last executing test programs:

4.138149668s ago: executing program 3:
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040))
linkat(r0, &(0x7f0000000180)='./file1\x00', r0, &(0x7f00000001c0)='./file3\x00', 0x0)
openat(r0, &(0x7f0000000080)='./file3\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000009007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x1e, 0x0, 0x5, 0xff, 0x3102, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x7}, 0x14)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000057"], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00'}, 0x10)
lgetxattr(0x0, 0x0, 0x0, 0x0)

4.112214382s ago: executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff}, 0x6)
setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000040)={0xfffc, [0x0, 0xffffffff], 0xffff}, 0x2c)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r1, 0x400455c8, 0x0)

2.762608668s ago: executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x4000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10)
r5 = socket(0x2c, 0x3, 0x0)
r6 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000000100)={0xa0179e1d})
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
mkdir(&(0x7f0000000740)='./file0\x00', 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r8}, 0x10)
r9 = openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080), 0x18)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r9, 0x800c6613, &(0x7f0000000000)=@v1={0x0, @adiantum, 0x0, @desc1})
r10 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000140)={'fscrypt:', @desc1}, &(0x7f00000001c0)={0x0, "28d7b07d54891881fe02c1203fe49696b9f26f2da4149683f065714f8a61d1f32c99064bbd27b2aa77459cff33a3a98350f1af9d51ed5bef3d63520d260804d0"}, 0x48, 0xfffffffffffffffd)
keyctl$setperm(0x5, r10, 0x0)
getdents64(r9, 0x0, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r7, 0x0, 0x60, &(0x7f0000000500)={'filter\x00', 0x4, 0x4, 0x400, 0x0, 0x210, 0x108, 0x318, 0x318, 0x318, 0x7fffffe, 0x0, {[{{@arp={@initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, 0x0, 0x0, 0x0, 0x0, {@mac=@link_local}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'netpci0\x00', 'pimreg0\x00'}, 0xc0, 0x108, 0x0, {0x3ed}}, @unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x7fff, 'syz0\x00'}}}, {{@arp={@rand_addr, @loopback, 0x0, 0x0, 0x0, 0x0, {}, {@mac=@link_local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'gretap0\x00', 'bridge_slave_0\x00'}, 0xc0, 0x108}, @unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x6, 'syz1\x00'}}}, {{@arp={@remote, @broadcast, 0x0, 0x0, 0x0, 0x0, {}, {@mac}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0_to_bridge\x00', 'lo\x00'}, 0xc0, 0x108}, @unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x8400, 'syz0\x00'}}}], {{'\x00', 0xc0, 0xe8}, {0x28, '\x00', 0x2}}}}, 0x450)
socket(0x10, 0x3, 0x0)

1.953015542s ago: executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0)
write$cgroup_int(r2, &(0x7f0000000040)=0x1c8, 0xfffffdef)

1.491994762s ago: executing program 2:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
r2 = dup3(r1, r0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4}, 0x10)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000480)={0x14, 0x0, &(0x7f00000006c0)=[@clear_death, @exit_looper], 0x0, 0x0, 0x0})

1.451196649s ago: executing program 3:
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x2, 0x4, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000007000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000fdffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = openat$cgroup_procs(r0, &(0x7f0000000140)='cgroup.procs\x00', 0x2, 0x0)
r3 = getpid()
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='contention_end\x00', r4}, 0x10)
write$cgroup_pid(r2, &(0x7f0000000380)=r3, 0x12)

1.450325839s ago: executing program 2:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b7030000000000a0850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r0}, 0x10)
flistxattr(0xffffffffffffffff, 0x0, 0x0)

1.437441911s ago: executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r1, &(0x7f0000000080)={0x10, 0x0, 0x0, 0xfffffffffffffffd}, 0xc)
r2 = socket$inet6(0xa, 0x3, 0x3)
connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@remote, 0x0, 0x33}, 0x2, @in6=@dev, 0x0, 0x4}}, 0xe8)
sendmmsg(r2, &(0x7f0000000480), 0x2e9, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000780)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in6=@remote, @in=@empty}, {@in=@remote, 0x0, 0x32}, @in=@loopback, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0)

1.433719231s ago: executing program 2:
r0 = io_uring_setup(0x2ef9, &(0x7f0000000080))
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000480))
ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000080)=0x200000000)
r2 = dup2(r1, r1)
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x5)
readv(r2, &(0x7f0000000600)=[{&(0x7f00000001c0)=""/139, 0x8b}], 0x1)
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000040)=0x1)
close_range(r0, 0xffffffffffffffff, 0x0)

1.421105423s ago: executing program 3:
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000085001000d000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000000000008d80472f300000000000109022400010000000009040000010300000009210000000122070009058103"], 0x0)
syz_usb_control_io$hid(r3, 0x0, 0x0)
syz_usb_control_io$uac1(r3, &(0x7f0000000240)={0x14, &(0x7f0000000380)=ANY=[@ANYBLOB="0000160000001600d62ed74d74"], 0x0}, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0xfff, 0x5}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48)
r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0)
r9 = syz_open_dev$usbfs(&(0x7f0000000100), 0x203, 0x8401)
fcntl$dupfd(r9, 0x0, r9)
r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0x3, &(0x7f0000000000)=@framed={{0x1e, 0xa, 0xa, 0x0, 0x0, 0x71, 0x10, 0x15}}, &(0x7f0000000480)='syzkaller\x00'}, 0x80)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000080)=@o_path={&(0x7f0000000040)='./file0\x00', 0x0, 0x4000, r10}, 0x18)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000a40)=ANY=[@ANYRESDEC=r7, @ANYRESDEC=r2, @ANYRES64=r5, @ANYBLOB="64d7fee6617a4df16be5767bf8435ce880fa69c0a4cddcc41e9db0bbbfcfefa5f0e3e09743b507ba85e8547161137cd71606226e0d9b158c9e04c707d7241440ed9e7692e641db24041a56f9a0ac93350cceba2a50e8835ea6ea7d9d3485ddf55171d585e08818f916db429c8ed22170180f64e487c9f48cd02dcf168a9f7655da", @ANYRES16=r4, @ANYRES32=r8, @ANYRESHEX, @ANYRES64=r1], &(0x7f0000000240)='GPL\x00', 0xff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='ext4_sync_file_exit\x00', r11}, 0x10)
r12 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700)
r13 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000400)='ext4_sync_file_exit\x00', r13}, 0x10)
write$cgroup_int(r12, &(0x7f0000000200), 0x43400)
r14 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000200)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='module_request\x00', r14}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
socketpair(0x0, 0x0, 0x0, &(0x7f00000006c0))
sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(0xffffffffffffffff, &(0x7f0000000880)={0x0, 0x2f, &(0x7f0000000840)={&(0x7f0000000340)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000000000001e00000024002f8014000380050002000000000008000100010000000c000200000000000000000008000300", @ANYRES32, @ANYBLOB="dedfb3070a47b8f3b609dff091a6bec0c830181d69b40400cfab48b5169ce3ff6463a9e733c440374be2017a6f2a9ffa39b3384a1fd27f9114"], 0x40}}, 0x0)

1.392197637s ago: executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x4000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10)
r5 = socket(0x2c, 0x3, 0x0)
r6 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000000100)={0xa0179e1d})
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
mkdir(&(0x7f0000000740)='./file0\x00', 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r8}, 0x10)
r9 = openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080), 0x18)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r9, 0x800c6613, &(0x7f0000000000)=@v1={0x0, @adiantum, 0x0, @desc1})
r10 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000140)={'fscrypt:', @desc1}, &(0x7f00000001c0)={0x0, "28d7b07d54891881fe02c1203fe49696b9f26f2da4149683f065714f8a61d1f32c99064bbd27b2aa77459cff33a3a98350f1af9d51ed5bef3d63520d260804d0"}, 0x48, 0xfffffffffffffffd)
keyctl$setperm(0x5, r10, 0x0)
getdents64(r9, 0x0, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r7, 0x0, 0x60, &(0x7f0000000500)={'filter\x00', 0x4, 0x4, 0x400, 0x0, 0x210, 0x108, 0x318, 0x318, 0x318, 0x7fffffe, 0x0, {[{{@arp={@initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, 0x0, 0x0, 0x0, 0x0, {@mac=@link_local}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'netpci0\x00', 'pimreg0\x00'}, 0xc0, 0x108, 0x0, {0x3ed}}, @unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x7fff, 'syz0\x00'}}}, {{@arp={@rand_addr, @loopback, 0x0, 0x0, 0x0, 0x0, {}, {@mac=@link_local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'gretap0\x00', 'bridge_slave_0\x00'}, 0xc0, 0x108}, @unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x6, 'syz1\x00'}}}, {{@arp={@remote, @broadcast, 0x0, 0x0, 0x0, 0x0, {}, {@mac}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0_to_bridge\x00', 'lo\x00'}, 0xc0, 0x108}, @unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x8400, 'syz0\x00'}}}], {{'\x00', 0xc0, 0xe8}, {0x28, '\x00', 0x2}}}}, 0x450)
socket(0x10, 0x3, 0x0)

1.343586765s ago: executing program 1:
r0 = socket$inet6(0xa, 0x3, 0x9)
setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x6, &(0x7f0000000140)={0x24, {{0x29, 0x0, 0x0, @mcast1}}}, 0x88)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x2000000000000078, &(0x7f0000000240)=@framed={{}, [@ringbuf_output={{0x18, 0x2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x43}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x1d6)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = getpid()
sched_setscheduler(r3, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r6, 0xc004743e, 0x20001439)
close(r6)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x7, 0x17, &(0x7f00000007c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x6}, {0x66, 0x0, 0x0, 0x80ffffff}}, [@printk={@p, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x6, 0x1, 0x5, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x56}}], {{0x4, 0x1, 0x2, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

1.239856311s ago: executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000280)='ext4_drop_inode\x00', r2}, 0x10)
unlink(&(0x7f0000000140)='./cgroup\x00')

1.216043154s ago: executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000038c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da97e22f4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ad0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bff3b89c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c2ed01faa7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497dad64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6fba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd2310801570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb414c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a000000000000000000000000000000000000000000000000000000a0cc2b89ce1525748ce167cbabb881f060599a6a59f645edca1d5c24b2f6b8c997a8f3e1b7679984a566d98d4d31198ee4c5ea7be0d99cf89bba4a6fd0bec12e7792bec3c5038e13b1982f80cdecd07f8908a983a7c9fb81c2ba7f7e87c991f30e50d1b3bbe4cf2a2f5d4571b6568ada51bc121c9139d2a8e0638c84066b1759081802"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'bridge0\x00'})
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x4000, &(0x7f0000000380)={[{@test_dummy_encryption}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x84}}, {@stripe={'stripe', 0x3d, 0x7}}, {@commit={'commit', 0x3d, 0x5}}, {@orlov}, {@barrier_val={'barrier', 0x3d, 0x5}}, {@max_batch_time}, {@data_err_abort}]}, 0xd, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
write$P9_RSTAT(0xffffffffffffffff, &(0x7f00000004c0)=ANY=[], 0x1001)
socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000400)={{{@in6=@loopback, @in=@empty}}, {{@in6=@local}, 0x0, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}, 0xe8)
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000000c0)={@mcast2={0xff, 0x5}, @ipv4={'\x00', '\xff\xff', @loopback}, @mcast2})
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[@ANYBLOB="3401000016008502000000000000000020010000000000000000000000000002e000000200"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000032"], 0x134}}, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB="a4010000160001000000000000000000fe8000000000000000000000000000bbfc0100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000aa0000000033"], 0x1a4}}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000580)=@flushsa={0x14, 0x1c, 0x1, 0x0, 0x0, {0xff}}, 0x14}}, 0x0)

285.926096ms ago: executing program 4:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0xf, &(0x7f00000003c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000001c0)='syzkaller\x00'}, 0x90)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r3=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r1, r3}, 0x10)
syz_emit_ethernet(0xfdef, &(0x7f00000026c0)=ANY=[], 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
syz_emit_ethernet(0xfdef, &(0x7f0000000100)=ANY=[], 0x0)

278.303598ms ago: executing program 1:
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x4020072, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$FS_IOC_GETFSLABEL(r0, 0x800452d2, 0x0)

274.823808ms ago: executing program 2:
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000480)={[{@nodiscard}, {}, {@acl}, {@alloc_mode_reuse}, {@inline_xattr}, {@disable_roll_forward}, {@background_gc_on}, {@nouser_xattr}, {@noflush_merge}, {@user_xattr}, {@fsync_mode_strict}, {@adaptive_mode}, {@jqfmt_vfsold}, {@noinline_dentry}]}, 0x1, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
bpf$MAP_CREATE(0x0, 0x0, 0x0)
open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
open(&(0x7f0000000100)='.\x00', 0x0, 0x0)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xe065)
r5 = openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs2/binder-control\x00', 0x800, 0x0)
readv(r5, &(0x7f00000001c0)=[{&(0x7f00000006c0)=""/215, 0xd7}, {&(0x7f0000000280)=""/93, 0x5d}, {&(0x7f0000000580)=""/137, 0x89}], 0x3)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
syz_mount_image$fuse(&(0x7f0000000000), 0x0, 0x100000, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0)
open(0x0, 0x0, 0x0)
open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)

267.528809ms ago: executing program 1:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='ext4_sync_file_exit\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020100008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='ext4_sync_file_exit\x00', r3}, 0x10)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0)
write$cgroup_int(r4, &(0x7f0000000040), 0x12)

242.904463ms ago: executing program 4:
r0 = open(&(0x7f0000000280)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x13, r0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmstat\x00', 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000002c0)='kfree\x00', r3}, 0x10)
read$FUSE(r1, &(0x7f0000000940)={0x2020}, 0x2020)
sendfile(r0, r1, 0x0, 0xf2a)

232.889405ms ago: executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=@framed={{}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10)
faccessat2(0xffffffffffffffff, 0x0, 0x0, 0x0)

164.092505ms ago: executing program 4:
chmod(0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000440)='net/vlan/vlan0\x00')
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r1, 0x8982, &(0x7f0000002800)={0x1, 'vlan0\x00'})
close_range(r0, 0xffffffffffffffff, 0x0)

162.094255ms ago: executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r1 = socket$inet6(0xa, 0x3, 0x6)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c0600000000002004007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000400b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x33}, 0x0, @in6=@mcast2, 0x0, 0x0, 0x0, 0xfd}}, 0xe8)
sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0x0)

140.117249ms ago: executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x8}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000280)='kfree\x00', r2}, 0x10)
mknodat$loop(r0, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0)
syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000100)='./bus\x00', 0x100000, &(0x7f0000000200)=ANY=[], 0x1, 0x0, 0x0)
linkat(r3, &(0x7f0000001180)='./file1\x00', r3, &(0x7f00000002c0)='./file0\x00', 0x0)
llistxattr(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)

138.731519ms ago: executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x0, 0x8, 0x12}, 0x48)
r0 = io_uring_setup(0x53ed, &(0x7f0000000000)={0x0, 0x0, 0x8c2})
io_uring_register$IORING_REGISTER_RESTRICTIONS(r0, 0xb, &(0x7f0000000080)=[@ioring_restriction_register_op={0x0, 0x13}], 0x1)
io_uring_register$IORING_REGISTER_ENABLE_RINGS(r0, 0xc, 0x0, 0x0)
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r0, 0x13, &(0x7f00000000c0), 0x2)

121.834741ms ago: executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454da, &(0x7f0000000080)={'batadv0\x00'})
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'dvmrp1\x00', 0x1})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
ioctl$TUNSETIFF(r2, 0x400454da, &(0x7f0000000140)={'batadv0\x00'})
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000100)={'pimreg0\x00', 0x35e})

112.164213ms ago: executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x80}, 0x48)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mkdir(0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB], 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r2}, 0x10)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r5)
r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000080), 0x0, &(0x7f00000003c0)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r6}})
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB="400000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002067650000100002800c002e0003000000030000000800"/40], 0x40}}, 0x0)

86.753557ms ago: executing program 1:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000004000000000000000000190095"], &(0x7f00000001c0)='syzkaller\x00'}, 0x90)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0)
syz_emit_ethernet(0xfdef, &(0x7f0000000780)=ANY=[@ANYBLOB], 0x0)

32.538145ms ago: executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0x8, 0x6}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000000)='ext4_mark_inode_dirty\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0)

22.545326ms ago: executing program 0:
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f0000000f40)={[{@noload}, {@mblk_io_submit}, {@lazytime}, {@nogrpid}, {@block_validity}, {@user_xattr}]}, 0x3, 0x449, &(0x7f0000000740)="$eJzs28trXNUfAPDvnSR995f8Sn30oUarGHwkTfqwCzeKggsLgi7qMiZpqZ020kSwpWgVqUspuC8uBf8CV7oRdSW41b0UimTTKghX7sy9ycxkJp2Jk0zrfD5wk3PuPZNzvnPvuXPOPZkA+tZo9iOJ2BURv0bEcDVbX2C0+uvO0pWZP5euzCSRpm/+kVTK3V66MlMULV63s8gMRpQ+TeJAk3oXLl0+N10uz13M8xOL59+bWLh0+fmz56fPzJ2ZuzB14sTRI5MvHJ861pU4s7hu7/9w/uC+196+fnLm1PV3fvw6KeJviKNLRtc6+FSadrm63tpdk04GVx/ftpmNoW0D1W4aQ5X+PxwDsXLyhuPVT3raOGBDpWmaPtj68NUU+A9LotctAHqj+KDP5r/FtklDj3vCrZeqE6As7jv5Vj0yGKW8zFDD/LabRiPi1NW/bmRbbMxzCACAOt9m45/nmo3/SlH7XOh/+RrKSET8PyL2RMTxiNgbEQ9EVMo+FBEPd1h/4yLJ6vFP6ea6AmtTNv57MV/bqh//FaO/GBnIc7sr8Q8lp8+W5w7n78lYDG3N8pNr1PHdK7983upY7fgv27L6i7Fg3o6bg1vrXzM7vTj9b2KudevjiP2DzeJPllcCkojYFxH711nH2We+OtjqWJP4/07T9EZbf7jJOlOn0i8jnq6e/6vREH8hWXt9cmJblOcOTxRXxWo//XztjVb13/38b6zs/O9oev0vxz+S1K7XLnRex7XfPms5p1nv9b8leatu3wfTi4sXJyO2JK8PRX6fWt4/1VBuaqV8Fv/Yoeb9f0+svBMHIiK7iB+JiEcj4rG87Y9HxBMRcWiN+H94+cl363aM7eog/o2VxT/b0flfSWyJxj3NEwPnvv+mrtKR6CD+7PwfraTG8j3t3P/aadf6rmYAAAC4/5QiYlckpfHldKk0Pl79H/69saNUnl9YfPb0/PsXZqvfERiJoVLxpGu45nnoZD6tL/JTDfkj+XPjLwa2V/LjM/Pl2V4HD31uZ4v+n/l9oNetAzZcF9bRgPuU/g/9S/+H/qX/Q/9q0v+396IdwOZr9vn/UQ/aAWy+hv5v2Q/6iPk/9C/9H/qX/g99aWF73P1L8hISqxJRuieaIdFJ4uSxtgv3+s4EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQHf8EAAD//yeb6Hg=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0)
ftruncate(r1, 0x2000009)
write$binfmt_script(0xffffffffffffffff, &(0x7f00000008c0)={'#! ', './file0'}, 0xb)
write$binfmt_script(r1, &(0x7f0000000140), 0xfcb8)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0x40305829, &(0x7f00000000c0)={0x17c04, 0xffffffffffffffff, 0x0, 0x100000001})
ioctl$EXT4_IOC_MOVE_EXT(r0, 0x40049409, &(0x7f0000000180)={0x17c04, 0xffffffffffffffff, 0x0, 0x100000001})

0s ago: executing program 0:
r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000f4)
r1 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x10)
pwritev2(r1, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x78c00}], 0x1, 0x2000, 0x0, 0x3)

kernel console output (not intermixed with test programs):


[  234.607071][  T316] usb 5-1: SerialNumber: syz
[  234.611899][  T316] usb 5-1: config 0 descriptor??
[  234.686631][   T60] plantronics 0003:047F:FFFF.0038: unknown main item tag 0x0
[  234.693970][   T60] plantronics 0003:047F:FFFF.0038: No inputs registered, leaving
[  234.702598][   T60] plantronics 0003:047F:FFFF.0038: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  234.795805][  T316] usb 1-1: USB disconnect, device number 28
[  234.857348][   T60] usb 5-1: USB disconnect, device number 20
[  234.966615][  T333] usb 3-1: USB disconnect, device number 23
[  235.519447][ T9210] input: syz1 as /devices/virtual/input/input48
[  235.614398][ T9229] loop4: detected capacity change from 0 to 128
[  235.888996][  T333] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  235.904680][ T9239] 9p: Unknown access argument 18446744073709551615: -34
[  236.316155][  T333] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  236.326969][  T333] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  236.339883][  T333] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  236.348742][  T333] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  236.357288][  T333] usb 4-1: config 0 descriptor??
[  236.715180][ T9272] kvm [9271]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc2 data 0x0
[  236.726685][ T9272] kvm [9271]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc2 data 0x0
[  236.837174][  T333] plantronics 0003:047F:FFFF.0039: unknown main item tag 0x0
[  236.845765][  T333] plantronics 0003:047F:FFFF.0039: No inputs registered, leaving
[  236.858115][  T333] plantronics 0003:047F:FFFF.0039: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  236.982465][ T9296] 9p: Unknown access argument 18446744073709551615: -34
[  237.156612][  T333] usb 4-1: USB disconnect, device number 26
[  237.409943][ T9309] loop2: detected capacity change from 0 to 128
[  237.416809][ T9309] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[  237.432145][   T10] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[  237.441209][   T10] kworker/u4:1: attempt to access beyond end of device
[  237.441209][   T10] loop2: rw=1, sector=144, nr_sectors = 1 limit=128
[  237.454315][   T10] Buffer I/O error on dev loop2, logical block 144, lost async page write
[  237.504302][ T9321] input: syz1 as /devices/virtual/input/input49
[  238.086908][ T9338] loop4: detected capacity change from 0 to 128
[  238.106152][  T333] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  238.136000][ T9340] loop4: detected capacity change from 0 to 512
[  238.142569][ T9340] /dev/loop4: Can't open blockdev
[  238.376185][  T333] usb 1-1: Using ep0 maxpacket: 16
[  238.546217][  T333] usb 1-1: config 0 has no interfaces?
[  238.716311][  T333] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  238.725354][  T333] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  238.733223][  T333] usb 1-1: Product: syz
[  238.737162][  T333] usb 1-1: Manufacturer: syz
[  238.741557][  T333] usb 1-1: SerialNumber: syz
[  238.746633][  T333] usb 1-1: config 0 descriptor??
[  238.988780][  T333] usb 1-1: USB disconnect, device number 29
[  239.049246][ T9365] syz-executor.4[9365] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  239.049293][ T9365] syz-executor.4[9365] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  239.069537][ T9367] loop4: detected capacity change from 0 to 512
[  239.087714][ T9367] /dev/loop4: Can't open blockdev
[  239.609552][ T9389] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[  239.619072][ T9389] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[  240.050450][ T9413] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  240.060546][ T9413] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'.
[  240.226225][  T357] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  240.466081][  T357] usb 1-1: Using ep0 maxpacket: 16
[  240.586131][  T357] usb 1-1: config 0 has no interfaces?
[  240.746122][  T357] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  240.755477][  T357] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  240.763914][  T357] usb 1-1: Product: syz
[  240.769181][  T357] usb 1-1: Manufacturer: syz
[  240.774290][  T357] usb 1-1: SerialNumber: syz
[  240.779848][  T357] usb 1-1: config 0 descriptor??
[  240.885873][ T9441] loop2: detected capacity change from 0 to 40427
[  240.893612][ T9441] F2FS-fs (loop2): invalid crc value
[  240.900349][ T9441] F2FS-fs (loop2): Found nat_bits in checkpoint
[  240.923144][ T9441] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[  240.944175][ T9441] syz-executor.2: attempt to access beyond end of device
[  240.944175][ T9441] loop2: rw=34817, sector=77824, nr_sectors = 128 limit=40427
[  240.960857][ T9441] syz-executor.2: attempt to access beyond end of device
[  240.960857][ T9441] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  241.019256][  T333] usb 1-1: USB disconnect, device number 30
[  241.160313][ T9451] loop4: detected capacity change from 0 to 40427
[  241.306084][  T357] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  241.385504][ T9468] fscrypt: AES-128-CTS-CBC using implementation "cts-cbc-aes-aesni"
[  241.394580][ T9468] fscrypt: AES-128-CBC-ESSIV using implementation "essiv(cbc-aes-aesni,sha256-avx2)"
[  241.544301][ T9477] 9p: Unknown access argument 18446744073709551615: -34
[  241.649487][ T9478] loop3: detected capacity change from 0 to 512
[  241.661939][ T9478] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities
[  241.683555][ T9482] device sit0 entered promiscuous mode
[  241.695492][ T9482] netlink: 'syz-executor.0': attribute type 1 has an invalid length.
[  241.703497][ T9482] netlink: 1 bytes leftover after parsing attributes in process `syz-executor.0'.
[  241.729476][ T9476] loop3: detected capacity change from 0 to 16
[  241.737118][ T9476] erofs: (device loop3): mounted with root inode @ nid 36.
[  241.806623][  T357] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  241.817917][  T357] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  241.832183][  T357] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  241.842395][  T357] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  241.854223][  T357] usb 3-1: config 0 descriptor??
[  242.336998][  T357] plantronics 0003:047F:FFFF.003A: unknown main item tag 0x0
[  242.344496][  T357] plantronics 0003:047F:FFFF.003A: No inputs registered, leaving
[  242.356940][  T357] plantronics 0003:047F:FFFF.003A: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  242.369286][ T9509] device sit0 entered promiscuous mode
[  242.375590][ T9509] netlink: 'syz-executor.3': attribute type 1 has an invalid length.
[  242.383691][ T9509] netlink: 1 bytes leftover after parsing attributes in process `syz-executor.3'.
[  242.648408][   T60] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  242.658421][ T9519] 9p: Unknown access argument 18446744073709551615: -34
[  242.766625][  T357] usb 3-1: USB disconnect, device number 24
[  242.926067][   T60] usb 5-1: Using ep0 maxpacket: 16
[  243.076129][   T60] usb 5-1: config 0 has no interfaces?
[  243.276444][   T60] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  243.290318][   T60] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  243.327572][   T60] usb 5-1: Product: syz
[  243.331573][   T60] usb 5-1: Manufacturer: syz
[  243.336269][   T60] usb 5-1: SerialNumber: syz
[  243.354361][   T60] usb 5-1: config 0 descriptor??
[  243.547256][ T9533] loop2: detected capacity change from 0 to 40427
[  243.562511][ T9533] F2FS-fs (loop2): invalid crc value
[  243.576512][ T9540] netlink: 'syz-executor.3': attribute type 1 has an invalid length.
[  243.584571][ T9540] netlink: 1 bytes leftover after parsing attributes in process `syz-executor.3'.
[  243.594465][ T9533] F2FS-fs (loop2): Found nat_bits in checkpoint
[  243.611842][   T60] usb 5-1: USB disconnect, device number 21
[  243.656129][ T9533] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[  243.692744][ T8867] syz-executor.2: attempt to access beyond end of device
[  243.692744][ T8867] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  243.999083][ T9559] 9p: Unknown access argument 18446744073709551615: -34
[  244.146092][  T357] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  244.171360][ T9563] device vti0 entered promiscuous mode
[  244.252177][ T9571] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
[  244.396083][  T357] usb 4-1: Using ep0 maxpacket: 16
[  244.596105][  T357] usb 4-1: config 1 interface 0 altsetting 8 bulk endpoint 0x1 has invalid maxpacket 1023
[  244.605886][  T357] usb 4-1: config 1 interface 0 altsetting 8 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  244.618764][  T357] usb 4-1: config 1 interface 0 has no altsetting 0
[  244.682487][ T9573] loop0: detected capacity change from 0 to 40427
[  244.690301][ T9573] F2FS-fs (loop0): invalid crc value
[  244.697124][ T9573] F2FS-fs (loop0): Found nat_bits in checkpoint
[  244.734510][ T9573] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[  244.759774][ T7400] syz-executor.0: attempt to access beyond end of device
[  244.759774][ T7400] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  244.796173][  T357] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  244.805158][  T357] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  244.820836][  T357] usb 4-1: Product: syz
[  244.824829][  T357] usb 4-1: Manufacturer: �
[  244.829732][  T357] usb 4-1: SerialNumber: syz
[  244.856196][ T9545] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  244.863187][ T9545] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  245.089320][ T9609] 9p: Unknown access argument 18446744073709551615: -34
[  245.237198][  T357] usb 4-1: USB disconnect, device number 27
[  245.247171][ T9619] loop2: detected capacity change from 0 to 512
[  245.258142][ T9619] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  245.266946][ T9619] ext4 filesystem being mounted at /root/syzkaller-testdir3416271025/syzkaller.KDpKss/89/bus supports timestamps until 2038 (0x7fffffff)
[  245.287271][ T8867] EXT4-fs (loop2): unmounting filesystem.
[  245.707752][ T9629] request_module fs-nfsd succeeded, but still no fs?
[  245.938568][ T9648] loop4: detected capacity change from 0 to 512
[  245.945493][ T9648] /dev/loop4: Can't open blockdev
[  245.955604][ T9650] loop0: detected capacity change from 0 to 256
[  245.969873][   T28] kauditd_printk_skb: 134 callbacks suppressed
[  245.969888][   T28] audit: type=1400 audit(2000000173.329:21428): avc:  denied  { mounton } for  pid=9649 comm="syz-executor.0" path="/root/syzkaller-testdir4199914204/syzkaller.Awxbgs/195/file0/file0" dev="loop0" ino=1048794 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=dir permissive=1
[  245.970019][ T9650] incfs: Can't find or create .index dir in ./file0
[  246.013017][ T9650] incfs: mount failed -28
[  246.020016][ T9650] incfs: Can't find or create .index dir in ./file0
[  246.027704][ T9650] incfs: mount failed -28
[  246.251930][ T9658] loop0: detected capacity change from 0 to 256
[  246.449598][ T9655] loop4: detected capacity change from 0 to 40427
[  246.691653][ T9678] loop4: detected capacity change from 0 to 256
[  246.775434][ T9679] bridge0: port 1(bridge_slave_0) entered blocking state
[  246.789947][ T9679] bridge0: port 1(bridge_slave_0) entered disabled state
[  246.798062][ T9679] device bridge_slave_0 entered promiscuous mode
[  246.804896][ T9679] bridge0: port 2(bridge_slave_1) entered blocking state
[  246.811936][ T9679] bridge0: port 2(bridge_slave_1) entered disabled state
[  246.819392][ T9679] device bridge_slave_1 entered promiscuous mode
[  246.847853][ T9704] input: syz0 as /devices/virtual/input/input50
[  246.970085][ T9679] bridge0: port 2(bridge_slave_1) entered blocking state
[  246.976976][ T9679] bridge0: port 2(bridge_slave_1) entered forwarding state
[  246.984070][ T9679] bridge0: port 1(bridge_slave_0) entered blocking state
[  246.990874][ T9679] bridge0: port 1(bridge_slave_0) entered forwarding state
[  247.038374][  T357] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  247.038411][  T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  247.067718][  T333] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  247.086186][  T333] bridge0: port 2(bridge_slave_1) entered disabled state
[  247.107531][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  247.115550][   T39] bridge0: port 2(bridge_slave_1) entered blocking state
[  247.122409][   T39] bridge0: port 2(bridge_slave_1) entered forwarding state
[  247.129777][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  247.146845][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  247.158140][  T343] device bridge_slave_1 left promiscuous mode
[  247.164670][  T343] bridge0: port 2(bridge_slave_1) entered disabled state
[  247.172148][  T343] device bridge_slave_0 left promiscuous mode
[  247.178246][  T343] bridge0: port 1(bridge_slave_0) entered disabled state
[  247.186465][  T343] device veth1_macvtap left promiscuous mode
[  247.192298][  T343] device veth0_vlan left promiscuous mode
[  247.315445][ T9679] device veth0_vlan entered promiscuous mode
[  247.353126][  T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  247.361982][  T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  247.369879][  T333] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  247.385794][  T333] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  247.399519][ T9679] device veth1_macvtap entered promiscuous mode
[  247.406151][  T357] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  247.431666][  T357] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  247.440879][  T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  247.444516][  T357] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  247.452962][  T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  247.461197][  T357] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  247.470363][  T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  247.484893][  T357] usb 4-1: config 0 descriptor??
[  247.490254][   T28] audit: type=1400 audit(2000000174.859:21429): avc:  denied  { setopt } for  pid=9735 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  247.555027][ T9745] loop1: detected capacity change from 0 to 128
[  247.930344][   T28] audit: type=1400 audit(2000000175.289:21430): avc:  denied  { write } for  pid=9744 comm="syz-executor.1" path="socket:[60057]" dev="sockfs" ino=60057 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  248.226968][  T357] plantronics 0003:047F:FFFF.003B: No inputs registered, leaving
[  248.238871][  T357] plantronics 0003:047F:FFFF.003B: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  248.249058][ T9761] loop0: detected capacity change from 0 to 256
[  248.260652][ T9761] incfs: Can't find or create .index dir in ./file0
[  248.267282][ T9761] incfs: mount failed -28
[  248.272112][ T9761] incfs: Can't find or create .index dir in ./file0
[  248.278857][ T9761] incfs: mount failed -28
[  248.291241][ T9765] input: syz0 as /devices/virtual/input/input51
[  248.347184][ T9767] loop4: detected capacity change from 0 to 512
[  248.354144][ T9767] /dev/loop4: Can't open blockdev
[  248.482552][ T9778] loop2: detected capacity change from 0 to 128
[  248.515418][ T9783] loop1: detected capacity change from 0 to 128
[  248.526210][ T9783] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1)
[  248.559383][ T9783] syz-executor.1: attempt to access beyond end of device
[  248.559383][ T9783] loop1: rw=3, sector=6950, nr_sectors = 2 limit=128
[  248.573947][ T9783] syz-executor.1: attempt to access beyond end of device
[  248.573947][ T9783] loop1: rw=2051, sector=6952, nr_sectors = 942 limit=128
[  248.941869][  T334] usb 4-1: USB disconnect, device number 28
[  248.957981][ T9802] loop4: detected capacity change from 0 to 128
[  249.416459][ T9823] loop0: detected capacity change from 0 to 128
[  249.423290][ T9823] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1)
[  249.445011][ T9823] syz-executor.0: attempt to access beyond end of device
[  249.445011][ T9823] loop0: rw=3, sector=6950, nr_sectors = 2 limit=128
[  249.458748][ T9823] syz-executor.0: attempt to access beyond end of device
[  249.458748][ T9823] loop0: rw=2051, sector=6952, nr_sectors = 942 limit=128
[  249.534422][ T9819] loop1: detected capacity change from 0 to 40427
[  249.556958][ T9819] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  249.561848][ T9833] input: syz0 as /devices/virtual/input/input52
[  249.564606][ T9819] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  249.581672][ T9831] loop2: detected capacity change from 0 to 256
[  249.602984][ T9819] F2FS-fs (loop1): Found nat_bits in checkpoint
[  249.607269][ T9831] FAT-fs (loop2): Directory bread(block 64) failed
[  249.615476][ T9831] FAT-fs (loop2): Directory bread(block 65) failed
[  249.624848][ T9831] FAT-fs (loop2): Directory bread(block 66) failed
[  249.631800][ T9831] FAT-fs (loop2): Directory bread(block 67) failed
[  249.638289][ T9831] FAT-fs (loop2): Directory bread(block 68) failed
[  249.644686][ T9831] FAT-fs (loop2): Directory bread(block 69) failed
[  249.651096][ T9831] FAT-fs (loop2): Directory bread(block 70) failed
[  249.657716][ T9819] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  249.657880][ T9831] FAT-fs (loop2): Directory bread(block 71) failed
[  249.673088][ T9831] FAT-fs (loop2): Directory bread(block 72) failed
[  249.679948][ T9831] FAT-fs (loop2): Directory bread(block 73) failed
[  249.690243][ T9819] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  249.698315][ T9819] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  249.738551][ T5660] kworker/u4:7: attempt to access beyond end of device
[  249.738551][ T5660] loop2: rw=1, sector=1224, nr_sectors = 4 limit=256
[  249.857658][ T9850] loop4: detected capacity change from 0 to 128
[  249.865003][ T9850] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1)
[  249.979269][ T9857] loop4: detected capacity change from 0 to 2048
[  250.233737][ T9857] Alternate GPT is invalid, using primary GPT.
[  250.241056][ T9857]  loop4: p2 p3 p7
[  250.496251][ T9864] loop0: detected capacity change from 0 to 256
[  250.502899][ T9857] bridge0: port 2(bridge_slave_1) entered disabled state
[  250.509937][ T9857] bridge0: port 1(bridge_slave_0) entered disabled state
[  250.570364][ T9857] 9pnet: p9_errstr2errno: server reported unknown error �@íÎhQI¸¥Šte
[  250.631484][ T9870] loop3: detected capacity change from 0 to 8192
[  250.638297][   T28] audit: type=1400 audit(2000000177.999:21431): avc:  denied  { mounton } for  pid=9869 comm="syz-executor.3" path="/root/syzkaller-testdir4092317188/syzkaller.UpHTM0/56/bus" dev="devtmpfs" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  250.653961][ T9874] loop4: detected capacity change from 0 to 128
[  250.816148][  T333] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  251.072904][ T9892] loop1: detected capacity change from 0 to 256
[  251.226147][  T333] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  251.237045][  T333] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  251.246706][  T333] usb 1-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00
[  251.255753][  T333] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  251.270878][  T333] usb 1-1: config 0 descriptor??
[  251.356088][   T39] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  251.561327][ T9898] input: syz0 as /devices/virtual/input/input53
[  251.568349][ T9900] loop4: detected capacity change from 0 to 2048
[  251.596093][   T39] usb 2-1: Using ep0 maxpacket: 8
[  251.608761][ T9900] Alternate GPT is invalid, using primary GPT.
[  251.614818][ T9900]  loop4: p2 p3 p7
[  251.678080][ T9890] loop2: detected capacity change from 0 to 40427
[  251.696887][ T9890] F2FS-fs (loop2): Invalid segment/section count (458776 != 24 * 1)
[  251.704701][ T9890] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  251.716165][   T39] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  251.728608][ T9900] 9pnet: p9_errstr2errno: server reported unknown error �@íÎhQI¸¥Šte
[  251.736158][ T9890] F2FS-fs (loop2): Unrecognized mount option "ÿ" or missing value
[  251.767031][  T333] sony 0003:054C:0268.003C: unknown main item tag 0x0
[  251.786652][  T333] sony 0003:054C:0268.003C: hiddev96,hidraw0: USB HID v80.00 Device [HID 054c:0268] on usb-dummy_hcd.0-1/input0
[  251.806132][   T39] usb 2-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d
[  251.814997][   T39] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105
[  251.823445][  T333] sony 0003:054C:0268.003C: failed to claim input
[  251.846534][   T39] usb 2-1: SerialNumber: syz
[  251.852862][   T39] usb 2-1: config 0 descriptor??
[  251.896724][   T39] usb 2-1: Found UVC 105.00 device <unnamed> (05ac:8501)
[  251.903624][   T39] usb 2-1: No valid video chain found.
[  251.971486][  T334] usb 1-1: USB disconnect, device number 31
[  252.115030][ T9907] loop3: detected capacity change from 0 to 512
[  252.122092][ T9907] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem
[  252.132036][ T9907] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #15: comm syz-executor.3: pblk 0 bad header/extent: invalid eh_entries - magic f30a, entries 24833, max 4(4), depth 0(0)
[  252.151293][ T9907] EXT4-fs error (device loop3): ext4_orphan_get:1401: comm syz-executor.3: couldn't read orphan inode 15 (err -117)
[  252.160580][   T28] audit: type=1400 audit(2000000179.519:21432): avc:  denied  { read } for  pid=9912 comm="syz-executor.2" name="loop-control" dev="devtmpfs" ino=113 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  252.163677][ T9907] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  252.196411][ T9907] ext2 filesystem being mounted at /root/syzkaller-testdir4092317188/syzkaller.UpHTM0/59/file2 supports timestamps until 2038 (0x7fffffff)
[  252.197501][   T28] audit: type=1400 audit(2000000179.549:21433): avc:  denied  { open } for  pid=9912 comm="syz-executor.2" path="/dev/loop-control" dev="devtmpfs" ino=113 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  252.235633][   T28] audit: type=1400 audit(2000000179.549:21434): avc:  denied  { ioctl } for  pid=9912 comm="syz-executor.2" path="/dev/loop-control" dev="devtmpfs" ino=113 ioctlcmd=0x4c81 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  252.245590][ T9915] loop2: detected capacity change from 0 to 256
[  252.262993][  T357] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  252.282553][ T9140] EXT4-fs (loop3): unmounting filesystem.
[  252.508668][ T9928] loop0: detected capacity change from 0 to 512
[  252.515433][ T9928] EXT4-fs (loop0): couldn't mount as ext3 due to feature incompatibilities
[  252.546066][  T357] usb 5-1: Using ep0 maxpacket: 32
[  252.609655][ T9932] loop0: detected capacity change from 0 to 256
[  252.626126][  T334] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  252.636454][   T39] usb 2-1: USB disconnect, device number 14
[  252.696169][  T357] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  252.707033][  T357] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  252.716599][  T357] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  252.725408][  T357] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  252.734003][  T357] usb 5-1: config 0 descriptor??
[  252.793365][ T9944] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9944 comm=syz-executor.0
[  252.806668][  T357] hub 5-1:0.0: USB hub found
[  252.934111][ T9959] loop0: detected capacity change from 0 to 256
[  253.026153][  T357] hub 5-1:0.0: 1 port detected
[  253.046157][   T39] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  253.056154][  T334] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  253.066981][  T334] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  253.076523][  T334] usb 3-1: New USB device found, idVendor=046d, idProduct=c29a, bcdDevice= 0.00
[  253.085400][  T334] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  253.093641][  T334] usb 3-1: config 0 descriptor??
[  253.206131][   T60] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  253.219655][ T9965] loop3: detected capacity change from 0 to 512
[  253.227399][ T9965] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem
[  253.236667][ T9965] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #15: comm syz-executor.3: pblk 0 bad header/extent: invalid eh_entries - magic f30a, entries 24833, max 4(4), depth 0(0)
[  253.255029][ T9965] EXT4-fs error (device loop3): ext4_orphan_get:1401: comm syz-executor.3: couldn't read orphan inode 15 (err -117)
[  253.267301][ T9965] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  253.275584][ T9965] ext2 filesystem being mounted at /root/syzkaller-testdir4092317188/syzkaller.UpHTM0/64/file2 supports timestamps until 2038 (0x7fffffff)
[  253.295380][ T9140] EXT4-fs (loop3): unmounting filesystem.
[  253.416168][   T39] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  253.427286][   T39] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  253.440089][   T39] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  253.448953][   T60] usb 1-1: Using ep0 maxpacket: 8
[  253.453871][   T39] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  253.462373][   T39] usb 2-1: config 0 descriptor??
[  253.496715][ T9905] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  253.505000][ T9905] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  253.517036][  T357] usb 5-1: USB disconnect, device number 22
[  253.566226][   T60] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  253.586957][  T334] logitech 0003:046D:C29A.003D: unknown main item tag 0x0
[  253.593943][  T334] logitech 0003:046D:C29A.003D: item fetching failed at offset 5/7
[  253.601791][  T334] logitech 0003:046D:C29A.003D: parse failed
[  253.607649][  T334] logitech: probe of 0003:046D:C29A.003D failed with error -22
[  253.656130][   T60] usb 1-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d
[  253.665047][   T60] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105
[  253.673146][   T60] usb 1-1: SerialNumber: syz
[  253.678020][   T60] usb 1-1: config 0 descriptor??
[  253.716434][   T60] usb 1-1: Found UVC 105.00 device <unnamed> (05ac:8501)
[  253.723393][   T60] usb 1-1: No valid video chain found.
[  253.789842][   T60] usb 3-1: USB disconnect, device number 25
[  253.946824][   T39] plantronics 0003:047F:FFFF.003E: No inputs registered, leaving
[  253.955577][   T39] plantronics 0003:047F:FFFF.003E: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  254.175281][ T9975] loop4: detected capacity change from 0 to 256
[  254.423565][   T39] usb 1-1: USB disconnect, device number 32
[  254.445335][ T9979] loop2: detected capacity change from 0 to 512
[  254.452935][ T9981] loop0: detected capacity change from 0 to 2048
[  254.452975][ T9979] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  254.471571][   T60] usb 2-1: USB disconnect, device number 15
[  254.473901][ T9979] EXT4-fs (loop2): 1 truncate cleaned up
[  254.477609][ T9977] plantronics 0003:047F:FFFF.003E: usb_submit_urb(ctrl) failed: -19
[  254.483286][ T9979] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  254.523321][ T9981]  loop0: unable to read partition table
[  254.528924][ T9981] loop0: partition table beyond EOD, truncated
[  254.534905][ T9981] loop_reread_partitions: partition scan of loop0 () failed (rc=-5)
[  254.556131][ T9979] loop2: detected capacity change from 512 to 64
[  254.556894][ T9981] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[  254.567609][ T8867] EXT4-fs warning (device loop2): ext4_empty_dir:3120: inode #11: lblock 5: comm syz-executor.2: error -12 reading directory block
[  254.591872][ T8867] EXT4-fs warning (device loop2): ext4_empty_dir:3120: inode #11: lblock 5: comm syz-executor.2: error -12 reading directory block
[  254.592054][ T8867] EXT4-fs warning (device loop2): ext4_empty_dir:3120: inode #11: lblock 5: comm syz-executor.2: error -12 reading directory block
[  254.618743][ T8867] EXT4-fs warning (device loop2): ext4_empty_dir:3120: inode #11: lblock 5: comm syz-executor.2: error -12 reading directory block
[  254.618942][ T8867] EXT4-fs warning (device loop2): ext4_empty_dir:3120: inode #11: lblock 5: comm syz-executor.2: error -12 reading directory block
[  254.640717][ T9992] netlink: 'syz-executor.0': attribute type 2 has an invalid length.
[  254.645754][ T8867] EXT4-fs warning (device loop2): ext4_empty_dir:3120: inode #11: lblock 5: comm syz-executor.2: error -12 reading directory block
[  254.666824][ T8867] EXT4-fs warning (device loop2): ext4_empty_dir:3120: inode #11: lblock 5: comm syz-executor.2: error -12 reading directory block
[  254.667046][ T8867] EXT4-fs warning (device loop2): ext4_empty_dir:3120: inode #11: lblock 5: comm syz-executor.2: error -12 reading directory block
[  254.693665][ T8867] EXT4-fs warning (device loop2): ext4_empty_dir:3120: inode #11: lblock 5: comm syz-executor.2: error -12 reading directory block
[  254.693849][ T8867] EXT4-fs warning (device loop2): ext4_empty_dir:3120: inode #11: lblock 5: comm syz-executor.2: error -12 reading directory block
[  254.778776][ T8867] EXT4-fs (loop2): unmounting filesystem.
[  254.785812][ T8867] ------------[ cut here ]------------
[  254.791412][ T8867] WARNING: CPU: 1 PID: 8867 at fs/mbcache.c:417 mb_cache_destroy+0x227/0x290
[  254.800080][ T8867] Modules linked in:
[  254.803748][ T8867] CPU: 1 PID: 8867 Comm: syz-executor.2 Tainted: G        W          6.1.78-syzkaller-00008-g4c45e2f34089 #0
[  254.815162][ T8867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  254.819814][ T9994] device pim6reg1 entered promiscuous mode
[  254.825039][ T8867] RIP: 0010:mb_cache_destroy+0x227/0x290
[  254.836169][ T8867] Code: ff eb 05 e8 fb cb 95 ff 48 bb 00 00 00 00 00 fc ff df 4c 8b 65 d0 4d 39 f4 74 34 e8 e3 cb 95 ff e9 49 fe ff ff e8 d9 cb 95 ff <0f> 0b e9 7a ff ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c 4f ff
[  254.855588][ T8867] RSP: 0018:ffffc90000b2fa28 EFLAGS: 00010293
[  254.861473][ T8867] RAX: ffffffff81dfa827 RBX: 0000000000000002 RCX: ffff8881305ea880
[  254.869338][ T8867] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000001
[  254.877100][ T8867] RBP: ffffc90000b2fa70 R08: ffffffff81dfa79e R09: ffffed1023e4659c
[  254.884888][ T8867] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88811f232cb8
[  254.892718][ T8867] R13: ffff88811f232cd8 R14: ffff88812fd12f20 R15: ffff88812fd12f00
[  254.900521][ T8867] FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[  254.909288][ T8867] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  254.915693][ T8867] CR2: 00007ffc882fbb48 CR3: 000000013ab12000 CR4: 00000000003506a0
[  254.923526][ T8867] DR0: 0000000000000000 DR1: 00000000872c9164 DR2: 0000000000000000
[  254.931339][ T8867] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  254.939154][ T8867] Call Trace:
[  254.942254][ T8867]  <TASK>
[  254.945028][ T8867]  ? show_regs+0x58/0x60
[  254.949144][ T8867]  ? __warn+0x160/0x3d0
[  254.953103][ T8867]  ? mb_cache_destroy+0x227/0x290
[  254.957976][ T8867]  ? report_bug+0x4d5/0x7d0
[  254.962300][ T8867]  ? mb_cache_destroy+0x227/0x290
[  254.967182][ T8867]  ? handle_bug+0x41/0x70
[  254.971327][ T8867]  ? exc_invalid_op+0x1b/0x50
[  254.975848][ T8867]  ? asm_exc_invalid_op+0x1b/0x20
[  254.980720][ T8867]  ? mb_cache_destroy+0x19e/0x290
[  254.985563][ T8867]  ? mb_cache_destroy+0x227/0x290
[  254.990465][ T8867]  ? mb_cache_destroy+0x227/0x290
[  254.995282][ T8867]  ? mb_cache_destroy+0x227/0x290
[  255.000159][ T8867]  ext4_xattr_destroy_cache+0x1f/0x30
[  255.005349][ T8867]  ext4_put_super+0x880/0xd60
[  255.009878][ T8867]  ? ext4_drop_inode+0x1a0/0x1a0
[  255.014732][ T8867]  generic_shutdown_super+0x14f/0x370
[  255.019977][ T8867]  kill_block_super+0x7e/0xe0
[  255.024518][ T8867]  deactivate_locked_super+0xad/0x110
[  255.029806][ T8867]  deactivate_super+0xbe/0xf0
[  255.034387][ T8867]  cleanup_mnt+0x485/0x510
[  255.038560][ T8867]  __cleanup_mnt+0x19/0x20
[  255.042801][ T8867]  task_work_run+0x24d/0x2e0
[  255.047256][ T8867]  ? kmem_cache_free+0x291/0x510
[  255.052002][ T8867]  ? task_work_cancel+0x2b0/0x2b0
[  255.056874][ T8867]  ? free_nsproxy+0x20d/0x260
[  255.061373][ T8867]  ? exit_task_namespaces+0xb4/0xd0
[  255.066439][ T8867]  do_exit+0xbd5/0x2b80
[  255.070404][ T8867]  ? put_task_struct+0x80/0x80
[  255.074997][ T8867]  ? __kasan_check_write+0x14/0x20
[  255.080010][ T8867]  ? _raw_spin_lock_irq+0xa5/0x1b0
[  255.084894][ T8867]  ? _raw_spin_lock_irqsave+0x210/0x210
[  255.090290][ T8867]  ? zap_other_threads+0x29c/0x2d0
[  255.095221][ T8867]  do_group_exit+0x21a/0x2d0
[  255.099663][ T8867]  __x64_sys_exit_group+0x3f/0x40
[  255.104508][ T8867]  do_syscall_64+0x3d/0xb0
[  255.108784][ T8867]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  255.114487][ T8867] RIP: 0033:0x7f1f9647cea9
[  255.118759][ T8867] Code: Unable to access opcode bytes at 0x7f1f9647ce7f.
[  255.125596][ T8867] RSP: 002b:00007fffc3b28618 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  255.133860][ T8867] RAX: ffffffffffffffda RBX: 00007f1f964d96ba RCX: 00007f1f9647cea9
[  255.141669][ T8867] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  255.149483][ T8867] RBP: 0000000000000027 R08: 00007fffc3b263b6 R09: 00007fffc3b298d0
[  255.157292][ T8867] R10: 000000000000000a R11: 0000000000000246 R12: 00007fffc3b298d0
[  255.165088][ T8867] R13: 00007f1f964d9636 R14: 00005555563b9430 R15: 0000000000000004
[  255.172925][ T8867]  </TASK>
[  255.175761][ T8867] ---[ end trace 0000000000000000 ]---
[  255.236831][T10001] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  255.286106][  T357] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  255.326208][T10006] bridge0: port 1(bridge_slave_0) entered blocking state
[  255.333095][T10006] bridge0: port 1(bridge_slave_0) entered disabled state
[  255.340625][T10006] device bridge_slave_0 entered promiscuous mode
[  255.349943][T10006] bridge0: port 2(bridge_slave_1) entered blocking state
[  255.357460][T10006] bridge0: port 2(bridge_slave_1) entered disabled state
[  255.364766][T10006] device bridge_slave_1 entered promiscuous mode
[  255.398373][T10022] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[  255.435735][T10022] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[  255.462391][T10006] bridge0: port 2(bridge_slave_1) entered blocking state
[  255.469292][T10006] bridge0: port 2(bridge_slave_1) entered forwarding state
[  255.476371][T10006] bridge0: port 1(bridge_slave_0) entered blocking state
[  255.483145][T10006] bridge0: port 1(bridge_slave_0) entered forwarding state
[  255.515502][T10030] device pim6reg1 entered promiscuous mode
[  255.523906][T10032] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  255.568042][  T726] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  255.577376][  T726] bridge0: port 1(bridge_slave_0) entered disabled state
[  255.585104][  T726] bridge0: port 2(bridge_slave_1) entered disabled state
[  255.616620][T10036] loop3: detected capacity change from 0 to 256
[  255.629415][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  255.639291][   T60] bridge0: port 1(bridge_slave_0) entered blocking state
[  255.646154][   T60] bridge0: port 1(bridge_slave_0) entered forwarding state
[  255.744672][  T357] usb 2-1: Using ep0 maxpacket: 16
[  255.766531][  T726] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  255.775367][  T726] bridge0: port 2(bridge_slave_1) entered blocking state
[  255.782264][  T726] bridge0: port 2(bridge_slave_1) entered forwarding state
[  255.789984][  T726] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  255.798258][  T726] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  255.820171][T10006] device veth0_vlan entered promiscuous mode
[  255.827472][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  255.835858][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  255.845068][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  255.853512][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  255.874669][T10006] device veth1_macvtap entered promiscuous mode
[  255.886668][  T357] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  255.886815][  T726] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  255.905091][  T726] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  255.911386][  T357] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  255.912911][  T726] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  255.932865][  T726] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  255.939256][  T357] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  255.941153][  T726] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  255.974059][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  255.975623][  T357] usb 2-1: New USB device found, idVendor=1e7d, idProduct=31ce, bcdDevice= 0.00
[  255.985539][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  255.991597][  T357] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  256.000767][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  256.015068][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  256.025597][ T5660] device bridge_slave_1 left promiscuous mode
[  256.031636][ T5660] bridge0: port 2(bridge_slave_1) entered disabled state
[  256.040406][  T357] usb 2-1: config 0 descriptor??
[  256.045550][ T5660] device bridge_slave_0 left promiscuous mode
[  256.051804][ T5660] bridge0: port 1(bridge_slave_0) entered disabled state
[  256.060425][ T5660] device veth1_macvtap left promiscuous mode
[  256.066452][ T5660] device veth0_vlan left promiscuous mode
[  256.193908][T10058] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  256.300238][T10090] loop0: detected capacity change from 0 to 512
[  256.307775][T10090] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  256.322275][T10090] EXT4-fs (loop0): 1 truncate cleaned up
[  256.327935][T10090] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  256.361984][T10090] loop0: detected capacity change from 512 to 64
[  256.381160][T10107] loop3: detected capacity change from 0 to 256
[  256.390633][ T7400] EXT4-fs warning (device loop0): ext4_empty_dir:3120: inode #11: lblock 5: comm syz-executor.0: error -12 reading directory block
[  256.417548][ T7400] EXT4-fs warning (device loop0): ext4_empty_dir:3120: inode #11: lblock 5: comm syz-executor.0: error -12 reading directory block
[  256.431486][ T7400] EXT4-fs warning (device loop0): ext4_empty_dir:3120: inode #11: lblock 5: comm syz-executor.0: error -12 reading directory block
[  256.446075][ T7400] EXT4-fs warning (device loop0): ext4_empty_dir:3120: inode #11: lblock 5: comm syz-executor.0: error -12 reading directory block
[  256.460422][ T7400] EXT4-fs warning (device loop0): ext4_empty_dir:3120: inode #11: lblock 5: comm syz-executor.0: error -12 reading directory block
[  256.483486][T10123] loop2: detected capacity change from 0 to 512
[  256.486363][ T7400] EXT4-fs warning (device loop0): ext4_empty_dir:3120: inode #11: lblock 5: comm syz-executor.0: error -12 reading directory block
[  256.499144][T10123] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  256.503667][ T7400] EXT4-fs warning (device loop0): ext4_empty_dir:3120: inode #11: lblock 5: comm syz-executor.0: error -12 reading directory block
[  256.513489][  T357] ryos 0003:1E7D:31CE.003F: unbalanced collection at end of report description
[  256.529076][ T7400] EXT4-fs warning (device loop0): ext4_empty_dir:3120: inode #11: lblock 5: comm syz-executor.0: error -12 reading directory block
[  256.551178][ T7400] EXT4-fs warning (device loop0): ext4_empty_dir:3120: inode #11: lblock 5: comm syz-executor.0: error -12 reading directory block
[  256.555485][  T357] ryos 0003:1E7D:31CE.003F: parse failed
[  256.565076][ T7400] EXT4-fs warning (device loop0): ext4_empty_dir:3120: inode #11: lblock 5: comm syz-executor.0: error -12 reading directory block
[  256.586808][T10123] EXT4-fs error (device loop2): ext4_orphan_get:1422: comm syz-executor.2: bad orphan inode 16
[  256.600326][  T357] ryos: probe of 0003:1E7D:31CE.003F failed with error -22
[  256.614288][T10123] ext4_test_bit(bit=15, block=4) = 0
[  256.620592][T10123] EXT4-fs (loop2): 1 orphan inode deleted
[  256.628530][T10123] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  256.638984][T10123] EXT4-fs (loop2): unmounting filesystem.
[  256.659398][ T7400] EXT4-fs (loop0): unmounting filesystem.
[  256.665763][ T7400] ------------[ cut here ]------------
[  256.671083][ T7400] WARNING: CPU: 1 PID: 7400 at fs/mbcache.c:417 mb_cache_destroy+0x227/0x290
[  256.679708][ T7400] Modules linked in:
[  256.683387][ T7400] CPU: 1 PID: 7400 Comm: syz-executor.0 Tainted: G        W          6.1.78-syzkaller-00008-g4c45e2f34089 #0
[  256.694767][ T7400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  256.704662][ T7400] RIP: 0010:mb_cache_destroy+0x227/0x290
[  256.710111][ T7400] Code: ff eb 05 e8 fb cb 95 ff 48 bb 00 00 00 00 00 fc ff df 4c 8b 65 d0 4d 39 f4 74 34 e8 e3 cb 95 ff e9 49 fe ff ff e8 d9 cb 95 ff <0f> 0b e9 7a ff ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c 4f ff
[  256.715364][  T316] usb 2-1: USB disconnect, device number 16
[  256.729594][ T7400] RSP: 0018:ffffc90005d9fa28 EFLAGS: 00010293
[  256.741199][ T7400] RAX: ffffffff81dfa827 RBX: 0000000000000002 RCX: ffff88810eba2880
[  256.748978][ T7400] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000001
[  256.757016][ T7400] RBP: ffffc90005d9fa70 R08: ffffffff81dfa79e R09: ffffed1023e4ca94
[  256.764794][ T7400] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88811f265478
[  256.772641][ T7400] R13: ffff88811f265498 R14: ffff88810fd09620 R15: ffff88810fd09600
[  256.780434][ T7400] FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[  256.780448][ T5398] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  256.789268][ T7400] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  256.802987][ T7400] CR2: 000000002001f000 CR3: 000000012bb3d000 CR4: 00000000003506a0
[  256.810823][ T7400] DR0: 0000000000000000 DR1: 00000000872c9164 DR2: 0000000000000000
[  256.818640][ T7400] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  256.826434][ T7400] Call Trace:
[  256.829536][ T7400]  <TASK>
[  256.832314][ T7400]  ? show_regs+0x58/0x60
[  256.836412][ T7400]  ? __warn+0x160/0x3d0
[  256.840386][ T7400]  ? mb_cache_destroy+0x227/0x290
[  256.845250][ T7400]  ? report_bug+0x4d5/0x7d0
[  256.849608][ T7400]  ? mb_cache_destroy+0x227/0x290
[  256.854532][ T7400]  ? handle_bug+0x41/0x70
[  256.858719][ T7400]  ? exc_invalid_op+0x1b/0x50
[  256.863211][ T7400]  ? asm_exc_invalid_op+0x1b/0x20
[  256.868151][ T7400]  ? mb_cache_destroy+0x19e/0x290
[  256.872931][ T7400]  ? mb_cache_destroy+0x227/0x290
[  256.877814][ T7400]  ? mb_cache_destroy+0x227/0x290
[  256.882655][ T7400]  ? mb_cache_destroy+0x227/0x290
[  256.887530][ T7400]  ext4_xattr_destroy_cache+0x1f/0x30
[  256.892725][ T7400]  ext4_put_super+0x880/0xd60
[  256.897249][ T7400]  ? ext4_drop_inode+0x1a0/0x1a0
[  256.902009][ T7400]  generic_shutdown_super+0x14f/0x370
[  256.907244][ T7400]  kill_block_super+0x7e/0xe0
[  256.911730][ T7400]  deactivate_locked_super+0xad/0x110
[  256.916959][ T7400]  deactivate_super+0xbe/0xf0
[  256.921450][ T7400]  cleanup_mnt+0x485/0x510
[  256.925707][ T7400]  __cleanup_mnt+0x19/0x20
[  256.929976][ T7400]  task_work_run+0x24d/0x2e0
[  256.934383][ T7400]  ? kmem_cache_free+0x291/0x510
[  256.939176][ T7400]  ? task_work_cancel+0x2b0/0x2b0
[  256.944022][ T7400]  ? free_nsproxy+0x20d/0x260
[  256.948574][ T7400]  ? exit_task_namespaces+0xb4/0xd0
[  256.953561][ T7400]  do_exit+0xbd5/0x2b80
[  256.957578][ T7400]  ? put_task_struct+0x80/0x80
[  256.962156][ T7400]  ? __kasan_check_write+0x14/0x20
[  256.967124][ T7400]  ? _raw_spin_lock_irq+0xa5/0x1b0
[  256.972048][ T7400]  ? _raw_spin_lock_irqsave+0x210/0x210
[  256.977448][ T7400]  ? zap_other_threads+0x29c/0x2d0
[  256.982374][ T7400]  ? __kasan_check_write+0x14/0x20
[  256.987342][ T7400]  do_group_exit+0x21a/0x2d0
[  256.991749][ T7400]  __x64_sys_exit_group+0x3f/0x40
[  256.996625][ T7400]  do_syscall_64+0x3d/0xb0
[  257.000861][ T7400]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  257.006606][ T7400] RIP: 0033:0x7f29d027cea9
[  257.010843][ T7400] Code: Unable to access opcode bytes at 0x7f29d027ce7f.
[  257.017716][ T7400] RSP: 002b:00007ffc882fa008 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  257.026108][ T7400] RAX: ffffffffffffffda RBX: 00007f29d02d96ba RCX: 00007f29d027cea9
[  257.033933][ T7400] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  257.041769][ T7400] RBP: 0000000000000027 R08: 00007ffc882f7da6 R09: 00007ffc882fb2c0
[  257.049571][ T7400] R10: 000000000000000a R11: 0000000000000246 R12: 00007ffc882fb2c0
[  257.057384][ T7400] R13: 00007f29d02d9636 R14: 0000555556b18430 R15: 0000000000000004
[  257.065180][ T7400]  </TASK>
[  257.066051][ T5398] usb 4-1: Using ep0 maxpacket: 8
[  257.068064][ T7400] ---[ end trace 0000000000000000 ]---
[  257.186129][ T5398] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  257.287217][ T5398] usb 4-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d
[  257.296381][ T5398] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105
[  257.306143][ T5398] usb 4-1: SerialNumber: syz
[  257.313630][   T28] audit: type=1400 audit(2000000184.669:21435): avc:  denied  { shutdown } for  pid=10134 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  257.335867][ T5398] usb 4-1: config 0 descriptor??
[  257.372280][   T28] audit: type=1400 audit(2000000184.709:21436): avc:  denied  { rename } for  pid=10137 comm="syz-executor.1" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="incremental-fs" ino=1960 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  257.436528][ T5398] usb 4-1: Found UVC 105.00 device <unnamed> (05ac:8501)
[  257.443404][ T5398] usb 4-1: No valid video chain found.
[  257.553450][T10145] bridge0: port 1(bridge_slave_0) entered blocking state
[  257.566073][T10145] bridge0: port 1(bridge_slave_0) entered disabled state
[  257.578730][T10145] device bridge_slave_0 entered promiscuous mode
[  257.585789][T10145] bridge0: port 2(bridge_slave_1) entered blocking state
[  257.592758][T10145] bridge0: port 2(bridge_slave_1) entered disabled state
[  257.600587][T10145] device bridge_slave_1 entered promiscuous mode
[  257.627424][T10165] loop1: detected capacity change from 0 to 2048
[  257.701367][T10165]  loop1: unable to read partition table
[  257.713783][T10165] loop1: partition table beyond EOD, truncated
[  257.724532][T10145] bridge0: port 2(bridge_slave_1) entered blocking state
[  257.731420][T10145] bridge0: port 2(bridge_slave_1) entered forwarding state
[  257.738514][T10145] bridge0: port 1(bridge_slave_0) entered blocking state
[  257.745282][T10145] bridge0: port 1(bridge_slave_0) entered forwarding state
[  257.745741][T10165] loop_reread_partitions: partition scan of loop1 () failed (rc=-5)
[  257.760479][ T5660] device bridge_slave_1 left promiscuous mode
[  257.767064][ T5660] bridge0: port 2(bridge_slave_1) entered disabled state
[  257.776862][ T5660] device bridge_slave_0 left promiscuous mode
[  257.782809][ T5660] bridge0: port 1(bridge_slave_0) entered disabled state
[  257.807100][ T5660] device veth1_macvtap left promiscuous mode
[  257.812970][ T5660] device veth0_vlan left promiscuous mode
[  257.916787][T10168] netlink: 'syz-executor.1': attribute type 2 has an invalid length.
[  258.078603][  T334] bridge0: port 1(bridge_slave_0) entered disabled state
[  258.087736][  T334] bridge0: port 2(bridge_slave_1) entered disabled state
[  258.108224][T10165] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[  258.165106][  T357] usb 4-1: USB disconnect, device number 29
[  258.172060][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  258.187100][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  258.194390][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  258.207051][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  258.232768][  T334] bridge0: port 1(bridge_slave_0) entered blocking state
[  258.239652][  T334] bridge0: port 1(bridge_slave_0) entered forwarding state
[  258.262022][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  258.276703][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  258.292287][  T334] bridge0: port 2(bridge_slave_1) entered blocking state
[  258.299170][  T334] bridge0: port 2(bridge_slave_1) entered forwarding state
[  258.355625][ T5398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  258.366842][ T5398] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  258.423013][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  258.431254][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  258.444480][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  258.461260][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  258.474266][T10145] device veth0_vlan entered promiscuous mode
[  258.483418][   T28] audit: type=1400 audit(2000000185.839:21437): avc:  denied  { mount } for  pid=10181 comm="syz-executor.1" name="/" dev="configfs" ino=11669 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[  258.507617][  T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  258.515366][  T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  258.555548][T10145] device veth1_macvtap entered promiscuous mode
[  258.560334][   T28] audit: type=1400 audit(2000000185.919:21438): avc:  denied  { unmount } for  pid=9679 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[  258.582408][ T5398] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  258.605664][ T5398] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  258.622977][ T5398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  258.638850][ T5398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  258.656383][ T5398] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  258.668954][T10188] device pim6reg1 entered promiscuous mode
[  258.676164][T10190] loop4: detected capacity change from 0 to 512
[  258.682758][T10190] /dev/loop4: Can't open blockdev
[  258.696623][ T5398] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  258.710124][T10193] loop3: detected capacity change from 0 to 512
[  258.726384][ T5398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  258.735595][T10193] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  258.747174][  T357] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  258.755297][  T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  258.789224][T10195] loop4: detected capacity change from 0 to 2048
[  258.882924][T10206] : renamed from ipvlan1
[  258.893357][T10208] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[  258.913073][T10195]  loop4: unable to read partition table
[  258.920861][T10195] loop4: partition table beyond EOD, truncated
[  258.920901][T10208] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[  258.934498][T10195] loop_reread_partitions: partition scan of loop4 () failed (rc=-5)
[  258.970348][T10163] loop2: detected capacity change from 0 to 40427
[  258.982110][T10163] F2FS-fs (loop2): Invalid segment/section count (458776 != 24 * 1)
[  258.996547][T10163] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  259.006831][T10163] F2FS-fs (loop2): Unrecognized mount option "ÿ" or missing value
[  259.006918][T10195] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[  259.047434][T10195] netlink: 'syz-executor.4': attribute type 2 has an invalid length.
[  259.076250][T10216] netlink: 'syz-executor.1': attribute type 1 has an invalid length.
[  259.181152][T10219] loop4: detected capacity change from 0 to 256
[  259.206688][T10223] loop3: detected capacity change from 0 to 512
[  259.214779][T10223] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  259.281705][T10237] Zero length message leads to an empty skb
[  259.376968][T10245] loop2: detected capacity change from 0 to 512
[  259.392255][T10243] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  259.407756][T10245] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  259.407788][T10243] kvm: pic: level sensitive irq not supported
[  259.416857][T10245] ext4 filesystem being mounted at /root/syzkaller-testdir3918627181/syzkaller.dccpnf/5/file0 supports timestamps until 2038 (0x7fffffff)
[  259.476821][T10255] loop4: detected capacity change from 0 to 256
[  259.604482][T10243] kvm: pic: non byte read
[  259.619732][T10006] EXT4-fs (loop2): unmounting filesystem.
[  259.746523][  T334] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  259.789848][T10261] loop0: detected capacity change from 0 to 256
[  260.009080][T10263] loop1: detected capacity change from 0 to 512
[  260.084217][ T5660] kworker/u4:7: attempt to access beyond end of device
[  260.084217][ T5660] loop0: rw=1, sector=256, nr_sectors = 288 limit=256
[  260.098127][ T5660] kworker/u4:7: attempt to access beyond end of device
[  260.098127][ T5660] loop0: rw=1, sector=608, nr_sectors = 416 limit=256
[  260.114780][ T5660] kworker/u4:7: attempt to access beyond end of device
[  260.114780][ T5660] loop0: rw=1, sector=1056, nr_sectors = 4104 limit=256
[  260.134564][ T5660] kworker/u4:7: attempt to access beyond end of device
[  260.134564][ T5660] loop0: rw=1, sector=5160, nr_sectors = 7040 limit=256
[  260.153630][ T5660] kworker/u4:7: attempt to access beyond end of device
[  260.153630][ T5660] loop0: rw=1, sector=12200, nr_sectors = 6588 limit=256
[  260.356186][  T334] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  260.369281][  T334] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  260.379193][  T334] usb 4-1: New USB device found, idVendor=046d, idProduct=c29a, bcdDevice= 0.00
[  260.388607][T10290] binder: BINDER_SET_CONTEXT_MGR already set
[  260.395811][T10290] binder: 10289:10290 ioctl 4018620d 200002c0 returned -16
[  260.402960][  T334] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  260.411602][  T334] usb 4-1: config 0 descriptor??
[  260.541211][T10292] loop2: detected capacity change from 0 to 512
[  260.590938][T10292] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  260.610084][T10292] ext4 filesystem being mounted at /root/syzkaller-testdir3918627181/syzkaller.dccpnf/8/file0 supports timestamps until 2038 (0x7fffffff)
[  260.655943][T10006] EXT4-fs (loop2): unmounting filesystem.
[  260.906866][  T334] logitech 0003:046D:C29A.0040: unknown main item tag 0x0
[  260.916088][  T334] logitech 0003:046D:C29A.0040: item fetching failed at offset 5/7
[  260.934126][  T334] logitech 0003:046D:C29A.0040: parse failed
[  260.940022][  T334] logitech: probe of 0003:046D:C29A.0040 failed with error -22
[  260.957107][T10315] SELinux: security_context_str_to_sid () failed with errno=-22
[  260.995393][T10317] loop4: detected capacity change from 0 to 256
[  261.006639][T10317] exfat: Bad value for 'allow_utime'
[  261.078263][T10320] bridge0: port 3(gretap0) entered blocking state
[  261.084562][T10320] bridge0: port 3(gretap0) entered disabled state
[  261.093123][T10320] device gretap0 entered promiscuous mode
[  261.099064][T10320] bridge0: port 3(gretap0) entered blocking state
[  261.105289][T10320] bridge0: port 3(gretap0) entered forwarding state
[  261.117462][T10320] device gretap0 left promiscuous mode
[  261.123142][T10320] bridge0: port 3(gretap0) entered disabled state
[  261.251204][  T726] usb 4-1: USB disconnect, device number 30
[  261.289590][T10317] kvm [10316]: vcpu0, guest rIP: 0xfff0 unimplemented MMIO_CONF_BASE wrmsr: 0x30303030303d6b73
[  261.381975][   T28] audit: type=1400 audit(2000000188.739:21439): avc:  denied  { relabelfrom } for  pid=10322 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  261.419609][   T28] audit: type=1400 audit(2000000188.739:21440): avc:  denied  { relabelto } for  pid=10322 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  261.435652][T10286] loop1: detected capacity change from 0 to 40427
[  261.447252][T10286] F2FS-fs (loop1): Invalid segment/section count (458776 != 24 * 1)
[  261.455079][T10286] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  261.463382][T10286] F2FS-fs (loop1): Unrecognized mount option "ÿ" or missing value
[  261.761263][T10351] loop1: detected capacity change from 0 to 256
[  261.769532][T10351] exfat: Bad value for 'allow_utime'
[  261.830746][T10354] loop4: detected capacity change from 0 to 256
[  263.317989][  T726] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  263.333979][T10410] loop4: detected capacity change from 0 to 256
[  263.343832][T10409] loop1: detected capacity change from 0 to 256
[  263.350394][T10409] exfat: Bad value for 'allow_utime'
[  263.358471][   T28] audit: type=1400 audit(2000000190.719:21441): avc:  denied  { setopt } for  pid=10408 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  263.379820][   T28] audit: type=1400 audit(2000000190.719:21442): avc:  denied  { bind } for  pid=10408 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  263.404318][T10409] kvm [10407]: vcpu0, guest rIP: 0xfff0 unimplemented MMIO_CONF_BASE wrmsr: 0x30303030303d6b73
[  263.419758][T10419] loop0: detected capacity change from 0 to 2048
[  263.426683][T10419] EXT4-fs: Ignoring removed nobh option
[  263.432060][T10419] EXT4-fs: Ignoring removed mblk_io_submit option
[  263.457538][T10419] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  263.467748][T10419] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[  263.477563][T10419] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor.0: bg 0: block 234: padding at end of block bitmap is not set
[  263.493508][T10419] EXT4-fs (loop0): Remounting filesystem read-only
[  263.499921][T10419] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6157: Corrupt filesystem
[  263.512435][T10145] EXT4-fs (loop0): unmounting filesystem.
[  263.634129][T10439] loop4: detected capacity change from 0 to 256
[  263.919217][  T726] usb 4-1: Using ep0 maxpacket: 32
[  264.127596][T10436] loop1: detected capacity change from 0 to 256
[  264.128459][  T726] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32
[  264.194206][   T28] audit: type=1400 audit(2000000191.549:21443): avc:  denied  { write } for  pid=10449 comm="syz-executor.2" name="file0" dev="sda1" ino=1967 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=blk_file permissive=1
[  264.197771][T10450] loop2: detected capacity change from 0 to 256
[  264.223249][T10450] FAT-fs (loop2): Unrecognized mount option "noNumtail=0" or missing value
[  264.231239][   T28] audit: type=1400 audit(2000000191.549:21444): avc:  denied  { rename } for  pid=10449 comm="syz-executor.2" name="file0" dev="sda1" ino=1967 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=blk_file permissive=1
[  264.261906][  T343] kworker/u4:3: attempt to access beyond end of device
[  264.261906][  T343] loop1: rw=1, sector=256, nr_sectors = 288 limit=256
[  264.275684][  T343] kworker/u4:3: attempt to access beyond end of device
[  264.275684][  T343] loop1: rw=1, sector=608, nr_sectors = 416 limit=256
[  264.282059][T10450] loop2: detected capacity change from 0 to 1024
[  264.301553][  T343] kworker/u4:3: attempt to access beyond end of device
[  264.301553][  T343] loop1: rw=1, sector=1056, nr_sectors = 9008 limit=256
[  264.303843][T10450] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  264.322334][  T343] kworker/u4:3: attempt to access beyond end of device
[  264.322334][  T343] loop1: rw=1, sector=10064, nr_sectors = 8724 limit=256
[  264.337461][T10450] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  264.375257][  T726] usb 4-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  264.384209][  T726] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  264.391997][  T726] usb 4-1: Product: syz
[  264.395928][  T726] usb 4-1: Manufacturer: syz
[  264.400416][  T726] usb 4-1: SerialNumber: syz
[  264.405392][  T726] usb 4-1: config 0 descriptor??
[  264.446177][T10377] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  264.477796][  T726] hub 4-1:0.0: bad descriptor, ignoring hub
[  264.483533][  T726] hub: probe of 4-1:0.0 failed with error -5
[  264.495933][T10461] loop4: detected capacity change from 0 to 2048
[  264.502734][T10461] EXT4-fs: Ignoring removed nobh option
[  264.506736][T10450] EXT4-fs (loop2): unmounting filesystem.
[  264.516277][T10461] EXT4-fs: Ignoring removed mblk_io_submit option
[  264.522667][T10461] /dev/loop4: Can't open blockdev
[  264.650798][T10471] loop0: detected capacity change from 0 to 512
[  264.660942][   T28] audit: type=1400 audit(2000000191.989:21445): avc:  denied  { remount } for  pid=10453 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  264.681957][T10471] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  264.748890][T10461] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'.
[  264.758675][T10471] EXT4-fs (loop0): 1 orphan inode deleted
[  264.764233][T10471] EXT4-fs (loop0): 1 truncate cleaned up
[  264.769751][T10471] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  264.836122][  T726] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  264.856366][  T333] usb 4-1: USB disconnect, device number 31
[  265.044560][T10486] loop4: detected capacity change from 0 to 256
[  265.076129][  T726] usb 3-1: Using ep0 maxpacket: 16
[  265.216187][  T726] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping
[  265.226584][  T726] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 46, changing to 9
[  265.237415][  T726] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x87 has invalid maxpacket 42614, setting to 1024
[  265.248357][  T726] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  265.297874][T10145] EXT4-fs (loop0): unmounting filesystem.
[  265.331622][   T28] audit: type=1400 audit(2000000192.689:21446): avc:  denied  { mount } for  pid=10499 comm="syz-executor.3" name="/" dev="pstore" ino=12926 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1
[  265.332781][T10500] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  265.368139][T10502] SELinux:  Context system_u:object_r:apt_var_lib_t:s0 is not valid (left unmapped).
[  265.379766][   T28] audit: type=1400 audit(2000000192.739:21447): avc:  denied  { relabelto } for  pid=10501 comm="syz-executor.1" name="file0" dev="sda1" ino=1946 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:apt_var_lib_t:s0"
[  265.409332][   T28] audit: type=1400 audit(2000000192.739:21448): avc:  denied  { setattr } for  pid=10501 comm="syz-executor.1" name="file0" dev="sda1" ino=1946 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:apt_var_lib_t:s0"
[  265.437893][   T28] audit: type=1400 audit(2000000192.739:21449): avc:  denied  { unlink } for  pid=9679 comm="syz-executor.1" name="file0" dev="sda1" ino=1946 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:apt_var_lib_t:s0"
[  265.465095][  T726] usb 3-1: New USB device found, idVendor=058f, idProduct=3820, bcdDevice=2b.79
[  265.468368][   T28] audit: type=1400 audit(2000000192.829:21450): avc:  denied  { unmount } for  pid=9140 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1
[  265.479585][  T726] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  265.503316][  T726] usb 3-1: Product: syz
[  265.520649][  T726] usb 3-1: Manufacturer: syz
[  265.534438][  T726] usb 3-1: SerialNumber: syz
[  265.570803][  T726] usb 3-1: config 0 descriptor??
[  265.586354][T10469] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  265.606614][  T726] usb 3-1: Found UVC 0.00 device syz (058f:3820)
[  265.612829][  T726] usb 3-1: No valid video chain found.
[  266.164916][T10516] loop3: detected capacity change from 0 to 512
[  266.177786][T10516] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  266.177942][  T357] usb 3-1: USB disconnect, device number 26
[  266.197285][T10516] EXT4-fs (loop3): 1 orphan inode deleted
[  266.202871][T10516] EXT4-fs (loop3): 1 truncate cleaned up
[  266.208389][T10516] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  266.250905][ T9140] EXT4-fs (loop3): unmounting filesystem.
[  266.322787][T10536] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[  266.341825][T10536] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[  266.362825][T10536] A link change request failed with some changes committed already. Interface wg2 may have been left with an inconsistent configuration, please check.
[  266.477561][T10547] loop3: detected capacity change from 0 to 256
[  266.521092][T10568] loop1: detected capacity change from 0 to 2048
[  266.566765][T10568]  loop1: p3 < > p4 < >
[  266.570822][T10568] loop1: partition table partially beyond EOD, truncated
[  266.577776][T10568] loop1: p3 start 4284289 is beyond EOD, truncated
[  266.590780][  T563] kworker/u4:4: attempt to access beyond end of device
[  266.590780][  T563] loop3: rw=1, sector=256, nr_sectors = 288 limit=256
[  266.611070][  T563] kworker/u4:4: attempt to access beyond end of device
[  266.611070][  T563] loop3: rw=1, sector=608, nr_sectors = 416 limit=256
[  266.628980][  T563] kworker/u4:4: attempt to access beyond end of device
[  266.628980][  T563] loop3: rw=1, sector=1056, nr_sectors = 2048 limit=256
[  266.644697][  T563] kworker/u4:4: attempt to access beyond end of device
[  266.644697][  T563] loop3: rw=1, sector=3104, nr_sectors = 2656 limit=256
[  266.670142][  T563] kworker/u4:4: attempt to access beyond end of device
[  266.670142][  T563] loop3: rw=1, sector=5760, nr_sectors = 2048 limit=256
[  266.694282][  T563] kworker/u4:4: attempt to access beyond end of device
[  266.694282][  T563] loop3: rw=1, sector=7808, nr_sectors = 2048 limit=256
[  266.728060][  T563] kworker/u4:4: attempt to access beyond end of device
[  266.728060][  T563] loop3: rw=1, sector=9856, nr_sectors = 2056 limit=256
[  266.745413][  T563] kworker/u4:4: attempt to access beyond end of device
[  266.745413][  T563] loop3: rw=1, sector=11912, nr_sectors = 3840 limit=256
[  266.764324][  T563] kworker/u4:4: attempt to access beyond end of device
[  266.764324][  T563] loop3: rw=1, sector=15752, nr_sectors = 3036 limit=256
[  267.383761][T10603] SELinux: security_context_str_to_sid () failed with errno=-22
[  267.432508][T10610] loop0: detected capacity change from 0 to 128
[  267.539151][T10617] bridge0: port 3(gretap0) entered blocking state
[  267.545426][T10617] bridge0: port 3(gretap0) entered disabled state
[  267.553851][T10617] device gretap0 entered promiscuous mode
[  267.559892][T10617] bridge0: port 3(gretap0) entered blocking state
[  267.566160][T10617] bridge0: port 3(gretap0) entered forwarding state
[  267.592920][T10617] device gretap0 left promiscuous mode
[  267.598670][T10617] bridge0: port 3(gretap0) entered disabled state
[  267.833049][T10619] loop0: detected capacity change from 0 to 2048
[  267.840032][T10619] EXT4-fs: Ignoring removed nobh option
[  267.845547][T10619] EXT4-fs: Ignoring removed mblk_io_submit option
[  267.867832][T10619] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  267.879063][T10619] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[  267.889051][T10619] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor.0: bg 0: block 234: padding at end of block bitmap is not set
[  267.903894][T10619] EXT4-fs (loop0): Remounting filesystem read-only
[  267.910441][T10619] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6157: Corrupt filesystem
[  267.923969][T10145] EXT4-fs (loop0): unmounting filesystem.
[  267.934345][T10620] bridge0: port 1(bridge_slave_0) entered blocking state
[  267.941400][T10620] bridge0: port 1(bridge_slave_0) entered disabled state
[  267.948572][T10620] device bridge_slave_0 entered promiscuous mode
[  267.955171][T10620] bridge0: port 2(bridge_slave_1) entered blocking state
[  267.962135][T10620] bridge0: port 2(bridge_slave_1) entered disabled state
[  267.969569][T10620] device bridge_slave_1 entered promiscuous mode
[  268.037217][T10620] bridge0: port 2(bridge_slave_1) entered blocking state
[  268.044104][T10620] bridge0: port 2(bridge_slave_1) entered forwarding state
[  268.051173][T10620] bridge0: port 1(bridge_slave_0) entered blocking state
[  268.057971][T10620] bridge0: port 1(bridge_slave_0) entered forwarding state
[  268.077128][  T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  268.084760][  T357] bridge0: port 1(bridge_slave_0) entered disabled state
[  268.092035][  T357] bridge0: port 2(bridge_slave_1) entered disabled state
[  268.100704][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  268.108735][   T39] bridge0: port 1(bridge_slave_0) entered blocking state
[  268.115577][   T39] bridge0: port 1(bridge_slave_0) entered forwarding state
[  268.124944][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  268.133000][   T39] bridge0: port 2(bridge_slave_1) entered blocking state
[  268.139854][   T39] bridge0: port 2(bridge_slave_1) entered forwarding state
[  268.155480][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  268.163266][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  268.173433][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  268.184297][ T4472] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  268.192436][ T4472] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  268.199855][ T4472] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  268.208851][T10620] device veth0_vlan entered promiscuous mode
[  268.220856][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  268.238285][T10620] device veth1_macvtap entered promiscuous mode
[  268.250165][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  268.267310][ T5398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  268.295010][T10655] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  268.314714][T10657] I/O error, dev loop2, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2
[  268.324158][T10657] EXT4-fs (loop2): unable to read superblock
[  268.357158][ T4472] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  268.378235][   T28] kauditd_printk_skb: 2753 callbacks suppressed
[  268.378251][   T28] audit: type=1400 audit(2000000195.739:24204): avc:  denied  { append } for  pid=10670 comm="syz-executor.3" name="hwrng" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1
[  268.411722][   T28] audit: type=1400 audit(2000000195.769:24205): avc:  denied  { shutdown } for  pid=10670 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  268.445113][   T28] audit: type=1400 audit(2000000195.799:24206): avc:  denied  { read } for  pid=10674 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  268.535761][T10687] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[  268.552294][T10691] I/O error, dev loop3, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2
[  268.561871][T10691] EXT4-fs (loop3): unable to read superblock
[  268.584280][T10697] tmpfs: Unknown parameter 'waùs'
[  268.596204][ T4472] usb 1-1: Using ep0 maxpacket: 16
[  268.601528][T10697] overlayfs: conflicting options: nfs_export=on,metacopy=on
[  268.674198][T10714] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  268.726942][T10718] /dev/loop4: Can't open blockdev
[  268.737327][  T904] device bridge_slave_1 left promiscuous mode
[  268.745671][  T904] bridge0: port 2(bridge_slave_1) entered disabled state
[  268.759545][  T904] device bridge_slave_0 left promiscuous mode
[  268.765506][  T904] bridge0: port 1(bridge_slave_0) entered disabled state
[  268.773418][  T904] device veth1_macvtap left promiscuous mode
[  268.787153][  T904] device veth0_vlan left promiscuous mode
[  268.940012][T10733] loop1: detected capacity change from 0 to 256
[  268.992115][ T4472] usb 1-1: New USB device found, idVendor=1199, idProduct=0025, bcdDevice=1e.64
[  269.001268][ T4472] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  269.009434][ T4472] usb 1-1: Product: syz
[  269.013552][ T4472] usb 1-1: Manufacturer: syz
[  269.059063][ T4472] usb 1-1: SerialNumber: syz
[  269.080337][T10737] tmpfs: Unknown parameter 'waùs'
[  269.085883][ T4472] usb 1-1: config 0 descriptor??
[  269.086551][T10737] overlayfs: conflicting options: nfs_export=on,metacopy=on
[  269.130483][T10742] loop4: detected capacity change from 0 to 512
[  269.137182][T10742] /dev/loop4: Can't open blockdev
[  269.137759][T10721] bridge0: port 1(bridge_slave_0) entered blocking state
[  269.149667][T10721] bridge0: port 1(bridge_slave_0) entered disabled state
[  269.157162][T10721] device bridge_slave_0 entered promiscuous mode
[  269.167089][T10721] bridge0: port 2(bridge_slave_1) entered blocking state
[  269.174082][T10721] bridge0: port 2(bridge_slave_1) entered disabled state
[  269.181492][T10721] device bridge_slave_1 entered promiscuous mode
[  269.190652][T10746] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  269.245128][T10721] bridge0: port 2(bridge_slave_1) entered blocking state
[  269.252014][T10721] bridge0: port 2(bridge_slave_1) entered forwarding state
[  269.259127][T10721] bridge0: port 1(bridge_slave_0) entered blocking state
[  269.265968][T10721] bridge0: port 1(bridge_slave_0) entered forwarding state
[  269.292134][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  269.300108][  T334] bridge0: port 1(bridge_slave_0) entered disabled state
[  269.307722][  T334] bridge0: port 2(bridge_slave_1) entered disabled state
[  269.319844][ T5398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  269.327954][ T5398] bridge0: port 1(bridge_slave_0) entered blocking state
[  269.334807][ T5398] bridge0: port 1(bridge_slave_0) entered forwarding state
[  269.345257][ T5398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  269.353429][ T5398] bridge0: port 2(bridge_slave_1) entered blocking state
[  269.360308][ T5398] bridge0: port 2(bridge_slave_1) entered forwarding state
[  269.377081][  T334] usb 1-1: USB disconnect, device number 33
[  269.385819][  T316] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  269.394282][  T316] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  269.408834][ T5398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  269.419940][ T5398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  269.427944][ T5398] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  269.435119][ T5398] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  269.444093][T10721] device veth0_vlan entered promiscuous mode
[  269.455580][ T5398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  269.456124][ T4472] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  269.465086][T10721] device veth1_macvtap entered promiscuous mode
[  269.480375][  T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  269.490535][ T5398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  269.512791][T10761] loop4: detected capacity change from 0 to 512
[  269.519802][T10761] /dev/loop4: Can't open blockdev
[  269.535759][T10763] device syzkaller0 entered promiscuous mode
[  269.621992][T10767] syz-executor.1[10767] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  269.622039][T10767] syz-executor.1[10767] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  269.757776][T10791] loop1: detected capacity change from 0 to 256
[  269.826126][ T4472] usb 3-1: config index 0 descriptor too short (expected 1060, got 36)
[  269.834208][ T4472] usb 3-1: config 0 contains an unexpected descriptor of type 0x1, skipping
[  269.842757][ T4472] usb 3-1: config 0 has no interfaces?
[  269.848120][ T4472] usb 3-1: New USB device found, idVendor=056a, idProduct=00e2, bcdDevice= 0.00
[  269.848294][  T904] device bridge_slave_1 left promiscuous mode
[  269.865350][ T4472] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  269.866238][  T904] bridge0: port 2(bridge_slave_1) entered disabled state
[  269.889073][ T4472] usb 3-1: config 0 descriptor??
[  269.901893][  T904] device bridge_slave_0 left promiscuous mode
[  269.908435][  T904] bridge0: port 1(bridge_slave_0) entered disabled state
[  269.918112][  T904] device veth1_macvtap left promiscuous mode
[  269.924750][  T904] device veth0_vlan left promiscuous mode
[  270.064456][T10806] device syzkaller0 entered promiscuous mode
[  270.081583][T10779] loop3: detected capacity change from 0 to 131072
[  270.091020][T10779] F2FS-fs (loop3): QUOTA feature is enabled, so ignore qf_name
[  270.099419][T10779] F2FS-fs (loop3): invalid crc value
[  270.105731][T10779] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387)
[  270.128618][T10779] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b
[  270.139261][ T4472] usb 3-1: USB disconnect, device number 27
[  270.232538][T10817] Â: renamed from pim6reg1
[  270.239973][T10817] netlink: 168 bytes leftover after parsing attributes in process `syz-executor.1'.
[  270.294708][T10823] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
[  270.452048][T10825] input: syz0 as /devices/virtual/input/input55
[  270.664657][T10834] tipc: Failed to remove unknown binding: 66,1,1/0:3728643782/3728643784
[  270.673437][T10834] tipc: Failed to remove unknown binding: 66,1,1/0:3728643782/3728643784
[  270.745779][   T28] audit: type=1400 audit(2000000198.099:24207): avc:  denied  { setopt } for  pid=10843 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  270.789206][   T28] audit: type=1400 audit(2000000198.149:24208): avc:  denied  { write } for  pid=10845 comm="syz-executor.4" name="loop-control" dev="devtmpfs" ino=113 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  270.834187][   T28] audit: type=1326 audit(2000000198.169:24209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10845 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f46a687cea9 code=0x0
[  270.926061][ T5398] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  270.966983][T10865] SELinux: security_context_str_to_sid () failed with errno=-22
[  271.078441][T10868] bridge0: port 3(gretap0) entered blocking state
[  271.084696][T10868] bridge0: port 3(gretap0) entered disabled state
[  271.091400][T10868] device gretap0 entered promiscuous mode
[  271.097315][T10868] bridge0: port 3(gretap0) entered blocking state
[  271.103541][T10868] bridge0: port 3(gretap0) entered forwarding state
[  271.112010][T10868] device gretap0 left promiscuous mode
[  271.117412][T10868] bridge0: port 3(gretap0) entered disabled state
[  271.426281][T10875] loop3: detected capacity change from 0 to 2048
[  271.437998][T10875] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  271.454903][T10838] loop2: detected capacity change from 0 to 131072
[  271.462187][T10838] F2FS-fs (loop2): QUOTA feature is enabled, so ignore qf_name
[  271.470572][T10838] F2FS-fs (loop2): invalid crc value
[  271.477343][T10838] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387)
[  271.507912][T10838] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b
[  271.517133][ T5398] usb 2-1: Using ep0 maxpacket: 16
[  271.649697][   T28] audit: type=1400 audit(2000000198.999:24210): avc:  denied  { map } for  pid=10874 comm="syz-executor.3" path="socket:[65814]" dev="sockfs" ino=65814 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  271.910795][T10900] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  272.046076][T10907] device syzkaller0 entered promiscuous mode
[  272.096196][ T5398] usb 2-1: New USB device found, idVendor=1199, idProduct=0025, bcdDevice=1e.64
[  272.105114][ T5398] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  272.113251][ T5398] usb 2-1: Product: syz
[  272.117972][ T5398] usb 2-1: Manufacturer: syz
[  272.122411][ T5398] usb 2-1: SerialNumber: syz
[  272.128443][ T5398] usb 2-1: config 0 descriptor??
[  272.197141][T10911] input: syz0 as /devices/virtual/input/input56
[  272.338897][T10721] EXT4-fs (loop3): unmounting filesystem.
[  272.425587][   T28] audit: type=1326 audit(2000000199.769:24211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10912 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f46a687cea9 code=0x0
[  272.451181][ T5398] usb 2-1: USB disconnect, device number 17
[  272.572605][T10932] loop3: detected capacity change from 0 to 128
[  272.579150][T10932] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  272.591016][T10932] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  272.609486][T10934] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[  272.706355][T10939] loop3: detected capacity change from 0 to 2048
[  272.717574][T10939] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  273.188754][T10956] fuse: Unknown parameter '„dä(”z%À'
[  273.721368][T10721] EXT4-fs (loop3): unmounting filesystem.
[  273.766789][T10980] loop4: detected capacity change from 0 to 128
[  274.071168][T11002] loop2: detected capacity change from 0 to 2048
[  274.087421][T11002] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  274.095864][T11002] ext4 filesystem being mounted at /root/syzkaller-testdir3345996764/syzkaller.1DSPFw/29/bus supports timestamps until 2038 (0x7fffffff)
[  274.116118][ T5398] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  274.127483][T10620] EXT4-fs (loop2): unmounting filesystem.
[  274.260822][T11020] device syzkaller0 entered promiscuous mode
[  274.376111][ T5398] usb 4-1: Using ep0 maxpacket: 16
[  274.410423][T11030] loop2: detected capacity change from 0 to 40427
[  274.419399][T11030] F2FS-fs (loop2): Found nat_bits in checkpoint
[  274.444830][T11030] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  274.919246][T11046] loop2: detected capacity change from 0 to 40427
[  274.926136][ T5398] usb 4-1: New USB device found, idVendor=1199, idProduct=0025, bcdDevice=1e.64
[  274.935168][ T5398] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  274.943115][ T5398] usb 4-1: Product: syz
[  274.947601][ T5398] usb 4-1: Manufacturer: syz
[  274.952096][ T5398] usb 4-1: SerialNumber: syz
[  274.958695][ T5398] usb 4-1: config 0 descriptor??
[  274.965047][T11046] F2FS-fs (loop2): Found nat_bits in checkpoint
[  275.007941][T11046] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  275.035193][T11046] syz-executor.2: attempt to access beyond end of device
[  275.035193][T11046] loop2: rw=2049, sector=53248, nr_sectors = 136 limit=40427
[  275.126315][T10620] syz-executor.2: attempt to access beyond end of device
[  275.126315][T10620] loop2: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  275.200717][  T357] usb 4-1: USB disconnect, device number 32
[  275.358927][T11072] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  275.556990][T11080] SELinux: security_context_str_to_sid () failed with errno=-22
[  275.638491][T11082] device syzkaller0 entered promiscuous mode
[  275.673739][T11084] bridge0: port 3(gretap0) entered blocking state
[  275.680118][T11084] bridge0: port 3(gretap0) entered disabled state
[  275.688564][T11084] device gretap0 entered promiscuous mode
[  275.694499][T11084] bridge0: port 3(gretap0) entered blocking state
[  275.700746][T11084] bridge0: port 3(gretap0) entered forwarding state
[  275.726613][T11084] device gretap0 left promiscuous mode
[  275.732264][T11084] bridge0: port 3(gretap0) entered disabled state
[  275.752590][ T4472] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  276.003545][T11094] binder: binder_mmap: 11093 20ffb000-20fff000 bad vm_flags failed -1
[  276.101135][   T28] audit: type=1400 audit(2000000203.459:24212): avc:  denied  { write } for  pid=11106 comm="syz-executor.4" name="ppp" dev="devtmpfs" ino=138 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  276.136231][ T4472] usb 2-1: config index 0 descriptor too short (expected 1060, got 36)
[  276.144315][ T4472] usb 2-1: config 0 contains an unexpected descriptor of type 0x1, skipping
[  276.166445][ T4472] usb 2-1: config 0 has no interfaces?
[  276.172780][ T4472] usb 2-1: New USB device found, idVendor=056a, idProduct=00e2, bcdDevice= 0.00
[  276.182599][ T4472] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  276.204463][ T4472] usb 2-1: config 0 descriptor??
[  276.237105][T11108] bridge0: port 1(bridge_slave_0) entered blocking state
[  276.244001][T11108] bridge0: port 1(bridge_slave_0) entered disabled state
[  276.251949][T11108] device bridge_slave_0 entered promiscuous mode
[  276.258727][   T28] audit: type=1400 audit(2000000203.619:24213): avc:  denied  { map } for  pid=11111 comm="syz-executor.4" path="/dev/hwrng" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1
[  276.287673][   T28] audit: type=1400 audit(2000000203.619:24214): avc:  denied  { execute } for  pid=11111 comm="syz-executor.4" path="/dev/hwrng" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1
[  276.312011][T11108] bridge0: port 2(bridge_slave_1) entered blocking state
[  276.319103][T11108] bridge0: port 2(bridge_slave_1) entered disabled state
[  276.327603][T11108] device bridge_slave_1 entered promiscuous mode
[  276.437118][T11108] bridge0: port 2(bridge_slave_1) entered blocking state
[  276.443983][T11108] bridge0: port 2(bridge_slave_1) entered forwarding state
[  276.451207][T11108] bridge0: port 1(bridge_slave_0) entered blocking state
[  276.453811][   T60] usb 2-1: USB disconnect, device number 18
[  276.457975][T11108] bridge0: port 1(bridge_slave_0) entered forwarding state
[  276.496096][   T39] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  276.497903][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  276.511328][  T334] bridge0: port 1(bridge_slave_0) entered disabled state
[  276.523354][  T334] bridge0: port 2(bridge_slave_1) entered disabled state
[  276.543780][  T357] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  276.551989][  T357] bridge0: port 1(bridge_slave_0) entered blocking state
[  276.558854][  T357] bridge0: port 1(bridge_slave_0) entered forwarding state
[  276.559048][  T357] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  276.573966][  T357] bridge0: port 2(bridge_slave_1) entered blocking state
[  276.573984][  T357] bridge0: port 2(bridge_slave_1) entered forwarding state
[  276.589542][  T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  276.589757][  T357] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  276.611368][  T357] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  276.627689][T11108] device veth0_vlan entered promiscuous mode
[  276.645199][  T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  276.653287][  T357] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  276.660634][  T357] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  276.674157][T11108] device veth1_macvtap entered promiscuous mode
[  276.684941][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  276.703761][ T4472] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  276.716301][ T4472] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  276.797142][  T904] device bridge_slave_1 left promiscuous mode
[  276.803137][  T904] bridge0: port 2(bridge_slave_1) entered disabled state
[  276.819909][  T904] device bridge_slave_0 left promiscuous mode
[  276.833516][  T904] bridge0: port 1(bridge_slave_0) entered disabled state
[  276.850769][  T904] device veth1_macvtap left promiscuous mode
[  276.863213][  T904] device veth0_vlan left promiscuous mode
[  276.870190][   T39] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  276.885610][   T39] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  277.019615][T11146] SELinux: security_context_str_to_sid () failed with errno=-22
[  277.066181][   T39] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  277.079491][   T39] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  277.091158][   T39] usb 1-1: Product: syz
[  277.095224][   T39] usb 1-1: Manufacturer: syz
[  277.099919][   T39] usb 1-1: SerialNumber: syz
[  277.136607][T11150] bridge0: port 3(gretap0) entered blocking state
[  277.142881][T11150] bridge0: port 3(gretap0) entered disabled state
[  277.151674][T11150] device gretap0 entered promiscuous mode
[  277.157670][T11150] bridge0: port 3(gretap0) entered blocking state
[  277.163896][T11150] bridge0: port 3(gretap0) entered forwarding state
[  277.192289][T11150] device gretap0 left promiscuous mode
[  277.198002][T11150] bridge0: port 3(gretap0) entered disabled state
[  277.451528][T11171] loop4: detected capacity change from 0 to 2048
[  277.458351][T11171] /dev/loop4: Can't open blockdev
[  277.927120][T11197] fuse: Unknown parameter '„dä(”z%À'
[  278.326189][   T39] cdc_ncm 1-1:1.0: SET_NTB_FORMAT failed
[  278.366148][   T39] cdc_ncm 1-1:1.0: bind() failure
[  278.371579][   T39] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found
[  278.378775][   T39] cdc_ncm 1-1:1.1: bind() failure
[  278.384358][   T39] usb 1-1: USB disconnect, device number 34
[  278.753484][   T28] audit: type=1400 audit(2000000206.109:24215): avc:  denied  { setopt } for  pid=11218 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  278.794719][T11225] SELinux: security_context_str_to_sid () failed with errno=-22
[  278.801052][T11224] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2326 sclass=netlink_route_socket pid=11224 comm=syz-executor.3
[  278.926409][T11238] bridge0: port 3(gretap0) entered blocking state
[  278.932704][T11238] bridge0: port 3(gretap0) entered disabled state
[  278.941276][T11238] device gretap0 entered promiscuous mode
[  278.947297][T11238] bridge0: port 3(gretap0) entered blocking state
[  278.953526][T11238] bridge0: port 3(gretap0) entered forwarding state
[  278.981099][T11238] device gretap0 left promiscuous mode
[  278.986825][T11238] bridge0: port 3(gretap0) entered disabled state
[  279.675055][T11255] device bridge_slave_1 left promiscuous mode
[  279.681165][T11255] bridge0: port 2(bridge_slave_1) entered disabled state
[  279.692940][T11255] device bridge_slave_0 left promiscuous mode
[  279.699262][T11255] bridge0: port 1(bridge_slave_0) entered disabled state
[  279.825785][T11257] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2326 sclass=netlink_route_socket pid=11257 comm=syz-executor.1
[  279.851264][T11265] sock: sock_timestamping_bind_phc: sock not bind to device
[  279.897284][T11276] SELinux: security_context_str_to_sid () failed with errno=-22
[  280.013345][T11280] bridge0: port 3(gretap0) entered blocking state
[  280.019696][T11280] bridge0: port 3(gretap0) entered disabled state
[  280.028101][T11280] device gretap0 entered promiscuous mode
[  280.034059][T11280] bridge0: port 3(gretap0) entered blocking state
[  280.040309][T11280] bridge0: port 3(gretap0) entered forwarding state
[  280.067127][T11280] device gretap0 left promiscuous mode
[  280.072862][T11280] bridge0: port 3(gretap0) entered disabled state
[  281.427284][T11348] SELinux: security_context_str_to_sid () failed with errno=-22
[  281.575082][T11354] bridge0: port 3(gretap0) entered blocking state
[  281.581418][T11354] bridge0: port 3(gretap0) entered disabled state
[  281.594910][T11354] device gretap0 entered promiscuous mode
[  281.601634][T11354] bridge0: port 3(gretap0) entered blocking state
[  281.607891][T11354] bridge0: port 3(gretap0) entered forwarding state
[  281.709075][T11354] device gretap0 left promiscuous mode
[  281.715419][T11354] bridge0: port 3(gretap0) entered disabled state
[  282.165544][T11357] 9pnet_fd: Insufficient options for proto=fd
[  282.171866][T11357] overlayfs: missing 'workdir'
[  282.568348][T11384] SELinux: security_context_str_to_sid () failed with errno=-22
[  282.689484][T11393] bridge0: port 3(gretap0) entered blocking state
[  282.695757][T11393] bridge0: port 3(gretap0) entered disabled state
[  282.704468][T11393] device gretap0 entered promiscuous mode
[  282.710512][T11393] bridge0: port 3(gretap0) entered blocking state
[  282.716757][T11393] bridge0: port 3(gretap0) entered forwarding state
[  282.746120][T11393] device gretap0 left promiscuous mode
[  282.751951][T11393] bridge0: port 3(gretap0) entered disabled state
[  283.739643][T11445] input: syz0 as /devices/virtual/input/input57
[  284.222200][T11472] overlayfs: statfs failed on './file0'
[  285.056142][ T4472] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  285.220510][T11108] ------------[ cut here ]------------
[  285.225960][T11108] WARNING: CPU: 1 PID: 11108 at fs/overlayfs/util.c:484 ovl_dir_modified+0x1a5/0x1e0
[  285.235363][T11108] Modules linked in:
[  285.239144][T11108] CPU: 1 PID: 11108 Comm: syz-executor.3 Tainted: G        W          6.1.78-syzkaller-00008-g4c45e2f34089 #0
[  285.250569][T11108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  285.260546][T11108] RIP: 0010:ovl_dir_modified+0x1a5/0x1e0
[  285.265997][T11108] Code: 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ff e8 42 44 9d ff 49 ff 07 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 cb 46 56 ff <0f> 0b e9 06 ff ff ff e8 bf 46 56 ff 0f 0b e9 3d ff ff ff 44 89 e1
[  285.285472][T11108] RSP: 0018:ffffc90001e7fae0 EFLAGS: 00010293
[  285.291359][T11108] RAX: ffffffff821f2d35 RBX: 0000000000000000 RCX: ffff88811d330000
[  285.299184][T11108] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  285.306984][T11108] RBP: ffffc90001e7fb10 R08: ffffffff821f2c34 R09: ffffed10200cc819
[  285.314777][T11108] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888137206880
[  285.322609][T11108] R13: ffff8881372068b0 R14: 1ffff11026e40d16 R15: ffff888100664020
[  285.330413][T11108] FS:  0000555557542480(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[  285.339204][T11108] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  285.345585][T11108] CR2: 000055555754b818 CR3: 000000011a852000 CR4: 00000000003506a0
[  285.353436][T11108] DR0: 0000000000000000 DR1: 00000000872c9164 DR2: 0000000000000000
[  285.361261][T11108] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  285.369039][T11108] Call Trace:
[  285.372147][T11108]  <TASK>
[  285.374928][T11108]  ? show_regs+0x58/0x60
[  285.379022][T11108]  ? __warn+0x160/0x3d0
[  285.383001][T11108]  ? ovl_dir_modified+0x1a5/0x1e0
[  285.387875][T11108]  ? report_bug+0x4d5/0x7d0
[  285.392195][T11108]  ? ovl_dir_modified+0x1a5/0x1e0
[  285.397076][T11108]  ? handle_bug+0x41/0x70
[  285.401218][T11108]  ? exc_invalid_op+0x1b/0x50
[  285.405735][T11108]  ? asm_exc_invalid_op+0x1b/0x20
[  285.410609][T11108]  ? ovl_dir_modified+0xa4/0x1e0
[  285.415366][T11108]  ? ovl_dir_modified+0x1a5/0x1e0
[  285.420243][T11108]  ? ovl_dir_modified+0x1a5/0x1e0
[  285.425089][T11108]  ovl_do_remove+0x7fc/0xbf0
[  285.429553][T11108]  ? ovl_set_redirect+0x670/0x670
[  285.434378][T11108]  ? selinux_inode_rmdir+0x22/0x30
[  285.439342][T11108]  ovl_rmdir+0x1a/0x20
[  285.443225][T11108]  vfs_rmdir+0x398/0x500
[  285.447323][T11108]  incfs_kill_sb+0x113/0x230
[  285.451734][T11108]  deactivate_locked_super+0xad/0x110
[  285.456959][T11108]  deactivate_super+0xbe/0xf0
[  285.461452][T11108]  cleanup_mnt+0x485/0x510
[  285.465705][T11108]  ? user_path_at_empty+0x14e/0x1a0
[  285.470753][T11108]  __cleanup_mnt+0x19/0x20
[  285.474994][T11108]  task_work_run+0x24d/0x2e0
[  285.479436][T11108]  ? task_work_cancel+0x2b0/0x2b0
[  285.484290][T11108]  ? __x64_sys_umount+0x122/0x170
[  285.489302][T11108]  exit_to_user_mode_loop+0x94/0xa0
[  285.494309][T11108]  exit_to_user_mode_prepare+0x5a/0xa0
[  285.499619][T11108]  syscall_exit_to_user_mode+0x26/0x140
[  285.504982][T11108]  do_syscall_64+0x49/0xb0
[  285.509250][T11108]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  285.514962][T11108] RIP: 0033:0x7f1d6d87e1d7
[  285.519238][T11108] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
[  285.538672][T11108] RSP: 002b:00007ffff62bc838 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  285.546914][T11108] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f1d6d87e1d7
[  285.554712][T11108] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffff62bc8f0
[  285.562550][T11108] RBP: 00007ffff62bc8f0 R08: 0000000000000000 R09: 0000000000000000
[  285.570482][T11108] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffff62bd9a0
[  285.578302][T11108] R13: 00007f1d6d8d9636 R14: 0000000000045692 R15: 0000000000000016
[  285.586114][T11108]  </TASK>
[  285.588953][T11108] ---[ end trace 0000000000000000 ]---
[  285.594734][T11108] ------------[ cut here ]------------
[  285.600091][T11108] WARNING: CPU: 0 PID: 11108 at fs/overlayfs/util.c:484 ovl_dir_modified+0x1a5/0x1e0
[  285.609301][T11108] Modules linked in:
[  285.613017][T11108] CPU: 0 PID: 11108 Comm: syz-executor.3 Tainted: G        W          6.1.78-syzkaller-00008-g4c45e2f34089 #0
[  285.624486][T11108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  285.634382][T11108] RIP: 0010:ovl_dir_modified+0x1a5/0x1e0
[  285.639848][T11108] Code: 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ff e8 42 44 9d ff 49 ff 07 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 cb 46 56 ff <0f> 0b e9 06 ff ff ff e8 bf 46 56 ff 0f 0b e9 3d ff ff ff 44 89 e1
[  285.659308][T11108] RSP: 0018:ffffc90001e7fae0 EFLAGS: 00010293
[  285.665176][T11108] RAX: ffffffff821f2d35 RBX: 0000000000000000 RCX: ffff88811d330000
[  285.673001][T11108] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  285.680820][T11108] RBP: ffffc90001e7fb10 R08: ffffffff821f2c34 R09: ffffed10200cc819
[  285.688624][T11108] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888137206880
[  285.696435][T11108] R13: ffff8881372068b0 R14: 1ffff11026e40d16 R15: ffff888100664020
[  285.704235][T11108] FS:  0000555557542480(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[  285.713012][T11108] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  285.719442][T11108] CR2: 00007fb2b47f7d58 CR3: 000000011a852000 CR4: 00000000003506b0
[  285.727249][T11108] DR0: 0000000000000000 DR1: 00000000872c9164 DR2: 0000000000000000
[  285.735045][T11108] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  285.742871][T11108] Call Trace:
[  285.745980][T11108]  <TASK>
[  285.748781][T11108]  ? show_regs+0x58/0x60
[  285.752838][T11108]  ? __warn+0x160/0x3d0
[  285.756158][ T4472] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  285.756846][T11108]  ? ovl_dir_modified+0x1a5/0x1e0
[  285.770581][T11108]  ? report_bug+0x4d5/0x7d0
[  285.774889][T11108]  ? ovl_dir_modified+0x1a5/0x1e0
[  285.779788][T11108]  ? handle_bug+0x41/0x70
[  285.780112][ T4472] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  285.783929][T11108]  ? exc_invalid_op+0x1b/0x50
[  285.792457][ T4472] usb 3-1: config 0 descriptor??
[  285.796256][T11108]  ? asm_exc_invalid_op+0x1b/0x20
[  285.805869][T11108]  ? ovl_dir_modified+0xa4/0x1e0
[  285.810654][T11108]  ? ovl_dir_modified+0x1a5/0x1e0
[  285.815501][T11108]  ? ovl_dir_modified+0x1a5/0x1e0
[  285.820376][T11108]  ovl_do_remove+0x7fc/0xbf0
[  285.824789][T11108]  ? ovl_set_redirect+0x670/0x670
[  285.829662][T11108]  ? selinux_inode_rmdir+0x22/0x30
[  285.834595][T11108]  ovl_rmdir+0x1a/0x20
[  285.838523][T11108]  vfs_rmdir+0x398/0x500
[  285.842580][T11108]  incfs_kill_sb+0x1b4/0x230
[  285.847029][T11108]  deactivate_locked_super+0xad/0x110
[  285.852214][T11108]  deactivate_super+0xbe/0xf0
[  285.856740][T11108]  cleanup_mnt+0x485/0x510
[  285.860977][T11108]  ? user_path_at_empty+0x14e/0x1a0
[  285.866034][T11108]  __cleanup_mnt+0x19/0x20
[  285.870267][T11108]  task_work_run+0x24d/0x2e0
[  285.874694][T11108]  ? task_work_cancel+0x2b0/0x2b0
[  285.879576][T11108]  ? __x64_sys_umount+0x122/0x170
[  285.884421][T11108]  exit_to_user_mode_loop+0x94/0xa0
[  285.889466][T11108]  exit_to_user_mode_prepare+0x5a/0xa0
[  285.894741][T11108]  syscall_exit_to_user_mode+0x26/0x140
[  285.900140][T11108]  do_syscall_64+0x49/0xb0
[  285.904375][T11108]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  285.910143][T11108] RIP: 0033:0x7f1d6d87e1d7
[  285.914357][T11108] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
[  285.933816][T11108] RSP: 002b:00007ffff62bc838 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  285.942054][T11108] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f1d6d87e1d7
[  285.949866][T11108] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffff62bc8f0
[  285.957681][T11108] RBP: 00007ffff62bc8f0 R08: 0000000000000000 R09: 0000000000000000
[  285.965477][T11108] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffff62bd9a0
[  285.973306][T11108] R13: 00007f1d6d8d9636 R14: 0000000000045692 R15: 0000000000000016
[  285.981117][T11108]  </TASK>
[  285.983962][T11108] ---[ end trace 0000000000000000 ]---
[  287.296066][ T5398] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  287.353622][ T8784] ------------[ cut here ]------------
[  287.358985][ T8784] WARNING: CPU: 1 PID: 8784 at fs/overlayfs/util.c:484 ovl_dir_modified+0x1a5/0x1e0
[  287.368277][ T8784] Modules linked in:
[  287.372002][ T8784] CPU: 1 PID: 8784 Comm: syz-executor.4 Tainted: G        W          6.1.78-syzkaller-00008-g4c45e2f34089 #0
[  287.383435][ T8784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  287.393308][ T8784] RIP: 0010:ovl_dir_modified+0x1a5/0x1e0
[  287.398847][ T8784] Code: 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ff e8 42 44 9d ff 49 ff 07 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 cb 46 56 ff <0f> 0b e9 06 ff ff ff e8 bf 46 56 ff 0f 0b e9 3d ff ff ff 44 89 e1
[  287.418329][ T8784] RSP: 0018:ffffc90009b0fae0 EFLAGS: 00010293
[  287.424170][ T8784] RAX: ffffffff821f2d35 RBX: 0000000000000000 RCX: ffff888130ad9440
[  287.432200][ T8784] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  287.440030][ T8784] RBP: ffffc90009b0fb10 R08: ffffffff821f2c34 R09: ffffed1022641819
[  287.447845][ T8784] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88813720cbb0
[  287.455882][ T8784] R13: ffff88813720cbe0 R14: 1ffff11026e4197c R15: ffff88811320c020
[  287.463918][ T8784] FS:  00005555569c7480(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[  287.472731][ T8784] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  287.479112][ T8784] CR2: 00007ffc58247ed8 CR3: 0000000116661000 CR4: 00000000003506a0
[  287.486925][ T8784] DR0: 0000000000000000 DR1: 00000000872c9164 DR2: 0000000000000000
[  287.494708][ T8784] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  287.502568][ T8784] Call Trace:
[  287.505644][ T8784]  <TASK>
[  287.508577][ T8784]  ? show_regs+0x58/0x60
[  287.512806][ T8784]  ? __warn+0x160/0x3d0
[  287.516838][ T8784]  ? ovl_dir_modified+0x1a5/0x1e0
[  287.521660][ T8784]  ? report_bug+0x4d5/0x7d0
[  287.525999][ T8784]  ? ovl_dir_modified+0x1a5/0x1e0
[  287.530858][ T8784]  ? handle_bug+0x41/0x70
[  287.535213][ T8784]  ? exc_invalid_op+0x1b/0x50
[  287.539807][ T8784]  ? asm_exc_invalid_op+0x1b/0x20
[  287.544587][ T8784]  ? ovl_dir_modified+0xa4/0x1e0
[  287.549377][ T8784]  ? ovl_dir_modified+0x1a5/0x1e0
[  287.554214][ T8784]  ? ovl_dir_modified+0x1a5/0x1e0
[  287.559295][ T8784]  ovl_do_remove+0x7fc/0xbf0
[  287.563716][ T8784]  ? ovl_set_redirect+0x670/0x670
[  287.568603][ T8784]  ? selinux_inode_rmdir+0x22/0x30
[  287.573521][ T8784]  ovl_rmdir+0x1a/0x20
[  287.577443][ T8784]  vfs_rmdir+0x398/0x500
[  287.581507][ T8784]  incfs_kill_sb+0x113/0x230
[  287.585937][ T8784]  deactivate_locked_super+0xad/0x110
[  287.591161][ T8784]  deactivate_super+0xbe/0xf0
[  287.595655][ T8784]  cleanup_mnt+0x485/0x510
[  287.599922][ T8784]  ? user_path_at_empty+0x14e/0x1a0
[  287.604941][ T8784]  __cleanup_mnt+0x19/0x20
[  287.609214][ T8784]  task_work_run+0x24d/0x2e0
[  287.613619][ T8784]  ? task_work_cancel+0x2b0/0x2b0
[  287.618492][ T8784]  ? __x64_sys_umount+0x122/0x170
[  287.623340][ T8784]  exit_to_user_mode_loop+0x94/0xa0
[  287.628398][ T8784]  exit_to_user_mode_prepare+0x5a/0xa0
[  287.633670][ T8784]  syscall_exit_to_user_mode+0x26/0x140
[  287.639065][ T8784]  do_syscall_64+0x49/0xb0
[  287.643300][ T8784]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  287.649052][ T8784] RIP: 0033:0x7f46a687e1d7
[  287.653284][ T8784] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
[  287.672747][ T8784] RSP: 002b:00007ffc58248688 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  287.680985][ T8784] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f46a687e1d7
[  287.688806][ T8784] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc58248740
[  287.696106][ T5398] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  287.696608][ T8784] RBP: 00007ffc58248740 R08: 0000000000000000 R09: 0000000000000000
[  287.706575][ T5398] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  287.714301][ T8784] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc582497f0
[  287.730893][ T8784] R13: 00007f46a68d9636 R14: 0000000000045efa R15: 0000000000000016
[  287.738709][ T8784]  </TASK>
[  287.741562][ T8784] ---[ end trace 0000000000000000 ]---
[  287.747323][ T8784] ------------[ cut here ]------------
[  287.752588][ T8784] WARNING: CPU: 0 PID: 8784 at fs/overlayfs/util.c:484 ovl_dir_modified+0x1a5/0x1e0
[  287.761908][ T8784] Modules linked in:
[  287.765517][ T8784] CPU: 0 PID: 8784 Comm: syz-executor.4 Tainted: G        W          6.1.78-syzkaller-00008-g4c45e2f34089 #0
[  287.776910][ T8784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  287.786794][ T8784] RIP: 0010:ovl_dir_modified+0x1a5/0x1e0
[  287.792249][ T8784] Code: 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ff e8 42 44 9d ff 49 ff 07 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 cb 46 56 ff <0f> 0b e9 06 ff ff ff e8 bf 46 56 ff 0f 0b e9 3d ff ff ff 44 89 e1
[  287.811708][ T8784] RSP: 0018:ffffc90009b0fae0 EFLAGS: 00010293
[  287.817607][ T8784] RAX: ffffffff821f2d35 RBX: 0000000000000000 RCX: ffff888130ad9440
[  287.825402][ T8784] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  287.833229][ T8784] RBP: ffffc90009b0fb10 R08: ffffffff821f2c34 R09: ffffed1022641819
[  287.841043][ T8784] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88813720cbb0
[  287.848848][ T8784] R13: ffff88813720cbe0 R14: 1ffff11026e4197c R15: ffff88811320c020
[  287.856665][ T8784] FS:  00005555569c7480(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[  287.865413][ T8784] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  287.871851][ T8784] CR2: 0000001b32c23000 CR3: 0000000116661000 CR4: 00000000003506b0
[  287.879661][ T8784] DR0: 0000000000000000 DR1: 00000000872c9164 DR2: 0000000000000000
[  287.887471][ T8784] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  287.895272][ T8784] Call Trace:
[  287.898414][ T8784]  <TASK>
[  287.901175][ T8784]  ? show_regs+0x58/0x60
[  287.905254][ T8784]  ? __warn+0x160/0x3d0
[  287.909264][ T8784]  ? ovl_dir_modified+0x1a5/0x1e0
[  287.914104][ T8784]  ? report_bug+0x4d5/0x7d0
[  287.918456][ T8784]  ? ovl_dir_modified+0x1a5/0x1e0
[  287.923303][ T8784]  ? handle_bug+0x41/0x70
[  287.927484][ T8784]  ? exc_invalid_op+0x1b/0x50
[  287.931986][ T8784]  ? asm_exc_invalid_op+0x1b/0x20
[  287.936854][ T8784]  ? ovl_dir_modified+0xa4/0x1e0
[  287.941622][ T8784]  ? ovl_dir_modified+0x1a5/0x1e0
[  287.946491][ T8784]  ? ovl_dir_modified+0x1a5/0x1e0
[  287.951340][ T8784]  ovl_do_remove+0x7fc/0xbf0
[  287.955765][ T8784]  ? ovl_set_redirect+0x670/0x670
[  287.960641][ T8784]  ? selinux_inode_rmdir+0x22/0x30
[  287.965571][ T8784]  ovl_rmdir+0x1a/0x20
[  287.969491][ T8784]  vfs_rmdir+0x398/0x500
[  287.973555][ T8784]  incfs_kill_sb+0x1b4/0x230
[  287.977994][ T8784]  deactivate_locked_super+0xad/0x110
[  287.983191][ T8784]  deactivate_super+0xbe/0xf0
[  287.988057][ T8784]  cleanup_mnt+0x485/0x510
[  287.992273][ T8784]  ? user_path_at_empty+0x14e/0x1a0
[  287.997428][ T8784]  __cleanup_mnt+0x19/0x20
[  288.001559][ T8784]  task_work_run+0x24d/0x2e0
[  288.005988][ T8784]  ? task_work_cancel+0x2b0/0x2b0
[  288.010848][ T8784]  ? __x64_sys_umount+0x122/0x170
[  288.015709][ T8784]  exit_to_user_mode_loop+0x94/0xa0
[  288.020763][ T8784]  exit_to_user_mode_prepare+0x5a/0xa0
[  288.026054][ T8784]  syscall_exit_to_user_mode+0x26/0x140
[  288.031417][ T8784]  do_syscall_64+0x49/0xb0
[  288.035670][ T8784]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  288.041424][ T8784] RIP: 0033:0x7f46a687e1d7
[  288.045651][ T8784] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
[  288.065114][ T8784] RSP: 002b:00007ffc58248688 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  288.073367][ T8784] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f46a687e1d7
[  288.081178][ T8784] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc58248740
[  288.088973][ T8784] RBP: 00007ffc58248740 R08: 0000000000000000 R09: 0000000000000000
[  288.096781][ T8784] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc582497f0
[  288.104583][ T8784] R13: 00007f46a68d9636 R14: 0000000000045efa R15: 0000000000000016
[  288.112413][ T8784]  </TASK>
[  288.115256][ T8784] ---[ end trace 0000000000000000 ]---
[  288.127135][   T28] audit: type=1400 audit(2000000215.489:24216): avc:  denied  { setopt } for  pid=11550 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  288.176165][ T5398] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  288.184424][T11558] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11558 comm=syz-executor.3
[  288.197628][ T5398] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  288.197654][ T5398] usb 2-1: SerialNumber: syz
[  288.211122][T11558] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
[  288.235239][  T563] Bluetooth: hci0: Frame reassembly failed (-84)
[  288.351356][T11564] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.4'.
[  288.506695][ T5398] usb 2-1: 0:2 : does not exist
[  288.557419][ T5398] usb 2-1: USB disconnect, device number 19
[  288.656111][ T4472] usb 3-1: Cannot set autoneg
[  288.660687][ T4472] MOSCHIP usb-ethernet driver: probe of 3-1:0.0 failed with error -32
[  289.169700][T11592] input: syz0 as /devices/virtual/input/input58
[  289.455764][   T28] audit: type=1400 audit(2000000216.809:24217): avc:  denied  { unlink } for  pid=11604 comm="syz-executor.1" name="#8e" dev="tmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  289.803493][  T837] usb 3-1: USB disconnect, device number 28
[  289.944468][T11625] loop2: detected capacity change from 0 to 1024
[  289.951424][T11625] EXT4-fs: Ignoring removed orlov option
[  289.957413][T11625] EXT4-fs (loop2): Test dummy encryption mode enabled
[  289.965788][T11625] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  289.976881][T11625] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.2'.
[  289.986421][T11625] netlink: 172 bytes leftover after parsing attributes in process `syz-executor.2'.
[  289.998981][T10620] EXT4-fs (loop2): unmounting filesystem.
[  290.163463][T11637] xt_policy: too many policy elements
[  290.306060][ T6602] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  290.312171][ T2196] Bluetooth: hci0: command 0x1003 tx timeout
[  290.575960][T11658] loop3: detected capacity change from 0 to 512
[  290.583936][T11658] EXT4-fs warning (device loop3): ext4_block_to_path:107: block 3279945729 > max in inode 13
[  290.594143][T11658] EXT4-fs warning (device loop3): ext4_block_to_path:107: block 3279945730 > max in inode 13
[  290.604373][T11658] EXT4-fs (loop3): 1 truncate cleaned up
[  290.610317][T11658] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  290.620651][T11658] fscrypt (loop3, inode 2): Error -61 getting encryption context
[  290.629038][   T28] audit: type=1326 audit(2000000217.989:24218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11657 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d6d87cea9 code=0x7ffc0000
[  290.656659][T11108] EXT4-fs (loop3): unmounting filesystem.
[  290.658184][   T28] audit: type=1326 audit(2000000217.999:24219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11657 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1d6d87cea9 code=0x7ffc0000
[  290.686209][   T28] audit: type=1326 audit(2000000217.999:24220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11657 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d6d87cea9 code=0x7ffc0000
[  290.739609][   T28] audit: type=1326 audit(2000000217.999:24221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11657 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=228 compat=0 ip=0x7f1d6d87cea9 code=0x7ffc0000
[  290.764865][   T28] audit: type=1326 audit(2000000217.999:24222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11657 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d6d87cea9 code=0x7ffc0000
[  290.815813][  T343] Bluetooth: hci0: Frame reassembly failed (-84)
[  291.194030][T11687] loop2: detected capacity change from 0 to 512
[  291.201857][T11687] EXT4-fs error (device loop2): ext4_orphan_get:1396: inode #15: comm syz-executor.2: casefold flag without casefold feature
[  291.214932][T11687] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #2: comm syz-executor.2: missing EA_INODE flag
[  291.226865][T11687] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor.2: error while reading EA inode 2 err=-117
[  291.239683][T11687] EXT4-fs (loop2): 1 orphan inode deleted
[  291.245209][T11687] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  291.257258][T11687] EXT4-fs warning (device loop2): __ext4fs_dirhash:270: inode #19: comm syz-executor.2: Siphash requires key
[  291.268763][T11687] EXT4-fs warning (device loop2): __ext4fs_dirhash:270: inode #19: comm syz-executor.2: Siphash requires key
[  291.280198][T11687] EXT4-fs warning (device loop2): __ext4fs_dirhash:270: inode #19: comm syz-executor.2: Siphash requires key
[  291.293930][T11687] EXT4-fs warning (device loop2): __ext4fs_dirhash:270: inode #15: comm syz-executor.2: Siphash requires key
[  291.305338][T11687] EXT4-fs warning (device loop2): __ext4fs_dirhash:270: inode #15: comm syz-executor.2: Siphash requires key
[  291.316716][T11687] EXT4-fs warning (device loop2): __ext4fs_dirhash:270: inode #15: comm syz-executor.2: Siphash requires key
[  291.328114][T11687] EXT4-fs warning (device loop2): __ext4fs_dirhash:270: inode #18: comm syz-executor.2: Siphash requires key
[  291.339489][T11687] EXT4-fs warning (device loop2): __ext4fs_dirhash:270: inode #18: comm syz-executor.2: Siphash requires key
[  291.350782][T11687] EXT4-fs warning (device loop2): __ext4fs_dirhash:270: inode #18: comm syz-executor.2: Siphash requires key
[  291.364996][T10620] EXT4-fs warning (device loop2): __ext4fs_dirhash:270: inode #2: comm syz-executor.2: Siphash requires key
[  291.417164][T10620] EXT4-fs (loop2): unmounting filesystem.
[  291.577421][T11693] bridge0: port 1(bridge_slave_0) entered blocking state
[  291.584683][T11693] bridge0: port 1(bridge_slave_0) entered disabled state
[  291.595969][T11693] device bridge_slave_0 entered promiscuous mode
[  291.609671][T11693] bridge0: port 2(bridge_slave_1) entered blocking state
[  291.616929][T11693] bridge0: port 2(bridge_slave_1) entered disabled state
[  291.624080][T11693] device bridge_slave_1 entered promiscuous mode
[  291.637757][T11708] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1768846636 (3537693272 ns) > initial count (1927074542 ns). Using initial count to start timer.
[  291.689300][T11693] bridge0: port 2(bridge_slave_1) entered blocking state
[  291.696194][T11693] bridge0: port 2(bridge_slave_1) entered forwarding state
[  291.700442][   T28] audit: type=1326 audit(2000000219.059:24223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11716 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f508b87cea9 code=0x7ffc0000
[  291.703263][T11693] bridge0: port 1(bridge_slave_0) entered blocking state
[  291.733917][T11693] bridge0: port 1(bridge_slave_0) entered forwarding state
[  291.737404][   T28] audit: type=1326 audit(2000000219.089:24224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11716 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f508b87cea9 code=0x7ffc0000
[  291.760355][ T1653] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  291.772171][   T28] audit: type=1326 audit(2000000219.089:24225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11716 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f508b87cea9 code=0x7ffc0000
[  291.805141][T11723] syz-executor.1[11723] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  291.805210][T11723] syz-executor.1[11723] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  291.816840][ T1653] bridge0: port 1(bridge_slave_0) entered disabled state
[  291.835376][ T1653] bridge0: port 2(bridge_slave_1) entered disabled state
[  291.856461][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  291.873697][   T39] bridge0: port 1(bridge_slave_0) entered blocking state
[  291.880604][   T39] bridge0: port 1(bridge_slave_0) entered forwarding state
[  291.894004][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  291.905121][   T39] bridge0: port 2(bridge_slave_1) entered blocking state
[  291.912003][   T39] bridge0: port 2(bridge_slave_1) entered forwarding state
[  291.930509][  T837] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  291.940758][  T837] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  291.963168][ T1653] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  291.981217][ T1653] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  291.991023][ T1653] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  291.999828][ T1653] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  292.008758][T11693] device veth0_vlan entered promiscuous mode
[  292.027819][ T1653] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  292.046736][T11693] device veth1_macvtap entered promiscuous mode
[  292.067388][ T5398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  292.085454][ T1653] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  292.866086][ T6602] Bluetooth: hci0: command 0x1003 tx timeout
[  292.871991][ T2195] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  293.268214][T11752] syz-executor.1[11752] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  293.268734][T11752] syz-executor.1[11752] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  293.281213][T11747] loop4: detected capacity change from 0 to 1024
[  293.310581][T11751] block device autoloading is deprecated and will be removed.
[  293.370598][T11747] EXT4-fs: Ignoring removed orlov option
[  293.379977][T11747] /dev/loop4: Can't open blockdev
[  293.430719][T11747] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.4'.
[  293.442817][T11747] netlink: 172 bytes leftover after parsing attributes in process `syz-executor.4'.
[  293.530299][T11782] syz-executor.4[11782] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  293.530373][T11782] syz-executor.4[11782] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  293.625296][   T28] kauditd_printk_skb: 2 callbacks suppressed
[  293.625313][   T28] audit: type=1400 audit(2000000220.979:24228): avc:  denied  { sqpoll } for  pid=11791 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  294.526754][ T5398] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  294.577412][T11800] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.0'.
[  294.606425][T11800] netlink: 172 bytes leftover after parsing attributes in process `syz-executor.0'.
[  294.686312][T11809] loop2: detected capacity change from 0 to 40427
[  294.703774][T11809] F2FS-fs (loop2): invalid crc value
[  294.709994][T11809] F2FS-fs (loop2): Found nat_bits in checkpoint
[  294.755072][T11809] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  294.776101][ T5398] usb 4-1: Using ep0 maxpacket: 8
[  294.863435][T11838] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
[  294.874987][T11838] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[  294.883231][T11838] CPU: 0 PID: 11838 Comm: syz-executor.1 Tainted: G        W          6.1.78-syzkaller-00008-g4c45e2f34089 #0
[  294.894684][T11838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  294.904577][T11838] RIP: 0010:dev_map_generic_redirect+0x90/0x7d0
[  294.910654][T11838] Code: f1 f1 00 f2 f2 f2 4b 89 04 26 43 c7 44 26 0f f3 f3 f3 f3 43 c6 44 26 13 f3 e8 ac 07 de ff 48 89 d8 48 c1 e8 03 48 89 44 24 48 <42> 80 3c 20 00 74 08 48 89 df e8 f1 04 25 00 48 89 5c 24 18 4c 8b
[  294.930093][T11838] RSP: 0018:ffffc90000e5f6c0 EFLAGS: 00010246
[  294.935995][T11838] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000040000
[  294.943804][T11838] RDX: ffffc9000570d000 RSI: 0000000000000414 RDI: 0000000000000415
[  294.951617][T11838] RBP: ffffc90000e5f818 R08: 0000000000000005 R09: ffffffff8411e7b3
[  294.959428][T11838] R10: 0000000000000004 R11: ffff888112856540 R12: dffffc0000000000
[  294.967241][T11838] R13: ffff88813a1eddc0 R14: 1ffff920001cbee4 R15: 0000000000000000
[  294.975051][T11838] FS:  00007fb2b61206c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[  294.983818][T11838] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  294.990240][T11838] CR2: 0000000020010000 CR3: 000000011667c000 CR4: 00000000003506b0
[  294.998051][T11838] DR0: 0000000000000000 DR1: 00000000872c9164 DR2: 0000000000000000
[  295.005869][T11838] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  295.013675][T11838] Call Trace:
[  295.016800][T11838]  <TASK>
[  295.019578][T11838]  ? __die_body+0x62/0xb0
[  295.023740][T11838]  ? die_addr+0x9f/0xd0
[  295.027734][T11838]  ? exc_general_protection+0x317/0x4c0
[  295.033121][T11838]  ? asm_exc_general_protection+0x27/0x30
[  295.038670][T11838]  ? xdp_do_generic_redirect+0x303/0xad0
[  295.044138][T11838]  ? dev_map_generic_redirect+0x90/0x7d0
[  295.049605][T11838]  ? __free_pages_core+0x180/0x180
[  295.054551][T11838]  ? __this_cpu_preempt_check+0x13/0x20
[  295.059934][T11838]  ? bq_enqueue+0x3e0/0x3e0
[  295.064276][T11838]  ? bpf_prog_run_generic_xdp+0x9aa/0x1110
[  295.069917][T11838]  xdp_do_generic_redirect+0x411/0xad0
[  295.075209][T11838]  do_xdp_generic+0x53e/0x800
[  295.079723][T11838]  ? generic_xdp_tx+0x560/0x560
[  295.084409][T11838]  ? __schedule+0xcaf/0x1550
[  295.088834][T11838]  ? tun_get_user+0x2340/0x3a90
[  295.093521][T11838]  tun_get_user+0x238a/0x3a90
[  295.098037][T11838]  ? futex_q_unlock+0x30/0x30
[  295.102549][T11838]  ? tun_do_read+0x1ee0/0x1ee0
[  295.107147][T11838]  ? ref_tracker_alloc+0x31d/0x450
[  295.112095][T11838]  ? ref_tracker_dir_print+0x160/0x160
[  295.117388][T11838]  ? futex_wait+0x4b7/0x7e0
[  295.121730][T11838]  ? avc_policy_seqno+0x1b/0x70
[  295.126415][T11838]  ? tun_get+0xe9/0x120
[  295.130406][T11838]  tun_chr_write_iter+0x129/0x210
[  295.135271][T11838]  vfs_write+0x902/0xeb0
[  295.139349][T11838]  ? __x64_sys_prctl+0xd0/0xd0
[  295.143952][T11838]  ? file_end_write+0x1c0/0x1c0
[  295.148634][T11838]  ? __fget_files+0x2cb/0x330
[  295.153149][T11838]  ? __fdget_pos+0x204/0x390
[  295.157573][T11838]  ? ksys_write+0x77/0x2c0
[  295.161826][T11838]  ksys_write+0x199/0x2c0
[  295.165991][T11838]  ? __x64_sys_futex+0x100/0x100
[  295.170766][T11838]  ? __ia32_sys_read+0x90/0x90
[  295.175366][T11838]  ? fpregs_restore_userregs+0x130/0x290
[  295.180836][T11838]  __x64_sys_write+0x7b/0x90
[  295.185262][T11838]  do_syscall_64+0x3d/0xb0
[  295.189515][T11838]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  295.195240][T11838] RIP: 0033:0x7fb2b547bbef
[  295.199493][T11838] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 b9 80 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 0c 81 02 00 48
[  295.218942][T11838] RSP: 002b:00007fb2b6120090 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  295.227178][T11838] RAX: ffffffffffffffda RBX: 00007fb2b55b3f80 RCX: 00007fb2b547bbef
[  295.234989][T11838] RDX: 000000000000fdef RSI: 0000000020000780 RDI: 00000000000000c8
[  295.242801][T11838] RBP: 00007fb2b54ebff4 R08: 0000000000000000 R09: 0000000000000000
[  295.250613][T11838] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  295.258424][T11838] R13: 000000000000000b R14: 00007fb2b55b3f80 R15: 00007ffc0b6101d8
[  295.266240][T11838]  </TASK>
[  295.269099][T11838] Modules linked in:
[  295.272895][T11838] ---[ end trace 0000000000000000 ]---
[  295.278352][T11838] RIP: 0010:dev_map_generic_redirect+0x90/0x7d0
[  295.284464][T11838] Code: f1 f1 00 f2 f2 f2 4b 89 04 26 43 c7 44 26 0f f3 f3 f3 f3 43 c6 44 26 13 f3 e8 ac 07 de ff 48 89 d8 48 c1 e8 03 48 89 44 24 48 <42> 80 3c 20 00 74 08 48 89 df e8 f1 04 25 00 48 89 5c 24 18 4c 8b
[  295.303957][T11838] RSP: 0018:ffffc90000e5f6c0 EFLAGS: 00010246
[  295.309924][T11838] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000040000
[  295.317750][T11838] RDX: ffffc9000570d000 RSI: 0000000000000414 RDI: 0000000000000415
[  295.325631][T11838] RBP: ffffc90000e5f818 R08: 0000000000000005 R09: ffffffff8411e7b3
[  295.333475][T11838] R10: 0000000000000004 R11: ffff888112856540 R12: dffffc0000000000
[  295.341307][T11838] R13: ffff88813a1eddc0 R14: 1ffff920001cbee4 R15: 0000000000000000
[  295.349085][T11838] FS:  00007fb2b61206c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[  295.357842][T11838] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  295.364232][T11838] CR2: 0000000020010000 CR3: 000000011667c000 CR4: 00000000003506b0
[  295.372117][T11838] DR0: 0000000000000000 DR1: 00000000872c9164 DR2: 0000000000000000
[  295.379882][T11838] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  295.387711][T11838] Kernel panic - not syncing: Fatal exception in interrupt
[  295.394897][T11838] Kernel Offset: disabled
[  295.399016][T11838] Rebooting in 86400 seconds..