last executing test programs:

6.029673389s ago: executing program 1 (id=506):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x256c, 0x6d, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000001440)={0x24, 0x0, 0x0, &(0x7f00000013c0)=ANY=[@ANYBLOB="002205"], 0x0}, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000001840)={0x24, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0003040000000403"], 0x0, 0x0}, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x5, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
syz_usb_control_io$hid(r0, &(0x7f0000000300)={0x24, 0x0, &(0x7f0000000340)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
sched_setscheduler(0x0, 0x2, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000003c0)={0x24, 0x0, &(0x7f0000000280)={0x0, 0x3, 0x4, @lang_id={0x4}}, 0x0, 0x0}, 0x0)

3.856366114s ago: executing program 3 (id=528):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x1, 0x2, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000280), &(0x7f0000000200)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
syz_mount_image$vfat(&(0x7f0000000280), &(0x7f0000000040)='./file2\x00', 0x300001a, &(0x7f0000000e40)=ANY=[@ANYBLOB="7379735f696d6d757461626c652c666d61736b3d30313737373737373737373737373737373737373737332c73686f72746e616d653d6c6f7765722c636865636b3d7374726963742c2c756e695f786c6174653d302c726f6469722c726f6469722c73686f72746e616d653d6c6f7765722c73686f72746e616d653d6c6f7765722c6e6f6e756d7461696c3d302c756e695f786c6174653d312c756e695f786c6174653d312c6572726f72733d636f6e74696e75652c74696d655f6f66667365743d3078303030303030303030303030303465302c757466383d302c0077b5b28056fc4549d277ed7fab6b0be29df17f888ccab55cccc917ad315c8ea56f5a89c104f92d058b92f5881e69e06002f5914c03fef3eb09121733eaf5ded73df976fbd4cfcb8b70b0bf44da1b46bc3935431d5e60a641f9e4ebbf71c77fc9a810ce726b8c6d6295a5f2e2b069b95ba8ecce52ded99b82923228c37d5e1ec11cdbcabb8a89cbf2cf2771d69e3cf0e6760094145e542e426bceaab9b2cf261046247bce0565db3ac5888b74efd48bc9f455e60f49496ca8137aba85fe39756814fda1f0624b33a2025792a477ccfff09befb1d0cf1599d272628028b9786e1fbfb3d637c2561421488c9de8d3739a94bf13ac582f6b67de0cad933631794271b2259fe5d73a74ad7da615c31505c7c0c168052d38e5b64c4bb7d0599e5dcf0000000000000000000000000000002790cf17418aa278cfc0c9d1c81c63e58b877706a4b7eed8a5aff253298db2939adc0efdab4745ab0e09ef8beaaf04e5374c2e7e4672e47fe5a25502919954242f8d779d84091f20646210edf871d3f20ad66fcf4b816323b8abb307381d4ada887dcc71e35f364baa1b93fd5ee36c02aa4628511442992ced893ab946472440b53fc08cc41403e167b1f2605e04d5f0c16ed49969b59d650d88642b10c7893fe9b664421a40f4822ffcc284dfe9aea76e4a04293c970f2dae776decf07b085e16511b0bd365b0f86c7fcd8df00a87f4dbbf8e623667e3b65e4c487055a2e5cd64402a4de537bf113fc7370099e4faebe6ea9d4f155f8f5f4c5f9b205ce1bbc8c0002a19457e05a210d9e9820bc7f318ebfdfcbe2f83150503b2076b7591149e6f426564f017ebe1f8253e880de2f63aff6ea337c137b607ffb0291b1223f578ec8b5a9568984ae47e157363144ea5ae13358e354cf1c896ddf139d580411f7676b8302974b5c65aec8de25c8f41a1459baeeb26d0ad35d101ec17dcca961fbae721d31bd58956c1d97c26e2926fe3ac0ce3f7ec46265a2df602d66bf5d34cd7f4097d6875640c0cc409408cbf931447c0ec0f15f5f4c359530d99275d78e68cc061f73375ffea29733d768484", @ANYRESOCT], 0xd, 0x2aa, &(0x7f0000001300)="$eJzs3cFqK2UUAOAzSZpGXSSIG0VwQBeuyq1bN41yBbErJYK60OC9FyQJhRYCVjB21Sdw6Xv4CG7c+AaCW8Fdu6iMTGamSWhSQ40p9H7f6jD/f86czF/SVc589fpo8OQoibOL36PVSqJ2EAdxmUQnalH5IRoBADwcl1kWf2V3yWzUNt8NALANxf//wn33AgBsxyefff5R9/Dw8cdp2opX2+fjXhIRo/Nxr1jvPotvYhhP41G04yoiu1bEH3x4+Dgaaa4Tb40m416eOfry17J+98+Iaf5+tKOzPH8/LczlT8a9nXgx0ug+26labccry/PfWZIfvWa8/eZc/3vRjt++jqMYxpPIc2f53++n6fvZjxfffZHfJs9PatHbne6byerbPBcAAAAAAAAAAAAAAAAAAAAAAB62vTRNivE90/k9+aVy/k79arq+l1Y6i/N5ivykKlTMB8qiHNEzyeKnar7OozRNs3LjLL8RrzW8WAAAAAAAAAAAAAAAAAAAAAByJ9+eDvrD4dPjjQTVNIDqZ/13rXMwd+WNOB3066sL7q5/r/lpA3mvt26ORiM29Fj+LXgh72fjlXdnh/tpFEF1MBu918vvFUVPB/20XKoe8qCfRLN64MvTW9XB/Ty/1IzFzcl1wXUby6Z/ElfZ4pm2rltdzGpu6Gk0X1q69HeWZevVefeP4ozKK8l0xMZ6d98pg6UfMA9aN8/9l9UFV35l1P/TFw4AAAAAAAAAAAAAAAAAALDS7Ee/SxbPbk2t/W9NAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCWzd7/XwWtiFi8ciOYlMm37SmDZhyf3PNHBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4DnwTwAAAP//0hxJIw==")
creat(&(0x7f0000000080)='./file1\x00', 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x10e, &(0x7f0000000280)={[{@errors_remount}, {@nodelalloc}, {@auto_da_alloc}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x1000}}, {@block_validity}, {@quota}]}, 0x3, 0x44d, &(0x7f00000015c0)="$eJzs28tvG8UfAPDvrpP219cvoZRHH0CgICIeSZMW6IEDIJA4gITEpRxDklalboOaINGqgoBQOaJK3BFHJP4CTnBBwAmJK9xRpQrlQuFktPZu/IjtJsGJS/35SNvM7I498/Xs2LM73QAG1lj2TxKxNyJ+jYiRWra5wFjtz82VK7N/rVyZTaJSefOPpFruz5Urs0XR4nV78sx4GpF+ksThNvUuXrp8bqZcnr+Y5yeXzr87uXjp8tNnz8+cmT8zf2H65MkTx6eee3b6mZ7EeVfW1kMfLBw5+Opb116fPXXt7R+/Tor4W+LokbFuBx+rVHpcXX/ta0gnQ31sCBtSioisu4ar438kSlHvvJF45eO+Ng7YUpVch8PLFeAOlkS/WwD0R/FDn13/Ftv2zT7678aLtQugLO6b+VY7MhRp1C6Mhluub3tpLCJOLf/9RbbF1tyHAABo8m02/3mq3fwvjXsbyv0/XxsazddS9kfE3RFxICLuiaiWvS8i7t9g/a2LJGvnP+n1TQW2Ttn87/l8bat5/pcWRUZLeW5fNTOcnD5bnj+WfybjMbwzy091qeO7l3/5rNOxxvlftmX1F3PBvB3Xh3Y2v2ZuZmnm38Tc6MZHEYeG2sWfrK4EJBFxMCIObbKOs098daTTsdb4K0m3d3qhOduDdabKlxGP1/p/OVriLyTd1ycn/xfl+WOTxVmx1k8/X32jU/237v+tlfX/7rbn/2r8o0njeu3ixuu4+tunHa9pJjZ1/td37Mj/vj+ztHRxKmJH8lqt0Y37p+uvLfJF+Sz+8aPtx//+qH8ShyMiO4kfiIgHI+KhvO8ejohHIuJol/h/eOnRdzodux36f66l/0ebi7T0fz2xI1r3tE+Uzn3/TfM71pPr+/47UU2N53vW8/23nnZt7mwGAACA/540IvZGkk6sptN0YqL2f/gPxO60vLC49OTphfcuzNWeERiN4bS401W7H1y7HzqVX9YX+emW/PH8vvHnpV3V/MTsQnmu38HDgNvTYfxnfi/1u3XAlvO8Fgwu4x8Gl/EPg8v4h8HVZvzv6kc7gO3X7vf/w3qyMrKdjQG2Vcv4t+wHA8T1Pwwu4x8GV+P47/r8PXAnWdwVt35IXkJiTSLS26IZvUkkWzwK9vY7wI0n+v3NBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0Bv/BAAA///oO+WP")
open(&(0x7f0000000180)='./bus\x00', 0x5037f, 0x1db)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r2 = open(&(0x7f0000000100)='./bus\x00', 0x14113e, 0x0)
write$binfmt_script(r2, &(0x7f0000000080), 0x208e24b)
rename(&(0x7f0000000000)='./file1\x00', &(0x7f0000000080)='./file2\x00')

3.776496341s ago: executing program 3 (id=529):
openat$ppp(0xffffffffffffff9c, 0x0, 0xc0802, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'wg0\x00', <r4=>0x0})
sendto$packet(r3, &(0x7f0000000180)="0b03feff4f00020002004788aa96a13bb1000011000088ca1a00", 0x1fffc, 0x0, &(0x7f0000000140)={0x11, 0x0, r4}, 0x14)

3.749945914s ago: executing program 0 (id=530):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000d80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)={0x60, 0x0, 0x0, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000380), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

3.598646978s ago: executing program 3 (id=531):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000c80)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="160000000000000004000000fb00000000000000", @ANYRES32=0x1], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x10)
time(0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000700)={{r2}, 0x0, 0x0}, 0x20)
sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)={0x6c, r1, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @remote}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}]}]}, 0x6c}}, 0x0)
openat$vcs(0xffffff9c, 0x0, 0x18800, 0x0)

3.597843517s ago: executing program 0 (id=533):
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000001c0)={[{@grpquota}, {@inode_readahead_blks}, {@minixdf}]}, 0x1, 0x4ff, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPCvndhx0uwmu+wBEOwuuwsFVXUSdzda7QGWEwK0EmKPIHVD4kZR7DiKndKEHtIzVyQqcYIjfwDnnrhzQXDjUg5I/IhADRIHoxlPUje1m6hJ7Cj+fKTRvDdv6u97Tee9+pvEL4CR9XZE7EVEMSI+i4iZ7HouO+LjzpHc92T//vLB/v3lXLTbn/4zl7Yn16LrzySuZa9ZiogffifiJ7nn4zZ3dteXarXqVlafa9U355o7uzfX6kur1dXqRqWyuLA4/+GtDyrnNta36sWs9OXHf9j7xs+Sbk1nV7rHcZ46Qy8cxUmMR8T3LyLYEIxl4ykOuyO8lHxEvB4R76TP/0yMpV9NAOAqa7dnoj3TXQcArrp8mgPL5ctZLmA68vlyuZPDeyOm8rVGs3XjTmN7Y6WTK5uNQv7OWq06n+UKZ6OQS+oLaflpvXKsfisiXouIX0xMpvXycqO2Msz/+ADACLt2bP3/z0Rn/QcArrjSsDsAAAyc9R8ARo/1HwBGj/UfAEZPZ/2fHHY3AIAB8v4fAEaP9R8ARsoPPvkkOdoH2edfr9zd2V5v3L25Um2ul+vby+XlxtZmebXRWE0/s6d+0uvVGo3Nhfdj+97sNzebrbnmzu7temN7o3U7/Vzv29VCetfeAEYGAPTz2luP/pxLVuSPJtMjuvZyKAy1Z8BFyw+7A8DQjA27A8DQ2O0LRtcZ3uNLD8AV0WOL3meUev2CULvdbl9cl4ALdv0L8v8wqrry/34KGEaM/D+MLvl/GF3tdu60e/7HaW8EAC43OX6gz/f/X8/Ov82+OfDjleN3PLzIXgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDldrj/bznbC3w68vlyOeKViJiNQu7OWq06HxGvRsSfJgoTSX1hyH0GAM4q/7dctv/X9Zn3pp9pevPaUbEYET/91ae/vLfUam39MaKY+9fE4fXWw+x6ZfC9BwBOdrhOJ+dHXW/kn+zfXz48Btmfv387Ikqd+Af7xTg4ij8e4+m5FIWImPp3Lqt35LpyF2ex9yAiPt9r/LmYTnMgnZ1Pj8dPYr8y0Pj5Z+Ln07bOOfm7+Nw59AVGzaNk/vm41/OXj7fTc+/nv5TOUGeXzX/JSy0fpHPg0/iH899Yn/nv1DHe//13O6XJ59seRHxxPOIw9kHX/HMYP9cn/nunjP+XL735Tr+29q8jrkfv+N2x5lr1zbnmzu7NtfrSanW1ulGpLC4szn9464PKXJqjnuu/Gvzjoxuv9mtLxj/VJ37phPF/9ZTj/83/PvvRV14Q/+vv9oqfjzdeED9ZE792yvhLU78r9WtL4q/0Gf9JX/8bLw77vWJWePzX3ee2DQcAhqe5s7u+VKtVtxQULn8h+Sd7CbrRs/CtQcUqRu+mn7/beaaPNbXbLxWr34xxHlk34DI4eugj4r/D7gwAAAAAAAAAAAAAANDTIH5jadhjBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Or6fwAAAP//sUPPoQ==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x107042, 0x0)
quotactl$Q_SETQUOTA(0xffffffff80000800, &(0x7f0000000000)=@loop={'/dev/loop', 0x0}, 0xee00, &(0x7f0000000080)={0x10001, 0x2883, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaa1})
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0)
pwrite64(r1, &(0x7f0000000140)='2', 0xfdef, 0xfecc)
r2 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x187842, 0x147)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x103042, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x143042, 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
pwritev2(r4, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r2, 0xc028660f, &(0x7f0000000240)={0x3920e, r0})
writev(r3, &(0x7f0000001500)=[{&(0x7f0000001b80)="291cf4f4a94c368a69161b0c3c8d55ad3cef07c83346ed5a03e004a76ee3d52b51e6f542e59374e81534e75a89c2d95eca77bb751ab89211a29f324aa7465f0d67a6b7477712aff0d11fb08f751c9064bedb7b6ffb10b99188fd01a0cb51ef12a80b160f53a94e1ec171072a7ea2dbed11e42a221326ac4609c83e0c105e7e7d78009fb5e6c62f57a3ed3691c92dc3472489a1315fcc546ea64a3d4b588d8e9c41d255f369af3b2bcffb45e0fc65ccd3ecebd074baeb333586580c874186fa956d861ce025d353d84ed220efa4d178675b7aafb77186fd1bb681629a89804c4be3d6053d647a1edbdd01249a82ac53ecc08cd99f6edcd8791ab017c174af9c852db2722917ba1d07c5ee0cde1732cdd4cbeb6c602999a5e3b4ccc1c0e64e4a12d637f434ebcb71ada85c4fb6aa7e885e6109cdc1bcad5f3b98c6d554d6fc0598d4982143668621c7bb279422ca7782b7ce13e06f21365cdce80beda3c992a32b8e7cb8170abbbad1329ff8c2477e065264f6272c3172c7ce58a067b291afc110a48948cc1a9f9aa995101bef50a29ee1666c1419902819a7e01c44dc29ffd44e58c9bb6773d7606f151f086f4c8f451ce4171b09b14935aa337c57a35286ad6b6322aa8d3fba1c12665c275c6345faeed67f0bc4e8a10e326174d9303a5159862f85de8725fc423e78d9a254a48bfdc0e9d64ad3e36c2a3b7b3df0ba01522ae068883315858991cb853d43a6dfcb6e9a748c5eacae13e8ff462363fa0f251bcb4fdecd2c9a455ecaf77c7168dc8f561385c2eec95d8ca43840e988b8a806d37e9773510c2ea6b2051d371e3826ddec9e91772e436d99216aad323fa6746830acd3c3088abc58c0c5f304182a301e3fe01b9644eb5df816beb2364766a51caa583959380dbfa55adc0240fbf1746a0d8b8760ff6285adb03d48c75bc336b0af06871eb38c2c3f18ebc691acbaf8ba639229d338b6782d68e86c17bfd4c13ca1ee28fb276eb2ff68f71b3ba7d5462e73bf508e44beb4ec0025daa56937bae1c273ee7634f18a17f9b11f9805a35dfd997e10d1b63e547a6be989b625fbe132283f923fc9b4821f97f936c11dec20cd2616cc39fdee01b8be172391c4852dd961db21916c838002eb37d1661307cb888d7746ff963fb29860154c5a16fbe828db39e98bff52437c67823a64830a64fcf3930a7012c0e90620cdb534f993e7c363195104a145fd8ba0e758ba1057d8413dfc9740233223613c7492b4c4fe787a31161710cb30b6cfa5be1a01edf1e52d7b0b61061bf4ba1fe1f3a3d894d1ee7a02e123a9a365e9a6746b65ddea263bb8677e1a688ed5c3881c01f7b434754c9be5f20fe1ea437133ff9b8764d90653c88e06e44f2758e179cdc09883ed3884073e1848985a5f5d4f959536f695bada59c229df0290c519a4bed9ce63742fa2324cf147cb392a15b5e981089125728b274e0c57ad497bfeb8cacb768d647072cd398a3876c73da81dca25744bee27ca28c7385b2c5554258e354dabab974d59250ebcfc2487bb3cf5d6d9efeeaeba87e6e8c50f345ee3be6db8e3c02a1f855d8edd5b1c3e8597497ad1a50af9dbd85e565dd7a6afb15059e68ae70abbb4207df40d8dda656cbe77822c33f1041ca08dce8eb6d906d929bc5b07e6a7a3b995f7b8ab127eb3134a9b6c25fe2bc211baafda19945952ec11fe0b11229ea5835f8f6b643b4122f34a2d834e0f050fde65948c7b018853cd483b87f1b1d2cfcb7e23fd20c8601d5de7fe3c56d000937562a39293c57847fbe00c0e8dde5d91b9cb6a8a5f4a47938fbd05328f856a7a1d6de906c475c57f81b1577e9e5598c866e6af2d1676077e1cfb7b66afe6071e63aa9ee68c8a187c347b29a942a5cbde83a8088d9bb5af901edf6c1f4054e5b14ef44bf2a41e8db362dc35a8de609014ea90edaf257a04d9e8e1035667eea4dd173f5283a5a995192c86500892f537ce7f08b1c0317f6913333253451e5c4e1ec380a90a6b538c70a51e56d897788e070005c968087741d9581da524de414a2bae1d92eb4cb6829174fc50bb3ada332455f97d12f36b98fb98ea9c9ff269dcaffd5ba0cc68fb7b655416ac69f8e1c3ca0d56e0c5a3931154848317e1460bb2bfc0b0ac9e0882cf7b111706df2ff9a9946563dda574b76e1cace4878179f2bb48b8f483d1087ab3d6695246213386399ff06a09cff9d357afc3f3e4561926ba72ceb9ae3e33fbc62fd6fd744826486af457e7b2dcffd42373dc92cbbe3e799b60985e02cbb67bb83f5537832bf80eb85ae0f12797e3ebeac6dd78911e2ae7f1b58775b83bbc7c284d54e79ace22de7c094e8a0c8c0ddd1f5c57d5a41b2d074125f64a3179f88dacbe6859c18892ca07e56c1da6b7c76878142ce1132db286673cc288ebb12d18aca0bd178b5d079e6c69b00bac6f4668f50829bd77226045d40ffcb34fdbea9a1b4a4cf1d12786fd2591d07a4fad594261e723cc98d99de9e6e06a9b256e7c7d99ea7d40df1fc7eeaf6b55b86958b18735e2c5ac842cde5abbba4f143df739ce095b2dabf098a317983ea74760e80c4a9ca62096d694313996170485f785d0822724f8fe7ad607ecf585f1f2b6cf0693182316d439ca1926dcdf57fa7a46a2771b1e53e8a0589c9c0b552b02e86216fe0f48fd5a6913b06389d6c7caf8eb0da96b6b7835f62f74c2af589c37a2ceb2c4fa4449d04d4ab429fcdfb4ec709816255a54d8807ee7c0f8e6c5cefed7cc2fa71dca9ed47801dd787b56dab80f4ad6541bdbf0628af28d429b52cdaf38102c32f19482c16ef34cac7c83a9038e5218dc82228f79c60a1898135318ae73815a53ad4e7ca036ef83d51be9117985bb01e6b3060679a430512bf1e6e533042de5be56", 0x801}, {0x0}], 0x2)

3.34626284s ago: executing program 1 (id=535):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
close_range(r0, 0xffffffffffffffff, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000380)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x6d}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='br_fdb_add\x00', r1}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'bridge0\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="280000001c000100000000000000000007000000", @ANYRES32=r4, @ANYBLOB="4000aa000a0002"], 0x28}}, 0x0)

3.255290199s ago: executing program 0 (id=537):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8000000000000001})
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
ioctl$RTC_PLL_SET(0xffffffffffffffff, 0x40207012, &(0x7f0000000180)={0x1, 0x40})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

3.188623494s ago: executing program 1 (id=538):
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7, 0x102, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x20075, r0}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0xfffffffffffffe8b, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10)
sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40884}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_SET_SEC_PARAMS(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="10000000", @ANYRES16=0x0, @ANYBLOB="00000000000000000000140000001000210b001e00000c00060003"], 0x28}}, 0x0)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000000), r2)

3.032128978s ago: executing program 4 (id=539):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000001200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r1 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000200)={r0, r2, 0x1, 0x0, @void}, 0x10)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f0000000080)={0xa, 0x14e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
listen(r3, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="05000000010000000a00000008"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10)
syz_emit_ethernet(0x36, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10}}}}}}, 0x0)

2.932946297s ago: executing program 4 (id=540):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}})
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000d00)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@fscache}]}})
chdir(&(0x7f0000000000)='./file0\x00')
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
fchownat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0)

2.880401112s ago: executing program 4 (id=541):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0xe, &(0x7f00000002c0)={[{@init_itable}, {@resuid}, {@stripe}]}, 0x3, 0x445, &(0x7f0000000b00)="$eJzs28+PE1UcAPDvTLeLCLgr4g9+qKto3PhjlwVUDh7UaOIBExM96HGzuxCksIZdEyFEwRg8GWPi3Xj0X/CkF2M8mXjVuyEhhgvgqWbaGbYtbdktLUX6+SQD78282fe+nXnte/PaAEbWVPZPErE1Iv6MiIl6trnAVP2/q5fPLly7fHYhiWr13X+SWrkrl88uFEWL87bkmek0Iv0iid1t6l05feb4fKWydCrPz66e+Gh25fSZF46dmD+6dHTp5P5Dhw4emHv5pf0v9iXOrE1Xdn26vGfnWx988/bhr5rib4mjT6a6HXy6Wu1zdcO1rSGdjA2xIWxIKSKyy1Wu9f+JKMXaxZuINz8fauOAgapWq9UtnQ+fqwJ3sSSa87o8jIrigz6b/xZb6yDg1cENP4bu0mv1CVAW99V8qx8ZizQvU26Z3/bTVES8f+7f77ItBvMcAgCgyU/Z+Of5duO/NB5qKHdfvjY0GRH3R8T2iHggInZExIMRtbIPR8QjG6y/dZHkxvFPerGnwNYpG/+9kq9tNY//itFfTJby3LZa/OXkyLHK0r78NZmO8qYsP9eljp/f+OPrTscax3/ZltVfjAXzdlwc29R8zuL86vytxNzo0vmIXWPt4k+urwQkEbEzInb1WMexZ3/Y0+nYzePvog/rTNXvI56pX/9z0RJ/Iem+Pjl7T1SW9s0Wd8WNfvv9wjud6r+l+Psgu/73tr3/r8c/mTSu165svI4Lf33ZcU7T6/0/nrxXS4/n+z6ZX109NRcxnhyuN7px//61c4t8UT6Lf3pv+/6/PdZeid0Rkd3Ej0bEYxHxeN72JyLiyYjY2yX+X19/6sPe4x+sLP7FDV3/tcR4tO5pnygd/+XHpkonb4j/Wvfrf7CWms73rOf9bz3t6u1uBgAAgP+fNCK2RpLOXE+n6cxM/fvyOyLSyvLK6nNHlj8+uVj/jcBklNPiSddEw/PQuXxaX8+fj4j6VwuK4wfy58bfljbX8jMLy5XFYQcPI25Lh/6f+bs07NYBA+f3WjC69H8YXfo/jC79H0ZXm/6/eRjtAG6/dp//nw2hHcDt19L/LfvBCDH/h9Gl/8Po0v9hJK1sjpv/SL5rovhLPZ5+1yaifEc0Y2CJSO+IZkgMKDHc9yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB++S8AAP///fHg0g==")
syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
r2 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
setxattr$security_ima(&(0x7f0000000100)='./file1\x00', &(0x7f0000000140), &(0x7f00000009c0)=ANY=[], 0xe00f, 0x0)
fchmodat(r2, &(0x7f00000000c0)='./file1\x00', 0x4b)

2.866167013s ago: executing program 0 (id=542):
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x100002, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x2, 0x2172, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0x9, &(0x7f0000000080), 0x0)
prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil)
prctl$PR_SET_MM(0x23, 0x9, &(0x7f0000004000/0x3000)=nil)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000002700)='cmdline\x00')
munmap(&(0x7f0000003000/0x3000)=nil, 0x3000)
read$FUSE(r0, &(0x7f0000000000)={0x2020}, 0x2020)

2.772671452s ago: executing program 0 (id=543):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000dd0000000000003b810000850000006d000000a50000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r3, &(0x7f0000000440)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_INIT(r3, &(0x7f0000000380)={0x50}, 0x50)
write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
creat(&(0x7f00000003c0)='./file0/../file0/file0\x00', 0x0)

2.772298031s ago: executing program 3 (id=532):
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000740)={[{@lfs_mode}, {@whint_mode_fs}, {@acl}, {@alloc_mode_reuse}, {@inline_xattr}, {@disable_roll_forward}, {@background_gc_on}, {@nouser_xattr}, {@noflush_merge}, {@user_xattr}, {@fsync_mode_strict}, {@adaptive_mode}, {@jqfmt_vfsold}, {@noinline_dentry}]}, 0x1, 0x5514, &(0x7f00000079c0)="$eJzs3EtrY+UbAPAnvcz9P/8iLtzNgUFoYRKaXgbdVZ3BC3Yooy5caZqkITNJTmnStHblwqW48JuIgiuXfgYXrt2JC8WdoOScU229oTRt7PT3g5PnvG/ePHneEArPOSUBXFhzyY/fl+JmXI2I6Yi4EZGdl4ojs5aHZyLiVkRMHTlKxfyvE5ci4lpE3Bwlz3OWiqc+vjO8vfrdaz988dXlmeuffP715HYNTNqzEdHdzs/3unlMW3l8VMzXhu0sdleGRcyf6D4uxmke95qbWYa92uG6WhaXW/n6dHu3P4pbnVp9FFvtrWx+u5e/YX/YOsyTveBRbScbN5qbWWz30yy2DvK69g/yv20H/UGep1Hkey9LH4PBYcznm/vNfD/bj7NY7w2K+Txv2mjuj+KwiMXbRT3tNLI6Nk/ySf+3vd7u7e4nw+ZOv532ktVK9blK9W65upM2moPmSrnWbdxdSeZbndGy8qBZ66610rTVaVbqaXchmW/V6+VqNZm/19xs13pJtVpZriyWVxeKszvJyw/eSjqNZH4UX2z3dgftTj/ZSneS/BULyVJl+fmF5HY1eWN9I9l4eP/++sab79x7+8EL66++VCz6Q1nJ/NLi0lK5ulheqi5coP1/UBQ9xv3DiZQmXQDA+XOi/r98JJH+H/gXTq//33kYcfr9f+j/x+Jc9b8Xvf//m/1rw5gIXzwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAvrm9lPX8lO5vLx9WL+f8XUU8W4FBFTEfHzn5iOS8dyThd5Zv9i/ezvaviyFFmG0XtcLo5rEbFWHD/9/7Q/BQAAAHhyffb+rY/ybj1/mJt0QZyl/KLN1I13x5SvFBGzc9+OKdvU6OHpMSXLvt8zsT+mbNkFrCtjSpZfcpsZV7Z/ZPpYuHIklPIwdablAAAAZ+J4J3C2XQgAAABn6cNJF8BklOLwVubhveDsP+9/uyF49dgIAAAAOIdKky4AAAAAOHVZ/+/3/wAAAODJlv/+HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8As7d5ObNhDHAfRvGxf6paKq+16lOzhGj9BllxUH6CU4QBbkCrkAZyC7HCGCCI9DIEJKJA+2Er0nmWGs4ccMwouZkQYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu6bZeza///fzfNWe76ybPaAAAAIBzNvVq3ryZpvrn9v7X9tb3tl5ERBkR5+buVXw4yazanPqp/dVx+/pZH24imoT9d4zb61NE/Gqv+2+X/hUAAADg/VovlrM0W08v06E7RJ/Sok355XemvCIi6uldprRyn/cjU1jz/x7F30xpzQLWJFNYWnIb5Up7leZxP6zaTY6KIhXl2Y8dOplt7AAAQI+qk6LfWQgAAAB9+jN0BxhGEY9bmYetwHEq2u29jyc1AAAA4A0qhu4AAAAA0FX1UoNm/t/T+X875/8BAADAMNL5fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFzSpl7N14vlrGvOdtdNntEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDA/ryjQAiEQRjsXd+ZzP0PKw2amppUgfDxNwYDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvPndX/5PTI0zydxrY+l5JFk7NbZOjb1z4+gP4+vXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABf785ICIRAEUTBn/O+k739YSdAziBABDY8qatEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABf9Ltf/k9MjTPJ3Glj6XgkWbtqbF019h40jh6Mt38DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABc79/MaRxUHAPzNzM7WVsU1yh4iouBBL3azra29iQclePBPEEK6rbFbf7Q52FLEXLxJzr2IHkUEJd76P/TcYC/11sMeKnhW5ld2mgRcI53ZJJ8PvHnfHYZ53zcLId95LwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAyuTdaZxkh14Rx+W5e49urWb99q4+c2fz/mLWsjhqMunD4eX6h6jfXiIAAAAcH0lV34cQHqRby1kf9/L6P62uyWr+758t4qqe3133by8VfVX7Z+23Xx++uDNQrxgnu+mltfFoaW8qnSc3y/n23L9e0cmffP7uJcm/kPiDjRcmaf48o2/v3n2vm4cnmsgWADiI01VfBtXvQ1k/bDMxAI6NTq3wrur/pNduTgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABNmGyEp6s4CiEsdqZxZvvRrdX9+jub9xerdv727c3w9fSe2S3SEMKltfFoqdHZzLfrN25eWRmPR9eaD14JIbQ1+jvl9K98NMPFIRxwrN9beKqCPUFcftnzks/hCFr8oQQAwJGUli2r6x+kW8vZuWghhL9/eLz+f70Whxnr/4cfn79XH6te/w8bm+H8G6xf/Xxw/cbNN9eurlweXR59+taZ4dvDsxfOnbswyN+VDLwxAQAA4P/plq1e/8cLe9f/T9XiMGP9/8V3w6/qYyXq/31NF/3azgQAAOB4e/7Vv/6M9jkfdbvhy5X19WvD4rjz+UxxbCHV/+xE2er1f7LQdlYAAABAEyYb0WPr/xdrcZhx/f+ZH1/6uX7PJIRwslz/P7362fhic9OZa038OXHbcwQAAKBdJ8tWX/9P8/3/8c6WhziE8MZrRVz+G8CZ6v/k/W9+qo9V3/9/trkpzqW4XzyPvO+H0Om3nREAAABH2VNly4r9P9Kt5U9+OfVh1/5/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgKb9EwAA//+gaz5f")
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000111e6ca5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000680)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}, {@metacopy_on}], [], 0x2c})
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000580)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
renameat2(r2, &(0x7f0000000380)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', r3, &(0x7f0000000040)='./file1\x00', 0x2)

2.714104967s ago: executing program 0 (id=544):
pipe(&(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c)
ioctl$SIOCGSTAMPNS(r0, 0x8907, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000059"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10)
sendto$inet6(r1, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c)
sendto$inet6(r1, &(0x7f0000000080)="44f9b108b1cdc885c9c533d21f474bec8bfef1df1e2da71e578dc6b91d09f7ab15378571d8e27546090000006e75436914ab717528ee4b7a9beaf908d11137c11903064e83b4951f4d433a5404970c85d92d7083fd38844cbb0c6c5eb508ddc2dc7a590aa7941b1e9eeb5a688138dea09b776cbfa784cbf550bf3074fb0d775da4df5a3f48bbdf452eeb6b923da9d0e25b80f76a873664b5753444fe05f33e5f91045540836c3cd6af10f0cd018f0c6f57f926ac959a5628c45088fbe0c87fbe6cbcda4662d2a12f6d00"/215, 0xd0d0c2ac, 0x1, 0x0, 0x0)
splice(r1, 0x0, r0, 0x0, 0x406f408, 0x0)

2.630411254s ago: executing program 4 (id=545):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r1, 0x400455c8, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000140)='mm_page_alloc\x00', r2}, 0x10)
sendmsg$NL80211_CMD_REGISTER_BEACONS(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x24040880}, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
syz_btf_id_by_name$bpf_lsm(0x0)
ioctl$sock_bt_hci(r3, 0x800448d2, &(0x7f0000000100))

2.496707686s ago: executing program 4 (id=547):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1e7d, 0x2cf6, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="280100000000000001000000"], 0x128}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x5, 0x7, 0x8000, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r2, <r3=>0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000d0039000000000000b4a518110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000540)='kfree\x00', r4}, 0x10)
syz_usb_control_io(r0, &(0x7f0000000400)={0x2c, &(0x7f0000000280)={0x0, 0x21, 0x7, {0x7, 0x0, "3d7da32915"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000480)={0x2c, 0x0, 0x0, 0x0, &(0x7f00000003c0)={0x20, 0x1, 0x3, "5f68dd"}, 0x0})

2.357632659s ago: executing program 2 (id=550):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x89}, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b0000000000000000000000008000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r1)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r2 = inotify_init1(0x0)
fcntl$setown(r2, 0x8, 0xffffffffffffffff)
fcntl$getownex(r2, 0x10, &(0x7f0000000140)={0x0, <r3=>0x0})
r4 = syz_open_procfs(r3, &(0x7f0000000600)='fd/4\x00')
ioctl$EXT4_IOC_GROUP_EXTEND(r4, 0x40305839, &(0x7f0000000240))

2.286248265s ago: executing program 3 (id=551):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0100000004000000e27f00000100000000000000", @ANYRES32, @ANYBLOB='\x00'/10, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000001000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000880)='sched_switch\x00', r1}, 0x10)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000002c0)='./binderfs/binder0\x00', 0x803, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000380)={0xfcff, 0x0, 0x0, 0x1, 0x0, &(0x7f00000006c0)='u'})

2.285663155s ago: executing program 2 (id=552):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_mount_image$ext4(0x0, &(0x7f0000000440)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe2$9p(&(0x7f0000002180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000240)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r3, &(0x7f0000000700)=ANY=[@ANYBLOB="3801"], 0x138)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000440)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})
listxattr(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)

2.084751383s ago: executing program 2 (id=553):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x7, 0x8000, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r0, <r1=>0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000d0039000000000000b4a518110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYRES32=0x1, @ANYBLOB], 0x48)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @random="08f272f808af"})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r4, 0x8923, &(0x7f0000000000)={'vlan1\x00', @broadcast})

2.049320586s ago: executing program 2 (id=554):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7, 0x102, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x20075, r1}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r2}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r3 = socket(0x10, 0x3, 0x0)
connect$netlink(r3, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
sendmsg$nl_route_sched(r3, &(0x7f0000000080)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000001500)=@newtaction={0x18, 0x32, 0x829, 0x0, 0x0, {0x0, 0x0, 0x2}, [{0x4}]}, 0x18}}, 0x0)

2.00473354s ago: executing program 1 (id=555):
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x0, &(0x7f00000002c0), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=")
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0xadfc7f9)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fda000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, 0x0}], 0x1, 0x29, 0x0, 0x0)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f0000000400)={0xffffffffffffffff, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "fee8a294f8a0e9ffff0d9683dda1af1ea89de2b7fb0a01040000000008000003000200000000003f00", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1.874085072s ago: executing program 3 (id=556):
pipe2$9p(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
r1 = gettid()
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002d80), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000002d00), &(0x7f0000002d40)='./file0\x00', 0x0, &(0x7f00000023c0)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
read$FUSE(r2, &(0x7f0000000380)={0x2020, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_INIT(r2, &(0x7f0000000000)={0x50, 0x0, r3}, 0x50)
rt_sigqueueinfo(r1, 0x21, &(0x7f0000002d00)={0x0, 0x0, 0xffffffff})
connect$unix(0xffffffffffffffff, 0x0, 0x0)

1.873860602s ago: executing program 4 (id=548):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000080)=0x474c, 0x4)
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$inet_int(r1, 0x0, 0x7, &(0x7f0000000180)=0x40000000, 0x4)
recvmmsg(r1, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0)

1.872928132s ago: executing program 1 (id=557):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000cc0), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
syz_emit_ethernet(0x36, &(0x7f0000000180)={@link_local, @remote, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @dev, @loopback}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r3)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10000}, 0x4008010)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
write$cgroup_subtree(r2, &(0x7f0000000180)=ANY=[], 0x240)

30.368757ms ago: executing program 1 (id=559):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000001200)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r1, <r2=>0xffffffffffffffff}, &(0x7f00000004c0), &(0x7f00000005c0)}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f0000000c80)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000850000000500000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r3}, 0x10)

29.947737ms ago: executing program 2 (id=560):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b00)={0x18, 0x3, &(0x7f0000000bc0)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000400)='kfree\x00'}, 0x10)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000540)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040))
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000480)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x78, 0x18, &(0x7f0000000580)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0xfffffffd, 0x0}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f0000000240)={0x0, 0x28, 0x50}}}], 0x0, 0x0, 0x0})

0s ago: executing program 2 (id=561):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0xe, &(0x7f00000002c0)={[{@init_itable}, {@noacl}, {@stripe}]}, 0x3, 0x445, &(0x7f0000000b00)="$eJzs28+PE1UcAPDvTLeLCLgr4g9+qKto3PhjlwVUDh7UaOIBExM96HGzuxCksIZdEyFEwRg8GWPi3Xj0X/CkF2M8mXjVuyEhhgvgqWbaGbYtbdktLUX6+SQD78282fe+nXnte/PaAEbWVPZPErE1Iv6MiIl6trnAVP2/q5fPLly7fHYhiWr13X+SWrkrl88uFEWL87bkmek0Iv0iid1t6l05feb4fKWydCrPz66e+Gh25fSZF46dmD+6dHTp5P5Dhw4emHv5pf0v9iXOrE1Xdn26vGfnWx988/bhr5rib4mjT6a6HXy6Wu1zdcO1rSGdjA2xIWxIKSKyy1Wu9f+JKMXaxZuINz8fauOAgapWq9UtnQ+fqwJ3sSSa87o8jIrigz6b/xZb6yDg1cENP4bu0mv1CVAW99V8qx8ZizQvU26Z3/bTVES8f+7f77ItBvMcAgCgyU/Z+Of5duO/NB5qKHdfvjY0GRH3R8T2iHggInZExIMRtbIPR8QjG6y/dZHkxvFPerGnwNYpG/+9kq9tNY//itFfTJby3LZa/OXkyLHK0r78NZmO8qYsP9eljp/f+OPrTscax3/ZltVfjAXzdlwc29R8zuL86vytxNzo0vmIXWPt4k+urwQkEbEzInb1WMexZ3/Y0+nYzePvog/rTNXvI56pX/9z0RJ/Iem+Pjl7T1SW9s0Wd8WNfvv9wjud6r+l+Psgu/73tr3/r8c/mTSu165svI4Lf33ZcU7T6/0/nrxXS4/n+z6ZX109NRcxnhyuN7px//61c4t8UT6Lf3pv+/6/PdZeid0Rkd3Ej0bEYxHxeN72JyLiyYjY2yX+X19/6sPe4x+sLP7FDV3/tcR4tO5pnygd/+XHpkonb4j/Wvfrf7CWms73rOf9bz3t6u1uBgAAgP+fNCK2RpLOXE+n6cxM/fvyOyLSyvLK6nNHlj8+uVj/jcBklNPiSddEw/PQuXxaX8+fj4j6VwuK4wfy58bfljbX8jMLy5XFYQcPI25Lh/6f+bs07NYBA+f3WjC69H8YXfo/jC79H0ZXm/6/eRjtAG6/dp//nw2hHcDt19L/LfvBCDH/h9Gl/8Po0v9hJK1sjpv/SL5rovhLPZ5+1yaifEc0Y2CJSO+IZkgMKDHc9yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB++S8AAP///fHg0g==")
syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
mount$9p_fd(0x0, 0x0, &(0x7f00000003c0), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000240)='kfree\x00'}, 0x10)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
getdents64(r0, 0x0, 0x0)
setxattr$security_capability(&(0x7f0000000280)='./file1\x00', 0x0, 0x0, 0x0, 0x0)
fchmodat(0xffffffffffffffff, 0x0, 0x0)

kernel console output (not intermixed with test programs):

0003e syscall=202 compat=0 ip=0x7f44a824fff9 code=0x7ffc0000
[   29.507763][   T24] audit: type=1326 audit(1728527127.740:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=639 comm="syz.2.96" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f44a824fff9 code=0x7ffc0000
[   29.540234][    T9] device bridge_slave_1 left promiscuous mode
[   29.546983][   T54] uvcvideo: Found UVC 0.00 device <unnamed> (046d:08c1)
[   29.552038][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   29.556451][   T54] uvcvideo: No valid video chain found.
[   29.577589][    T9] device bridge_slave_0 left promiscuous mode
[   29.586537][   T24] audit: type=1326 audit(1728527127.740:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=639 comm="syz.2.96" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44a824fff9 code=0x7ffc0000
[   29.589251][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   29.636233][    T9] device veth1_macvtap left promiscuous mode
[   29.643624][    T9] device veth0_vlan left promiscuous mode
[   29.650691][    T5] usb 5-1: USB disconnect, device number 3
[   29.701361][  T647] netlink: 'syz.0.100': attribute type 4 has an invalid length.
[   29.711662][  T647] netlink: 'syz.0.100': attribute type 4 has an invalid length.
[   29.781524][   T54] usb 4-1: USB disconnect, device number 3
[   29.809454][  T652] incfs_lookup_dentry err:-14
[   29.813989][  T652] incfs: Can't find or create .incomplete dir in ./file0
[   29.821375][  T652] incfs: mount failed -14
[   30.167031][  T666] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   30.180931][  T666] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   30.191288][  T666] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c119, mo2=0002]
[   30.199084][  T666] System zones: 1-12
[   30.203641][  T666] EXT4-fs (loop2): 1 truncate cleaned up
[   30.209115][  T666] EXT4-fs (loop2): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000001,resuid=0x000000000000ee01,debug,lazytime,nombcache,noload,,errors=continue
[   30.230596][  T666] syz.2.108 (pid 666) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[   30.334308][  T679] EXT4-fs (loop0): Ignoring removed bh option
[   30.375663][  T679] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodelalloc,debug_want_extra_isize=0x0000000000000084,resuid=0x0000000000000000,max_batch_time=0x0000000000000003,bsddf,bh,usrquota,delalloc,,errors=continue
[   30.448465][  T686] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
[   30.588209][  T368] EXT4-fs warning (device loop3): ext4_dirblock_csum_set:425: inode #2: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D.
[   30.623757][  T368] EXT4-fs warning (device loop3): ext4_dirblock_csum_set:425: inode #2: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D.
[   30.644508][  T703] erofs: (device loop2): mounted with root inode @ nid 36.
[   30.647784][  T368] EXT4-fs warning (device loop3): ext4_dirblock_csum_set:425: inode #2: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D.
[   30.652366][  T703] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[   30.676871][  T703] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -23 in[64, 4032] out[1851]
[   30.688788][  T703] erofs: (device loop2): z_erofs_readpage: failed to read, err [-117]
[   30.711440][  T703] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[   30.720702][  T703] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -23 in[64, 4032] out[1851]
[   30.732443][  T368] EXT4-fs error (device loop3): ext4_validate_block_bitmap:420: comm syz-executor: bg 0: bad block bitmap checksum
[   30.744444][  T703] erofs: (device loop2): z_erofs_readpage: failed to read, err [-117]
[   30.772759][  T368] EXT4-fs error (device loop3) in ext4_mb_clear_bb:5647: Filesystem failed CRC
[   30.791003][  T368] EXT4-fs warning (device loop3): ext4_dirblock_csum_set:425: inode #2: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D.
[   30.807758][  T707] device pim6reg1 entered promiscuous mode
[   30.807921][  T368] EXT4-fs warning (device loop3): ext4_dirblock_csum_verify:404: inode #11: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D.
[   30.829957][  T368] EXT4-fs error (device loop3): ext4_readdir:220: inode #11: comm syz-executor: path /17/file0/lost+found: directory fails checksum at offset 0
[   30.844855][  T368] EXT4-fs warning (device loop3): ext4_dirblock_csum_verify:404: inode #11: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D.
[   30.861413][  T368] EXT4-fs error (device loop3): ext4_readdir:220: inode #11: comm syz-executor: path /17/file0/lost+found: directory fails checksum at offset 2048
[   30.876557][  T368] EXT4-fs warning (device loop3): ext4_dirblock_csum_verify:404: inode #11: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D.
[   30.892196][  T368] EXT4-fs error (device loop3): ext4_readdir:220: inode #11: comm syz-executor: path /17/file0/lost+found: directory fails checksum at offset 4096
[   30.907616][  T368] EXT4-fs warning (device loop3): ext4_dirblock_csum_verify:404: inode #11: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D.
[   30.929428][  T368] EXT4-fs error (device loop3): ext4_readdir:220: inode #11: comm syz-executor: path /17/file0/lost+found: directory fails checksum at offset 6144
[   30.945498][  T368] EXT4-fs warning (device loop3): ext4_dirblock_csum_verify:404: inode #11: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D.
[   30.962498][  T368] EXT4-fs error (device loop3): ext4_readdir:220: inode #11: comm syz-executor: path /17/file0/lost+found: directory fails checksum at offset 8192
[   30.977907][  T368] EXT4-fs warning (device loop3): ext4_dirblock_csum_verify:404: inode #11: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D.
[   30.993690][  T368] EXT4-fs error (device loop3): ext4_readdir:220: inode #11: comm syz-executor: path /17/file0/lost+found: directory fails checksum at offset 10240
[   31.009248][  T368] EXT4-fs error (device loop3): ext4_readdir:220: inode #11: comm syz-executor: path /17/file0/lost+found: directory fails checksum at offset 12288
[   31.025705][  T368] EXT4-fs error (device loop3): ext4_empty_dir:3075: inode #11: comm syz-executor: Directory block failed checksum
[   31.046630][  T712] exfat: Unknown parameter 'pQÓUØLé{°Æ¶¥•ä‡¢ÌGÀï»-qÍâÁƘ熃¬\1%™Ý'8c¾’aîå"Ð	ôÅ HïŒjîõõ¨ñ­í”¡)ä®ÆèÙ«úÿá]‘Âê>.Ïà1²‡S�@ŸæÇþ|ØiuÇYefÞtä%Ú^'
[   31.061825][   T54] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[   31.096469][    T5] Bluetooth: hci0: command 0x1003 tx timeout
[   31.102378][  T638] Bluetooth: hci0: sending frame failed (-49)
[   31.187260][  T305] EXT4-fs (loop3): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 32 with error 117
[   31.199542][  T305] EXT4-fs (loop3): This should not happen!! Data will be lost
[   31.199542][  T305] 
[   31.335451][  T721] bridge0: port 1(bridge_slave_0) entered blocking state
[   31.342740][  T721] bridge0: port 1(bridge_slave_0) entered disabled state
[   31.350592][  T721] device bridge_slave_0 entered promiscuous mode
[   31.358668][  T721] bridge0: port 2(bridge_slave_1) entered blocking state
[   31.365505][  T721] bridge0: port 2(bridge_slave_1) entered disabled state
[   31.372925][  T721] device bridge_slave_1 entered promiscuous mode
[   31.402980][  T721] bridge0: port 2(bridge_slave_1) entered blocking state
[   31.409827][  T721] bridge0: port 2(bridge_slave_1) entered forwarding state
[   31.416925][  T721] bridge0: port 1(bridge_slave_0) entered blocking state
[   31.423702][  T721] bridge0: port 1(bridge_slave_0) entered forwarding state
[   31.426219][   T54] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[   31.440766][   T54] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 0
[   31.443900][  T305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   31.456175][   T54] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid maxpacket 16384, setting to 1024
[   31.457711][    T5] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[   31.468490][   T54] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0xA has invalid maxpacket 1024
[   31.485408][  T305] bridge0: port 1(bridge_slave_0) entered disabled state
[   31.492808][  T305] bridge0: port 2(bridge_slave_1) entered disabled state
[   31.502582][  T305] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   31.510730][  T305] bridge0: port 1(bridge_slave_0) entered blocking state
[   31.517571][  T305] bridge0: port 1(bridge_slave_0) entered forwarding state
[   31.525787][  T305] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   31.533767][  T305] bridge0: port 2(bridge_slave_1) entered blocking state
[   31.540603][  T305] bridge0: port 2(bridge_slave_1) entered forwarding state
[   31.551867][  T305] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   31.562105][  T305] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   31.574648][  T305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   31.585008][  T305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   31.593102][  T305] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   31.600552][  T305] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   31.610249][  T721] device veth0_vlan entered promiscuous mode
[   31.619757][  T305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   31.627616][   T20] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   31.629113][  T721] device veth1_macvtap entered promiscuous mode
[   31.645081][  T305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   31.646273][   T54] usb 3-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00
[   31.662168][   T54] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   31.670167][   T54] usb 3-1: Product: syz
[   31.674130][   T54] usb 3-1: Manufacturer: syz
[   31.678938][   T54] usb 3-1: SerialNumber: syz
[   31.685887][   T54] usb 3-1: config 0 descriptor??
[   31.691768][  T562] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   31.726713][   T54] ums-isd200 3-1:0.0: USB Mass Storage device detected
[   31.734270][    T9] device bridge_slave_1 left promiscuous mode
[   31.740315][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   31.747812][    T9] device bridge_slave_0 left promiscuous mode
[   31.753729][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   31.761981][    T9] device veth1_macvtap left promiscuous mode
[   31.856321][    T5] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   31.866370][    T5] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[   31.976992][    T5] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[   31.985844][    T5] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[   31.993728][    T5] usb 5-1: SerialNumber: syz
[   31.993851][   T54] scsi host1: usb-storage 3-1:0.0
[   32.012275][   T54] usb 3-1: USB disconnect, device number 4
[   32.026397][   T20] usb 1-1: unable to get BOS descriptor or descriptor too short
[   32.116215][   T20] usb 1-1: config 3 has an invalid interface number: 19 but max is 0
[   32.124297][   T20] usb 1-1: config 3 has no interface number 0
[   32.130472][   T20] usb 1-1: config 3 interface 19 altsetting 9 bulk endpoint 0x8E has invalid maxpacket 32
[   32.140592][   T20] usb 1-1: config 3 interface 19 altsetting 9 bulk endpoint 0xC has invalid maxpacket 64
[   32.150492][   T20] usb 1-1: config 3 interface 19 has no altsetting 0
[   32.276938][    T5] usb 5-1: 0:2 : does not exist
[   32.316272][   T20] usb 1-1: New USB device found, idVendor=067b, idProduct=2303, bcdDevice=53.f5
[   32.325290][   T20] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   32.333301][   T20] usb 1-1: Product: syz
[   32.337444][   T20] usb 1-1: Manufacturer: syz
[   32.341876][   T20] usb 1-1: SerialNumber: syz
[   32.366241][  T723] raw-gadget.2 gadget: fail, usb_ep_enable returned -22
[   32.373140][  T723] raw-gadget.2 gadget: fail, usb_ep_enable returned -22
[   32.501330][    T5] usb 5-1: USB disconnect, device number 4
[   32.666578][   T20] pl2303 1-1:3.19: required interrupt-in endpoint missing
[   32.673872][  T737] VFS: Lookup of 'file0' in fuse fuse would have caused loop
[   32.686484][   T20] usb 1-1: USB disconnect, device number 3
[   32.819251][  T745] EXT4-fs (loop4): Mount option "nouser_xattr" will be removed by 3.5
[   32.819251][  T745] Contact linux-ext4@vger.kernel.org if you think we should keep it.
[   32.819251][  T745] 
[   32.848602][  T745] EXT4-fs error (device loop4) in ext4_do_update_inode:5303: error 27
[   32.857194][  T745] EXT4-fs (loop4): Remounting filesystem read-only
[   32.863660][  T745] EXT4-fs error (device loop4): ext4_dirty_inode:6107: inode #3: comm syz.4.132: mark_inode_dirty error
[   32.875551][  T745] EXT4-fs error (device loop4) in ext4_do_update_inode:5303: error 27
[   32.883702][  T745] EXT4-fs error (device loop4): __ext4_ext_dirty:182: inode #3: comm syz.4.132: mark_inode_dirty error
[   32.897035][  T745] EXT4-fs error (device loop4): ext4_acquire_dquot:6219: comm syz.4.132: Failed to acquire dquot type 0
[   32.908228][  T745] EXT4-fs (loop4): 1 truncate cleaned up
[   32.913681][  T745] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,nouser_xattr,
[   32.923825][  T745] ext4 filesystem being mounted at /30/file1 supports timestamps until 2038 (0x7fffffff)
[   32.966175][  T375] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[   33.112202][  T755] syz.0.136[755] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   33.112291][  T755] syz.0.136[755] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   33.176391][    T5] Bluetooth: hci0: command 0x1001 tx timeout
[   33.196592][  T638] Bluetooth: hci0: sending frame failed (-49)
[   33.248307][  T761] device syzkaller0 entered promiscuous mode
[   33.347202][  T375] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   33.357484][  T375] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[   33.369047][  T757] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[   33.386311][  T757] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[   33.395215][  T757] F2FS-fs (loop4): invalid crc value
[   33.417372][  T757] F2FS-fs (loop4): Found nat_bits in checkpoint
[   33.446265][  T375] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[   33.457193][  T757] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[   33.464340][  T375] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[   33.476231][  T757] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   33.486835][  T375] usb 4-1: SerialNumber: syz
[   33.512300][  T757] attempt to access beyond end of device
[   33.512300][  T757] loop4: rw=2049, want=45104, limit=40427
[   33.524528][  T757] attempt to access beyond end of device
[   33.524528][  T757] loop4: rw=2049, want=45112, limit=40427
[   33.544721][  T757] attempt to access beyond end of device
[   33.544721][  T757] loop4: rw=2049, want=45112, limit=40427
[   33.563129][  T757] attempt to access beyond end of device
[   33.563129][  T757] loop4: rw=2049, want=45160, limit=40427
[   33.590894][  T757] attempt to access beyond end of device
[   33.590894][  T757] loop4: rw=2049, want=45104, limit=40427
[   33.611093][  T111] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[   33.620403][  T111] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[   33.777722][  T375] usb 4-1: 0:2 : does not exist
[   34.056306][   T15] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[   34.198931][  T375] usb 4-1: USB disconnect, device number 4
[   34.296274][   T20] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[   34.296305][   T15] usb 3-1: Using ep0 maxpacket: 16
[   34.426233][   T15] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   34.436921][   T15] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   34.446454][   T15] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[   34.459035][   T15] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[   34.467894][   T15] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   34.476485][   T15] usb 3-1: config 0 descriptor??
[   34.486204][   T54] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   34.536878][   T20] usb 5-1: Using ep0 maxpacket: 8
[   34.656210][   T20] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[   34.664342][   T20] usb 5-1: config 179 has no interface number 0
[   34.670498][   T20] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[   34.681349][   T20] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[   34.692326][   T20] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[   34.703395][   T20] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[   34.714868][   T20] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[   34.728291][   T20] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[   34.728304][   T20] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   34.750551][   T24] kauditd_printk_skb: 84 callbacks suppressed
[   34.750562][   T24] audit: type=1400 audit(1728527133.190:338): avc:  denied  { ioctl } for  pid=813 comm="syz.3.157" path="socket:[17825]" dev="sockfs" ino=17825 ioctlcmd=0x48d2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   34.756476][  T805] raw-gadget.2 gadget: fail, usb_ep_enable returned -22
[   34.856370][   T54] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   34.867162][   T54] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   34.876760][   T54] usb 1-1: New USB device found, idVendor=04b4, idProduct=07b1, bcdDevice= 0.00
[   34.885530][   T54] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   34.894086][   T54] usb 1-1: config 0 descriptor??
[   34.947128][   T15] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0
[   34.954225][   T15] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0
[   34.961277][   T15] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0
[   34.968264][   T15] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0
[   34.975246][   T15] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0
[   34.982334][   T15] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0
[   34.989353][   T15] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0
[   34.996382][   T15] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0
[   34.996884][  T403] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input7
[   35.003458][   T15] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0
[   35.003473][   T15] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0
[   35.020209][   T24] audit: type=1400 audit(1728527133.450:339): avc:  denied  { read } for  pid=79 comm="acpid" name="event3" dev="devtmpfs" ino=480 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   35.029968][   T15] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.0003/input/input8
[   35.049901][   T24] audit: type=1400 audit(1728527133.450:340): avc:  denied  { open } for  pid=79 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=480 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   35.067373][   T15] microsoft 0003:045E:07DA.0003: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0
[   35.086943][   T24] audit: type=1400 audit(1728527133.450:341): avc:  denied  { ioctl } for  pid=79 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=480 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   35.174005][  T403] usb 3-1: USB disconnect, device number 5
[   35.186643][  T805] udc-core: couldn't find an available UDC or it's busy
[   35.193423][  T805] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[   35.256275][  T375] Bluetooth: hci0: command 0x1009 tx timeout
[   35.377028][   T54] cypress 0003:04B4:07B1.0004: unknown main item tag 0x6
[   35.383968][   T54] cypress 0003:04B4:07B1.0004: item fetching failed at offset 4/5
[   35.391778][   T54] cypress 0003:04B4:07B1.0004: parse failed
[   35.397566][   T54] cypress: probe of 0003:04B4:07B1.0004 failed with error -22
[   35.406558][  T375] usb 5-1: USB disconnect, device number 5
[   35.416232][    C1] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[   35.424321][  T375] xpad 5-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[   35.579037][  T403] usb 1-1: USB disconnect, device number 4
[   35.927534][  T822] EXT4-fs (loop4): Test dummy encryption mode enabled
[   35.934418][  T822] EXT4-fs (loop4): Ignoring removed orlov option
[   35.943694][  T822] EXT4-fs (loop4): mounted filesystem without journal. Opts: test_dummy_encryption,debug_want_extra_isize=0x0000000000000084,stripe=0x0000000000000007,commit=0x0000000000000005,orlov,barrier=0x0000000000000005,max_batch_time=0x0000000000000000,data_err=abort,,errors=continue
[   35.979324][  T822] fscrypt: AES-256-XTS using implementation "xts-aes-aesni"
[   35.988427][   T24] audit: type=1400 audit(1728527134.420:342): avc:  denied  { map } for  pid=821 comm="syz.4.159" path="/42/file0/blkio.bfq.io_queued_recursive" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   36.012657][   T24] audit: type=1400 audit(1728527134.420:343): avc:  denied  { execute } for  pid=821 comm="syz.4.159" path="/42/file0/blkio.bfq.io_queued_recursive" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   36.071717][  T828] SELinux: security_context_str_to_sid(system_u) failed for (dev 9p, type 9p) errno=-22
[   36.227066][  T834] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000000,minixdf,,errors=continue
[   36.240790][  T834] ext4 filesystem being mounted at /45/bus supports timestamps until 2038 (0x7fffffff)
[   36.263266][   T24] audit: type=1400 audit(1728527134.690:344): avc:  denied  { create } for  pid=833 comm="syz.4.163" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   36.376342][  T375] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[   36.636236][  T375] usb 1-1: Using ep0 maxpacket: 16
[   36.756217][  T375] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   36.766942][  T375] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   36.776468][  T375] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[   36.789070][  T375] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[   36.797928][  T375] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   36.806373][  T375] usb 1-1: config 0 descriptor??
[   36.811172][  T292] Bluetooth: hci1: command 0x1003 tx timeout
[   36.817002][  T815] Bluetooth: hci1: sending frame failed (-49)
[   36.966195][  T292] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[   37.287194][  T375] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[   37.294249][  T375] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[   37.301336][  T375] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[   37.308308][  T375] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[   37.315308][  T375] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[   37.322405][  T375] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[   37.329388][  T375] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[   37.336480][  T292] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[   37.347382][  T375] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[   37.354378][  T375] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[   37.361491][  T375] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[   37.371217][  T375] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:045E:07DA.0005/input/input9
[   37.383186][  T375] microsoft 0003:045E:07DA.0005: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0
[   37.498000][  T403] usb 1-1: USB disconnect, device number 5
[   37.516244][  T292] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   37.525145][  T292] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   37.533297][  T292] usb 5-1: Product: syz
[   37.537469][  T292] usb 5-1: Manufacturer: syz
[   37.541868][  T292] usb 5-1: SerialNumber: syz
[   37.668860][  T852] F2FS-fs (loop2): Invalid SB checksum offset: 0
[   37.675646][  T852] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock
[   37.685845][  T852] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[   37.705405][  T852] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0
[   37.712341][  T852] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   37.730184][  T852] attempt to access beyond end of device
[   37.730184][  T852] loop2: rw=2049, want=53256, limit=40427
[   37.741655][  T852] attempt to access beyond end of device
[   37.741655][  T852] loop2: rw=2049, want=53264, limit=40427
[   37.753973][  T852] attempt to access beyond end of device
[   37.753973][  T852] loop2: rw=2049, want=53336, limit=40427
[   37.768833][  T631] attempt to access beyond end of device
[   37.768833][  T631] loop2: rw=2049, want=45104, limit=40427
[   37.957301][  T865] EXT4-fs (loop2): mounted filesystem without journal. Opts: commit=0x0000000000000005,,errors=continue
[   37.973794][  T865] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   38.030163][  T873] tipc: Started in network mode
[   38.034969][  T873] tipc: Own node identity aaaaaaaaaa1, cluster identity 4711
[   38.042451][  T873] tipc: Enabled bearer <eth:gretap0>, priority 10
[   38.050032][  T873] tipc: Enabling of bearer <eth:team0> rejected, failed to enable media
[   38.059540][  T873] tipc: New replicast peer: 100.1.1.1
[   38.064802][  T873] tipc: Enabled bearer <udp:syz2>, priority 10
[   38.090712][   T24] audit: type=1400 audit(1728527136.520:345): avc:  denied  { name_bind } for  pid=874 comm="syz.0.174" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[   38.386187][  T375] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[   38.686257][  T292] cdc_ncm 5-1:1.0: MAC-Address: 42:42:42:42:42:42
[   38.692524][  T292] cdc_ncm 5-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[   38.699710][  T292] cdc_ncm 5-1:1.0: setting rx_max = 2048
[   38.746200][  T375] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   38.756094][  T375] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[   38.836297][  T375] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[   38.845184][  T375] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[   38.852979][  T375] usb 3-1: SerialNumber: syz
[   38.866201][  T403] Bluetooth: hci1: command 0x1001 tx timeout
[   38.872070][  T815] Bluetooth: hci1: sending frame failed (-49)
[   38.896273][  T292] cdc_ncm 5-1:1.0: setting tx_max = 16384
[   38.905575][  T292] cdc_ncm 5-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.4-1, CDC NCM, 42:42:42:42:42:42
[   38.931668][  T292] usb 5-1: USB disconnect, device number 6
[   38.941052][  T292] cdc_ncm 5-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.4-1, CDC NCM
[   38.954359][  T882] device pim6reg1 entered promiscuous mode
[   39.073059][   T24] audit: type=1400 audit(1728527137.500:346): avc:  denied  { read } for  pid=912 comm="syz-executor" dev="nsfs" ino=4026531999 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   39.116802][  T916] SELinux: security_context_str_to_sid(unconfined_u) failed for (dev incremental-fs, type incremental-fs) errno=-22
[   39.120951][   T24] audit: type=1400 audit(1728527137.530:347): avc:  denied  { open } for  pid=912 comm="syz-executor" path="net:[4026531999]" dev="nsfs" ino=4026531999 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   39.152434][  T375] usb 3-1: 0:2 : does not exist
[   39.159255][  T912] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.166642][  T912] bridge0: port 1(bridge_slave_0) entered disabled state
[   39.173872][  T912] device bridge_slave_0 entered promiscuous mode
[   39.174256][    T5] tipc: 32-bit node address hash set to aaaaba00
[   39.181232][  T912] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.193173][  T912] bridge0: port 2(bridge_slave_1) entered disabled state
[   39.196673][  T375] usb 3-1: USB disconnect, device number 6
[   39.200622][  T912] device bridge_slave_1 entered promiscuous mode
[   39.259006][  T925] device pim6reg1 entered promiscuous mode
[   39.271378][  T912] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.278244][  T912] bridge0: port 2(bridge_slave_1) entered forwarding state
[   39.285313][  T912] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.292554][  T912] bridge0: port 1(bridge_slave_0) entered forwarding state
[   39.309792][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   39.317275][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   39.324413][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   39.333632][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   39.341717][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.348559][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   39.366006][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   39.375632][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.382514][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   39.390178][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   39.428156][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   39.437810][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   39.445635][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   39.453471][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   39.461120][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   39.469610][  T912] device veth0_vlan entered promiscuous mode
[   39.482295][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   39.492068][  T912] device veth1_macvtap entered promiscuous mode
[   39.501098][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   39.510807][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   39.597402][  T932] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   39.692073][  T940] incfs_lookup_dentry err:-14
[   39.696782][  T940] incfs: Can't find or create .incomplete dir in ./file0
[   39.703885][  T940] incfs: mount failed -14
[   39.737032][  T944] syz.1.190[944] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   39.737096][  T944] syz.1.190[944] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   39.868358][   T24] kauditd_printk_skb: 32 callbacks suppressed
[   39.868369][   T24] audit: type=1400 audit(1728527138.300:380): avc:  denied  { name_bind } for  pid=957 comm="syz.2.193" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1
[   39.925990][   T24] audit: type=1326 audit(1728527138.340:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=958 comm="syz.1.194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca54127ff9 code=0x7ffc0000
[   39.949313][   T24] audit: type=1326 audit(1728527138.340:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=958 comm="syz.1.194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7fca54127ff9 code=0x7ffc0000
[   39.972550][   T24] audit: type=1326 audit(1728527138.340:383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=958 comm="syz.1.194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca54127ff9 code=0x7ffc0000
[   39.995755][   T24] audit: type=1326 audit(1728527138.340:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=958 comm="syz.1.194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca54127ff9 code=0x7ffc0000
[   40.032569][   T24] audit: type=1326 audit(1728527138.340:385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=958 comm="syz.1.194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fca54127ff9 code=0x7ffc0000
[   40.057117][   T24] audit: type=1326 audit(1728527138.340:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=958 comm="syz.1.194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca54127ff9 code=0x7ffc0000
[   40.057150][  T964] device pim6reg1 entered promiscuous mode
[   40.080366][   T24] audit: type=1326 audit(1728527138.340:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=958 comm="syz.1.194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca54127ff9 code=0x7ffc0000
[   40.109097][   T24] audit: type=1326 audit(1728527138.340:388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=958 comm="syz.1.194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=285 compat=0 ip=0x7fca54127ff9 code=0x7ffc0000
[   40.132235][   T24] audit: type=1326 audit(1728527138.340:389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=958 comm="syz.1.194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=96 compat=0 ip=0xffffffffff600000 code=0x7ffc0000
[   40.159839][  T967] EXT4-fs (loop2): Test dummy encryption mode enabled
[   40.170814][  T967] EXT4-fs (loop2): Ignoring removed orlov option
[   40.181053][  T967] EXT4-fs (loop2): mounted filesystem without journal. Opts: test_dummy_encryption,debug_want_extra_isize=0x0000000000000084,inlinecrypt,commit=0x0000000000000005,orlov,barrier=0x0000000000000005,max_batch_time=0x0000000000000000,data_err=abort,,errors=continue
[   40.231262][  T973] device syzkaller0 entered promiscuous mode
[   40.287325][  T979] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   40.296889][  T979] tipc: Disabling bearer <eth:syzkaller0>
[   40.457172][    T9] device bridge_slave_1 left promiscuous mode
[   40.463376][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   40.471737][    T9] device bridge_slave_0 left promiscuous mode
[   40.478003][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   40.488524][    T9] device veth1_macvtap left promiscuous mode
[   40.494366][    T9] device veth0_vlan left promiscuous mode
[   40.617322][  T999] bridge0: port 2(bridge_slave_1) entered disabled state
[   40.624263][  T999] bridge0: port 1(bridge_slave_0) entered disabled state
[   40.632702][  T996] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   40.636739][  T999] device bridge_slave_1 left promiscuous mode
[   40.642645][  T996] ext4 filesystem being mounted at /51/file0 supports timestamps until 2038 (0x7fffffff)
[   40.647763][  T999] bridge0: port 2(bridge_slave_1) entered disabled state
[   40.666805][  T999] device bridge_slave_0 left promiscuous mode
[   40.672990][  T999] bridge0: port 1(bridge_slave_0) entered disabled state
[   40.788988][ T1007] syz.4.212[1007] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   40.789037][ T1007] syz.4.212[1007] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   40.804688][ T1003] EXT4-fs (loop0): Test dummy encryption mode enabled
[   40.822651][ T1003] EXT4-fs (loop0): Ignoring removed orlov option
[   40.831171][ T1003] EXT4-fs (loop0): mounted filesystem without journal. Opts: test_dummy_encryption,debug_want_extra_isize=0x0000000000000084,inlinecrypt,commit=0x0000000000000005,orlov,barrier=0x0000000000000005,max_batch_time=0x0000000000000000,data_err=abort,,errors=continue
[   40.936585][  T306] Bluetooth: hci1: command 0x1009 tx timeout
[   40.953456][ T1014] EXT4-fs (loop2): Quota format mount options ignored when QUOTA feature is enabled
[   40.962861][ T1014] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[   40.977098][ T1014] EXT4-fs (loop2): warning: checktime reached, running e2fsck is recommended
[   40.988005][ T1014] EXT4-fs error (device loop2): ext4_orphan_get:1391: inode #16: comm syz.2.213: iget: bogus i_mode (5)
[   40.999183][ T1014] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.213: couldn't read orphan inode 16 (err -117)
[   41.011098][ T1014] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,jqfmt=vfsold,noquota,errors=remount-ro,stripe=0x0000000000000079,resgid=0x0000000000000000,data_err=ignore,init_itable,errors=continue,
[   41.065550][ T1023] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   41.075594][ T1023] ext4 filesystem being mounted at /54/mnt supports timestamps until 2038 (0x7fffffff)
[   41.094362][ T1013] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5897: Corrupt filesystem
[   41.116395][ T1013] EXT4-fs error (device loop2): __ext4_ext_dirty:182: inode #18: comm syz.2.213: mark_inode_dirty error
[   41.135546][ T1013] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5897: Corrupt filesystem
[   41.146361][ T1013] EXT4-fs error (device loop2): __ext4_ext_dirty:182: inode #18: comm syz.2.213: mark_inode_dirty error
[   41.157569][ T1013] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5897: Corrupt filesystem
[   41.171982][ T1013] EXT4-fs error (device loop2): __ext4_ext_dirty:182: inode #18: comm syz.2.213: mark_inode_dirty error
[   41.184077][ T1013] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5897: Corrupt filesystem
[   41.194035][ T1013] EXT4-fs error (device loop2): __ext4_ext_dirty:182: inode #18: comm syz.2.213: mark_inode_dirty error
[   41.197954][ T1017] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[   41.207481][ T1013] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5897: Corrupt filesystem
[   41.222180][ T1017] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[   41.234118][ T1013] EXT4-fs error (device loop2): __ext4_ext_dirty:182: inode #18: comm syz.2.213: mark_inode_dirty error
[   41.245694][ T1017] F2FS-fs (loop4): invalid crc value
[   41.280088][ T1017] F2FS-fs (loop4): Found nat_bits in checkpoint
[   41.336418][ T1017] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[   41.344495][  T562] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 117
[   41.360056][ T1017] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   41.368698][  T562] EXT4-fs (loop2): This should not happen!! Data will be lost
[   41.368698][  T562] 
[   41.522729][ T1046] tmpfs: Unknown parameter 'f'
[   41.614585][ T1053] syz.0.225[1053] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   41.614624][ T1053] syz.0.225[1053] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   41.629388][ T1050] bridge0: port 1(bridge_slave_0) entered blocking state
[   41.648210][ T1050] bridge0: port 1(bridge_slave_0) entered disabled state
[   41.660954][ T1050] device bridge_slave_0 entered promiscuous mode
[   41.669939][ T1050] bridge0: port 2(bridge_slave_1) entered blocking state
[   41.676823][ T1050] bridge0: port 2(bridge_slave_1) entered disabled state
[   41.684084][ T1050] device bridge_slave_1 entered promiscuous mode
[   41.694270][ T1058] EXT4-fs (loop1): Test dummy encryption mode enabled
[   41.703546][ T1058] EXT4-fs (loop1): Ignoring removed orlov option
[   41.721842][ T1058] EXT4-fs (loop1): mounted filesystem without journal. Opts: test_dummy_encryption,debug_want_extra_isize=0x0000000000000084,inlinecrypt,commit=0x0000000000000005,orlov,barrier=0x0000000000000005,max_batch_time=0x0000000000000000,data_err=abort,,errors=continue
[   41.739901][ T1050] bridge0: port 2(bridge_slave_1) entered blocking state
[   41.753352][ T1050] bridge0: port 2(bridge_slave_1) entered forwarding state
[   41.760452][ T1050] bridge0: port 1(bridge_slave_0) entered blocking state
[   41.767243][ T1050] bridge0: port 1(bridge_slave_0) entered forwarding state
[   41.826219][  T562] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   41.833571][  T562] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   41.841959][  T562] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   41.850808][  T562] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   41.858830][  T562] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   41.881294][  T305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   41.894339][ T1050] device veth0_vlan entered promiscuous mode
[   41.906530][ T1050] device veth1_macvtap entered promiscuous mode
[   41.913347][  T305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   41.921893][  T305] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   41.929378][  T305] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   41.936832][  T305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   41.950596][  T305] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   41.958658][  T305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   41.967911][  T305] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   41.975895][  T305] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   42.101695][    T9] device bridge_slave_1 left promiscuous mode
[   42.108024][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   42.115317][    T9] device bridge_slave_0 left promiscuous mode
[   42.123326][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   42.131075][    T9] device veth1_macvtap left promiscuous mode
[   42.136943][    T9] device veth0_vlan left promiscuous mode
[   42.306268][    T5] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[   42.546192][    T5] usb 2-1: Using ep0 maxpacket: 32
[   42.676222][    T5] usb 2-1: config index 0 descriptor too short (expected 29220, got 36)
[   42.684424][    T5] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[   42.692820][    T5] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81
[   42.701797][    T5] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[   42.711267][    T5] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[   42.720711][    T5] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[   42.733481][    T5] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[   42.742318][    T5] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   42.751627][    T5] usb 2-1: config 0 descriptor??
[   43.027513][    T5] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 9 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[   43.038909][    T5] usb 2-1: USB disconnect, device number 9
[   43.045441][    T5] usblp0: removed
[   43.094176][ T1098] syz.2.238[1098] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   43.094219][ T1098] syz.2.238[1098] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   43.122371][ T1100] device syzkaller0 entered promiscuous mode
[   43.466195][  T375] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[   43.507039][ T1115] F2FS-fs (loop2): Fix alignment : done, start(4096) end(16896) block(12288)
[   43.515708][ T1115] F2FS-fs (loop2): Mismatch start address, segment0(0) cp_blkaddr(512)
[   43.523770][ T1115] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock
[   43.532437][ T1115] F2FS-fs (loop2): invalid crc value
[   43.538811][ T1115] F2FS-fs (loop2): Found nat_bits in checkpoint
[   43.561169][ T1115] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0
[   43.568095][ T1115] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   43.585178][ T1117] attempt to access beyond end of device
[   43.585178][ T1117] loop2: rw=2049, want=45104, limit=40427
[   43.606297][    T5] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[   43.866194][    T5] usb 2-1: Using ep0 maxpacket: 32
[   43.886302][  T375] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   43.896521][  T375] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[   43.996290][  T375] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[   44.005174][  T375] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[   44.012950][  T375] usb 5-1: SerialNumber: syz
[   44.017437][    T5] usb 2-1: config index 0 descriptor too short (expected 29220, got 36)
[   44.025756][    T5] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[   44.034430][    T5] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81
[   44.043209][    T5] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[   44.052680][    T5] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[   44.062264][    T5] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[   44.075296][    T5] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[   44.084160][    T5] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   44.092509][    T5] usb 2-1: config 0 descriptor??
[   44.306830][  T375] usb 5-1: 0:2 : does not exist
[   44.311498][  T375] usb 5-1: unit 5: unexpected type 0x0d
[   44.318380][  T375] usb 5-1: USB disconnect, device number 7
[   44.325715][  T314] udevd[314]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[   44.341960][    T5] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 10 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[   44.760343][ T1134] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.767228][ T1134] bridge0: port 1(bridge_slave_0) entered disabled state
[   44.774278][ T1134] device bridge_slave_0 entered promiscuous mode
[   44.781706][ T1134] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.788945][ T1134] bridge0: port 2(bridge_slave_1) entered disabled state
[   44.789345][ T1134] device bridge_slave_1 entered promiscuous mode
[   44.806630][    T5] usb 2-1: USB disconnect, device number 10
[   44.807680][    T5] usblp0: removed
[   44.830928][ T1134] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.830938][ T1134] bridge0: port 2(bridge_slave_1) entered forwarding state
[   44.830994][ T1134] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.831002][ T1134] bridge0: port 1(bridge_slave_0) entered forwarding state
[   44.844141][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   44.844489][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   44.897658][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   44.913002][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   44.924903][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.931798][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   44.937337][ T1141] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[   44.949295][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   44.957860][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.964682][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   44.972347][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   44.980953][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   44.995783][  T305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   45.008827][ T1134] device veth0_vlan entered promiscuous mode
[   45.015008][  T305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   45.023587][  T305] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   45.031254][  T305] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   45.050137][ T1134] device veth1_macvtap entered promiscuous mode
[   45.057073][  T305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   45.069949][  T305] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   45.078108][  T305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   45.090877][  T305] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   45.099559][  T305] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   45.138582][   T24] kauditd_printk_skb: 28 callbacks suppressed
[   45.138594][   T24] audit: type=1400 audit(1728527143.570:418): avc:  denied  { read } for  pid=1150 comm="syz.2.262" name="usbmon7" dev="devtmpfs" ino=155 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   45.169403][   T24] audit: type=1400 audit(1728527143.600:419): avc:  denied  { open } for  pid=1150 comm="syz.2.262" path="/dev/usbmon7" dev="devtmpfs" ino=155 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   45.199387][   T24] audit: type=1400 audit(1728527143.600:420): avc:  denied  { ioctl } for  pid=1150 comm="syz.2.262" path="/dev/usbmon7" dev="devtmpfs" ino=155 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   45.335345][   T24] audit: type=1400 audit(1728527143.760:421): avc:  denied  { setopt } for  pid=1158 comm="syz.4.255" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   45.368093][ T1164] syz.1.253[1164] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   45.368150][ T1164] syz.1.253[1164] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   45.381527][   T24] audit: type=1400 audit(1728527143.820:422): avc:  denied  { ioctl } for  pid=1158 comm="syz.4.255" path="socket:[19095]" dev="sockfs" ino=19095 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   45.436266][   T24] audit: type=1400 audit(1728527143.820:423): avc:  denied  { write } for  pid=1158 comm="syz.4.255" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   45.456997][ T1161] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,debug_want_extra_isize=0x0000000000000088,resuid=0x0000000000000000,max_batch_time=0x0000000000000003,lazytime,usrquota,data_err=abort,data_err=abort,,errors=continue
[   45.643366][   T24] audit: type=1400 audit(1728527144.070:424): avc:  denied  { map } for  pid=1180 comm="syz.1.261" path="socket:[19153]" dev="sockfs" ino=19153 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[   45.671198][ T1169] F2FS-fs (loop4): Invalid SB checksum offset: 0
[   45.682295][ T1169] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[   45.692364][   T24] audit: type=1400 audit(1728527144.110:425): avc:  denied  { read accept } for  pid=1180 comm="syz.1.261" path="socket:[19153]" dev="sockfs" ino=19153 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[   45.720603][ T1169] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[   45.732078][    T9] device bridge_slave_1 left promiscuous mode
[   45.738248][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   45.748440][    T9] device bridge_slave_0 left promiscuous mode
[   45.754657][ T1169] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0
[   45.759380][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   45.767246][ T1169] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   45.787319][ T1181] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[   45.797621][    T9] device veth1_macvtap left promiscuous mode
[   45.805923][ T1169] attempt to access beyond end of device
[   45.805923][ T1169] loop4: rw=2049, want=53256, limit=40427
[   45.817444][    T9] device veth0_vlan left promiscuous mode
[   45.857306][ T1169] attempt to access beyond end of device
[   45.857306][ T1169] loop4: rw=2049, want=53264, limit=40427
[   45.875845][   T24] audit: type=1400 audit(1728527144.300:426): avc:  denied  { unmount } for  pid=912 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[   45.916346][ T1169] attempt to access beyond end of device
[   45.916346][ T1169] loop4: rw=2049, want=53336, limit=40427
[   45.985257][  T287] attempt to access beyond end of device
[   45.985257][  T287] loop4: rw=2049, want=45104, limit=40427
[   46.144776][ T1199] EXT4-fs (loop1): Ignoring removed orlov option
[   46.151111][ T1199] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option
[   46.208058][ T1199] EXT4-fs (loop1): mounted filesystem without journal. Opts: discard,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue
[   46.496606][   T24] audit: type=1400 audit(1728527144.930:427): avc:  denied  { bind } for  pid=1218 comm="syz.0.274" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   46.530484][ T1215] EXT4-fs (loop1): Unrecognized mount option "permit_directio" or missing value
[   46.586223][  T306] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[   46.716636][ T1233] EXT4-fs (loop0): Ignoring removed orlov option
[   46.723189][ T1233] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[   46.737336][ T1233] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000008,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue
[   46.867053][ T1246] netlink: 24 bytes leftover after parsing attributes in process `syz.0.283'.
[   46.886174][  T375] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[   46.933587][  T562] Bluetooth: hci0: Frame reassembly failed (-84)
[   46.941015][ T1248] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   46.949914][ T1248] ext4 filesystem being mounted at /67/file0 supports timestamps until 2038 (0x7fffffff)
[   46.966634][  T306] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   46.982720][  T306] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   46.992695][  T306] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[   47.001717][  T306] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   47.013036][  T306] usb 5-1: config 0 descriptor??
[   47.050948][  T283] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /67/file0: bad entry in directory: rec_len is smaller than minimal - offset=108, inode=646161, rec_len=0, size=4096 fake=0
[   47.126256][  T375] usb 2-1: Using ep0 maxpacket: 8
[   47.246234][  T375] usb 2-1: config 135 has an invalid interface number: 230 but max is 0
[   47.254557][  T375] usb 2-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config
[   47.265208][  T375] usb 2-1: config 135 has no interface number 0
[   47.271484][  T375] usb 2-1: config 135 interface 230 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[   47.320457][ T1268] EXT4-fs (loop0): 1 truncate cleaned up
[   47.325983][ T1268] EXT4-fs (loop0): mounted filesystem without journal. Opts: noauto_da_alloc,quota,noload,jqfmt=vfsold,,errors=continue
[   47.349686][ T1268] ªªªªªª: renamed from vlan0
[   47.436243][  T375] usb 2-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a
[   47.445163][  T375] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   47.455087][  T375] usb 2-1: Product: syz
[   47.461559][  T375] usb 2-1: Manufacturer: syz
[   47.465971][  T375] usb 2-1: SerialNumber: syz
[   47.536396][  T306] hid (null): bogus close delimiter
[   47.746243][  T375] uvcvideo: Found UVC 0.00 device syz (18ec:3288)
[   47.752819][ T1277] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[   47.760423][ T1277] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[   47.766250][  T375] uvcvideo: Failed to query (GET_INFO) UVC control 2 on unit 0: -71 (exp. 1).
[   47.770678][ T1277] F2FS-fs (loop0): Found nat_bits in checkpoint
[   47.796245][  T375] uvcvideo: Failed to query (GET_INFO) UVC control 6 on unit 0: -71 (exp. 1).
[   47.801940][ T1277] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[   47.811912][ T1277] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   47.819437][  T375] uvcvideo: Failed to query (GET_INFO) UVC control 7 on unit 0: -71 (exp. 1).
[   47.839148][ T1277] overlayfs: invalid origin (0000007900656d5f63616368655f66726565000000000000000000000000000000000000000000000000000000000000)
[   47.846273][  T375] uvcvideo: Failed to query (GET_INFO) UVC control 12 on unit 0: -71 (exp. 1).
[   47.863317][  T283] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix.
[   47.863327][  T283] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix.
[   47.870787][  T283] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix.
[   47.878276][  T283] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix.
[   47.878294][  T375] uvcvideo: Failed to query (GET_INFO) UVC control 1 on unit 0: -71 (exp. 1).
[   47.885692][  T283] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix.
[   47.902065][  T283] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix.
[   47.906225][  T375] uvcvideo: Failed to query (GET_INFO) UVC control 5 on unit 0: -71 (exp. 1).
[   47.909669][  T283] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix.
[   47.936217][  T375] uvcvideo: Failed to query (GET_INFO) UVC control 13 on unit 0: -71 (exp. 1).
[   47.966256][  T375] uvcvideo: Failed to query (GET_INFO) UVC control 17 on unit 0: -71 (exp. 1).
[   47.975462][  T375] uvcvideo: No valid video chain found.
[   47.985301][  T375] usb 2-1: USB disconnect, device number 11
[   48.086239][  T306] usb 5-1: string descriptor 0 read error: -71
[   48.097997][ T1285] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   48.106806][ T1285] ext4 filesystem being mounted at /77/file0 supports timestamps until 2038 (0x7fffffff)
[   48.116297][  T306] uclogic 0003:256C:006D.0006: failed retrieving string descriptor #200: -71
[   48.125079][  T306] uclogic 0003:256C:006D.0006: failed retrieving pen parameters: -71
[   48.133373][  T306] uclogic 0003:256C:006D.0006: failed probing pen v2 parameters: -71
[   48.135890][ T1285] EXT4-fs error (device loop0) in ext4_do_update_inode:5303: error 27
[   48.141335][  T306] uclogic 0003:256C:006D.0006: failed probing parameters: -71
[   48.141402][  T306] uclogic: probe of 0003:256C:006D.0006 failed with error -71
[   48.150052][ T1285] EXT4-fs error (device loop0): ext4_dirty_inode:6107: inode #19: comm syz.0.296: mark_inode_dirty error
[   48.157893][  T306] usb 5-1: USB disconnect, device number 8
[   48.167878][ T1285] EXT4-fs error (device loop0) in ext4_do_update_inode:5303: error 27
[   48.190656][ T1285] EXT4-fs error (device loop0): ext4_xattr_delete_inode:2950: inode #19: comm syz.0.296: mark_inode_dirty error
[   48.202569][ T1285] EXT4-fs error (device loop0): ext4_xattr_delete_inode:2953: inode #19: comm syz.0.296: mark inode dirty (error -27)
[   48.214950][ T1285] EXT4-fs warning (device loop0): ext4_evict_inode:303: xattr delete (err -27)
[   48.616515][   T54] usb 1-1: new full-speed USB device number 6 using dummy_hcd
[   48.829619][ T1305] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[   48.837382][ T1305] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[   48.858861][ T1305] F2FS-fs (loop4): invalid crc value
[   48.867304][ T1305] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 39874397669)
[   48.896737][ T1305] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[   48.903599][ T1305] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   48.936460][ T1319] serio: Serial port ptm1
[   48.946205][  T306] Bluetooth: hci0: command 0x1003 tx timeout
[   48.952024][   T40] Bluetooth: hci0: sending frame failed (-49)
[   49.016391][   T54] usb 1-1: too many endpoints for config 0 interface 0 altsetting 3: 253, using maximum allowed: 30
[   49.027495][   T54] usb 1-1: config 0 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 0, changing to 10
[   49.039911][   T54] usb 1-1: config 0 interface 0 altsetting 3 has 2 endpoint descriptors, different from the interface descriptor's value: 253
[   49.052952][   T54] usb 1-1: config 0 interface 0 has no altsetting 0
[   49.059554][   T54] usb 1-1: New USB device found, idVendor=046d, idProduct=c262, bcdDevice= 0.00
[   49.073037][   T54] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   49.081466][   T54] usb 1-1: config 0 descriptor??
[   49.157304][ T1329] device pim6reg1 entered promiscuous mode
[   49.179704][ T1331] device pim6reg1 entered promiscuous mode
[   49.266193][  T432] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[   49.319411][ T1338] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[   49.408071][ T1346] incfs: ino conflict with backing FS 1
[   49.418037][  T912] FAT-fs (loop1): error, corrupted directory (invalid entries)
[   49.425676][  T912] FAT-fs (loop1): error, corrupted directory (invalid entries)
[   49.446209][   T54] usbhid 1-1:0.0: can't add hid device: -71
[   49.452000][   T54] usbhid: probe of 1-1:0.0 failed with error -71
[   49.460082][   T54] usb 1-1: USB disconnect, device number 6
[   49.506282][  T432] usb 3-1: Using ep0 maxpacket: 16
[   49.529645][ T1351] bridge0: port 1(bridge_slave_0) entered blocking state
[   49.536661][ T1351] bridge0: port 1(bridge_slave_0) entered disabled state
[   49.543856][ T1351] device bridge_slave_0 entered promiscuous mode
[   49.552591][ T1351] bridge0: port 2(bridge_slave_1) entered blocking state
[   49.559506][ T1351] bridge0: port 2(bridge_slave_1) entered disabled state
[   49.566762][ T1351] device bridge_slave_1 entered promiscuous mode
[   49.598699][ T1351] bridge0: port 2(bridge_slave_1) entered blocking state
[   49.605530][ T1351] bridge0: port 2(bridge_slave_1) entered forwarding state
[   49.612641][ T1351] bridge0: port 1(bridge_slave_0) entered blocking state
[   49.619432][ T1351] bridge0: port 1(bridge_slave_0) entered forwarding state
[   49.635923][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   49.643352][  T111] bridge0: port 1(bridge_slave_0) entered disabled state
[   49.650743][  T432] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   49.661552][  T111] bridge0: port 2(bridge_slave_1) entered disabled state
[   49.668487][  T432] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[   49.681009][  T432] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[   49.689859][  T432] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   49.699769][  T432] usb 3-1: config 0 descriptor??
[   49.705875][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   49.713894][  T111] bridge0: port 1(bridge_slave_0) entered blocking state
[   49.720746][  T111] bridge0: port 1(bridge_slave_0) entered forwarding state
[   49.729477][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   49.737527][  T111] bridge0: port 2(bridge_slave_1) entered blocking state
[   49.744376][  T111] bridge0: port 2(bridge_slave_1) entered forwarding state
[   49.758344][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   49.767453][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   49.780238][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   49.792696][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   49.800683][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   49.807924][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   49.815747][ T1351] device veth0_vlan entered promiscuous mode
[   49.825123][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   49.835452][ T1351] device veth1_macvtap entered promiscuous mode
[   49.844249][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   49.859525][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   49.967287][  T562] device bridge_slave_1 left promiscuous mode
[   49.973436][  T562] bridge0: port 2(bridge_slave_1) entered disabled state
[   49.981070][  T562] device bridge_slave_0 left promiscuous mode
[   49.987165][  T562] bridge0: port 1(bridge_slave_0) entered disabled state
[   49.995361][  T562] device veth1_macvtap left promiscuous mode
[   50.001321][  T562] device veth0_vlan left promiscuous mode
[   50.113665][ T1371] syz.0.326[1371] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   50.113717][ T1371] syz.0.326[1371] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   50.187201][  T432] microsoft 0003:045E:07DA.0007: No inputs registered, leaving
[   50.219272][  T432] microsoft 0003:045E:07DA.0007: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0
[   50.236056][   T24] kauditd_printk_skb: 8 callbacks suppressed
[   50.236068][   T24] audit: type=1326 audit(1728527148.670:436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1348 comm="syz.4.318" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae84dd1ff9 code=0x7fc00000
[   50.240985][  T432] microsoft 0003:045E:07DA.0007: no inputs found
[   50.243423][   T24] audit: type=1326 audit(1728527148.670:437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1348 comm="syz.4.318" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fae84dd1ff9 code=0x7fc00000
[   50.304332][  T432] microsoft 0003:045E:07DA.0007: could not initialize ff, continuing anyway
[   50.344771][   T24] audit: type=1326 audit(1728527148.670:438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1348 comm="syz.4.318" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae84dd1ff9 code=0x7fc00000
[   50.372684][   T24] audit: type=1326 audit(1728527148.670:439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1348 comm="syz.4.318" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae84dd1ff9 code=0x7fc00000
[   50.406039][   T24] audit: type=1326 audit(1728527148.670:440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1348 comm="syz.4.318" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae84dd1ff9 code=0x7fc00000
[   50.433370][   T24] audit: type=1326 audit(1728527148.670:441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1348 comm="syz.4.318" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae84dd1ff9 code=0x7fc00000
[   50.456923][   T24] audit: type=1326 audit(1728527148.670:442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1348 comm="syz.4.318" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae84dd1ff9 code=0x7fc00000
[   50.480154][   T24] audit: type=1326 audit(1728527148.670:443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1348 comm="syz.4.318" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae84dd1ff9 code=0x7fc00000
[   50.503374][   T24] audit: type=1326 audit(1728527148.670:444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1348 comm="syz.4.318" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae84dd1ff9 code=0x7fc00000
[   50.526510][   T24] audit: type=1326 audit(1728527148.670:445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1348 comm="syz.4.318" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae84dd1ff9 code=0x7fc00000
[   50.727893][   T54] usb 3-1: USB disconnect, device number 7
[   51.026248][   T54] Bluetooth: hci0: command 0x1001 tx timeout
[   51.032142][   T40] Bluetooth: hci0: sending frame failed (-49)
[   51.360448][ T1396] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[   51.368173][   T54] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[   51.372206][ T1396] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[   51.385737][ T1396] F2FS-fs (loop0): Found nat_bits in checkpoint
[   51.416997][ T1400] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[   51.448898][ T1396] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[   51.455757][ T1396] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   51.495942][ T1396] attempt to access beyond end of device
[   51.495942][ T1396] loop0: rw=10241, want=45104, limit=40427
[   51.507536][ T1396] attempt to access beyond end of device
[   51.507536][ T1396] loop0: rw=2049, want=45120, limit=40427
[   51.520169][ T1396] attempt to access beyond end of device
[   51.520169][ T1396] loop0: rw=2049, want=45104, limit=40427
[   51.582428][ T1415] kvm: pic: non byte write
[   51.756239][   T54] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[   51.766172][   T54] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[   51.772524][ T1418] F2FS-fs (loop2): Invalid SB checksum offset: 0
[   51.782259][ T1418] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock
[   51.799987][ T1418] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[   51.815691][ T1431] syz.0.344[1431] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   51.815746][ T1431] syz.0.344[1431] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   51.843204][ T1418] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0
[   51.861622][ T1418] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   51.927123][ T1418] attempt to access beyond end of device
[   51.927123][ T1418] loop2: rw=2049, want=53256, limit=40427
[   51.945467][ T1418] attempt to access beyond end of device
[   51.945467][ T1418] loop2: rw=2049, want=53320, limit=40427
[   51.962225][ T1050] attempt to access beyond end of device
[   51.962225][ T1050] loop2: rw=2049, want=45104, limit=40427
[   51.974013][   T54] usb 2-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[   51.991396][   T54] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   51.999859][   T54] usb 2-1: Product: syz
[   52.003858][   T54] usb 2-1: Manufacturer: syz
[   52.008341][   T54] usb 2-1: SerialNumber: syz
[   52.015482][   T54] usb 2-1: config 0 descriptor??
[   52.036426][ T1390] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[   52.048125][ T1390] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[   52.127141][ T1451] EXT4-fs (loop4): Mount option "noacl" will be removed by 3.5
[   52.127141][ T1451] Contact linux-ext4@vger.kernel.org if you think we should keep it.
[   52.127141][ T1451] 
[   52.134909][    T5] kernel write not supported for file bpf-prog (pid: 5 comm: kworker/0:0)
[   52.153138][ T1451] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   52.164452][ T1451] EXT4-fs (loop4): 1 truncate cleaned up
[   52.169983][ T1451] EXT4-fs (loop4): mounted filesystem without journal. Opts: init_itable,noacl,stripe=0x0000000000000000,,errors=continue
[   52.286926][ T1390] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[   52.293856][ T1390] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[   52.303724][ T1456] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[   52.312839][ T1456] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[   52.323099][ T1456] F2FS-fs (loop2): Found nat_bits in checkpoint
[   52.357835][ T1456] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[   52.364734][ T1456] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   52.376660][ T1462] bridge0: port 1(bridge_slave_0) entered blocking state
[   52.383585][ T1462] bridge0: port 1(bridge_slave_0) entered disabled state
[   52.390998][ T1462] device bridge_slave_0 entered promiscuous mode
[   52.398198][ T1462] bridge0: port 2(bridge_slave_1) entered blocking state
[   52.405083][ T1462] bridge0: port 2(bridge_slave_1) entered disabled state
[   52.412811][ T1462] device bridge_slave_1 entered promiscuous mode
[   52.434830][ T1456] overlayfs: invalid origin (0000)
[   52.450480][ T1050] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix.
[   52.450492][ T1050] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix.
[   52.458403][ T1462] bridge0: port 2(bridge_slave_1) entered blocking state
[   52.458692][ T1050] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix.
[   52.465779][ T1462] bridge0: port 2(bridge_slave_1) entered forwarding state
[   52.487081][ T1462] bridge0: port 1(bridge_slave_0) entered blocking state
[   52.493884][ T1462] bridge0: port 1(bridge_slave_0) entered forwarding state
[   52.524426][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   52.532601][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   52.540858][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   52.550546][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   52.558761][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   52.570946][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   52.583702][ T1462] device veth0_vlan entered promiscuous mode
[   52.591386][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   52.602671][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   52.611206][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   52.622797][ T1462] device veth1_macvtap entered promiscuous mode
[   52.629649][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   52.642469][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   52.651171][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   52.726317][   T54] dm9601: No valid MAC address in EEPROM, using 00:00:00:00:00:00
[   52.966519][  T306] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[   52.973871][   T54] dm9601 2-1:0.0 (unnamed net_device) (uninitialized): Error reading chip ID
[   52.991270][   T54] usb 2-1: USB disconnect, device number 12
[   53.106390][  T399] Bluetooth: hci0: command 0x1009 tx timeout
[   53.216306][  T306] usb 5-1: Using ep0 maxpacket: 32
[   53.306810][    T9] device veth1_macvtap left promiscuous mode
[   53.312665][    T9] device veth0_vlan left promiscuous mode
[   53.547243][  T306] usb 5-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed
[   53.556212][  T306] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   53.563891][  T306] usb 5-1: Product: syz
[   53.568221][  T306] usb 5-1: Manufacturer: syz
[   53.572612][  T306] usb 5-1: SerialNumber: syz
[   53.577737][  T306] usb 5-1: config 0 descriptor??
[   54.286254][  T306] (unnamed net_device) (uninitialized): Assigned a random MAC address: 2a:d4:96:47:bf:12
[   54.297498][  T306] rtl8150 5-1:0.0: eth1: rtl8150 is detected
[   54.487286][   T25] usb 5-1: USB disconnect, device number 9
[   54.496410][  T133] net eth1: rx_urb submit failed: -19
[   56.960714][ T1521] capability: warning: `syz.1.365' uses deprecated v2 capabilities in a way that may be insecure
[   57.017999][ T1515] EXT4-fs (loop4): Ignoring removed nobh option
[   57.031970][ T1515] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   57.048576][ T1524] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.051509][ T1515] EXT4-fs (loop4): mounted filesystem without journal. Opts: nobh,noauto_da_alloc,jqfmt=vfsold,data_err=ignore,noquota,dioread_nolock,init_itable=0x00000000000085c5,nojournal_checksum,jqfmt=vfsv1,,errors=continue
[   57.055571][ T1524] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.084146][ T1524] device bridge_slave_0 entered promiscuous mode
[   57.104336][ T1524] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.111222][ T1524] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.118743][ T1524] device bridge_slave_1 entered promiscuous mode
[   57.164028][ T1524] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.170990][ T1524] bridge0: port 2(bridge_slave_1) entered forwarding state
[   57.178089][ T1524] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.184949][ T1524] bridge0: port 1(bridge_slave_0) entered forwarding state
[   57.212049][ T1541] netlink: 24 bytes leftover after parsing attributes in process `syz.4.370'.
[   57.223660][  T562] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   57.231413][  T562] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.238999][  T562] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.265337][  T562] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   57.297450][  T562] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.304323][  T562] bridge0: port 1(bridge_slave_0) entered forwarding state
[   57.320964][  T562] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   57.356719][  T562] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.363574][  T562] bridge0: port 2(bridge_slave_1) entered forwarding state
[   57.376603][   T24] kauditd_printk_skb: 78 callbacks suppressed
[   57.376614][   T24] audit: type=1400 audit(1728527155.810:524): avc:  denied  { getattr } for  pid=1549 comm="syz.2.376" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[   57.404511][ T1551] overlayfs: statfs failed on './file0'
[   57.422055][ T1555] Zero length message leads to an empty skb
[   57.429387][  T562] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   57.440499][  T562] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   57.456840][ T1557] netlink: 56 bytes leftover after parsing attributes in process `syz.4.377'.
[   57.465542][ T1557] device bridge_slave_1 left promiscuous mode
[   57.472131][ T1557] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.480238][ T1557] device bridge_slave_0 left promiscuous mode
[   57.487385][ T1557] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.536027][  T562] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   57.545520][ T1561] ÿÿÿÿÿÿ: renamed from vlan1
[   57.552544][ T1563] device pim6reg1 entered promiscuous mode
[   57.559091][  T562] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   57.567301][  T562] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   57.574770][  T562] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   57.583501][ T1524] device veth0_vlan entered promiscuous mode
[   57.602085][  T562] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   57.609986][   T24] audit: type=1326 audit(1728527156.030:525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1564 comm="syz.2.382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30217c0ff9 code=0x7ffc0000
[   57.635657][ T1524] device veth1_macvtap entered promiscuous mode
[   57.642751][   T24] audit: type=1326 audit(1728527156.030:526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1564 comm="syz.2.382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f30217c0ff9 code=0x7ffc0000
[   57.666097][   T24] audit: type=1326 audit(1728527156.030:527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1564 comm="syz.2.382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30217c0ff9 code=0x7ffc0000
[   57.698619][  T562] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   57.710699][   T24] audit: type=1326 audit(1728527156.030:528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1564 comm="syz.2.382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f30217c0ff9 code=0x7ffc0000
[   57.738842][   T24] audit: type=1326 audit(1728527156.030:529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1564 comm="syz.2.382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30217c0ff9 code=0x7ffc0000
[   57.764934][   T24] audit: type=1326 audit(1728527156.030:530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1564 comm="syz.2.382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f30217c0ff9 code=0x7ffc0000
[   57.797742][   T24] audit: type=1326 audit(1728527156.030:531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1564 comm="syz.2.382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30217c0ff9 code=0x7ffc0000
[   57.822353][   T24] audit: type=1326 audit(1728527156.030:532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1564 comm="syz.2.382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f30217c0ff9 code=0x7ffc0000
[   57.845906][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   57.888368][   T24] audit: type=1326 audit(1728527156.120:533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1564 comm="syz.2.382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=219 compat=0 ip=0x7f30217c0ff9 code=0x7ffc0000
[   57.890695][ T1579] syz.3.363[1579] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   57.922799][ T1579] syz.3.363[1579] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   58.047312][ T1567] F2FS-fs (loop4): Fix alignment : done, start(4096) end(16896) block(12288)
[   58.086443][ T1567] F2FS-fs (loop4): Mismatch start address, segment0(0) cp_blkaddr(512)
[   58.095373][    T9] device bridge_slave_1 left promiscuous mode
[   58.114436][ T1567] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[   58.116306][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.123366][ T1567] F2FS-fs (loop4): invalid crc value
[   58.137702][    T9] device bridge_slave_0 left promiscuous mode
[   58.143945][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.152286][    T9] device veth1_macvtap left promiscuous mode
[   58.158626][    T9] device veth0_vlan left promiscuous mode
[   58.187042][ T1567] F2FS-fs (loop4): Found nat_bits in checkpoint
[   58.262363][ T1567] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0
[   58.270318][ T1567] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   58.290648][ T1592] attempt to access beyond end of device
[   58.290648][ T1592] loop4: rw=2049, want=45104, limit=40427
[   58.303685][ T1599] ÿÿÿÿÿÿ: renamed from vlan1
[   58.470042][ T1598] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[   58.480198][ T1598] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[   58.489390][ T1598] F2FS-fs (loop2): invalid crc value
[   58.495882][ T1598] F2FS-fs (loop2): Found nat_bits in checkpoint
[   58.530712][ T1598] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[   58.537737][   T20] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[   58.537770][ T1598] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   58.575539][    T9] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[   58.584801][    T9] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[   58.806196][   T20] usb 2-1: Using ep0 maxpacket: 16
[   58.834690][ T1625] Leaked POSIX lock on dev=0x0:0x1f ino=0x2c  fl_owner=ffff888114f2ad80 fl_flags=0x81 fl_type=0x1 fl_pid=1618
[   58.850061][ T1524] Leaked locks on dev=0x0:0x1f ino=0x2c:
[   58.855506][ T1524] POSIX: fl_owner=ffff888114f2ad80 fl_flags=0x81 fl_type=0x1 fl_pid=1618
[   58.869598][ T1630] netlink: 'syz.3.401': attribute type 12 has an invalid length.
[   58.914364][ T1632] syz.3.402[1632] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   58.914403][ T1632] syz.3.402[1632] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   58.936949][   T20] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   58.958847][   T20] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   58.968451][   T20] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[   58.981116][   T20] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[   58.989978][   T20] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   58.998700][   T20] usb 2-1: config 0 descriptor??
[   59.196225][   T25] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[   59.476934][   T20] microsoft 0003:045E:07DA.0008: ignoring exceeding usage max
[   59.485586][   T20] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0
[   59.492643][   T20] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0
[   59.499825][   T20] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0
[   59.506876][   T20] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0
[   59.513864][   T20] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0
[   59.521158][   T20] HID 045e:07da: Invalid code 65791 type 1
[   59.526946][   T20] HID 045e:07da: Invalid code 768 type 1
[   59.532365][   T20] HID 045e:07da: Invalid code 769 type 1
[   59.538008][   T20] HID 045e:07da: Invalid code 770 type 1
[   59.543657][   T20] HID 045e:07da: Invalid code 771 type 1
[   59.549170][   T20] HID 045e:07da: Invalid code 772 type 1
[   59.554586][   T20] HID 045e:07da: Invalid code 773 type 1
[   59.560107][   T20] HID 045e:07da: Invalid code 774 type 1
[   59.565520][   T20] HID 045e:07da: Invalid code 775 type 1
[   59.571004][   T20] HID 045e:07da: Invalid code 776 type 1
[   59.576555][   T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   59.591781][   T20] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0008/input/input11
[   59.603042][   T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   59.612573][   T25] usb 5-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00
[   59.621467][   T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   59.629690][   T25] usb 5-1: config 0 descriptor??
[   59.687274][   T20] microsoft 0003:045E:07DA.0008: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[   59.700931][   T20] usb 2-1: USB disconnect, device number 13
[   59.924815][ T1640] syz.3.405[1640] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   59.924854][ T1640] syz.3.405[1640] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   60.097149][   T25] arvo 0003:1E7D:30D4.0009: unknown main item tag 0x0
[   60.116647][   T25] arvo 0003:1E7D:30D4.0009: unknown main item tag 0x0
[   60.124132][   T25] arvo 0003:1E7D:30D4.0009: hidraw0: USB HID v0.00 Device [HID 1e7d:30d4] on usb-dummy_hcd.4-1/input0
[   60.326169][  T375] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[   60.336262][   T25] arvo 0003:1E7D:30D4.0009: couldn't init struct arvo_device
[   60.343545][   T25] arvo 0003:1E7D:30D4.0009: couldn't install keyboard
[   60.350810][   T25] arvo: probe of 0003:1E7D:30D4.0009 failed with error -5
[   60.546762][   T25] usb 5-1: USB disconnect, device number 10
[   60.556183][   T20] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[   60.576186][  T375] usb 3-1: Using ep0 maxpacket: 16
[   60.706237][  T375] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   60.717118][  T375] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   60.726951][  T375] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[   60.740070][  T375] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2e22, bcdDevice= 0.00
[   60.750122][  T375] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   60.759508][  T375] usb 3-1: config 0 descriptor??
[   60.916223][   T20] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   60.926958][   T20] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   61.016340][   T20] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2db4, bcdDevice= 0.00
[   61.025233][   T20] usb 2-1: New USB device strings: Mfr=0, Product=9, SerialNumber=0
[   61.033019][   T20] usb 2-1: Product: syz
[   61.037619][   T20] usb 2-1: config 0 descriptor??
[   61.069047][ T1683] EXT4-fs (sda1): resizing filesystem from 262144 to 262144 blocks
[   61.183099][ T1687] SELinux:  Context Ü is not valid (left unmapped).
[   61.190026][ T1687] syz.4.423[1687] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   61.190064][ T1687] syz.4.423[1687] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   61.216994][  T375] koneplus 0003:1E7D:2E22.000A: unknown main item tag 0x0
[   61.236511][  T375] koneplus 0003:1E7D:2E22.000A: hidraw0: USB HID v0.00 Device [HID 1e7d:2e22] on usb-dummy_hcd.2-1/input0
[   61.516755][   T20] konepure 0003:1E7D:2DB4.000B: item fetching failed at offset 10/11
[   61.524951][   T20] konepure 0003:1E7D:2DB4.000B: parse failed
[   61.530841][   T20] konepure: probe of 0003:1E7D:2DB4.000B failed with error -22
[   61.557403][ T1693] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[   61.565176][ T1693] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[   61.575301][ T1693] F2FS-fs (loop3): Found nat_bits in checkpoint
[   61.596444][ T1693] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[   61.607186][ T1693] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[   61.614011][ T1693] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   61.639263][   T20] usb 3-1: USB disconnect, device number 8
[   61.656398][  T432] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[   61.720214][  T403] usb 2-1: USB disconnect, device number 14
[   61.727605][ T1707] binder: BINDER_SET_CONTEXT_MGR already set
[   61.735072][ T1707] binder: 1706:1707 ioctl 4018620d 20000040 returned -16
[   61.807132][ T1713] ªªªªªª: renamed from vlan0
[   61.896190][  T432] usb 1-1: Using ep0 maxpacket: 16
[   62.026235][  T432] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   62.037061][  T432] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[   62.049624][  T432] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[   62.058939][  T432] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   62.069438][  T432] usb 1-1: config 0 descriptor??
[   62.190760][ T1731] EXT4-fs (loop2): Quota format mount options ignored when QUOTA feature is enabled
[   62.201836][ T1731] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,debug_want_extra_isize=0x0000000000000084,resuid=0x0000000000000000,max_batch_time=0x0000000000000003,lazytime,jqfmt=vfsold,usrquota,data_err=abort,,errors=continue
[   62.486562][   T24] kauditd_printk_skb: 46 callbacks suppressed
[   62.492688][   T24] audit: type=1400 audit(1728527160.740:580): avc:  denied  { create } for  pid=1735 comm="syz.3.442" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[   62.513840][   T24] audit: type=1400 audit(1728527160.790:581): avc:  denied  { write } for  pid=1735 comm="syz.3.442" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[   62.534053][   T24] audit: type=1400 audit(1728527160.800:582): avc:  denied  { nlmsg_read } for  pid=1735 comm="syz.3.442" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[   62.648011][   T24] audit: type=1326 audit(1728527161.080:583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1752 comm="syz.4.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f98d044dff9 code=0x7ffc0000
[   62.671783][   T24] audit: type=1326 audit(1728527161.080:584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1752 comm="syz.4.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f98d044dff9 code=0x7ffc0000
[   62.695528][   T24] audit: type=1326 audit(1728527161.080:585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1752 comm="syz.4.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f98d044dff9 code=0x7ffc0000
[   62.719045][   T24] audit: type=1326 audit(1728527161.080:586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1752 comm="syz.4.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f98d044dff9 code=0x7ffc0000
[   62.742549][   T24] audit: type=1326 audit(1728527161.080:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1752 comm="syz.4.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f98d044dff9 code=0x7ffc0000
[   62.765976][   T24] audit: type=1326 audit(1728527161.080:588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1752 comm="syz.4.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f98d044dff9 code=0x7ffc0000
[   62.768619][  T432] microsoft 0003:045E:07DA.000C: No inputs registered, leaving
[   62.803051][  T432] microsoft 0003:045E:07DA.000C: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0
[   62.814454][  T432] microsoft 0003:045E:07DA.000C: no inputs found
[   62.820718][  T432] microsoft 0003:045E:07DA.000C: could not initialize ff, continuing anyway
[   62.846287][   T24] audit: type=1326 audit(1728527161.080:589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1752 comm="syz.4.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f98d044dff9 code=0x7ffc0000
[   63.126785][ T1765] device pim6reg1 entered promiscuous mode
[   63.238240][ T1769] device syzkaller0 entered promiscuous mode
[   63.287327][   T54] usb 1-1: USB disconnect, device number 7
[   63.957516][ T1789] VFS: Lookup of 'file0' in fuse fuse would have caused loop
[   63.979973][ T1776] overlayfs: invalid origin (000000790000000000000000000000000000000000000000000000000000000000000000000000000000000000000000)
[   64.039219][ T1797] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF
[   64.064394][ T1778] incfs_lookup_dentry err:-14
[   64.071324][ T1050] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 0, start 0000953a)
[   64.074294][ T1778] incfs: Can't find or create .incomplete dir in ./file0
[   64.081248][ T1050] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 0, start 0000953a)
[   64.088393][   T25] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[   64.101232][ T1778] incfs: mount failed -14
[   64.206214][    T5] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[   64.246006][ T1805] EXT4-fs (loop4): Ignoring removed orlov option
[   64.252926][ T1805] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   64.265426][ T1805] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=6040e01c, mo2=0002]
[   64.273284][ T1805] System zones: 1-12
[   64.277952][ T1805] EXT4-fs error (device loop4): ext4_orphan_get:1391: inode #15: comm syz.4.467: casefold flag without casefold feature
[   64.279845][ T1808] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.297600][ T1805] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #12: comm syz.4.467: missing EA_INODE flag
[   64.297644][ T1808] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.309091][ T1805] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz.4.467: error while reading EA inode 12 err=-117
[   64.316366][ T1808] device bridge_slave_0 entered promiscuous mode
[   64.328179][ T1805] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2806: Unable to expand inode 15. Delete some EAs or run e2fsck.
[   64.346875][ T1805] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #12: comm syz.4.467: missing EA_INODE flag
[   64.358373][ T1805] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz.4.467: error while reading EA inode 12 err=-117
[   64.370510][ T1808] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.370772][ T1805] EXT4-fs (loop4): 1 orphan inode deleted
[   64.377678][ T1808] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.382939][ T1805] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_nolock,abort,debug_want_extra_isize=0x000000000000005c,debug,noinit_itable,errors=continue,usrjquota=,orlov,i_version,resgid=0x0000000000000000,,errors=continue
[   64.390410][ T1808] device bridge_slave_1 entered promiscuous mode
[   64.429578][ T1805] EXT4-fs error (device loop4): ext4_add_entry:2440: inode #2: comm syz.4.467: Directory hole found for htree leaf block 0
[   64.443113][ T1805] EXT4-fs error (device loop4): ext4_add_entry:2440: inode #2: comm syz.4.467: Directory hole found for htree leaf block 0
[   64.478398][ T1808] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.485233][ T1808] bridge0: port 2(bridge_slave_1) entered forwarding state
[   64.486274][   T25] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[   64.492379][ T1808] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.503406][   T25] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[   64.510081][ T1808] bridge0: port 1(bridge_slave_0) entered forwarding state
[   64.510482][  T432] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[   64.521466][   T25] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   64.550904][   T25] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   64.559817][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   64.567413][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   64.575520][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   64.583518][   T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   64.595383][   T25] usb 1-1: config 0 descriptor??
[   64.601888][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   64.610723][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   64.616277][    T5] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   64.618847][ T1786] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[   64.629571][    T5] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   64.636521][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   64.645801][    T5] usb 4-1: New USB device found, idVendor=18b1, idProduct=0037, bcdDevice= 0.00
[   64.662092][    T5] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   64.679268][    T5] usb 4-1: config 0 descriptor??
[   64.680996][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   64.692594][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   64.704600][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   64.713469][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   64.723005][ T1808] device veth0_vlan entered promiscuous mode
[   64.729763][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   64.737253][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   64.752020][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   64.766759][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   64.776311][  T432] usb 2-1: Using ep0 maxpacket: 16
[   64.786185][ T1808] device veth1_macvtap entered promiscuous mode
[   64.811394][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   64.826680][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   64.845129][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   64.865328][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   64.883081][ T1546] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   64.896252][  T432] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   64.908560][  T111] device bridge_slave_1 left promiscuous mode
[   64.915617][  T111] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.916146][  T432] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[   64.935785][  T111] device bridge_slave_0 left promiscuous mode
[   64.947001][  T111] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.955932][  T432] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[   64.965531][  T111] device veth1_macvtap left promiscuous mode
[   64.971398][  T432] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   64.996459][  T432] usb 2-1: config 0 descriptor??
[   65.157138][    T5] petalynx 0003:18B1:0037.000D: collection stack underflow
[   65.174401][    T5] petalynx 0003:18B1:0037.000D: item 0 1 0 12 parsing failed
[   65.188222][    T5] petalynx 0003:18B1:0037.000D: parse failed
[   65.194125][    T5] petalynx: probe of 0003:18B1:0037.000D failed with error -22
[   65.317032][   T25] plantronics 0003:047F:FFFF.000E: unknown main item tag 0xd
[   65.325405][   T25] plantronics 0003:047F:FFFF.000E: No inputs registered, leaving
[   65.347503][   T25] plantronics 0003:047F:FFFF.000E: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[   65.401458][    T5] usb 4-1: USB disconnect, device number 5
[   65.459992][ T1828] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[   65.469747][  T432] microsoft 0003:045E:07DA.000F: No inputs registered, leaving
[   65.478408][  T432] microsoft 0003:045E:07DA.000F: hidraw1: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[   65.489656][  T432] microsoft 0003:045E:07DA.000F: no inputs found
[   65.495745][  T432] microsoft 0003:045E:07DA.000F: could not initialize ff, continuing anyway
[   65.616569][   T25] usb 1-1: USB disconnect, device number 8
[   65.885613][   T25] usb 2-1: USB disconnect, device number 15
[   66.206201][  T432] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[   66.486249][  T432] usb 4-1: too many configurations: 65, using maximum allowed: 8
[   66.539959][ T1859] device bridge1 entered promiscuous mode
[   66.556260][    T5] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[   66.806182][    T5] usb 5-1: Using ep0 maxpacket: 16
[   66.816176][   T25] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[   66.926244][    T5] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   66.937444][    T5] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   66.947502][    T5] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[   66.960016][    T5] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[   66.968881][    T5] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   66.977421][    T5] usb 5-1: config 0 descriptor??
[   66.986188][  T306] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[   67.166204][  T432] usb 4-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d
[   67.175076][  T432] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   67.176847][   T25] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 26
[   67.266263][   T25] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   67.275415][   T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[   67.283357][   T25] usb 1-1: SerialNumber: syz
[   67.356253][  T306] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   67.367164][  T306] usb 3-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 8
[   67.456920][    T5] microsoft 0003:045E:07DA.0010: ignoring exceeding usage max
[   67.465493][    T5] microsoft 0003:045E:07DA.0010: unknown main item tag 0x0
[   67.472659][    T5] microsoft 0003:045E:07DA.0010: unknown main item tag 0x0
[   67.479734][    T5] microsoft 0003:045E:07DA.0010: unknown main item tag 0x0
[   67.486705][    T5] microsoft 0003:045E:07DA.0010: unknown main item tag 0x0
[   67.493859][    T5] microsoft 0003:045E:07DA.0010: unknown main item tag 0x0
[   67.501080][    T5] hid_map_usage: 11766 callbacks suppressed
[   67.501086][    T5] HID 045e:07da: Invalid code 65791 type 1
[   67.512560][    T5] HID 045e:07da: Invalid code 768 type 1
[   67.518027][    T5] HID 045e:07da: Invalid code 769 type 1
[   67.523450][    T5] HID 045e:07da: Invalid code 770 type 1
[   67.528981][    T5] HID 045e:07da: Invalid code 771 type 1
[   67.534387][    T5] HID 045e:07da: Invalid code 772 type 1
[   67.536265][  T306] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   67.539911][  T375] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[   67.549579][  T306] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   67.556151][    T5] HID 045e:07da: Invalid code 773 type 1
[   67.564365][  T306] usb 3-1: Product: syz
[   67.569441][    T5] HID 045e:07da: Invalid code 774 type 1
[   67.573590][  T306] usb 3-1: Manufacturer: syz
[   67.578854][    T5] HID 045e:07da: Invalid code 775 type 1
[   67.578860][    T5] HID 045e:07da: Invalid code 776 type 1
[   67.586767][    T5] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.0010/input/input15
[   67.597147][  T306] usb 3-1: SerialNumber: syz
[   67.636213][  T432] uvcvideo: Found UVC 0.00 device <unnamed> (046d:08c1)
[   67.642969][  T432] uvcvideo: No valid video chain found.
[   67.667086][    T5] microsoft 0003:045E:07DA.0010: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0
[   67.681602][    T5] usb 5-1: USB disconnect, device number 11
[   67.816161][  T375] usb 2-1: Using ep0 maxpacket: 16
[   67.845188][  T307] usb 4-1: USB disconnect, device number 6
[   67.946196][  T375] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   67.956212][  T375] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[   67.968919][  T375] usb 2-1: New USB device found, idVendor=a7d2, idProduct=6023, bcdDevice= 0.00
[   67.977732][  T375] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   67.987613][   T25] cdc_ether 1-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.0-1, CDC Ethernet Device, 42:42:42:42:42:42
[   67.990505][  T375] usb 2-1: config 0 descriptor??
[   68.009727][   T24] kauditd_printk_skb: 19 callbacks suppressed
[   68.009736][   T24] audit: type=1400 audit(1728527166.440:609): avc:  denied  { search } for  pid=133 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   68.036767][   T24] audit: type=1400 audit(1728527166.460:610): avc:  denied  { read } for  pid=1879 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=292 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   68.059696][   T24] audit: type=1400 audit(1728527166.460:611): avc:  denied  { open } for  pid=1879 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=292 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   68.060016][  T375] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[   68.086930][   T24] audit: type=1400 audit(1728527166.460:612): avc:  denied  { getattr } for  pid=1879 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=292 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   68.116809][   T24] audit: type=1400 audit(1728527166.520:613): avc:  denied  { write } for  pid=1878 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=291 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   68.139707][   T24] audit: type=1400 audit(1728527166.520:614): avc:  denied  { add_name } for  pid=1878 comm="dhcpcd-run-hook" name="resolv.conf.usb0.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   68.162091][   T24] audit: type=1400 audit(1728527166.520:615): avc:  denied  { remove_name } for  pid=1889 comm="rm" name="resolv.conf.usb0.link" dev="tmpfs" ino=3878 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   68.388444][  T307] usb 2-1: USB disconnect, device number 16
[   68.409844][  T375] usb 1-1: USB disconnect, device number 9
[   68.431995][  T375] cdc_ether 1-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.0-1, CDC Ethernet Device
[   68.778964][  T306] cdc_ncm 3-1:1.0: MAC-Address: 42:42:42:42:42:42
[   68.785547][  T306] cdc_ncm 3-1:1.0: dwNtbInMaxSize=3 is too small. Using 2048
[   68.793120][  T306] cdc_ncm 3-1:1.0: setting rx_max = 2048
[   68.834573][ T1952] device syzkaller0 entered promiscuous mode
[   68.997227][  T306] cdc_ncm 3-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.2-1, CDC NCM, 42:42:42:42:42:42
[   69.010353][  T306] usb 3-1: USB disconnect, device number 9
[   69.016291][  T306] cdc_ncm 3-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.2-1, CDC NCM
[   69.176298][   T20] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[   69.196204][  T375] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[   69.236197][  T307] usb 1-1: new full-speed USB device number 10 using dummy_hcd
[   69.376774][ T1988] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   69.387412][ T1988] EXT4-fs (loop4): 1 truncate cleaned up
[   69.392934][ T1988] EXT4-fs (loop4): mounted filesystem without journal. Opts: init_itable,resuid=0x0000000000000000,stripe=0x0000000000000000,,errors=continue
[   69.412387][   T24] audit: type=1400 audit(1728527167.840:616): avc:  denied  { read } for  pid=1987 comm="syz.4.508" name="file1" dev="loop4" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1
[   69.416282][   T20] usb 4-1: Using ep0 maxpacket: 16
[   69.512843][ T1994] device syzkaller0 entered promiscuous mode
[   69.556272][   T20] usb 4-1: config 0 has an invalid interface number: 2 but max is 0
[   69.564096][   T20] usb 4-1: config 0 has no interface number 0
[   69.570121][   T20] usb 4-1: config 0 interface 2 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024
[   69.606239][  T375] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   69.617064][  T375] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   69.626628][  T375] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[   69.635454][  T375] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   69.643817][  T375] usb 2-1: config 0 descriptor??
[   69.666257][  T307] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[   69.677158][  T307] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   69.689412][  T307] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[   69.696316][   T20] usb 4-1: New USB device found, idVendor=0582, idProduct=0005, bcdDevice= 0.88
[   69.702238][  T307] usb 1-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00
[   69.720045][  T307] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   69.720720][   T20] usb 4-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[   69.739568][  T307] usb 1-1: config 0 descriptor??
[   69.742542][   T20] usb 4-1: Product: syz
[   69.748781][   T20] usb 4-1: SerialNumber: syz
[   69.756696][   T20] usb 4-1: config 0 descriptor??
[   69.776266][ T1954] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[   69.816196][   T25] usb 3-1: new full-speed USB device number 10 using dummy_hcd
[   70.036901][   T20] usb 4-1: invalid MIDI in EP 0
[   70.042648][   T20] snd-usb-audio: probe of 4-1:0.2 failed with error -22
[   70.055655][   T20] usb 4-1: USB disconnect, device number 7
[   70.176286][   T25] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[   70.187143][   T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[   70.198169][   T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   70.210206][   T25] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[   70.217047][  T307] ntrig 0003:1B96:000A.0012: unknown main item tag 0x0
[   70.223773][   T25] usb 3-1: New USB device found, idVendor=17ef, idProduct=6085, bcdDevice= 0.00
[   70.239074][   T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   70.247148][  T307] ntrig 0003:1B96:000A.0012: unknown main item tag 0x0
[   70.254325][  T307] ntrig 0003:1B96:000A.0012: unknown main item tag 0x0
[   70.256399][   T25] usb 3-1: config 0 descriptor??
[   70.263783][  T307] ntrig 0003:1B96:000A.0012: unknown main item tag 0x0
[   70.272889][  T307] ntrig 0003:1B96:000A.0012: unknown main item tag 0x0
[   70.282978][  T307] ntrig 0003:1B96:000A.0012: hidraw0: USB HID v0.00 Device [HID 1b96:000a] on usb-dummy_hcd.0-1/input0
[   70.436238][  T307] ntrig 0003:1B96:000A.0012: Firmware version: 7.15.22.15.1 (3e5f f1c1)
[   70.559847][   T24] audit: type=1400 audit(1728527168.990:617): avc:  denied  { wake_alarm } for  pid=2007 comm="syz.3.515" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   70.619750][ T2014] incfs_lookup_dentry err:-14
[   70.624305][ T2014] incfs: Can't find or create .incomplete dir in ./file0
[   70.631775][ T2014] incfs: mount failed -14
[   70.669558][  T307] usb 1-1: USB disconnect, device number 10
[   70.690122][   T24] audit: type=1400 audit(1728527169.120:618): avc:  denied  { setopt } for  pid=2017 comm="syz.4.519" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   70.747096][   T25] hid-rmi 0003:17EF:6085.0013: unknown main item tag 0x0
[   70.762963][   T25] hid-rmi 0003:17EF:6085.0013: unknown main item tag 0x0
[   70.776298][   T25] hid-rmi 0003:17EF:6085.0013: unknown main item tag 0x0
[   70.784334][ T2026] device syzkaller0 entered promiscuous mode
[   70.790246][   T25] hid-rmi 0003:17EF:6085.0013: unknown main item tag 0x0
[   70.804102][   T25] hid-rmi 0003:17EF:6085.0013: hidraw0: USB HID v0.00 Device [HID 17ef:6085] on usb-dummy_hcd.2-1/input0
[   70.836303][  T375] uclogic 0003:256C:006D.0011: interface is invalid, ignoring
[   70.976672][  T307] usb 3-1: USB disconnect, device number 10
[   71.037438][  T375] usb 2-1: USB disconnect, device number 17
[   71.130373][ T2039] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF
[   71.154952][ T1524] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start 0000953a)
[   71.165183][ T1524] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start 0000953a)
[   71.382876][ T2045] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.389992][ T2045] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.397348][ T2045] device bridge_slave_0 entered promiscuous mode
[   71.404002][ T2045] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.410877][ T2045] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.418034][ T2045] device bridge_slave_1 entered promiscuous mode
[   71.451424][ T2045] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.458360][ T2045] bridge0: port 2(bridge_slave_1) entered forwarding state
[   71.465423][ T2045] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.472258][ T2045] bridge0: port 1(bridge_slave_0) entered forwarding state
[   71.502334][ T2048] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000000,minixdf,,errors=continue
[   71.517258][ T2048] ext4 filesystem being mounted at /110/bus supports timestamps until 2038 (0x7fffffff)
[   71.564378][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   71.572412][  T111] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.580130][  T111] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.600079][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   71.609469][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   71.617637][  T111] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.624508][  T111] bridge0: port 1(bridge_slave_0) entered forwarding state
[   71.638420][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   71.653835][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   71.662957][  T111] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.669865][  T111] bridge0: port 2(bridge_slave_1) entered forwarding state
[   71.682455][ T2057] bridge: RTM_NEWNEIGH with invalid ether address
[   71.696418][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   71.706710][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   71.717278][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   71.725271][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   71.762857][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   71.774633][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   71.778060][ T2045] device veth0_vlan entered promiscuous mode
[   71.787737][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   71.803499][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   71.825634][ T2045] device veth1_macvtap entered promiscuous mode
[   71.834583][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   71.846589][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   71.856914][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   71.865092][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   71.873281][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   71.891156][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   71.908149][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   71.917298][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   71.925457][  T111] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   71.936834][ T1546] device bridge_slave_1 left promiscuous mode
[   71.942877][ T1546] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.951057][ T1546] device bridge_slave_0 left promiscuous mode
[   71.957954][ T1546] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.966052][ T1546] device veth1_macvtap left promiscuous mode
[   72.125672][ T2077] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   72.162597][ T2077] EXT4-fs (loop4): 1 truncate cleaned up
[   72.168144][ T2077] EXT4-fs (loop4): mounted filesystem without journal. Opts: init_itable,resuid=0x0000000000000000,stripe=0x0000000000000000,,errors=continue
[   72.494649][ T2092] bridge0: port 1(bridge_slave_0) entered blocking state
[   72.498998][ T2083] F2FS-fs (loop3): Invalid segment/section count (31, 24 x 1)
[   72.509238][ T2083] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[   72.515039][ T2092] bridge0: port 1(bridge_slave_0) entered disabled state
[   72.518505][ T2083] F2FS-fs (loop3): invalid crc value
[   72.524617][ T2092] device bridge_slave_0 entered promiscuous mode
[   72.535982][ T2083] F2FS-fs (loop3): Found nat_bits in checkpoint
[   72.539523][ T2092] bridge0: port 2(bridge_slave_1) entered blocking state
[   72.549621][ T2092] bridge0: port 2(bridge_slave_1) entered disabled state
[   72.557171][ T2092] device bridge_slave_1 entered promiscuous mode
[   72.578974][ T2083] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[   72.585951][ T2083] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   72.624089][ T2045] attempt to access beyond end of device
[   72.624089][ T2045] loop3: rw=524288, want=45072, limit=40427
[   72.635646][ T2045] attempt to access beyond end of device
[   72.635646][ T2045] loop3: rw=0, want=45072, limit=40427
[   72.672711][  T111] attempt to access beyond end of device
[   72.672711][  T111] loop3: rw=2049, want=45128, limit=40427
[   72.684506][  T562] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   72.692727][  T562] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   72.700705][  T562] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   72.708488][  T562] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   72.715787][  T562] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   72.723918][  T562] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   72.731882][  T562] bridge0: port 1(bridge_slave_0) entered blocking state
[   72.738712][  T562] bridge0: port 1(bridge_slave_0) entered forwarding state
[   72.745984][  T562] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   72.754326][  T562] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   72.762329][  T562] bridge0: port 2(bridge_slave_1) entered blocking state
[   72.769152][  T562] bridge0: port 2(bridge_slave_1) entered forwarding state
[   72.779677][  T562] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   72.790585][  T562] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   72.804972][  T562] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   72.813170][  T562] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   72.821519][  T562] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   72.829788][ T2092] device veth0_vlan entered promiscuous mode
[   72.858924][ T2107] ÿÿÿÿÿÿ: renamed from vlan1
[   72.868181][  T562] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   72.877505][ T2092] device veth1_macvtap entered promiscuous mode
[   72.893857][  T562] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   72.910285][  T562] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   73.057253][ T1546] device veth1_macvtap left promiscuous mode
[   73.070292][ T1546] device veth0_vlan left promiscuous mode
[   73.207831][ T2133] device syzkaller0 entered promiscuous mode
[   73.897428][ T1546] device bridge_slave_1 left promiscuous mode
[   73.903389][ T1546] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.910689][ T1546] device bridge_slave_0 left promiscuous mode
[   73.916685][ T1546] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.924262][ T1546] device bridge_slave_1 left promiscuous mode
[   73.930291][ T1546] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.937452][ T1546] device bridge_slave_0 left promiscuous mode
[   73.943357][ T1546] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.951057][ T1546] device veth1_macvtap left promiscuous mode
[   73.956927][ T1546] device veth0_vlan left promiscuous mode
[   73.962513][ T1546] device veth1_macvtap left promiscuous mode
[   73.968315][ T1546] device veth0_vlan left promiscuous mode
SYZFAIL: mkdir(syz-tmp) failed
 (errno 28: No space left on device)
loop exited with status 67
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: repeatedly failed to execute the program
proc=4 req=548 state=1 status=67 (errno 9: Bad file descriptor)
[   74.910639][ T2156] binder: BINDER_SET_CONTEXT_MGR already set
[   74.916621][ T2156] binder: 2154:2156 ioctl 4018620d 20000040 returned -16
[   74.960627][ T2162] EXT4-fs (loop2): Mount option "noacl" will be removed by 3.5
[   74.960627][ T2162] Contact linux-ext4@vger.kernel.org if you think we should keep it.
[   74.960627][ T2162] 
[   74.983151][ T2162] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   74.994153][ T2162] EXT4-fs (loop2): 1 truncate cleaned up
[   75.009083][ T2162] EXT4-fs (loop2): mounted filesystem without journal. Opts: init_itable,noacl,stripe=0x0000000000000000,,errors=continue
[   75.176267][   T15] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[   75.656770][ T1546] device bridge_slave_1 left promiscuous mode
[   75.662689][ T1546] bridge0: port 2(bridge_slave_1) entered disabled state
[   75.669974][ T1546] device bridge_slave_0 left promiscuous mode
[   75.675871][ T1546] bridge0: port 1(bridge_slave_0) entered disabled state
[   75.683504][ T1546] device veth1_macvtap left promiscuous mode
[   75.689331][ T1546] device veth0_vlan left promiscuous mode
[   76.197162][ T1546] tipc: Disabling bearer <eth:gretap0>
[   76.202491][ T1546] tipc: Disabling bearer <udp:syz2>
[   76.207693][ T1546] tipc: Left network mode
[   76.986626][ T1546] device bridge_slave_1 left promiscuous mode
[   76.992580][ T1546] bridge0: port 2(bridge_slave_1) entered disabled state
[   76.999832][ T1546] device bridge_slave_0 left promiscuous mode
[   77.005736][ T1546] bridge0: port 1(bridge_slave_0) entered disabled state
[   77.013525][ T1546] device bridge_slave_1 left promiscuous mode
[   77.019501][ T1546] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.026669][ T1546] device bridge_slave_0 left promiscuous mode
[   77.032558][ T1546] bridge0: port 1(bridge_slave_0) entered disabled state
[   77.040174][ T1546] device veth1_macvtap left promiscuous mode
[   77.046045][ T1546] device veth1_macvtap left promiscuous mode