_lock+0x1b0/0x1b0
[   87.939491][  T335]  kthread+0x421/0x510
[   87.943393][  T335]  ? worker_clr_flags+0x180/0x180
[   87.948340][  T335]  ? kthread_blkcg+0xd0/0xd0
[   87.952784][  T335]  ret_from_fork+0x1f/0x30
[   87.957118][  T335]  </TASK>
[   87.959973][  T335] 
[   87.962149][  T335] Allocated by task 2261:
[   87.966318][  T335]  ____kasan_kmalloc+0xdb/0x110
[   87.970999][  T335]  __kasan_kmalloc+0x9/0x10
[   87.975335][  T335]  kmem_cache_alloc_trace+0x115/0x210
[   87.980541][  T335]  binder_thread_write+0x9f5/0x6ec0
[   87.985575][  T335]  binder_ioctl_write_read+0x205/0x7300
[   87.990954][  T335]  binder_ioctl+0x371/0x2640
[   87.995379][  T335]  __se_sys_ioctl+0x114/0x190
[   87.999894][  T335]  __x64_sys_ioctl+0x7b/0x90
[   88.004333][  T335]  x64_sys_call+0x98/0x9a0
[   88.008578][  T335]  do_syscall_64+0x3b/0xb0
[   88.012924][  T335]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   88.018650][  T335] 
[   88.020810][  T335] Freed by task 335:
[   88.024552][  T335]  kasan_set_track+0x4b/0x70
[   88.028970][  T335]  kasan_set_free_info+0x23/0x40
[   88.033755][  T335]  ____kasan_slab_free+0x126/0x160
[   88.038691][  T335]  __kasan_slab_free+0x11/0x20
[   88.043288][  T335]  slab_free_freelist_hook+0xbd/0x190
[   88.048672][  T335]  kfree+0xc8/0x220
[   88.052318][  T335]  binder_free_ref+0x128/0x260
[   88.056917][  T335]  binder_deferred_func+0x171c/0x1bc0
[   88.062127][  T335]  process_one_work+0x6bb/0xc10
[   88.066811][  T335]  worker_thread+0xad5/0x12a0
[   88.071336][  T335]  kthread+0x421/0x510
[   88.075231][  T335]  ret_from_fork+0x1f/0x30
[   88.079655][  T335] 
[   88.081824][  T335] The buggy address belongs to the object at ffff88812012a100
[   88.081824][  T335]  which belongs to the cache kmalloc-64 of size 64
[   88.095539][  T335] The buggy address is located 8 bytes inside of
[   88.095539][  T335]  64-byte region [ffff88812012a100, ffff88812012a140)
[   88.108386][  T335] The buggy address belongs to the page:
[   88.113970][  T335] page:ffffea0004804a80 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88812012a500 pfn:0x12012a
[   88.125308][  T335] flags: 0x4000000000000200(slab|zone=1)
[   88.130792][  T335] raw: 4000000000000200 ffffea0004806608 ffffea00048065c8 ffff888100042780
[   88.139202][  T335] raw: ffff88812012a500 000000000020001e 00000001ffffffff 0000000000000000
[   88.147613][  T335] page dumped because: kasan: bad access detected
[   88.153868][  T335] page_owner tracks the page as allocated
[   88.159418][  T335] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 1937, ts 80986857555, free_ts 80986836836
[   88.175217][  T335]  post_alloc_hook+0x1a3/0x1b0
[   88.179901][  T335]  prep_new_page+0x1b/0x110
[   88.184243][  T335]  get_page_from_freelist+0x3550/0x35d0
[   88.189621][  T335]  __alloc_pages+0x27e/0x8f0
[   88.194068][  T335]  new_slab+0x9a/0x4e0
[   88.198038][  T335]  ___slab_alloc+0x39e/0x830
[   88.202471][  T335]  __slab_alloc+0x4a/0x90
[   88.206634][  T335]  kmem_cache_alloc_trace+0x142/0x210
[   88.211840][  T335]  __get_vm_area_node+0x117/0x360
[   88.216701][  T335]  __vmalloc_node_range+0xe2/0x8d0
[   88.221760][  T335]  vzalloc+0x78/0x90
[   88.225491][  T335]  alloc_counters+0x69/0x500
[   88.230017][  T335]  do_ipt_get_ctl+0xeac/0x1880
[   88.234605][  T335]  nf_getsockopt+0x26c/0x290
[   88.239067][  T335]  ip_getsockopt+0x153a/0x2160
[   88.243640][  T335]  tcp_getsockopt+0x249/0x7030
[   88.248246][  T335] page last free stack trace:
[   88.252753][  T335]  free_unref_page_prepare+0x7c8/0x7d0
[   88.258040][  T335]  free_unref_page+0xe8/0x750
[   88.262646][  T335]  __free_pages+0x61/0xf0
[   88.266812][  T335]  __vunmap+0x7bc/0x8f0
[   88.270885][  T335]  vfree+0x7f/0xb0
[   88.274452][  T335]  do_ipt_get_ctl+0x11d3/0x1880
[   88.279131][  T335]  nf_getsockopt+0x26c/0x290
[   88.283581][  T335]  ip_getsockopt+0x153a/0x2160
[   88.288162][  T335]  tcp_getsockopt+0x249/0x7030
[   88.292774][  T335]  sock_common_getsockopt+0x99/0xb0
[   88.297891][  T335]  __sys_getsockopt+0x290/0x4f0
[   88.302571][  T335]  __x64_sys_getsockopt+0xbf/0xd0
[   88.307436][  T335]  x64_sys_call+0x1a9/0x9a0
[   88.311795][  T335]  do_syscall_64+0x3b/0xb0
[   88.316021][  T335]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   88.321747][  T335] 
[   88.323932][  T335] Memory state around the buggy address:
[   88.329387][  T335]  ffff88812012a000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   88.337369][  T335]  ffff88812012a080: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   88.345356][  T335] >ffff88812012a100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   88.353257][  T335]                       ^
[   88.357468][  T335]  ffff88812012a180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   88.365502][  T335]  ffff88812012a200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   88.373647][  T335] ==================================================================
[   88.381545][  T335] Disabling lock debugging due to kernel taint
[   88.388125][  T335] general protection fault, probably for non-canonical address 0xf813fc4460000029: 0000 [#1] PREEMPT SMP KASAN
[   88.399645][  T335] KASAN: maybe wild-memory-access in range [0xc0a0022300000148-0xc0a002230000014f]
[   88.408765][  T335] CPU: 1 PID: 335 Comm: kworker/1:3 Tainted: G    B             5.15.167-syzkaller-02003-g5e4635681cf1 #0
[   88.420127][  T335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   88.430115][  T335] Workqueue: events binder_deferred_func
[   88.435747][  T335] RIP: 0010:__list_del_entry_valid+0x75/0x120
[   88.441658][  T335] Code: 1e 48 85 db 74 68 4d 85 ff 74 74 48 ba 00 01 00 00 00 00 ad de 48 39 d3 74 76 48 83 c2 22 49 39 d7 74 7e 4c 89 f8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ff e8 cc 90 48 ff 49 8b 17 4c 39 f2 75
[   88.461267][  T335] RSP: 0018:ffffc90000b97c00 EFLAGS: 00010a03
[   88.467174][  T335] RAX: 1814004460000029 RBX: ffff8881210fa500 RCX: ffffffff826a1859
[   88.475066][  T335] RDX: dead000000000122 RSI: 0000000000000282 RDI: ffff88812012a100
[   88.482970][  T335] RBP: ffffc90000b97c20 R08: ffffffff8141997b R09: 0000000000000003
[   88.490780][  T335] R10: fffffbfff0e9a04c R11: dffffc0000000001 R12: dffffc0000000000
[   88.499040][  T335] R13: ffff88812012a100 R14: ffff88812012a100 R15: c0a002230000014f
[   88.506827][  T335] FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[   88.515597][  T335] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   88.522199][  T335] CR2: 0000001b2e91bff8 CR3: 000000010c37d000 CR4: 00000000003526a0
[   88.530099][  T335] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   88.538074][  T335] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   88.545916][  T335] Call Trace:
[   88.549030][  T335]  <TASK>
[   88.551788][  T335]  ? __die_body+0x62/0xb0
[   88.555961][  T335]  ? die_addr+0x9f/0xd0
[   88.559946][  T335]  ? exc_general_protection+0x311/0x4b0
[   88.565332][  T335]  ? check_panic_on_warn+0x65/0xb0
[   88.570362][  T335]  ? asm_exc_general_protection+0x27/0x30
[   88.575933][  T335]  ? check_panic_on_warn+0x5b/0xb0
[   88.580870][  T335]  ? __list_del_entry_valid+0x49/0x120
[   88.586159][  T335]  ? __list_del_entry_valid+0x75/0x120
[   88.591470][  T335]  binder_release_work+0xcd/0x680
[   88.596317][  T335]  binder_deferred_func+0x1847/0x1bc0
[   88.601523][  T335]  ? read_word_at_a_time+0x12/0x20
[   88.606467][  T335]  process_one_work+0x6bb/0xc10
[   88.611604][  T335]  worker_thread+0xad5/0x12a0
[   88.616249][  T335]  ? _raw_spin_lock+0x1b0/0x1b0
[   88.620886][  T335]  kthread+0x421/0x510
[   88.624787][  T335]  ? worker_clr_flags+0x180/0x180
[   88.629658][  T335]  ? kthread_blkcg+0xd0/0xd0
[   88.634086][  T335]  ret_from_fork+0x1f/0x30
[   88.638421][  T335]  </TASK>
[   88.641407][  T335] Modules linked in:
[   88.645551][  T335] ---[ end trace d3d4ba602d2b2154 ]---
[   88.651125][  T335] RIP: 0010:__list_del_entry_valid+0x75/0x120
[   88.657017][  T335] Code: 1e 48 85 db 74 68 4d 85 ff 74 74 48 ba 00 01 00 00 00 00 ad de 48 39 d3 74 76 48 83 c2 22 49 39 d7 74 7e 4c 89 f8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ff e8 cc 90 48 ff 49 8b 17 4c 39 f2 75
[   88.677018][  T335] RSP: 0018:ffffc90000b97c00 EFLAGS: 00010a03
[   88.683107][  T335] RAX: 1814004460000029 RBX: ffff8881210fa500 RCX: ffffffff826a1859
[   88.691071][  T335] RDX: dead000000000122 RSI: 0000000000000282 RDI: ffff88812012a100
[   88.698858][  T335] RBP: ffffc90000b97c20 R08: ffffffff8141997b R09: 0000000000000003
[   88.706595][  T335] R10: fffffbfff0e9a04c R11: dffffc0000000001 R12: dffffc0000000000
[   88.714508][  T335] R13: ffff88812012a100 R14: ffff88812012a100 R15: c0a002230000014f
[   88.722250][  T335] FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[   88.731025][  T335] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   88.737407][  T335] CR2: 0000001b2e91bff8 CR3: 000000010c37d000 CR4: 00000000003526a0
[   88.745254][  T335] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   88.753060][  T335] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   88.760888][  T335] Kernel panic - not syncing: Fatal exception
[   88.766817][  T335] Kernel Offset: disabled
[   88.770928][  T335] Rebooting in 86400 seconds..