last executing test programs:

47.733708597s ago: executing program 3 (id=2243):
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x5, 0x0, 0x9fd, 0x84}, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
socket$packet(0x11, 0x0, 0x300)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
r4 = socket$inet6(0xa, 0x3, 0xff)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x6}, 0x1c)
r5 = dup2(r4, r4)
ioctl$TIOCGPGRP(r5, 0x540f, &(0x7f00000001c0))
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000940)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad1f50ad32d3fd25dfd73a015e0ca6a0f68a7d007f15451dfb265a0e3ccae669e173a64bc1cfd5587d452d64e7cc957d77578f4c25235138d5521f9453559c35da860e8efbc64e57cbb7aee976f2b54421eed73d5661ca3dbe74bd09de8793dbcceef76b2e5feecf9c66c54c3b3ffe1b4ce25d7c983c044c06cd0a48dfe3e26e7a23129d6606fd28a69989d552af6d9a9df2c3af36e0360050011bbecc2f4a3799af2551ce935b0f327cb3f011a7d06602e2fd5234712596b696418f163d1a13ed38ae82f87925bfacba83109753f541cd027edd68149ee99eebc6f7d6dd4aed4af7588c8e1b44ccb19e810879b70a7000000e7ffffff00000000d7900a820b63278f4e9a217b98ef7042ad2a92895614cd50cbe43a1ed25268816b00000000000009d27d753a30a147b24a48435bd8a568669596e9e0867958e1dd7a0defb6670c06054002238260000000000040587c1ed797aa21a38e1e389f640a0b8b0000000000a835ad0f61ba73c31b05c00fba8a4aee676d7c45bb29671a68ee2e60da7b01a2e5785a238afa4aba70c07fcd95bf8b0d71b6f72d6a8d87fb08533d97ad96d3943c4cc8306dac433a5cdf334178b04963d67dd5a5707e618a1ef9057fec00f9e930219fa8d30e716de8cde9c60f0000000c3b64d10f0939b42b788daa7075fa542242b00f6bf9b64ad460e386b6f388351fbdacb3ad074574ee9d450f9dcfaef1be95ff3c449e6482e4403174618c20e887d6f320616d31d78a0e5421d5742cc52509fd90cf2df6d1404f6b8f810d7b94d421971b77a3270153a0d57cccfe27872f3e8e44480f93c33421986a7737842627301fb2fee8cabab074adaa2024ff57e609ba2f4d83b3bbf52309484532416f48f43b31395c6f45fee8f1682a4e8d5e3b9ae634ed24fb0e8b5fadaf5cb7eea62b7bb4264e72950c9dc791d771acc24c08cdb6ef24c813d082a86d9b879bdf5aefdfd905a2bd4ea36b0b54915a68fe149db154a8340017e1855511e9c0fe62d0cf55"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_open_dev$usbfs(0x0, 0x76, 0x141201)

44.600394043s ago: executing program 3 (id=2251):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x4, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="7a0a00ff0000fcffffffffffffff0000a400000000000000"], &(0x7f0000000480)='syzkaller\x00'}, 0x80)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
add_key(&(0x7f0000000440)='encrypted\x00', 0x0, &(0x7f0000000300)="3963f8b3cdf250ff7f768dec28829b223024fa538ab40a493823", 0x1a, 0xfffffffffffffffc)
r3 = socket$tipc(0x1e, 0x5, 0x0)
syz_io_uring_setup(0x0, 0x0, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x2d)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r9, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r10=>0x0})
sendmsg$nl_route(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="200000006800e97800000000000000000a0000000000000008000500", @ANYRES32=r10, @ANYBLOB="7e4ec61e071000a82657372000b2"], 0x20}}, 0x0)
sendmsg$nl_route(r5, &(0x7f0000004380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="240000001800090400000000000000000a000000000000000000000008001e00010000009c1937e4846b738738bd22ab52c7bb47a23a59cb91012320a47a00f0cc3f592f0503921871024a69ab145b23ec89077541b4860463e084e75a9e9aee0007000000000000004605367ced785489f52ae60eaeaa969e4a7c5b29e79a"], 0x24}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000400)=ANY=[@ANYBLOB="200000001000370400"/20, @ANYRES32=r10, @ANYBLOB="92"], 0x20}}, 0x0)
bind$tipc(r3, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x2, 0x3}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
sendmsg$tipc(r3, &(0x7f0000000280)={&(0x7f0000000140), 0x10, 0x0}, 0x0)

42.495119776s ago: executing program 3 (id=2256):
socket$inet6_tcp(0xa, 0x1, 0x0)
unshare(0x0)
syz_emit_ethernet(0x7e, &(0x7f00000010c0)={@local, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010102, @local}, @redirect={0x4, 0x0, 0x0, @empty, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32, 0x0, @private, @empty, {[@timestamp_addr={0x44, 0xc, 0x0, 0x1, 0x0, [{@remote}]}, @timestamp_addr={0x44, 0x34, 0x0, 0x1, 0x0, [{@private}, {@broadcast}, {@dev}, {@private}, {@empty}, {@broadcast}]}]}}}}}}}, 0x0)

42.485615567s ago: executing program 3 (id=2257):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x800083}, 0x10}, 0x90)
ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x20001400)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r2}, 0x10)
ioctl$TUNSETOFFLOAD(r0, 0x40047451, 0x2000000c)

41.559495523s ago: executing program 3 (id=2261):
syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f00000006c0), 0xfe, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M")
creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = socket(0x1e, 0x805, 0x0)
sendmsg$tipc(r4, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
mount$incfs(0x0, 0x0, &(0x7f0000000100), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, 0x0, &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1)
link(&(0x7f0000001240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000bc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
rename(&(0x7f0000000600)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
mount(0x0, 0x0, 0x0, 0x1000, 0x0)

41.004728288s ago: executing program 3 (id=2266):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xe, &(0x7f00000010c0)=ANY=[@ANYBLOB="b702000001000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a83116752ddb11cfafffa3837841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc40700a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e30df414b315f651c8412392191fa83ee830548f11e1036a8debd64c490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cd17b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0544c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afd80e1700000000000000000000000000000832b99df00000000000000005205000000dc1c56d19f35d367632952a93466ae595c6a8cb5ee3a7c9ef89edbdf42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf80300cd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9874620e322d9348900000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2bca0f4557869ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a35df8574eb49e972f7976eafee43a6c17009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981179186e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54aba40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be206af7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b6059b9ef90c2f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c33f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217bcfd1ef24284de8a0a9f068f297037d6478c2434a9a18dcc6c7c708e444a79d7ce37f9cf2a434b9048ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d6356e4450d043ed20d313cd56a56d2e4cdf26f19af9a41695a58a9b6b45af1ca939b18d7b57791b99cfc6ec2a0848c29fea4eb8b82395a38e8aca5ab4bfc2ad8acf2e51b766f8ecd16194ad41ec097082f7fa32179ef99dafa6c2aa206a25ddc33e6f0a09169eeff428c71f54e1dfcfcd7cfc8f6e169f11c47d5040000000000000000000000000000074f21ec2b57bb2daf8fab7cd564d1e84c93af254ab029e6cd168007b9a10a6664d9d264aceede0183b2306c440b2c81c9e120ece36a61b0b015ea6716decf8783e0845fa975b6e5f7f4dd4abe2a95e764ae13288d4439ec29066d9bc9f26212615423c3d8d58901a6b51a93c8aacb19c416d5260662031a295f2b33295a60db77b5f082bdc48cd06c6cd01e7a40e456d829d277c77c2ca9159c82a391a24d5f6193228d93e2fd99cd0cdeefa9b7c5ea02c5454ef4c6631e6766ffcba3cce4ab13c69622675683ab1f05edbb09641c9dba535b319a21a00287645449a61eefc00a2a8f6955d6573023325bc00ca0facb69d67c8b95e29b36c4a5f84a959262c382de9a411be7b9b500ca329e5eefcd323490eed4bcbcba4764618bf51a0849"], 0x0}, 0x90)
socketpair(0x11, 0x2, 0x300, &(0x7f0000000000))
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001ac0)=ANY=[@ANYBLOB="b70200001a000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946e0ebc622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7b148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b74cd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f50714600fb6241c6e955031795b2c2f56411e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeedd005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd52364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000a5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f3390343c12aa51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff17320adda5867947257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a927de6f4c09f4b742e037381c85d2ec7bb2a8152f0d6a99a0370e0cbd65744eb2efd7b65f04aa7e72588757b9612bb4253a63bb303c0c68a07f115d104f2007237a4f771416741bfd63fdfe3ae6f8bea755d8b7202c2bbae137dc1c3cf40db74a4c1c219d8ddec8f91dae2cdea1353fe062830fa1d233296ec9d8317872257e154665485e7f31cdbfbf435517faf93015b57417d84b8bc8662e097d5ba55d02d48e1"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_udp_encap(r3, 0x11, 0x64, &(0x7f0000000080)=0x1, 0x4)
bind$inet6(r3, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0xe, &(0x7f0000000380)={[{@init_itable}, {@commit}, {@barrier_val={'barrier', 0x3d, 0x3}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@block_validity}, {@jqfmt_vfsv1}]}, 0x3, 0x434, &(0x7f0000001cc0)="$eJzs289vFFUcAPDvzLZFKNiK+IOCWkVj44+WFlQOXjSaeNDERA94rG0hlYUaWhMhjVZj8GhIvBuPJv4FnvRi1JOJV70bEmJ6AT2tmd2ZdrvdLW3ZdtH9fJKB92be5n2/O/N238zrBtC1hrN/koj9EfF7RAzUqmsbDNf+u7m8OPX38uJUEpXKW38l1XY3lheniqbF6/rzykgakX6WxJEm/c5funxuslyeuZjXxxbOvz82f+nys7PnJ8/OnJ25MHHq1MkT4y88P/FcW/LMYrox9NHc0cOvvXP1janTV9/9+dukyL8hjzYZ3ujgE5VKm7vrrAN15aSng4GwJaWIyE5Xb3X8D0QpVk/eQLz6aUeDA3ZUpVKp9Lc+vFQB/seS6HQEQGcUX/TZ/W+x7dLU445w/aXaDVCW9818qx3piTRv09twf9tOwxFxeumfr7ItduY5BADAGt9n859nms3/0ri/rt3d+drQYETcExEHI+LeiDgUEfdFVNs+EBEPbrH/xkWS9fOf9Nq2EtukbP73Yr62tXb+V8z+YrCU1w5U8+9NzsyWZ47n78lI9O7J6uMb9PHDK7990epY/fwv27L+i7lgHse1nj1rXzM9uTB5OznXu/5JxFBPs/yTlZWAJCIOR8TQNvuYfeqbo62O3Tr/DbRhnanydcSTtfO/FA35F5KN1yfH7oryzPGx4qpY75dfr7zZqv/byr8NsvO/r+n1v5L/YFK/Xju/9T6u/PF5y3ua7V7/fcnb1XJfvu/DyYWFi+MRfcnrtaDr90+svraoF+2z/EeONR//B2P1nTgSEdlF/FBEPBwRj+SxPxoRj0XEsQ3y/+nlx9/bfv47K8t/ekvnf7XQF417mhdK5378bk2ng1vJPzv/J6ulkXzPZj7/NhPX9q5mAAAA+O9JI2J/JOnoSjlNR0drfy9/KPal5bn5hafPzH1wYbr2G4HB6E2LJ10Ddc9Dx/Pb+qI+0VA/kT83/rK0t1ofnZorT3c6eehy/S3Gf+bPUqejA3ac32tB9zL+oXsZ/9C9jH/oXk3G/95OxAHsvmbf/x93IA5g9zWMf8t+0EXc/0P3Mv6hexn/0JXm98atfySvoLCuEOkdEYbCDhU6/ckEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQHv8GAAD//5LX5s8=")
creat(&(0x7f0000000040)='./bus\x00', 0x0)
truncate(&(0x7f0000000340)='./file2\x00', 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x802053, 0x0, 0xfc, 0x0, &(0x7f00000000c0))
r4 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000240)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r4, &(0x7f00000003c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00')
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000240)={0xffffffffffffffff, 0x2000, 0x0}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000140)=0x80000000, 0x12)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x26e1, 0x0)
syz_emit_ethernet(0x3f, &(0x7f0000000400)={@link_local, @broadcast, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x9, 0x11, 0x0, @remote, @mcast2, {[], {0x0, 0xe22, 0x9, 0x0, @opaque='B'}}}}}}, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e999000000000000000000000000000000000000000000000000c81e000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0)
sendmsg$nl_xfrm(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[], 0x188}, 0x1, 0x0, 0x0, 0xc048884}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0x38, 0x60000000, &(0x7f0000000100)="b9ff03316844268cb89e14f086dd65e0ffff00121100631177fbac141416e000030a44079f03fc80000000000000845013f2325f1a3988050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000}, 0x2c)
recvmmsg(0xffffffffffffffff, &(0x7f0000002c80)=[{{0x0, 0x0, &(0x7f00000006c0)=[{0x0}, {&(0x7f0000000140)=""/180, 0xb4}, {0x0}], 0x3}}], 0x1, 0x0, 0x0)
write$binfmt_aout(r1, &(0x7f0000002f40)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/282], 0x120)

10.442049774s ago: executing program 2 (id=2378):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, 0x0, &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f00000000c0)='./bus\x00', 0x0, &(0x7f0000000700)=ANY=[@ANYRES8=r2], 0x1, 0x217, &(0x7f00000004c0)="$eJzs3TFrE2EYB/CnttVSkGQQiiJ44uIUmop7ilQQA4qSQSeLTVGaWDAQ0KF180voV9DRVXAQV7+ACFIFF7t1ECL1YmNrYiM1OTG/35KH3Pu/e95LyEuGvLl1sr6ytNpY3tzciKmpsZgoRSm2xiIfh2I8Uo8CAPifbLVa8aWVyroXAGA4rP8AMHr6XP+vDrElAGDAfP8HgNFz/cbNy/Pl8sK1JJmKqD9uVpqV9DE9Pr8cd6MW1ZiNXHyNaO1I64uXyguzybaP+ajU19v59WZlfHe+GLnId88Xk9Tu/GRMt/PvpqMac5GLY93zc13zh+PsmZ+uX4hcvL0dq1GLpdjOdvJrxSS5cKW8J3/k+zgAAAAAAAAAAAAAAAAAAAAAABiEQrKj6/49hUKv42m+//2B9u7PMxEnJrKdOwAAAAAAAAAAAAAAAAAAAPwrGg8erizWatX7vyvuvXn2ar8xfRZj7ese9DwHL46e/vCk15jxP7s/f7d4eSrL29Jn8XrjzvFzjZnzmbUxGRG/PtPzrfU5FzGgfp5n+lr8mPW+g2eelhZfrL3/1O+Zh/5RBAAAAAAAAAAAAAAAAAAAI6/zo9+sOwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA7HT+/39wRdZzBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAbwEAAP//uSidyw==")
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r3, @ANYBLOB, @ANYRES8=r0, @ANYRES8], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffff00f687000000", @ANYRES32=r9, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000940)=@newqdisc={0x6c, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x40, 0x2, [@TCA_TBF_PBURST={0x8, 0x7, 0x1cdf}, @TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x81}}, @TCA_TBF_PRATE64={0xc, 0x5, 0xcb59372f370e8465}]}}]}, 0x6c}}, 0x0)

8.521159101s ago: executing program 0 (id=2382):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0)

8.520621362s ago: executing program 1 (id=2383):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000013007b8af8ff00000000bfa200000000000007020000fbffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x5, 0x9, 0x1, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000540)='inet_sock_set_state\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000540)='inet_sock_set_state\x00', r2}, 0x10)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10)

8.519913981s ago: executing program 2 (id=2384):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_QUERY(0x9, &(0x7f0000000280)={@cgroup=r0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)

8.519202361s ago: executing program 4 (id=2385):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f0000000040)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x5}}, {@journal_dev={'journal_dev', 0x3d, 0x8000}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@minixdf}, {@resgid}, {@grpquota}, {@usrjquota}]}, 0x3, 0x44a, &(0x7f0000000400)="$eJzs281vG0UbAPBn10n6vv1KKOWjpUCgQkR8JE1aoAcuIJA4FIEEh3IMTlpVdRvUBIlWFQ0IlQsSqgRnxBGJv4AbFwSckLjCHVWqoJcWTkG73m1t106b1rFD/ftJm8x4x555PDve2R07gIE1nv1JIrZGxG8RMVrPNhcYr/+7evls9e/LZ6tJrKy89WeSl7ty+Wy1LFo+b0uRmUgj0k+SopJmi6fPHJ+t1eZPFfmppRPvTS2ePvPssROzR+ePzp+cOXjwwP7pF56fea4rcWZxXdn94cKeXa+9c+H16uEL7/70bdbercX+xji6ZTwL/K+VXOu+J7pdWZ9ta0gnQ31sCGtSiYisu4bz8T8albjeeaPx6sd9bRywrrJz06bOu5dXgLtYEv1uAdAf5Yk+u/4ttx5NPTaESy/VL4CyuK8WW33PUKRFmeGW69tuGo+Iw8v/fJVtsU73IQAAGn1W/fJQPNNu/pfG/Q3lthdrKGMRcU9E7IiIeyNiZ0TcF5GXfSAiHlxj/a1LQzfOf9KLtxXYLcrmfy8Wa1vN879y9hdjlSK3LY9/ODlyrDa/r3hPJmJ4U5afXqWO71/59fNO+xrnf9mW1V/OBYt2XBxquUE3N7s0m09Ku+DSRxG7h9rFn1xbCUgiYldE7F7bS28vE8ee+mZPp0I3j38VXVhnWvk64sl6/y9HS/ylZPX1yan/RW1+31R5VNzo51/Ov9mp/juKvwuy/t/cfPy3FhlLGtdrF9dex/nfP+14TXO7x/9I8nbeLyPFYx/MLi2dmo4YSQ7l+abHZ64/t8yX5bP4J/a2H/87iudk9TwUEdlB/HBEPBIRjxZtfywiHo+IvavE/+PLnfdthP6fa/v5d+34b+n/tScqx3/4rlP9t9b/B/LURPFI/vl3E7fawDt57wAAAOC/Is2/A5+kk9fSaTo5Wf8O/87YnNYWFpeePrLw/sm5+nflx2I4Le90jTbcD51OlotXrOdninvF5f79xX3jLyr/z/OT1YXaXJ9jh0G3pcP4z/xR6XfrgHXXbh1tZqQPDQF6rnX8p83Zc2/0sjFAT/m9Ngyum4z/tFftAHrP+R8GV7vxf64lby0A7k7O/zC4jH8YXMY/DC7jHwbSnfyuX2KQE5FuiGZIrFOi359MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3fFvAAAA//+uEO7O")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(r0, 0x8004587d, &(0x7f0000000140)={0x2, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(r1, 0x8004587d, &(0x7f0000000140)={0x2, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0})

8.502358263s ago: executing program 2 (id=2386):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0))
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x1)
recvmmsg(r2, &(0x7f0000000740)=[{{&(0x7f00000005c0)=@tipc, 0x80, &(0x7f0000000400)=[{&(0x7f0000001740)=""/4096, 0x1000}, {&(0x7f0000000640)=""/251, 0xfb}], 0x2}}], 0x40002db, 0x2, 0x0)
ftruncate(0xffffffffffffffff, 0x800)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x19, &(0x7f0000000440)=0x808, 0x4)
ioctl$int_in(r4, 0x5452, &(0x7f0000000040)=0x401)
bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e21, @local}, 0x10)
connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$sock_int(r4, 0x1, 0x7, &(0x7f0000002180), 0x4)
sendto$inet(r4, &(0x7f0000000480)="fbbf0b5044e308cb7bd572aa2b42e9678bcf30eff9f3aed14dc94a114bd2b45956aebe2b108a87e865501a5f9e0383611afdd3f8bac3d5cfd7772a3ab48d0ba4b600731e357e38716c449fae7c28548a4f2105f44b8fd9b33041270ae01f1a405e3f650fc3b0926d481c364fca00000000000000006d3a3ede9fc738b8d86209c060161d5ddb5fcf3d09001117cdb9d055aa2d89fe3458720724853a876448d4a1fe9ef0569ad98a05ab5df763923b4e2c576e00000000000000000000000000000000002090666159e3075f7244cf4ec3d7814c0c934f44e200219e6dd7bc23397d5f2f2c76a5baddd0fd8c340362691ef226f7a0ac51b74b6be5ed6737948514cd466943d08eeb3895b80499da2b209da4f3ec5e3744ce3e863b0e04d0ec2f39edf50b6e08c4b47e448a35414763d687fbe3792ee15c5b9791310a346472723c100bf77a310b0ced8004b5ac6d48c40439f512e8ef34a53d65f55563f68136a577736ca5f6f66e01ef4ec2cdc8db34f6de50713adaa3f70189958263fddc1314f8a28ccdef6e1390c5fbaeadc3035d019f0dc75de307de6c0d010000000000000027083d1d5b4b013c503b863b560688d94de886b6dc73d5da2dfeff4bed1a49a975a6c8dbb480e4415ddca5657a5a8e3b111015499e952bb5e8d8f60de3d688df7802c6e8b27b31fac4e199038b79a3999920e634a5af162a9581b0e6647e410700246548234acacf9cb43ab332a37bbc926c39897395c974fda31536be523bf4260300730ae6136fecae5f0fa6ab2df8d98128b24589e3bbe5230e07dc5e0d65cc397e3f8204d48e59e8e294a6d7008ba8fba28cd5009fe1a7c569ce740078bf1c7389a6ba0f89257f0eac417aac0d2d89b05ee5dafa2f1d936c87264d077b2c0d5abdbc64ce943f895dd4c2e9dd7393543d89b00dc6b3a25045d4ec932366c67dfad087fa8dc104644828440bdf67dd97ebccb3bd", 0xfffffea5, 0xc000, 0x0, 0xfffffcef)
sendmsg$DEVLINK_CMD_SB_OCC_SNAPSHOT(0xffffffffffffffff, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000c00)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00002cbd7000fbdbdf251b0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00400000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00040000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0002000000080001007063690011000200303030303a30303a31302e300000000008000b00000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00ffffffff"], 0xd8}, 0x1, 0x0, 0x0, 0x20004000}, 0x40040)
recvmsg(r4, &(0x7f00000033c0)={&(0x7f00000003c0)=@ethernet={0x0, @dev}, 0x80, &(0x7f0000002040)=[{&(0x7f0000000080)=""/49, 0x31}, {&(0x7f0000000f80)=""/4096, 0xffffffe1}, {0x0}, {&(0x7f0000000100)=""/102, 0x66}, {&(0x7f00000021c0)=""/4096, 0x1000}], 0x5, &(0x7f0000001f80)=""/178, 0xb2}, 0x120)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00'}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x10, 0x16, &(0x7f0000000780)=ANY=[@ANYBLOB="61122400000000006113140000000000bf1000000000000015000200091b00003d030100000000008701000000000000bc26000000000000bf67000000000000560300000ee600f06702000014000000160300000ee600f0bf050000000000000f610000000000006507f4ff02000400070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe7030586e3f640f9f7e9a73b761ad4f0952a70046270d2b6436fdeecd791614ed46de741eb8cf91c046ef9beca574b350021c7ec6ef134f53748068ca432dae4e248b22b9ad8b2811f67916a1764578cba4b069037bfb3362d5691ac397f7e207145d970f0d97867552629b146645c785fb77dbeca38e49a9d5221f1f45f0a08890d04d91a15a05ae7e7ed6252c3d6c1973fb858de1da70d67317e7872b0603ce47ed2c1520e71b527bb42aa2e20e1e85df73736ed0a782ab7e7278dd54358cfdf6313d40f926332623625b49626481054787ab2dff85a9bebd6b317f26c691a65aa97bb3d1506a3a565e9c7ea5ad4611d2d77ee8a5c1b23814a26b6a20061fbb65bdd03770fa849f2a29ba69f90625f42592a70ba890f7a92878ae73574c3a233ee5954119931a1905210715fa77a8795f2fbec3797cb90f59fe8a4abec25f40c87bf25b750bbaa"], &(0x7f0000000100)='GPL\x00'}, 0x48)

8.491331784s ago: executing program 0 (id=2395):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, 0x0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x5, 0x4, 0x8, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
socket(0x1, 0x5, 0x0)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TCFLSH(r6, 0x400455c8, 0x0)
bind$bt_hci(r5, &(0x7f0000000140), 0x6)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f00000002c0))
ioctl$sock_bt_hci(r5, 0x800448d7, 0x0)

8.409522371s ago: executing program 1 (id=2387):
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000018bbdecde39739fcd1df176dde746ec834120600000000003b814e50a959736d6572462abc30ef5b65c70f73ecea54b5e5bea9836c319f653557e79a002208ce996dda659bd5ba0f4ce5c2080002223dc60000000000000044cd0a1e3686873600000000005493b4b81d5b9fa9b40fe4d76afc3a989c6d60044e89eb96e44d01a1034e3797ffa86870b82939f41ffa0f3d726f085663c29cbdc4c766a7eb77cc36160191acf5ae7469c82ab4145b595b987d75912a0fcd1c061835294cc0c618aba204f8adaa20c80108d356cd88cc86177056b06e7068c40f807d9e539f8f5b64a8ee0725aa8d00000000007cb6020d90ea79b8027cf75964dd86c2ed2b5e75779677aa8c76b848dd03dab190b5f02ec52830a17b01eaae1c3df076000000000000000000000000000083a48a6b926c668b9b90195018ea3619f9d80a0b894e212178e1a19909d764666264fa29e2c055fd7f8e67c2acfb75f0a8d41692f4542a575ee42ed94a0014fba44985cca9df12fe93bfaccf0122a6e7e593613ac0111701b125cc6799c43aa4ff708dc4a00a6decad26f0378072a571da000000b1a6bdf03fd56697e348b5b494f6fddb9f56142a47a40ef81690a7eca421bd0ad198afa58ce69d61c29deaa93c0efea0df04f20020ee84075b4e1a2ad43d1be1138de4668e7b6137545708790c501f1ed7f6a571d500000000000000"], 0x25, 0x5586, &(0x7f00000079c0)="$eJzs3EtvG2UXAOAzTtP71y9CLNh1pAopkWqrTi+CFQVacRGtKi4LVuDYruXW9kSx44SsumCJWPBPEEisWPIbWMASdogFiB0SyDMTaNoGSuM4avs80vjMHL8+874jK9KZiRzAU2sh/e2XJE7FsYiYi4iTSeT7SblF3Im4XIx9LiJOR0Tlri0p838lDkfE8Yg4NSle1EzKtz47Oz5z8ec3f/362yOHTnz+1XcHunDgQD0fEf3VYn+jX8SsU8RbZb4x7uaxf2FcxtUdNfpZkd9or+QVNhrb4xp5PN8pxmer68NJvNlrNCex072Z51cHxQmH4852nckH0luNtfy41V7JY3eY5bGzVZx3c6v427Y1HBV1WmW9j/LyMRptxyLf3mwX61m9ncfmYFTmi7pZq705ieMylqeLZtZr5fNYecSL/Bh4qztY30zH7bVhNxukF2v1F2r1S9X6WtZqj9oXqo1+69KFdLHTmwyrjtqN/uVOlnV67Voz6y+li51ms1qvp4tX2ivdxiCt12vna+eqF5fKvbPpa9ffS3utdHESX+kO1kfd3jC9ma2lxSeW0uXa+ReX0jP19J1rN9Ibb1+9eu3Gux9cef/6y9feeLUcdN+00sXlc8vL1fq56nJ96Sla/8flpP/D+pMHp3/4fm+XDQq7fMEA2N19/X/c2/+H/h+Yur30//3b5fH+9P/xMP1/TLP/n7RU+v9/738rB9D/zof+fx/XD3vyaP3/4anPAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAmftx/ovX852F4vhEmf9fmXqmPE4iohIRfzzAXBzeUXOurDO/y/j5e+bwTRJ5hck5jpTb8Yi4XG6//3+/rwIAAAA8ub68c/rTolsvXhYOekLMUnHTpnLywynVSyJifuGnKVWrTF6enVKx/Pt9KDanVC2/gXV0SsWKW26HplXtocztCEfvCkkRKjOdDgAAMBM7O4HZdiEAAADM0if/+O5LM5sHM5bE9qPM7WfB+X/e//1A8NiO9wAAAIDHUHLQEwAAAAD2Xd7/+/0/AAAAeLIVv/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf7JzP7lpA1EcgJ8Nhv5VUdV9r9IdHKNH6LLLwgF6CY5Ar9ALcAYiZZEjRBBhT5CcgBSJMU7Q90m2M+Po5xlg88bSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXbqpVrN/f77/PTdnuztPntkAAAAAx2yq1az+Y9K0P6b+z6nra2oXEVFGxLHafRCjVuYg5VQn/r96Mob/EXXCvn+cjg8R8SMd91+6/hQAAADgeq0Xy2lTrTentARw2++ouJBm0ab89DNTXhER1eQuU1q5P33LFFb/vofxO1NavYD1LlNYs+Q2PH5vlOshbYPW5XEm8/pLrFtlN88FAAD61K4ETlQhAAAAXIFffQ+AS3he2heH0+E947i5pBeC71stAAAA4A0q+h4AAAAA0Lm6/n9N+/8V9v8DAACA7Jr9/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjSplrN1ovl9NT9+Qtztrvz5JsRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLA/7ygQAmEQBnvXdyZz/8NKg4bGJlUgfPyNwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJvf/eX/xNQ4k8y9NpaeR5K1U2Pr1Ng7N47+ML5+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxf68pEAIBEEUzBn/O+n7H1YS9AwiREDDo4paNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwRb/75f/E1DiTzJ02lo5HkrWrxtZVY+9B4+jBePs3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxb799EZRhgEAf3anu1DUWKtpYtVgwkEvUhYEuRqjaTz4EUyassXqIgo9CGnEXryZnrkYPRpjoqm3fgfONOGCNw491MSTh5r5V2bbFRqUmUJ/v+Td99nZ4f23E9Jn3lkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABKm+/Gq+0iTtKXiTwuj93eWp5P641ddWp99c50WtK4VfO4nwCvVd8cn2puIAAAABweSZnfR8TdztpsWrcnsvy/U56T5vw/PJfHZT6/O+/f2Fo+Wnw0Xeb/v/9276WdjiaSrJ+00YXFQf/U3qGMPaYpHnjPP/SMsWzls3svSfaFtD9ceXGzk61n67tbt97vZuGROkYLADyKk2VdBOXfQ2nda3JgABwaY5XEu8z/k4lmxwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQh82VeKaMWxExPXY/Tm1sLc+Pqr9ZvTO9XpRzN2+uVttMm+hExMLioH+qxrkcXOVqXv9sbjDoX7l6re7geESM+OjG/v55Ugz/X8/pRsTQkRMvj2jn4330taudPUFxeUa9aziezu+hJ7eGjrT2LPh727kmLoC6gnbx/TyOLsZr/96Hg/La+/9brvm/IwAAnnqdoqSZ6N3O2mx6rDUZsf3jcP7/RiWOobx/+0Z+JH+/Xsn/731y7na1r2r+36tpfk+CmaVLX8xcvXb9rcVLcxf7F/ufv326907vzPmzZ8/PZPdKZhai7Y4JAAAA/0G3KNX8vz25d///WCWOB+z/51vCef7/5fe9r6t9JfL/ke5v+jU9EgAAgMOouxO98Ppff7ZGnNHqduOruaWlK738def96fy11uE+oiNFqeb/yWTTowIAAADqsLnSGtr/v1CJ4wH7/9Xn/5/96ZVfqm0mETEecTki+ifnLw8u1DedA62OHypnHXWbnikAAABNGS9Kdf+/kz3/39555KEdEW+eiPi7+A1/7DP/Tz749udqX9Xn/8/UOsuDpz2Vr0dWT0WMTTU9IgAAAJ5mR4uSJvt/dNZmP/312Eddz/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1O2fAAAA//+FVSwP")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1817c1, 0x0)
ioctl$F2FS_IOC_START_ATOMIC_WRITE(r0, 0xf501, 0x0)
pwritev2(r0, &(0x7f0000022e80)=[{&(0x7f0000000240)="8a", 0x1}], 0x1, 0x0, 0x0, 0x0)
ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r0, 0xf502, 0x0)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
ioctl$F2FS_IOC_START_ATOMIC_WRITE(r1, 0xf501, 0x0)
r2 = creat(&(0x7f0000000300)='./bus\x00', 0x0)
write$binfmt_elf64(r2, &(0x7f0000000000)=ANY=[], 0x7168)

5.408830806s ago: executing program 0 (id=2388):
socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0)
getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000180))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x2})
ioctl$TUNSETLINK(r5, 0x400454cd, 0x30a)
ioctl$TUNSETLINK(r5, 0x400454cd, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000020000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_emit_ethernet(0x66, &(0x7f0000000780)={@broadcast, @random="6487a2bed3d6", @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x6c, 0x0, @private}}}}}, 0x0)

5.407949616s ago: executing program 1 (id=2389):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="020a000002"], 0x10}}, 0x0)

5.407255146s ago: executing program 2 (id=2390):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, &(0x7f000000b000)={0x77359400}, &(0x7f0000048000), 0x0)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000001a80)=[{{&(0x7f0000000000)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000240)=""/118, 0x76}}], 0x1, 0x2, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2265640, 0x0, 0x0, 0x0, &(0x7f0000000000))
bpf$MAP_CREATE(0x0, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)

5.406697756s ago: executing program 4 (id=2391):
syz_read_part_table(0x5fd, &(0x7f0000000d00)="$eJzs2z9olGccB/DvxVzOP9B0cHKpcegkFMXRDFWSU7EQTqUQHLS1iJgpQuCkhwc6tBkUM0jHLlK4ReNkzOBQFIXORRxahAwuBV2kdshbrvc2rfaPR8kNxc9n+T338rvn+/zgWZ/wvzaUarkqar+VDz751/5i9I91O8c6E5MHi6IojiaVHE81Y9++s5hkOK/umh1JRv60z/WvNy9/+fxAtfP4yIv3T9ybH1rbs5Z3k2wZeePRa/1PyaDcGL8/evHSbP1y90e9tbL6cXLz2URj6fD8wuKh6v5T3e8Xkgdlf+9ibMq5NHM+Z3Ny+L+kVl7Jb3fzm+NnHtVbK191nuxa3Vbv3D699+X25St3dydz3Yip1/6XN9+vvqzNX+bPjV2dXmjt23lr67U9zTsPG083/Fz0lJHV9ckFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAwbozfH714abZ+uTl+5lG9tfLF9999dPPZRGPp8PzC4qGR/afKvgdlHS7ruTRzPmdzMjOZyWeZ7T9yuvKP+b9sTp7sWt1W79w+vffl5PKVu7vLvqn1GPZvvD7/3NjV6YXWvp23tl7b07zzsPF0Q69vppZPU+2tawM6CwAAAAAAAAAAAAAAAAAAAG+vicmD26c+bBxNKjm+MclPnw91vxflI/ff3+rvKOsPtWRTkusbk/bzA9XO4yMvRk7cm/+x7G+nlnaSLd8sHUveW8u58JfkyqBHow+/BgAA//8hVpWc")
sendmsg$unix(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=@base={0x1, 0x4, 0x7fe2, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000002000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
creat(&(0x7f0000000040)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r2 = open(&(0x7f00000005c0)='./bus\x00', 0x147842, 0x0)
preadv2(r2, &(0x7f0000000040)=[{&(0x7f0000001200)=""/4096, 0xfffffdef}], 0x1, 0x0, 0x0, 0x0)

5.330373433s ago: executing program 1 (id=2392):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)

3.014103773s ago: executing program 0 (id=2393):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000080850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r0}, 0x10)
quotactl_fd$Q_QUOTAON(0xffffffffffffffff, 0xffffffff80000200, 0x0, 0x0)

3.013521852s ago: executing program 1 (id=2394):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x2b57ff64}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x58, &(0x7f00000002c0)=0x2)
socket$nl_route(0x10, 0x3, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r4}, 0x10)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
r5 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000200)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x6128, '\x00', 0x0, 0xffffffffffffffff, 0x5}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x5, 0x2, 0x0, r5, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xf84}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
mount$incfs(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0)
r6 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$incfs(r6, &(0x7f0000000100)='.log\x00', 0x0, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_TDLS_MGMT(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)={0x110, r0, 0xfeb, 0x0, 0x0, {{0x15}, {@val={0x8}, @void}}, [@NL80211_ATTR_TDLS_INITIATOR={0x4}, @NL80211_ATTR_IE={0xd7, 0x2a, [@random={0x0, 0x98, "58169718a740cbdabe7615915ba0ccdb32ffe5107e0c12216f7af1e47843e7e5d993539a050eb7f723579f3fd462161b1c958d0a1967b83f7a594d647d0ffafe093ea9ff0f7e66129a650deb12e9fc4f5273ccbd5d120deb29b6211510e15eff05283dec25963228e7f559f0e01e026569e4616aa6a1f358288125976d75cce76467a6bb610cbea04447bc843aa27548fdfc763368828c09"}, @mesh_config={0x71, 0x7}, @rann={0x7e, 0x15}, @channel_switch={0x25, 0x3}, @link_id={0x65, 0x12, {@initial, @device_a, @broadcast}}]}, @NL80211_ATTR_STATUS_CODE={0x6}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}]}, 0x110}}, 0x0)

3.013181283s ago: executing program 2 (id=2396):
prlimit64(0x0, 0x0, &(0x7f0000000140)={0x0, 0x89}, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x4e, &(0x7f0000000040)=0x5)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000100)=[{0x80000006}]}, 0x10)
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x840, &(0x7f0000000540)={[{@test_dummy_encryption}]}, 0x1, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=")
socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000001afc180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b703000000090000850000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000e00000020000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000df0fcddd3f3067c300000000000000000000000000000000000000000000000000ffff6446070afff6000000000000200000000000000000000000000000000000000000000000000000050000"], 0xb8}}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000150001000000000000000000e00000020000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000008000"/103], 0xb8}}, 0x0)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mmap(&(0x7f0000a82000/0x4000)=nil, 0x4000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', <r8=>0x0})
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x40000, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="5400000010000104000000000200000000000000", @ANYRES32=r8, @ANYBLOB="0000faffffff000034001280110001006272696467655f736c617665000000001c000580050021000000000006001f0000000000080022"], 0x54}}, 0x0)

3.012640803s ago: executing program 4 (id=2403):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000010000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sys_enter\x00', r0}, 0x10)
rt_sigpending(0x0, 0x0)

2.990659634s ago: executing program 0 (id=2397):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x3, &(0x7f0000000000)=ANY=[@ANYRES16], &(0x7f0000000480)='syzkaller\x00'}, 0x90)
r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000040), 0x40, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000540)='./file2\x00', 0x808d, &(0x7f00000000c0), 0xfe, 0x504, &(0x7f0000000a80)="$eJzs3c9vG1kdAPDvTOJukmZxFjgsK7Gs2EVJBHWSDd2NOCwgITitBCz3EhI3iuLEVeLsNtEKUvUPQEIIkLjAiQsSfwAI9cQZIVWCOwIEQtDCgUNhkO1xmho7cVX/QM7nI73OD9v5fl/ceZ733sQTwKX1SkQsRESWZdliRBTz/Wle4qRZ6s97+OD9jXpJIsve+VsSSXPfTOtnPZcvr+Yvm4qIr34p4hvJ/8Y9ODreWa9Uyvv59lJtN3mUZcfXtnfXt8pb5b3V1ZU31t5cu7623Jd6zkXEW1/40/e+/ZMvvvXLT733+xt/Wfhms4JN9Xr1JVCbZtULjd9Fy2RE7A8i2IhMNmrYdH3EuQAAcL76+f4HI+LjEbEYxZhonM0BAAAA4yT77Gw8SprzfwAAAMB4SiNiNpK01LyMM2YjTUul5jW8H46ZtFI9qH0yK56OF8xFIb25XSkv59cOzEUhqW+v5NfYtrZfb9tejYgXIuK7xenGdmmjWtkc5cAHAAAAXCJXH/f/G38O+89is/8PAAAAjJm5UScAAAAADJz+PwAAAIw//X8AAAAYa19+++16yVr3v9589+hwp/rutc3ywU5p93CjtFHdv1Xaqla3Gt/Zt3vRz6tUq7c+HXuHt5dq5YPa0sHR8Y3d6uFe7cb2E7fABgAAAIbohY/d+10SESefmU5b+67ky0JENnH2yZNDTw8YoLR9x3mjdH8cbC7AcE2MOgFgZJ76lP5XvxhMIsDQFUadADByF7UDXYcFft3/XAAAgMGY/8jp/H+jxJn5/2SkmQGDls//J451uHzM/8Pl1cv83+LdISQCDF3hvDMAnQIYe2kPh/qzz/9n2VMlBQAA9N1soyRpKe8HzEaalkoRzzduC1BIbm5XyssR8YGI+G2x8Fx9e6XxysTwAAAAAAAAAAAAAAAAAAAAAAAAAAD0KMuSyAAAAICxFpH+Ocnv/zVffG22fXzgSvKvYmMZEe/98J3v316v1fZX6vv/frq/9oN8/+ujGMEAAAAA2rX66a1+PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD008MH72+0yjDj/vXzETHXKf5kTDWWU1GIiJl/JDF55nVJREz0If7JnYh4sVP8pJ5WzOVZtMdPI2J6xPGv9iE+XGb36u3P5zodf2m80lh2Pv4m8/Ksurd/6Wn7N9Gl/Xu+xxgv3f/ZUtf4dyJemuzc/rTiJ13iv9pj/K9/7fi422PZjyPmO37+JE/EWqrt3lo6ODq+tr27vlXeKu+trq68sfbm2vW15aWb25Vy/m/HGN/56M//c179Z7rEn7ug/q/1WP9/37/94EPN1ULbQ4X4UZYtvNr5/X+x+RtqOBu/9dn3ifxzoL4931o/aa6f9fJPf/PyefXf7FL/i97/hR7rv/iVu3/o8akAwBAcHB3vrFcq5f1xW7ny/5GGlfrKdAwx6Hp0fijN/8sPre7fygMOI9ZU32ONqEECAAAG5vFJfz6BAAAAAAAAAAAAAAAAAAAAAAzdRV8DFn34OrH2mCejqSoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwLn+GwAA//+6zNbf")
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x2, 0x2004, 0x5}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r4, <r5=>0xffffffffffffffff}, &(0x7f0000000b00), &(0x7f0000000300)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x80000000}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe50, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
r7 = syz_open_procfs$namespace(0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000480)={@cgroup=r7, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="4c00000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="0010000000000000240012800b000100697036"], 0x4c}}, 0x0)
r9 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$EXT4_IOC_GROUP_ADD(r9, 0xc0185879, &(0x7f0000000680)={0x3c9, 0x1000, 0x8b, 0x0, 0x0, 0xfff8, 0x2401})
ioctl$TIOCSSOFTCAR(r0, 0x541a, &(0x7f0000000080)=0x81)
prctl$PR_SCHED_CORE(0x3e, 0x4, 0x0, 0x3, &(0x7f0000000340))
openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x480, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000200)={'tunl0\x00', &(0x7f0000000100)={'syztnl0\x00', 0x0, 0x8000, 0x701, 0x5, 0x6, {{0x26, 0x4, 0x1, 0x3d, 0x98, 0x65, 0x0, 0x1, 0x4, 0x0, @multicast2, @broadcast, {[@ra={0x94, 0x4, 0x1}, @lsrr={0x83, 0x1b, 0xcc, [@rand_addr=0x64010100, @multicast1, @private=0xa010101, @remote, @empty, @local]}, @rr={0x7, 0x3, 0x78}, @lsrr={0x83, 0x7, 0xee, [@remote]}, @lsrr={0x83, 0x23, 0x2a, [@empty, @remote, @rand_addr=0x64010101, @initdev={0xac, 0x1e, 0x0, 0x0}, @empty, @initdev={0xac, 0x1e, 0x0, 0x0}, @local, @local]}, @lsrr={0x83, 0xb, 0x9d, [@private=0xa010102, @private=0xa010100]}, @generic={0x94, 0x11, "b1a10cd6bc87b3693990d8a1b1dd29"}, @lsrr={0x83, 0x7, 0x9d, [@multicast2]}, @rr={0x7, 0xf, 0xfd, [@broadcast, @private=0xa010102, @remote]}, @ra={0x94, 0x4}]}}}}})

2.990453705s ago: executing program 4 (id=2398):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48)
socket$inet_tcp(0x2, 0x1, 0x0)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x2001, 0x0)
clock_adjtime(0xffffffd3, &(0x7f0000000340)={0x6, 0x0, 0xfffffffffffffffd})

2.960098877s ago: executing program 4 (id=2399):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000040)={0x3, 0x4})

2.187654s ago: executing program 4 (id=2400):
r0 = syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000001100)='./file1\x00', 0x3014490, &(0x7f0000000100), 0x45, 0x7ce, &(0x7f0000000500)="$eJzs3c9rHNcdAPDvrFY/7VYqlLYuFBYKrcF4Vbmq3UKhKj2UQg2G5JRDbLFaC0crrdGujCVEYhMCuQSSkFty8Tk/LyHX/IDkkvwfwcZJZBOHHILC7A9pJe/aK0faje3PB8Z6b+fNvPfdN/P2STOeDeCxlUv/yUQciYiXk4jxxutJRAzWUtmImXq5OxvrhXRJYnPzia+TWpnbG+uFaNkmdaiR+V1EfPxCxLHM3fVWVtcWZkul4vKObVfXjl9YnJ0vzheXTk5NT5849bdTJ/cv1m+/WDt845X//vmdme+f/+27L32SxEwcTuOr2Y5jv+Qi14hrMH0Ld/jPflfWN+8/20WhTMTmZj2ZPegGsQfpqTnQ6JUjMR4D9+qf0V62DAA4KM9FOjPrYKDjGgDgoZbUP///1e92AAC90vw7wO2N9UJz6e9fJHrr5r8jYqQef/P6Zn1NtnHNbqR2HXTsdrLjykgSERP7UH8uIt744Om30iV2XU8FOEhXrkbEuYncjvF/IGoj3O57FvbqL+1fnm/N5HatNP5B73yYzn/+3m7+l9ma/0Sb+c9wm3P3Qdz//M9c34dqOkrnf/9subftTkv8DRMDjdwvanO+weT8hVIxHdt+GRFHY3A4zU/Vy7a9Q+borR9udaq/df73zavPvJnWn/7cLpG5nh3euc3cbHX2p8bddPNqxO+z7eJPx//hWv8nHea/Z7qs43//ePH1TuvS+NN4m8vd8R+szWsRf2rb/8lWmTQ1WV28OFlpd3/iZO1wmGweFG28NxNjnerPZbf7P13S+pu/C/RC2v9j945/Imm9X7PS9a63zoXPr41/1KlQ6/HfPv72x/9Q8mQtPdR47fJstbo8FTGU/P/u109sb9vMN8un8R/9Y/vzvzn+tTn+n0r3f67LNyJ746u3Hzz+g5XGP7en/t9zIkbuLAx0qr+7/p/esU0341+3DXzQ9w0AAAAAAAAAAAAAAAAAAAAAAAAA9iITEYcjyeS30plMPl//Du9fx1imVK5Uj50vryzNpetqzz/NNB91Od7yPNSpxvPwm/kTu/J/jYhfRcRrw6O1fL5QLs31O3gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaDjU4fv/U18O7yo80I8WAgAHYsQHOwA8bpJstt9NAAB6baTrkrmIGD3QtgAAvdH95z8A8Kjo/PnvwgAAPKru8/v/7v8GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHt15vTpdNn8bmO9kObnLq2uLJQvHZ8rVhbyiyuFfKG8fDE/Xy7Pl4r5Qnkxsh12dKX+o1QuX5yOpZXLk9VipTpZWV07u1heWaqevbA4O188WxzsYWwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0K3K6trC5nipuJwmZksSPU4sfFbvh59LeyT2logr9f7b1z1/evIPv0l32tcAY2h7lBjty9gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8DD4MQAA//+KvR+l")
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.numa_stat\x00', 0x275a, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r2, 0x8004587d, &(0x7f0000000080)={0x0, r2, 0x9, 0xa, 0x10, 0x8})
sendfile(r0, r1, 0x0, 0x95)

1.21019ms ago: executing program 0 (id=2401):
syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x0, &(0x7f00000004c0)={[{}]}, 0x1, 0x453, &(0x7f0000001040)="$eJzs3U9sFFUcB/DvbrslAbRg/IP4r4JKEaW2NUESTCTKSS4GE88NLYRYqKE1EUKMJh68eTHx7EG5eeTgyXjAoyZ48aaejJEYIvGk1sx2ly5lt3RD26nu55PM7pud132/mdffzO7ryzRAzxoqHirJ1iTfJxlcWL25wtDC0/VrF47/ee3C8Urm54/9XqnX++PahePNqs2f21I8VJPhalL9oJKH2rQ7e+78mxPT01NnG+sjc6ffGpk9d/7ZU6cnTk6dnDozeuDgC+OjB8bGx1dtX1+9+O6xLa+9dOSjySu/zVz86csi3q2Nba37sVqGMnTzsWzx1Go3VrL7WsqV/hIDoSt9SYruqtXzfzB9Wey8wXzzY6nBAWtqvrCp4+b35oH/sUrKjgAoR/NCX3z/bS7r9dmD8l09vPAFsOj3641lYUt/qo06tSXf71fTUJJDl458USxZo3EYAAAAgF721eEkz7Qb/6vm/pZ6RfmBJDuSPJhkZ1Kf1/NwkkeSPJrkseZ8oi4srb90/KfSaQINq+Lq4eRQY27XzeN/zdG/bOtrrN1VrKRWOXFqeuq5JHcnGU5tU7E+ukwbl7/957tO21rH/4qlaL85FtiI49f+JX+fnpyYm7iTfWbR1feTnf3t+r9yYyZQkYKPJ9nVzRvXFos/79p7slO12/c/a2n+02RP2/xvnHivHKw/LTM/c6R+PhhpnhVu9eHo2Cud2tf/5Sryf/Ny/Z9sq7TO153tvo3LOy692Glb9+f/Hz4rzv8DldfrAQ40Xn1nYm7u7GgyUDl66+tj3cf839b5Q1PzeDSPV9H/w7vbX//vaXm33UmeSPJkY+7ynvq1P9mb5Okk+5aJ5u+XD7zRaZv8L1fR/5Nt8//G1IAl+d994dD2T452an9l+f98/Rd6uPGKz3+3t9IOKjtOAAAAAAAAAFZHtX4PvEp1/41ytbp//8I9/O7N5ur0zOzcvhMzb5+ZXLhX3rbUqs2ZXoMt80FH6+XF9bEl6+NJtif5uO+vxp0HZqYny9556HFbOuR/4Ze+sqMD1pz7tULvWkH+19YjDmD9uf5D75L/0LvkP/Qu+Q+9S/5D75L/0LtWnv8DaxoHsP5c/6En3cl9/TZaoT8bIoy2heb8qZLCaP5L/g1yNDZm4fOvk3Voqy/JRtnlZQplnpUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANo5/AwAA//9EA9s8")
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
syz_mount_image$fuse(&(0x7f0000000140), &(0x7f00000001c0)='./file0\x00', 0x40000, &(0x7f0000000c40)=ANY=[], 0x1, 0x0, 0x0)
rmdir(&(0x7f00000002c0)='./file1\x00')

709.17µs ago: executing program 1 (id=2402):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)={0x58, 0x3, 0x1, 0x201, 0x0, 0x0, {0xa}, [@CTA_FILTER={0x14, 0x19, 0x0, 0x1, [@CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x500}, @CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0x2}]}, @CTA_TUPLE_ORIG={0x30, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @ipv4={'\x00', '\xff\xff', @multicast1}}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}]}]}, 0x58}}, 0x0)

0s ago: executing program 2 (id=2404):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x12, r0, 0x0)
r1 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r1, 0x29, 0x41, &(0x7f0000000fc0)={'filter\x00', 0x2, [{}, {}]}, 0x48)

kernel console output (not intermixed with test programs):

nal xattr inode
[  374.821200][ T7167] EXT4-fs error (device loop3): ext4_orphan_get:1401: comm syz.3.2015: couldn't read orphan inode 12 (err -117)
[  374.835030][ T7167] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  374.934167][   T24] usb 2-1: Using ep0 maxpacket: 8
[  374.959050][ T6517] EXT4-fs (loop4): unmounting filesystem.
[  375.940186][ T6590] EXT4-fs (loop3): unmounting filesystem.
[  376.084343][   T24] usb 2-1: New USB device found, idVendor=1a0a, idProduct=0103, bcdDevice=ad.1d
[  376.093374][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  376.101444][   T24] usb 2-1: Product: syz
[  376.105693][   T24] usb 2-1: Manufacturer: syz
[  376.110131][   T24] usb 2-1: SerialNumber: syz
[  376.119303][   T24] usb 2-1: config 0 descriptor??
[  376.161621][   T24] usb_ehset_test: probe of 2-1:0.0 failed with error -32
[  376.233831][   T19] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[  376.381767][   T24] usb 2-1: USB disconnect, device number 44
[  377.521790][ T7202] loop3: detected capacity change from 0 to 2048
[  377.531701][ T7202] EXT4-fs warning (device loop3): read_mmp_block:115: Error -117 while reading MMP block 63
[  377.888175][   T28] kauditd_printk_skb: 83 callbacks suppressed
[  377.888191][   T28] audit: type=1400 audit(2000000120.051:2132): avc:  denied  { create } for  pid=7203 comm="syz.2.2025" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  377.952305][ T7211] syz.4.2029[7211] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  377.952381][ T7211] syz.4.2029[7211] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  377.977282][ T7211] syz.4.2029[7211] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  378.000440][ T7206] mmap: syz.2.2025 (7206) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  378.004442][   T19] usb 1-1: unable to read config index 0 descriptor/start: -71
[  378.033523][ T7211] syz.4.2029[7211] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  378.058118][ T7215] loop4: detected capacity change from 0 to 512
[  378.081729][   T19] usb 1-1: can't read configurations, error -71
[  378.240881][ T7215] EXT4-fs (loop4): 1 orphan inode deleted
[  378.246519][ T7215] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  378.255477][ T7215] ext4 filesystem being mounted at /36/file1 supports timestamps until 2038 (0x7fffffff)
[  378.360860][ T7225] device pim6reg1 entered promiscuous mode
[  378.387779][   T24] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  378.476481][   T28] audit: type=1400 audit(2000000120.603:2133): avc:  denied  { setopt } for  pid=7203 comm="syz.2.2025" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  378.511535][ T6517] EXT4-fs (loop4): unmounting filesystem.
[  378.584468][   T28] audit: type=1400 audit(2000000120.697:2134): avc:  denied  { write } for  pid=7230 comm="syz.4.2033" name="nf_conntrack" dev="proc" ino=4026533045 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[  378.603545][ T7231] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  378.632152][ T7231] loop4: detected capacity change from 0 to 512
[  378.656488][ T7231] Quota error (device loop4): do_check_range: Getting dqdh_entries 1536 out of range 0-14
[  378.666347][ T7231] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[  378.676345][ T7231] EXT4-fs error (device loop4): ext4_acquire_dquot:6764: comm syz.4.2033: Failed to acquire dquot type 1
[  378.692662][   T24] usb 4-1: Using ep0 maxpacket: 16
[  378.697802][ T7231] EXT4-fs (loop4): 1 truncate cleaned up
[  378.703629][ T7231] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  378.712389][ T7231] ext4 filesystem being mounted at /39/file0 supports timestamps until 2038 (0x7fffffff)
[  378.731068][ T7231] Quota error (device loop4): do_check_range: Getting dqdh_entries 1536 out of range 0-14
[  378.740928][ T7231] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[  378.750922][ T7231] EXT4-fs error (device loop4): ext4_acquire_dquot:6764: comm syz.4.2033: Failed to acquire dquot type 1
[  378.770011][ T6517] EXT4-fs (loop4): unmounting filesystem.
[  378.842469][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  378.865300][ T7237] loop4: detected capacity change from 0 to 1024
[  378.880303][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  378.887694][ T7237] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  378.899501][   T24] usb 4-1: New USB device found, idVendor=17ef, idProduct=6009, bcdDevice= 0.00
[  378.912937][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  378.971348][   T28] audit: type=1400 audit(2000000121.062:2135): avc:  denied  { map } for  pid=7236 comm="syz.4.2034" path="/40/file1/bus" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  378.984293][   T24] usb 4-1: config 0 descriptor??
[  379.015673][ T6517] EXT4-fs (loop4): unmounting filesystem.
[  379.021531][   T28] audit: type=1400 audit(2000000121.062:2136): avc:  denied  { remove_name } for  pid=7236 comm="syz.4.2034" name="file2" dev="loop4" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  379.042438][ T7249] loop0: detected capacity change from 0 to 128
[  379.057176][ T7251] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2040'.
[  379.065910][   T28] audit: type=1400 audit(2000000121.062:2137): avc:  denied  { rename } for  pid=7236 comm="syz.4.2034" name="file2" dev="loop4" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  379.348558][ T7255] loop4: detected capacity change from 0 to 16
[  379.362068][ T7255] erofs: (device loop4): mounted with root inode @ nid 36.
[  379.408945][  T667] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  379.506314][   T24] lenovo 0003:17EF:6009.0050: item fetching failed at offset 1/5
[  379.513984][   T24] lenovo 0003:17EF:6009.0050: hid_parse failed
[  379.519971][   T24] lenovo: probe of 0003:17EF:6009.0050 failed with error -22
[  379.665496][  T667] usb 2-1: Using ep0 maxpacket: 8
[  379.739765][   T19] usb 4-1: USB disconnect, device number 40
[  379.793847][  T667] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  379.805260][  T667] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  379.816104][  T667] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  379.833293][  T667] usb 2-1: New USB device found, idVendor=1b96, idProduct=0010, bcdDevice= 0.00
[  379.844255][  T667] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  379.874912][  T667] usb 2-1: config 0 descriptor??
[  380.227556][ T7278] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2049'.
[  380.611149][  T667] ntrig 0003:1B96:0010.0051: item fetching failed at offset 5/7
[  380.620616][  T667] ntrig 0003:1B96:0010.0051: parse failed
[  380.626221][  T667] ntrig: probe of 0003:1B96:0010.0051 failed with error -22
[  380.663052][   T24] usb 2-1: USB disconnect, device number 45
[  380.766650][   T19] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  380.910235][ T7294] loop0: detected capacity change from 0 to 256
[  380.922743][ T7294] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  381.023216][   T19] usb 5-1: Using ep0 maxpacket: 16
[  381.686081][   T19] usb 5-1: config 0 has no interfaces?
[  382.188541][   T24] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  382.399829][ T7314] loop0: detected capacity change from 0 to 1024
[  382.434603][   T19] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  382.452933][   T19] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  382.461775][   T19] usb 5-1: Product: syz
[  382.462680][ T7314] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  382.465978][   T19] usb 5-1: Manufacturer: syz
[  382.481162][   T19] usb 5-1: SerialNumber: syz
[  382.487850][   T24] usb 4-1: Using ep0 maxpacket: 8
[  382.588417][   T19] r8152-cfgselector 5-1: config 0 descriptor??
[  382.638776][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  382.658998][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  382.673700][   T24] usb 4-1: New USB device found, idVendor=06a3, idProduct=0ccd, bcdDevice= 0.00
[  382.688446][ T7320] device wireguard0 entered promiscuous mode
[  382.706243][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  382.721954][   T24] usb 4-1: config 0 descriptor??
[  382.873659][    T8] usb 5-1: config 0 descriptor??
[  382.900516][ T7329] xt_hashlimit: Unknown mode mask FF0, kernel too old?
[  382.917655][ T7107] EXT4-fs (loop0): unmounting filesystem.
[  383.002217][ T7335] loop0: detected capacity change from 0 to 16
[  383.008691][ T7335] erofs: (device loop0): mounted with root inode @ nid 36.
[  383.017252][ T7335] erofs: (device loop0): z_erofs_do_map_blocks: invalid logical cluster 0 at nid 36
[  383.026710][ T7335] erofs: (device loop0): z_erofs_read_folio: failed to read, err [-117]
[  383.035875][ T7335] erofs: (device loop0): z_erofs_do_map_blocks: invalid logical cluster 0 at nid 36
[  383.045124][ T7335] erofs: (device loop0): z_erofs_read_folio: failed to read, err [-117]
[  383.053631][ T7335] erofs: (device loop0): z_erofs_do_map_blocks: invalid logical cluster 0 at nid 36
[  383.054464][  T401] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  383.062953][ T7335] erofs: (device loop0): z_erofs_read_folio: failed to read, err [-117]
[  383.095866][  T667] usb 5-1: USB disconnect, device number 38
[  383.101660][    T8] usb 5-1: can't set config #0, error -71
[  383.193163][ T7341] loop1: detected capacity change from 0 to 512
[  383.199835][ T7341] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  383.211316][ T7341] EXT4-fs (loop1): 1 truncate cleaned up
[  383.216964][ T7341] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  383.278481][   T24] saitek 0003:06A3:0CCD.0052: unknown main item tag 0x0
[  383.285791][   T24] saitek 0003:06A3:0CCD.0052: unknown main item tag 0x0
[  383.292734][   T24] saitek 0003:06A3:0CCD.0052: item fetching failed at offset 2/11
[  383.301254][   T24] saitek 0003:06A3:0CCD.0052: parse failed
[  383.306942][   T24] saitek: probe of 0003:06A3:0CCD.0052 failed with error -22
[  383.344364][  T401] usb 3-1: Using ep0 maxpacket: 16
[  383.988114][   T28] kauditd_printk_skb: 36 callbacks suppressed
[  383.988149][   T28] audit: type=1400 audit(2000000125.757:2174): avc:  denied  { mounton } for  pid=7340 comm="syz.1.2066" path="/106/file1/file0" dev="loop1" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  384.093652][   T39] usb 4-1: USB disconnect, device number 41
[  384.222520][   T28] audit: type=1400 audit(2000000125.813:2175): avc:  denied  { mounton } for  pid=7340 comm="syz.1.2066" path="/106/file1/file0" dev="incremental-fs" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  384.225133][  T401] usb 3-1: config 0 has no interfaces?
[  384.246709][   T28] audit: type=1400 audit(2000000125.823:2176): avc:  denied  { write } for  pid=7340 comm="syz.1.2066" path="/106/file1/file0/file0" dev="incremental-fs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  384.277342][ T5595] EXT4-fs (loop1): unmounting filesystem.
[  384.301137][ T7355] loop1: detected capacity change from 0 to 1024
[  384.308642][ T7355] EXT4-fs: Ignoring removed orlov option
[  384.314367][ T7355] EXT4-fs (loop1): Test dummy encryption mode enabled
[  384.321251][   T28] audit: type=1400 audit(2000000125.832:2177): avc:  denied  { append } for  pid=7340 comm="syz.1.2066" name="001" dev="devtmpfs" ino=162 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  384.344788][   T28] audit: type=1400 audit(2000000126.010:2178): avc:  denied  { rmdir } for  pid=7340 comm="syz.1.2066" name=".index" dev="loop1" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[  384.346158][ T7355] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  384.402781][   T28] audit: type=1400 audit(2000000126.150:2179): avc:  denied  { unlink } for  pid=7354 comm="syz.1.2069" name="file0" dev="loop1" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  384.449911][ T7357] loop0: detected capacity change from 0 to 40427
[  384.460088][ T5595] EXT4-fs (loop1): unmounting filesystem.
[  384.465757][  T401] usb 3-1: New USB device found, idVendor=0525, idProduct=9ea1, bcdDevice= 0.40
[  384.474668][ T7357] F2FS-fs (loop0): Invalid SB checksum offset: 0
[  384.480839][  T401] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  384.488663][ T7357] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[  384.497046][  T401] usb 3-1: Product: syz
[  384.501314][  T401] usb 3-1: Manufacturer: syz
[  384.505714][  T401] usb 3-1: SerialNumber: syz
[  384.510799][  T401] usb 3-1: config 0 descriptor??
[  384.519218][ T7357] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[  384.549846][ T7357] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0
[  384.556822][ T7357] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  384.828312][ T7370] syz.0.2070: attempt to access beyond end of device
[  384.828312][ T7370] loop0: rw=2049, sector=53248, nr_sectors = 8 limit=40427
[  384.858597][ T7370] syz.0.2070: attempt to access beyond end of device
[  384.858597][ T7370] loop0: rw=2049, sector=53256, nr_sectors = 64 limit=40427
[  384.920600][   T28] audit: type=1400 audit(2000000126.627:2180): avc:  denied  { write } for  pid=7364 comm="syz.1.2083" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  384.943139][ T7371] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2083'.
[  384.994332][   T28] audit: type=1400 audit(2000000126.646:2181): avc:  denied  { nlmsg_write } for  pid=7364 comm="syz.1.2083" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  385.023585][ T7372] loop1: detected capacity change from 0 to 256
[  385.289211][ T7107] syz-executor: attempt to access beyond end of device
[  385.289211][ T7107] loop0: rw=2049, sector=45096, nr_sectors = 24 limit=40427
[  385.405766][ T7378] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  386.198683][ T7383] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[  386.450247][   T28] audit: type=1400 audit(2000000128.058:2182): avc:  denied  { write } for  pid=7359 comm="syz.4.2071" name="001" dev="devtmpfs" ino=165 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  386.510547][ T7367] netlink: 'syz.4.2071': attribute type 3 has an invalid length.
[  386.518213][ T7367] netlink: 'syz.4.2071': attribute type 3 has an invalid length.
[  386.752003][ T7390] loop4: detected capacity change from 0 to 2048
[  386.797147][ T7390]  loop4: p1 < > p4
[  386.806950][ T7390] loop4: p4 size 8388608 extends beyond EOD, truncated
[  386.826881][   T28] audit: type=1400 audit(2000000128.414:2183): avc:  denied  { mounton } for  pid=7389 comm="syz.4.2076" path="/47/bus" dev="tmpfs" ino=278 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  386.881861][ T6945] udevd[6945]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory
[  386.882033][ T6944] udevd[6944]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory
[  386.961116][ T7401] loop3: detected capacity change from 0 to 512
[  386.971189][ T7401] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  386.984520][ T7401] EXT4-fs (loop3): 1 truncate cleaned up
[  386.998026][ T7401] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  387.033746][  T425] usb 3-1: USB disconnect, device number 38
[  387.202509][  T312] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  388.211544][   T29] INFO: task syz.2.617:2523 blocked for more than 228 seconds.
[  388.220798][ T7420] incfs: Can't find or create .incomplete dir in ./file0
[  388.231470][ T7420] incfs: mount failed -17
[  388.250800][ T7427] loop1: detected capacity change from 0 to 128
[  388.379449][   T29]       Tainted: G        W          6.1.90-syzkaller-00005-g8288de83062c #0
[  388.388074][   T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  388.396600][   T29] task:syz.2.617       state:D stack:24504 pid:2523  ppid:1862   flags:0x00004004
[  388.405932][   T29] Call Trace:
[  388.409014][   T29]  <TASK>
[  388.411840][   T29]  __schedule+0xca7/0x1550
[  388.416092][   T29]  ? release_firmware_map_entry+0x191/0x191
[  388.421790][   T29]  ? blk_check_plugged+0x260/0x260
[  388.426728][   T29]  ? __kasan_check_write+0x14/0x20
[  388.431657][   T29]  ? _raw_spin_lock_irq+0xa5/0x1b0
[  388.436622][   T29]  schedule+0xc3/0x180
[  388.440525][   T29]  io_schedule+0x8f/0x120
[  388.444682][   T29]  folio_wait_bit_common+0x847/0xb80
[  388.449793][   T29]  ? folio_wait_bit+0x30/0x30
[  388.454318][   T29]  ? erofs_map_dev+0x6c4/0x7e0
[  388.458907][   T29]  ? migration_entry_wait_on_locked+0x860/0x860
[  388.465139][   T29]  ? __kasan_check_write+0x14/0x20
[  388.470084][   T29]  ? _raw_spin_lock+0xa4/0x1b0
[  388.474708][   T29]  ? _raw_spin_trylock_bh+0x190/0x190
[  388.479892][   T29]  __folio_lock+0x1e/0x30
[  388.484055][   T29]  z_erofs_runqueue+0xafa/0x1a40
[  388.488877][   T29]  ? __kasan_check_write+0x14/0x20
[  388.493820][   T29]  ? z_erofs_do_read_page+0x3b70/0x3b70
[  388.499183][   T29]  ? __mutex_lock_slowpath+0x10/0x10
[  388.504282][   T29]  z_erofs_readahead+0x8e2/0xbb0
[  388.509068][   T29]  ? z_erofs_read_folio+0x5f0/0x5f0
[  388.514089][   T29]  ? memset+0x35/0x40
[  388.517926][   T29]  ? blk_start_plug+0x9c/0x130
[  388.522507][   T29]  read_pages+0x1be/0xd40
[  388.526670][   T29]  ? workingset_activation+0x430/0x430
[  388.531981][   T29]  ? folio_add_lru+0x280/0x3f0
[  388.536564][   T29]  ? page_cache_ra_unbounded+0x690/0x690
[  388.542046][   T29]  ? filemap_add_folio+0x18f/0x200
[  388.547068][   T29]  ? __filemap_add_folio+0xd10/0xd10
[  388.552212][   T29]  page_cache_ra_unbounded+0x4c1/0x690
[  388.557488][   T29]  ? readahead_gfp_mask+0x190/0x190
[  388.562533][   T29]  force_page_cache_ra+0x2c2/0x330
[  388.567467][   T29]  generic_fadvise+0x501/0x790
[  388.572076][   T29]  ? __this_cpu_preempt_check+0x13/0x20
[  388.577446][   T29]  ? oom_evaluate_task+0x520/0x520
[  388.582411][   T29]  ? __fdget+0x1b7/0x240
[  388.586473][   T29]  __x64_sys_fadvise64+0x13f/0x180
[  388.591428][   T29]  x64_sys_call+0x5ca/0x9a0
[  388.595776][   T29]  do_syscall_64+0x3b/0xb0
[  388.600009][   T29]  ? clear_bhb_loop+0x55/0xb0
[  388.604537][   T29]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  388.610250][   T29] RIP: 0033:0x7f55aff799f9
[  388.614526][   T29] RSP: 002b:00007f55b0d25038 EFLAGS: 00000246 ORIG_RAX: 00000000000000dd
[  388.622756][   T29] RAX: ffffffffffffffda RBX: 00007f55b0115f80 RCX: 00007f55aff799f9
[  388.630922][   T29] RDX: 0000000000000000 RSI: 0000000000e0ffff RDI: 0000000000000005
[  388.638736][   T29] RBP: 00007f55affe78ee R08: 0000000000000000 R09: 0000000000000000
[  388.646542][   T29] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000
[  388.654342][   T29] R13: 0000000000000000 R14: 00007f55b0115f80 R15: 00007ffec33215f8
[  388.662172][   T29]  </TASK>
[  388.667961][ T6590] EXT4-fs error (device loop3): ext4_lookup:1855: inode #11: comm syz-executor: iget: bad extra_isize 46 (inode size 256)
[  388.681775][   T29] NMI backtrace for cpu 1
[  388.685490][ T7432] loop1: detected capacity change from 0 to 1024
[  388.685915][   T29] CPU: 1 PID: 29 Comm: khungtaskd Tainted: G        W          6.1.90-syzkaller-00005-g8288de83062c #0
[  388.700686][ T7432] EXT4-fs: Ignoring removed nomblk_io_submit option
[  388.702926][   T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  388.710717][ T6590] EXT4-fs (loop3): Remounting filesystem read-only
[  388.719503][   T29] Call Trace:
[  388.719511][   T29]  <TASK>
[  388.719518][   T29]  dump_stack_lvl+0x151/0x1b7
[  388.719547][   T29]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[  388.719572][   T29]  dump_stack+0x15/0x1a
[  388.745545][   T29]  nmi_cpu_backtrace+0x2e4/0x2f0
[  388.750407][   T29]  ? nmi_trigger_cpumask_backtrace+0x3c0/0x3c0
[  388.756390][   T29]  ? sched_show_task+0x3d8/0x620
[  388.761163][   T29]  ? nmi_trigger_cpumask_backtrace+0x114/0x3c0
[  388.767153][   T29]  ? arch_trigger_cpumask_backtrace+0x20/0x20
[  388.773054][   T29]  nmi_trigger_cpumask_backtrace+0x19b/0x3c0
[  388.778963][   T29]  ? arch_trigger_cpumask_backtrace+0x20/0x20
[  388.785011][   T29]  arch_trigger_cpumask_backtrace+0x10/0x20
[  388.790737][   T29]  watchdog+0xdb0/0xf20
[  388.794734][   T29]  ? __kasan_check_write+0x14/0x20
[  388.799679][   T29]  ? hungtask_pm_notify+0x50/0x50
[  388.804537][   T29]  ? __kasan_check_read+0x11/0x20
[  388.809396][   T29]  ? __kthread_parkme+0x12d/0x180
[  388.814257][   T29]  kthread+0x26d/0x300
[  388.818162][   T29]  ? hungtask_pm_notify+0x50/0x50
[  388.823021][   T29]  ? kthread_blkcg+0xd0/0xd0
[  388.827446][   T29]  ret_from_fork+0x1f/0x30
[  388.831702][   T29]  </TASK>
[  388.834712][   T29] Sending NMI from CPU 1 to CPUs 0:
[  388.839787][    C0] NMI backtrace for cpu 0
[  388.839799][    C0] CPU: 0 PID: 32 Comm: kcompactd0 Tainted: G        W          6.1.90-syzkaller-00005-g8288de83062c #0
[  388.839817][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  388.839827][    C0] RIP: 0010:__switch_to_asm+0x35/0x60
[  388.839848][    C0] Code: 89 a7 d8 0e 00 00 48 8b a6 d8 0e 00 00 48 8b 9e f8 05 00 00 65 48 89 1c 25 28 00 00 00 49 c7 c4 10 00 00 00 e8 01 00 00 00 cc <e8> 01 00 00 00 cc 48 83 c4 10 49 ff cc 75 eb 0f ae e8 41 5f 41 5e
[  388.839862][    C0] RSP: 0018:ffffc900009579c0 EFLAGS: 00000002
[  388.839877][    C0] RAX: 0000000000000000 RBX: c41cfa80a6e00f00 RCX: ffffffff87971003
[  388.839889][    C0] RDX: 0000000000000000 RSI: ffff88810eb03cc0 RDI: ffff888100823cc0
[  388.839900][    C0] RBP: ffffc9000021f9e0 R08: dffffc0000000000 R09: ffffed1021d12578
[  388.839912][    C0] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000001
[  388.839923][    C0] R13: dffffc0000000000 R14: ffff888100823cc0 R15: ffff888119765900
[  388.839935][    C0] FS:  0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[  388.839949][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  388.839961][    C0] CR2: 0000001b2fd1aff8 CR3: 000000010facd000 CR4: 00000000003526b0
[  388.839975][    C0] Call Trace:
[  388.839981][    C0]  <NMI>
[  388.839987][    C0]  ? show_regs+0x58/0x60
[  388.840003][    C0]  ? nmi_cpu_backtrace+0x285/0x2f0
[  388.840021][    C0]  ? nmi_trigger_cpumask_backtrace+0x3c0/0x3c0
[  388.840039][    C0]  ? __switch_to_asm+0x35/0x60
[  388.840055][    C0]  ? __switch_to_asm+0x35/0x60
[  388.840070][    C0]  ? nmi_cpu_backtrace_handler+0xc/0x20
[  388.840087][    C0]  ? nmi_handle+0xa7/0x280
[  388.840103][    C0]  ? __switch_to_asm+0x35/0x60
[  388.840119][    C0]  ? default_do_nmi+0x69/0x160
[  388.840135][    C0]  ? exc_nmi+0xad/0x100
[  388.840149][    C0]  ? end_repeat_nmi+0x16/0x31
[  388.840168][    C0]  ? __switch_to_asm+0x35/0x60
[  388.840184][    C0]  ? __switch_to_asm+0x35/0x60
[  388.840200][    C0]  ? __switch_to_asm+0x35/0x60
[  388.840216][    C0]  </NMI>
[  388.841013][ T6590] EXT4-fs error (device loop3): ext4_lookup:1855: inode #11: comm syz-executor: iget: bad extra_isize 46 (inode size 256)
[  388.869461][ T7432] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  388.955637][  T425] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  388.958956][ T7432] EXT4-fs (loop1): Test dummy encryption mode enabled
[  389.070392][ T7432] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  389.094605][  T312] usb 5-1: Using ep0 maxpacket: 32
[  389.107340][ T6590] EXT4-fs (loop3): unmounting filesystem.
[  389.126859][ T5595] EXT4-fs (loop1): unmounting filesystem.
[  389.222973][  T312] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[  389.283658][ T7446] bridge0: port 1(bridge_slave_0) entered blocking state
[  389.290810][ T7446] bridge0: port 1(bridge_slave_0) entered disabled state
[  389.298547][ T7446] device bridge_slave_0 entered promiscuous mode
[  389.307840][ T7446] bridge0: port 2(bridge_slave_1) entered blocking state
[  389.339423][ T7446] bridge0: port 2(bridge_slave_1) entered disabled state
[  389.403210][   T28] kauditd_printk_skb: 13 callbacks suppressed
[  389.403326][   T28] audit: type=1400 audit(2000000130.790:2197): avc:  denied  { map } for  pid=7444 comm="syz.0.2097" path="socket:[53103]" dev="sockfs" ino=53103 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  389.458513][  T425] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  389.482266][ T7446] device bridge_slave_1 entered promiscuous mode
[  389.495496][  T425] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  389.512447][   T28] audit: type=1400 audit(2000000130.799:2198): avc:  denied  { read } for  pid=7444 comm="syz.0.2097" path="socket:[53103]" dev="sockfs" ino=53103 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  389.574538][ T7446] bridge0: port 2(bridge_slave_1) entered blocking state
[  389.581497][ T7446] bridge0: port 2(bridge_slave_1) entered forwarding state
[  389.588592][ T7446] bridge0: port 1(bridge_slave_0) entered blocking state
[  389.595371][ T7446] bridge0: port 1(bridge_slave_0) entered forwarding state
[  389.596063][   T28] audit: type=1400 audit(2000000131.005:2199): avc:  denied  { bind } for  pid=7456 comm="syz.1.2101" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  389.629303][  T425] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  389.638195][  T425] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  389.639894][  T312] usb 5-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  389.646269][  T425] usb 3-1: SerialNumber: syz
[  389.662082][  T312] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  389.670123][  T312] usb 5-1: Product: syz
[  389.674716][  T312] usb 5-1: Manufacturer: syz
[  389.679553][  T312] usb 5-1: SerialNumber: syz
[  389.679814][   T28] audit: type=1326 audit(2000000131.080:2200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7456 comm="syz.1.2101" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd47ad799f9 code=0x0
[  389.684575][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  389.713827][  T312] usb 5-1: config 0 descriptor??
[  389.718979][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  389.727102][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  389.735825][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  389.743807][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  389.757695][  T312] hub 5-1:0.0: bad descriptor, ignoring hub
[  389.762290][ T7446] device veth0_vlan entered promiscuous mode
[  389.769313][  T312] hub: probe of 5-1:0.0 failed with error -5
[  389.775195][ T2901] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  389.785615][ T2901] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  389.793825][ T2901] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  389.801143][ T2901] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  389.815864][  T401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  389.824571][ T7446] device veth1_macvtap entered promiscuous mode
[  389.834462][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  389.844005][ T2901] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  389.939874][    T8] device bridge_slave_1 left promiscuous mode
[  389.945856][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[  389.953358][    T8] device bridge_slave_0 left promiscuous mode
[  389.959341][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[  389.967194][    T8] device veth1_macvtap left promiscuous mode
[  389.973116][    T8] device veth0_vlan left promiscuous mode
[  389.994730][  T425] usb 3-1: 0:2 : does not exist
[  389.995291][ T7399] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  390.000324][  T425] usb 3-1: unit 255 not found!
[  390.008008][ T7399] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  390.029005][   T28] audit: type=1400 audit(2000000131.407:2201): avc:  denied  { mounton } for  pid=7398 comm="syz.4.2081" path="/proc/131/task" dev="proc" ino=53585 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  390.089788][ T7464] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  390.098052][ T7464] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  390.174395][ T2903] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[  390.363324][   T28] audit: type=1400 audit(2000000131.641:2202): avc:  denied  { write } for  pid=7465 comm="syz.0.2102" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  390.382779][  T425] usb 3-1: 5:0: cannot get min/max values for control 2 (id 5)
[  390.401520][ T2901] usb 5-1: USB disconnect, device number 39
[  390.417412][   T28] audit: type=1400 audit(2000000131.678:2203): avc:  denied  { ioctl } for  pid=7465 comm="syz.0.2102" path="socket:[53248]" dev="sockfs" ino=53248 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  390.430645][  T425] usb 3-1: USB disconnect, device number 39
[  390.442416][   T28] audit: type=1400 audit(2000000131.706:2204): avc:  denied  { bind } for  pid=7465 comm="syz.0.2102" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  390.467298][   T28] audit: type=1400 audit(2000000131.716:2205): avc:  denied  { write } for  pid=7465 comm="syz.0.2102" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  390.488592][ T7470] loop1: detected capacity change from 0 to 512
[  390.507630][ T7470] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  390.516619][ T7470] ext4 filesystem being mounted at /116/file1 supports timestamps until 2038 (0x7fffffff)
[  390.517622][   T28] audit: type=1400 audit(2000000131.875:2206): avc:  denied  { write } for  pid=84 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  390.559249][ T2903] usb 4-1: Using ep0 maxpacket: 16
[  390.708988][ T2903] usb 4-1: config 0 has no interfaces?
[  391.136953][ T2903] usb 4-1: New USB device found, idVendor=0525, idProduct=9ea1, bcdDevice= 0.40
[  391.177607][ T2903] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  391.193080][ T2903] usb 4-1: Product: syz
[  391.201645][ T2903] usb 4-1: Manufacturer: syz
[  391.206108][ T2903] usb 4-1: SerialNumber: syz
[  391.211189][ T2903] usb 4-1: config 0 descriptor??
[  391.307677][ T7483] EXT4-fs warning (device sda1): verify_group_input:151: Cannot add at group 925 (only 8 groups)
[  391.431347][ T5595] EXT4-fs (loop1): unmounting filesystem.
[  391.720572][ T7494] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  392.715877][ T7493] loop1: detected capacity change from 0 to 512
[  392.760349][ T7493] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  392.769270][ T7493] ext4 filesystem being mounted at /118/bus/file1 supports timestamps until 2038 (0x7fffffff)
[  392.931128][ T5595] EXT4-fs (loop1): unmounting filesystem.
[  393.453013][ T7509] xt_l2tp: v2 doesn't support IP mode
[  393.877538][ T7509] xt_SECMARK: invalid mode: 0
[  393.908067][ T7511] device batadv_slave_0 entered promiscuous mode
[  394.205472][  T312] usb 4-1: USB disconnect, device number 42
[  394.276728][ T7516] loop3: detected capacity change from 0 to 512
[  394.290900][ T7516] EXT4-fs (loop3): Test dummy encryption mode enabled
[  394.326191][ T7516] EXT4-fs error (device loop3): __ext4_iget:5046: inode #11: block 1: comm syz.3.2114: invalid block
[  394.342480][ T7516] EXT4-fs error (device loop3): ext4_orphan_get:1401: comm syz.3.2114: couldn't read orphan inode 11 (err -117)
[  394.381255][ T7516] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  394.411542][ T7518] loop4: detected capacity change from 0 to 40427
[  394.419233][ T7518] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  394.426774][ T7518] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  394.446459][ T7518] F2FS-fs (loop4): invalid crc value
[  394.527693][ T7508] loop0: detected capacity change from 0 to 512
[  394.562476][ T7508] EXT4-fs (loop0): failed to open journal device unknown-block(0,0) -6
[  394.562998][ T7518] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 39874397669)
[  394.611180][  T425] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  395.104029][  T425] usb 3-1: Using ep0 maxpacket: 8
[  395.146604][ T7518] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  395.155731][ T7518] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  395.195188][ T7446] EXT4-fs (loop3): unmounting filesystem.
[  395.252536][  T425] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30
[  395.278953][  T425] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  395.292550][ T7539] loop3: detected capacity change from 0 to 512
[  395.298862][  T425] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  395.315802][  T425] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255
[  395.408386][  T425] usb 3-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00
[  395.419034][ T7539] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  395.432363][  T425] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  395.440740][ T7539] ext4 filesystem being mounted at /2/file1 supports timestamps until 2038 (0x7fffffff)
[  395.458472][  T425] usb 3-1: config 0 descriptor??
[  395.510355][   T28] kauditd_printk_skb: 11 callbacks suppressed
[  395.510371][   T28] audit: type=1400 audit(2000000136.542:2218): avc:  denied  { read write } for  pid=7547 comm="syz.1.2121" name="fuse" dev="devtmpfs" ino=93 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[  395.601735][   T28] audit: type=1400 audit(2000000136.571:2219): avc:  denied  { open } for  pid=7547 comm="syz.1.2121" path="/dev/fuse" dev="devtmpfs" ino=93 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[  395.737554][ T7548] loop1: detected capacity change from 0 to 256
[  395.754460][ T7548] FAT-fs (loop1): bogus sectors per cluster 30
[  395.773495][ T7548] FAT-fs (loop1): Can't find a valid FAT filesystem
[  395.993984][   T28] audit: type=1400 audit(2000000136.991:2220): avc:  denied  { mounton } for  pid=7517 comm="syz.4.2115" path="/51/bus/bus" dev="loop4" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[  396.016549][   T28] audit: type=1400 audit(2000000136.991:2221): avc:  denied  { write } for  pid=7517 comm="syz.4.2115" name="bus" dev="loop4" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[  396.045128][   T28] audit: type=1400 audit(2000000136.991:2222): avc:  denied  { add_name } for  pid=7517 comm="syz.4.2115" name="work" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[  396.065329][   T28] audit: type=1400 audit(2000000137.001:2223): avc:  denied  { setattr } for  pid=7517 comm="syz.4.2115" name="work" dev="loop4" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[  396.087040][   T28] audit: type=1400 audit(2000000137.001:2224): avc:  denied  { remove_name } for  pid=7517 comm="syz.4.2115" name="#7d" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[  396.109000][   T28] audit: type=1400 audit(2000000137.001:2225): avc:  denied  { rename } for  pid=7517 comm="syz.4.2115" name="#7d" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  396.501981][  T425] kye 0003:0458:5011.0053: unbalanced collection at end of report description
[  396.527890][ T7446] EXT4-fs (loop3): unmounting filesystem.
[  396.535303][   T28] audit: type=1400 audit(2000000137.001:2226): avc:  denied  { unlink } for  pid=7517 comm="syz.4.2115" name="#7d" dev="loop4" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=chr_file permissive=1
[  396.542593][  T425] kye 0003:0458:5011.0053: parse failed
[  396.572487][ T7557] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2132'.
[  396.585903][  T425] kye: probe of 0003:0458:5011.0053 failed with error -22
[  396.586088][ T7560] loop0: detected capacity change from 0 to 256
[  396.598472][   T28] audit: type=1400 audit(2000000137.534:2227): avc:  denied  { ioctl } for  pid=7556 comm="syz.1.2132" path="socket:[54524]" dev="sockfs" ino=54524 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  396.599113][ T7557] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2132'.
[  396.624846][ T7560] exfat: Unknown parameter 'ÿÿÿÿÿÿÿÿ0x00000000000000000x0000000000000000000000000000000000000xffffffffffffffffÿÿ'
[  396.674824][ T6944] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  396.772155][   T19] usb 3-1: USB disconnect, device number 40
[  396.806525][ T7573] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2129'.
[  396.829553][ T7573] 9pnet_fd: Insufficient options for proto=fd
[  396.981173][ T7578] loop3: detected capacity change from 0 to 512
[  397.022641][ T7578] EXT4-fs error (device loop3): ext4_quota_enable:6951: comm syz.3.2130: Bad quota inum: 131076, type: 1
[  397.034829][ T7578] EXT4-fs warning (device loop3): ext4_enable_quotas:6999: Failed to enable quota tracking (type=1, err=-117, ino=131076). Please run e2fsck to fix.
[  397.052769][ T7578] EXT4-fs (loop3): mount failed
[  397.656690][ T7571] loop4: detected capacity change from 0 to 512
[  397.677001][ T7571] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  397.685809][ T7571] ext4 filesystem being mounted at /52/bus/file1 supports timestamps until 2038 (0x7fffffff)
[  397.829824][ T6517] EXT4-fs (loop4): unmounting filesystem.
[  398.526044][ T7591] loop1: detected capacity change from 0 to 512
[  398.546014][ T7591] EXT4-fs (loop1): failed to open journal device unknown-block(0,0) -6
[  398.627019][ T7606] loop0: detected capacity change from 0 to 512
[  398.781239][ T7606] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  398.794037][ T7606] ext4 filesystem being mounted at /37/file1 supports timestamps until 2038 (0x7fffffff)
[  399.449786][ T7610] loop4: detected capacity change from 0 to 40427
[  399.477708][ T7610] F2FS-fs (loop4): Found nat_bits in checkpoint
[  399.616636][ T7610] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  399.782955][ T7635] fuse: Bad value for 'fd'
[  399.783509][ T7633] loop1: detected capacity change from 0 to 256
[  399.791772][ T7635] loop4: detected capacity change from 0 to 1024
[  399.802630][ T7635] EXT4-fs: Ignoring removed nomblk_io_submit option
[  399.804296][ T7633] exfat: Unknown parameter 'ÿÿÿÿÿÿÿÿ0x00000000000000000x0000000000000000000000000000000000000xffffffffffffffffÿÿ'
[  399.821350][ T7635] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  399.831607][ T7635] EXT4-fs (loop4): couldn't mount RDWR because of unsupported optional features (20000)
[  399.929489][  T425] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  400.327859][ T7642] loop3: detected capacity change from 0 to 256
[  400.476333][ T7642] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  400.497275][ T7107] EXT4-fs (loop0): unmounting filesystem.
[  400.513113][ T7646] loop0: detected capacity change from 0 to 512
[  400.527018][ T7646] EXT4-fs (loop0): 1 truncate cleaned up
[  400.532569][ T7646] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  400.662539][  T425] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  400.742004][  T425] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  400.890798][  T425] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  400.961592][ T7107] EXT4-fs (loop0): unmounting filesystem.
[  400.981256][  T425] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  400.989525][  T425] usb 3-1: SerialNumber: syz
[  401.003985][ T2901] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  401.014486][ T7657] loop0: detected capacity change from 0 to 512
[  401.021668][ T7657] EXT4-fs (loop0): Test dummy encryption mode enabled
[  401.029241][ T7657] EXT4-fs error (device loop0): __ext4_iget:5046: inode #11: block 1: comm syz.0.2151: invalid block
[  401.040301][ T7657] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz.0.2151: couldn't read orphan inode 11 (err -117)
[  401.052533][ T7657] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  401.421717][  T425] usb 3-1: 0:2 : does not exist
[  401.429664][   T28] kauditd_printk_skb: 9 callbacks suppressed
[  401.429679][   T28] audit: type=1400 audit(2000000142.071:2237): avc:  denied  { name_bind } for  pid=7664 comm="syz.3.2152" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  401.457204][   T28] audit: type=1400 audit(2000000142.071:2238): avc:  denied  { node_bind } for  pid=7664 comm="syz.3.2152" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[  401.550680][ T7667] fuse: Unknown parameter 'Yn0x0000000000000003ÿÿÿÿÿÿÿÿ00000000000000000000'
[  401.562178][ T7667] tap0: tun_chr_ioctl cmd 1074025677
[  401.567410][ T7667] tap0: linktype set to 821
[  401.570677][ T2901] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  401.582514][ T2901] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  401.592022][ T2901] usb 5-1: New USB device found, idVendor=04b4, idProduct=de61, bcdDevice= 0.00
[  401.600848][ T2901] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  401.609526][ T2901] usb 5-1: config 0 descriptor??
[  401.862098][  T425] usb 3-1: USB disconnect, device number 41
[  401.932212][ T7107] EXT4-fs (loop0): unmounting filesystem.
[  402.059246][ T7677] loop1: detected capacity change from 0 to 512
[  402.241710][ T7677] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  402.251302][ T7677] ext4 filesystem being mounted at /131/file0 supports timestamps until 2038 (0x7fffffff)
[  402.277011][ T2901] cypress 0003:04B4:DE61.0054: item fetching failed at offset 5/7
[  402.284927][ T2901] cypress 0003:04B4:DE61.0054: parse failed
[  402.290898][ T2901] cypress: probe of 0003:04B4:DE61.0054 failed with error -22
[  402.609806][ T2901] usb 5-1: USB disconnect, device number 40
[  402.623613][   T28] audit: type=1400 audit(2000000143.193:2239): avc:  denied  { read } for  pid=7676 comm="syz.1.2156" name="file0" dev="overlay" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  402.646336][   T28] audit: type=1400 audit(2000000143.193:2240): avc:  denied  { open } for  pid=7676 comm="syz.1.2156" path="/131/file0/bus/file0" dev="overlay" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  402.670046][   T28] audit: type=1400 audit(2000000143.193:2241): avc:  denied  { ioctl } for  pid=7676 comm="syz.1.2156" path="/131/file0/bus/file0" dev="overlay" ino=13 ioctlcmd=0x5820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  402.695457][   T28] audit: type=1400 audit(2000000143.193:2242): avc:  denied  { write } for  pid=7676 comm="syz.1.2156" path=2F202864656C6574656429 dev="loop1" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  402.718879][   T28] audit: type=1400 audit(2000000143.259:2243): avc:  denied  { setattr } for  pid=7676 comm="syz.1.2156" name="#21" dev="loop1" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  402.741219][   T28] audit: type=1400 audit(2000000143.259:2244): avc:  denied  { link } for  pid=7676 comm="syz.1.2156" name="#21" dev="loop1" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  402.995453][   T28] audit: type=1400 audit(2000000143.539:2245): avc:  denied  { rmdir } for  pid=5595 comm="syz-executor" name="lost+found" dev="loop1" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  403.019164][   T28] audit: type=1400 audit(2000000143.539:2246): avc:  denied  { unlink } for  pid=5595 comm="syz-executor" name="file1" dev="loop1" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1
[  403.043372][ T5595] EXT4-fs (loop1): unmounting filesystem.
[  403.932720][ T7708] loop3: detected capacity change from 0 to 512
[  403.953988][ T7708] EXT4-fs (loop3): Test dummy encryption mode enabled
[  406.798587][ T7718] xt_SECMARK: invalid mode: 0
[  407.356705][ T7708] EXT4-fs: failed to create workqueue
[  407.429150][ T7708] EXT4-fs (loop3): mount failed
[  407.473053][ T7727] device syzkaller0 entered promiscuous mode
[  407.517233][ T7727] syzkaller0: tun_net_xmit 1280
[  407.519553][   T28] kauditd_printk_skb: 2 callbacks suppressed
[  407.519564][   T28] audit: type=1400 audit(2000000147.767:2249): avc:  denied  { relabelfrom } for  pid=7725 comm="syz.2.2178" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  407.522023][ T7727] syzkaller0: create flow: hash 2676349636 index 1
[  407.539834][   T28] audit: type=1400 audit(2000000147.767:2250): avc:  denied  { relabelto } for  pid=7725 comm="syz.2.2178" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  407.574348][ T7725] syzkaller0: delete flow: hash 2676349636 index 1
[  407.940994][ T7742] loop3: detected capacity change from 0 to 512
[  408.029040][ T7742] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  408.201049][ T7742] ext4 filesystem being mounted at /18/file1 supports timestamps until 2038 (0x7fffffff)
[  408.879508][ T7740] loop0: detected capacity change from 0 to 40427
[  408.908930][ T7740] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  408.918543][ T7731] loop4: detected capacity change from 0 to 256
[  408.925984][ T7740] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  408.935735][ T7731] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  408.966948][ T7740] F2FS-fs (loop0): Found nat_bits in checkpoint
[  409.054567][ T7740] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  409.075471][ T7740] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  409.164414][   T28] audit: type=1400 audit(2000000149.264:2251): avc:  denied  { write } for  pid=7757 comm="syz.4.2176" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  410.051998][   T28] audit: type=1400 audit(2000000150.125:2252): avc:  denied  { write } for  pid=7772 comm="syz.4.2181" name="usbmon0" dev="devtmpfs" ino=139 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  410.077606][ T7446] EXT4-fs (loop3): unmounting filesystem.
[  410.158289][   T28] audit: type=1400 audit(2000000150.237:2253): avc:  denied  { bind } for  pid=7781 comm="syz.1.2183" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  410.518662][ T2901] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[  410.594732][ T7778] loop3: detected capacity change from 0 to 40427
[  410.626923][ T7778] F2FS-fs (loop3): invalid crc value
[  410.730602][ T7778] F2FS-fs (loop3): Found nat_bits in checkpoint
[  410.775699][   T29] INFO: task syz.2.617:2523 blocked for more than 249 seconds.
[  410.783161][   T29]       Tainted: G        W          6.1.90-syzkaller-00005-g8288de83062c #0
[  410.847447][ T7799] loop0: detected capacity change from 0 to 256
[  410.866018][ T7799] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  410.989105][   T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  411.008566][ T7778] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  411.026503][   T29] task:syz.2.617       state:D stack:24504 pid:2523  ppid:1862   flags:0x00004004
[  411.042453][   T29] Call Trace:
[  411.095981][ T2901] usb 2-1: New USB device found, idVendor=0403, idProduct=da73, bcdDevice=dc.8d
[  411.101684][   T29]  <TASK>
[  411.107776][   T29]  __schedule+0xca7/0x1550
[  411.112028][   T29]  ? release_firmware_map_entry+0x191/0x191
[  411.117794][   T29]  ? blk_check_plugged+0x260/0x260
[  411.123088][   T29]  ? __kasan_check_write+0x14/0x20
[  411.128580][ T2901] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  411.132623][   T29]  ? _raw_spin_lock_irq+0xa5/0x1b0
[  411.146797][   T29]  schedule+0xc3/0x180
[  411.153272][ T2901] usb 2-1: config 0 descriptor??
[  411.155687][   T29]  io_schedule+0x8f/0x120
[  411.166603][   T29]  folio_wait_bit_common+0x847/0xb80
[  411.176122][   T29]  ? folio_wait_bit+0x30/0x30
[  411.187332][   T29]  ? erofs_map_dev+0x6c4/0x7e0
[  411.206074][   T29]  ? migration_entry_wait_on_locked+0x860/0x860
[  411.233652][   T29]  ? __kasan_check_write+0x14/0x20
[  411.336529][   T29]  ? _raw_spin_lock+0xa4/0x1b0
[  411.341241][   T29]  ? _raw_spin_trylock_bh+0x190/0x190
[  411.346477][   T29]  __folio_lock+0x1e/0x30
[  411.350728][   T29]  z_erofs_runqueue+0xafa/0x1a40
[  411.355612][   T29]  ? __kasan_check_write+0x14/0x20
[  411.360694][   T29]  ? z_erofs_do_read_page+0x3b70/0x3b70
[  411.366228][   T29]  ? __mutex_lock_slowpath+0x10/0x10
[  411.371416][   T29]  z_erofs_readahead+0x8e2/0xbb0
[  411.376170][   T29]  ? z_erofs_read_folio+0x5f0/0x5f0
[  411.381195][   T29]  ? memset+0x35/0x40
[  411.384744][ T2901] usb 2-1: NDI device with a latency value of 1
[  411.386120][   T28] audit: type=1400 audit(2000000151.322:2254): avc:  denied  { lock } for  pid=7777 comm="syz.3.2182" path="/19/file0/file0" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  411.391168][   T29]  ? blk_start_plug+0x9c/0x130
[  411.415097][   T28] audit: type=1400 audit(2000000151.322:2255): avc:  denied  { link } for  pid=7777 comm="syz.3.2182" name="file0" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  411.418172][   T29]  read_pages+0x1be/0xd40
[  411.439697][   T28] audit: type=1400 audit(2000000151.341:2256): avc:  denied  { setattr } for  pid=7777 comm="syz.3.2182" path="/19/file0" dev="loop3" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  411.457052][   T29]  ? workingset_activation+0x430/0x430
[  411.471487][   T29]  ? folio_add_lru+0x280/0x3f0
[  411.476052][   T29]  ? page_cache_ra_unbounded+0x690/0x690
[  411.481561][   T29]  ? filemap_add_folio+0x18f/0x200
[  411.486457][   T29]  ? __filemap_add_folio+0xd10/0xd10
[  411.491606][   T29]  page_cache_ra_unbounded+0x4c1/0x690
[  411.496846][   T29]  ? readahead_gfp_mask+0x190/0x190
[  411.501889][   T29]  force_page_cache_ra+0x2c2/0x330
[  411.506869][   T29]  generic_fadvise+0x501/0x790
[  411.511421][   T29]  ? __this_cpu_preempt_check+0x13/0x20
[  411.516866][   T29]  ? oom_evaluate_task+0x520/0x520
[  411.521807][   T29]  ? __fdget+0x1b7/0x240
[  411.525861][   T29]  __x64_sys_fadvise64+0x13f/0x180
[  411.530783][   T29]  x64_sys_call+0x5ca/0x9a0
[  411.535154][   T29]  do_syscall_64+0x3b/0xb0
[  411.539370][   T29]  ? clear_bhb_loop+0x55/0xb0
[  411.543990][   T29]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  411.549975][   T29] RIP: 0033:0x7f55aff799f9
[  411.554208][   T29] RSP: 002b:00007f55b0d25038 EFLAGS: 00000246 ORIG_RAX: 00000000000000dd
[  411.562502][   T29] RAX: ffffffffffffffda RBX: 00007f55b0115f80 RCX: 00007f55aff799f9
[  411.570319][   T29] RDX: 0000000000000000 RSI: 0000000000e0ffff RDI: 0000000000000005
[  411.578101][   T29] RBP: 00007f55affe78ee R08: 0000000000000000 R09: 0000000000000000
[  411.585901][   T29] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000
[  411.593714][   T29] R13: 0000000000000000 R14: 00007f55b0115f80 R15: 00007ffec33215f8
[  411.601547][   T29]  </TASK>
[  411.609304][ T7446] syz-executor: attempt to access beyond end of device
[  411.609304][ T7446] loop3: rw=2049, sector=45096, nr_sectors = 24 limit=40427
[  411.619869][ T2901] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected
[  411.642124][ T2901] ftdi_sio ttyUSB0: unknown device type: 0xdc8d
[  411.649026][   T29] NMI backtrace for cpu 0
[  411.653172][   T29] CPU: 0 PID: 29 Comm: khungtaskd Tainted: G        W          6.1.90-syzkaller-00005-g8288de83062c #0
[  411.664021][   T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  411.673910][   T29] Call Trace:
[  411.677032][   T29]  <TASK>
[  411.679809][   T29]  dump_stack_lvl+0x151/0x1b7
[  411.684325][   T29]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[  411.689620][   T29]  dump_stack+0x15/0x1a
[  411.693611][   T29]  nmi_cpu_backtrace+0x2e4/0x2f0
[  411.698384][   T29]  ? nmi_trigger_cpumask_backtrace+0x3c0/0x3c0
[  411.704373][   T29]  ? sched_show_task+0x3d8/0x620
[  411.709146][   T29]  ? nmi_trigger_cpumask_backtrace+0x114/0x3c0
[  411.715135][   T29]  ? arch_trigger_cpumask_backtrace+0x20/0x20
[  411.721035][   T29]  nmi_trigger_cpumask_backtrace+0x19b/0x3c0
[  411.726851][   T29]  ? arch_trigger_cpumask_backtrace+0x20/0x20
[  411.732755][   T29]  arch_trigger_cpumask_backtrace+0x10/0x20
[  411.738481][   T29]  watchdog+0xdb0/0xf20
[  411.742473][   T29]  ? __kasan_check_write+0x14/0x20
[  411.747424][   T29]  ? hungtask_pm_notify+0x50/0x50
[  411.752282][   T29]  ? __kasan_check_read+0x11/0x20
[  411.757143][   T29]  ? __kthread_parkme+0x12d/0x180
[  411.762004][   T29]  kthread+0x26d/0x300
[  411.766082][   T29]  ? hungtask_pm_notify+0x50/0x50
[  411.770943][   T29]  ? kthread_blkcg+0xd0/0xd0
[  411.775369][   T29]  ret_from_fork+0x1f/0x30
[  411.779623][   T29]  </TASK>
[  411.782551][   T29] Sending NMI from CPU 0 to CPUs 1:
[  411.787539][    C1] NMI backtrace for cpu 1
[  411.787554][    C1] CPU: 1 PID: 7781 Comm: syz.1.2183 Tainted: G        W          6.1.90-syzkaller-00005-g8288de83062c #0
[  411.787573][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  411.787583][    C1] RIP: 0033:0x7fd47ac5121d
[  411.787599][    C1] Code: f2 73 17 66 2e 0f 1f 84 00 00 00 00 00 48 8b 70 f8 48 83 e8 08 48 39 f2 72 f3 48 39 c3 73 3e 48 89 33 48 83 c3 08 48 8b 70 f8 <48> 89 08 48 8b 0b 49 8b 14 24 eb bf 48 39 f2 72 97 48 39 f0 73 46
[  411.787613][    C1] RSP: 002b:00007ffddd4c73c0 EFLAGS: 00000206
[  411.787628][    C1] RAX: 00007fd47986dc18 RBX: 00007fd479865bd8 RCX: ffffffff815af9c7
[  411.787640][    C1] RDX: ffffffff815af9c7 RSI: ffffffff815af9c7 RDI: 00007fd479872550
[  411.787652][    C1] RBP: 00007fd4798612a0 R08: 00007fd479869bf0 R09: 00007fd47af02000
[  411.787664][    C1] R10: 00000000833d69a2 R11: 00000000000000ff R12: 00007fd479861298
[  411.787675][    C1] R13: 000000000000001c R14: 00007fd4797f9008 R15: ffffffffffffffff
[  411.787686][    C1] FS:  0000555557521500 GS:  0000000000000000
[  411.795197][ T2901] usb 2-1: USB disconnect, device number 46
[  411.998922][ T7816] loop0: detected capacity change from 0 to 512
[  411.998957][ T2901] ftdi_sio 2-1:0.0: device disconnected
[  412.010723][ T7814] loop4: detected capacity change from 0 to 1024
[  412.029027][ T7816] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  412.038416][ T7816] ext4 filesystem being mounted at /48/file1 supports timestamps until 2038 (0x7fffffff)
[  412.038948][ T7814] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  413.407578][   T28] audit: type=1400 audit(2000000152.940:2257): avc:  denied  { create } for  pid=7813 comm="syz.4.2192" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  413.547027][ T7837] loop3: detected capacity change from 0 to 512
[  414.466767][ T7840] tmpfs: Unknown parameter 'hugealwa'
[  415.308375][ T7847] input: syz0 as /devices/virtual/input/input42
[  415.323390][ T7837] EXT4-fs error (device loop3): __ext4_fill_super:5386: inode #2: comm syz.3.2197: iget: special inode unallocated
[  415.323940][ T6517] EXT4-fs (loop4): unmounting filesystem.
[  415.335941][   T28] audit: type=1400 audit(2000000155.082:2258): avc:  denied  { read } for  pid=87 comm="acpid" name="event3" dev="devtmpfs" ino=1581 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  415.362810][ T7837] EXT4-fs (loop3): get root inode failed
[  415.387339][ T7837] EXT4-fs (loop3): mount failed
[  415.393025][   T28] audit: type=1400 audit(2000000155.082:2259): avc:  denied  { open } for  pid=87 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=1581 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  415.434384][   T28] audit: type=1400 audit(2000000155.082:2260): avc:  denied  { ioctl } for  pid=87 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=1581 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  415.481075][ T7107] EXT4-fs (loop0): unmounting filesystem.
[  415.815802][ T7858] loop1: detected capacity change from 0 to 256
[  415.910038][ T7858] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  416.067678][   T28] audit: type=1400 audit(2000000155.774:2261): avc:  denied  { sqpoll } for  pid=7833 comm="syz.3.2197" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  416.087155][ T7834] loop3: detected capacity change from 0 to 512
[  416.093556][ T7834] EXT4-fs: Ignoring removed oldalloc option
[  416.100189][ T7834] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  416.112833][ T7834] EXT4-fs error (device loop3): __ext4_iget:5046: inode #11: block 1: comm syz.3.2197: invalid block
[  416.123818][ T7834] EXT4-fs error (device loop3): ext4_orphan_get:1401: comm syz.3.2197: couldn't read orphan inode 11 (err -117)
[  416.131228][ T2901] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  416.135721][ T7834] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  416.190355][ T7446] EXT4-fs (loop3): unmounting filesystem.
[  416.612115][ T7871] loop1: detected capacity change from 0 to 2048
[  416.655338][ T7871]  loop1: p1 < > p4
[  416.659439][ T7871] loop1: p4 size 8388608 extends beyond EOD, truncated
[  416.666400][ T6912] usb 1-1: new high-speed USB device number 42 using dummy_hcd
[  416.674681][  T102]  loop1: p1 < > p4
[  416.678833][  T102] loop1: p4 size 8388608 extends beyond EOD, truncated
[  416.708776][   T28] audit: type=1400 audit(2000000156.373:2262): avc:  denied  { write } for  pid=7872 comm="syz.1.2205" path="socket:[55362]" dev="sockfs" ino=55362 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  416.711262][ T6944] udevd[6944]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory
[  416.743728][ T6945] udevd[6945]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory
[  416.750945][   T28] audit: type=1400 audit(2000000156.392:2263): avc:  denied  { nlmsg_read } for  pid=7872 comm="syz.1.2205" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  416.774001][  T312] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[  416.781784][ T2901] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  416.792713][ T2901] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  416.802405][ T2901] usb 5-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  416.811680][ T2901] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  416.820275][ T2901] usb 5-1: config 0 descriptor??
[  417.050632][ T6912] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  417.061465][ T6912] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  417.071125][ T6912] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  417.080850][ T6912] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  417.089711][ T6912] usb 1-1: config 0 descriptor??
[  417.168236][  T312] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  417.179157][  T312] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  417.188744][  T312] usb 4-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[  417.197715][  T312] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  417.218306][  T312] usb 4-1: config 0 descriptor??
[  417.356251][   T28] audit: type=1400 audit(2000000156.962:2264): avc:  denied  { create } for  pid=7879 comm="syz.2.2207" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  417.376177][   T28] audit: type=1400 audit(2000000156.971:2265): avc:  denied  { setopt } for  pid=7879 comm="syz.2.2207" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  417.436738][ T2901] hid (null): usage index exceeded
[  417.442557][ T2901] lg-g15 0003:046D:C222.0055: unknown main item tag 0x0
[  417.450173][ T2901] lg-g15 0003:046D:C222.0055: ignoring exceeding usage max
[  417.457807][ T2901] lg-g15 0003:046D:C222.0055: usage index exceeded
[  417.464110][ T2901] lg-g15 0003:046D:C222.0055: item 0 0 2 0 parsing failed
[  417.471274][ T2901] lg-g15: probe of 0003:046D:C222.0055 failed with error -22
[  417.670838][ T6912] hid (null): bogus close delimiter
[  417.681605][ T2901] usb 5-1: USB disconnect, device number 41
[  417.736155][  T312] hid-steam 0003:28DE:1142.0057: : USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.3-1/input0
[  417.748934][  T312] hid-steam 0003:28DE:1142.0058: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.3-1/input0
[  417.831023][  T312] hid-steam 0003:28DE:1142.0057: Steam wireless receiver connected
[  417.905881][ T6912] usb 1-1: language id specifier not provided by device, defaulting to English
[  417.952875][ T2901] usb 4-1: USB disconnect, device number 43
[  417.959709][ T2901] hid-steam 0003:28DE:1142.0057: Steam wireless receiver disconnected
[  418.077664][   T28] audit: type=1400 audit(2000000157.654:2266): avc:  denied  { read } for  pid=7883 comm="syz.2.2208" name="rtc0" dev="devtmpfs" ino=171 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  418.149993][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0
[  418.157254][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0
[  418.164451][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0
[  418.171713][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0
[  418.178943][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0
[  418.186125][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0
[  418.193318][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0
[  418.200549][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0
[  418.207783][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0
[  418.215866][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0
[  418.223081][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0
[  418.230728][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0
[  418.238108][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0
[  418.245311][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0
[  418.314606][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0
[  418.321894][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0
[  418.329736][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0
[  418.337232][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0
[  418.344539][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0
[  418.351735][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0
[  418.359134][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0
[  418.366363][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0
[  418.373551][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0
[  418.380762][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0
[  418.388071][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0
[  418.395379][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0
[  418.402695][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0
[  418.421262][ T1005] hid-generic 0000:0000:0000.0059: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  418.448678][ T7900] loop1: detected capacity change from 0 to 256
[  418.510670][ T7900] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF
[  418.611458][ T6912] uclogic 0003:256C:006D.0056: interface is invalid, ignoring
[  418.652657][ T7906] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2215'.
[  418.680046][ T7906] loop4: detected capacity change from 0 to 256
[  418.842484][  T401] usb 1-1: USB disconnect, device number 42
[  419.751167][ T1005] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[  420.022738][ T1005] usb 3-1: Using ep0 maxpacket: 16
[  420.095978][ T7931] loop4: detected capacity change from 0 to 256
[  420.182222][ T7933] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  420.199552][ T7933] loop0: detected capacity change from 0 to 512
[  420.204489][ T1005] usb 3-1: config 0 has no interfaces?
[  420.227660][ T7933] __quota_error: 4 callbacks suppressed
[  420.227677][ T7933] Quota error (device loop0): do_check_range: Getting dqdh_entries 1536 out of range 0-14
[  420.243410][ T7933] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  420.253411][ T7933] EXT4-fs error (device loop0): ext4_acquire_dquot:6764: comm syz.0.2226: Failed to acquire dquot type 1
[  420.266376][ T7933] EXT4-fs (loop0): 1 truncate cleaned up
[  420.272157][ T7933] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  420.281329][ T7933] ext4 filesystem being mounted at /51/file0 supports timestamps until 2038 (0x7fffffff)
[  420.300703][ T7933] Quota error (device loop0): do_check_range: Getting dqdh_entries 1536 out of range 0-14
[  420.310653][ T7933] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  420.320665][ T7933] EXT4-fs error (device loop0): ext4_acquire_dquot:6764: comm syz.0.2226: Failed to acquire dquot type 1
[  420.339778][ T7107] EXT4-fs (loop0): unmounting filesystem.
[  420.386149][ T1005] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  420.395740][ T1005] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  420.403876][ T1005] usb 3-1: Product: syz
[  420.408395][ T1005] usb 3-1: Manufacturer: syz
[  420.412977][ T1005] usb 3-1: SerialNumber: syz
[  420.421581][ T1005] r8152-cfgselector 3-1: config 0 descriptor??
[  420.981356][ T7949] loop3: detected capacity change from 0 to 128
[  421.214533][   T24] usb 3-1: USB disconnect, device number 42
[  421.296992][   T28] audit: type=1400 audit(2000000160.657:2271): avc:  denied  { map } for  pid=7953 comm="syz.4.2233" path="/dev/bus/usb/005/001" dev="devtmpfs" ino=156 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  421.572725][  T312] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[  421.844409][   T28] audit: type=1400 audit(2000000161.134:2272): avc:  denied  { setopt } for  pid=7955 comm="syz.4.2236" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  421.876419][   T28] audit: type=1326 audit(2000000161.152:2273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7961 comm="syz.4.2237" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f246d9799f9 code=0x0
[  422.049857][ T7967] device batadv_slave_0 left promiscuous mode
[  422.136615][  T312] usb 2-1: config 1 has an invalid descriptor of length 196, skipping remainder of the config
[  422.150145][   T24] usb 1-1: new high-speed USB device number 43 using dummy_hcd
[  422.310422][  T312] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  422.319386][  T312] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  422.327142][  T312] usb 2-1: Product: syz
[  422.331147][  T312] usb 2-1: Manufacturer: syz
[  422.335524][  T312] usb 2-1: SerialNumber: syz
[  422.374883][  T312] cdc_ether 2-1:1.0: skipping garbage
[  422.380091][  T312] usb 2-1: bad CDC descriptors
[  422.438721][   T24] usb 1-1: Using ep0 maxpacket: 16
[  422.577692][   T24] usb 1-1: config 0 has no interfaces?
[  422.589318][ T7952] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  422.597672][ T7952] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  422.780881][   T24] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  422.793342][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  422.809270][   T24] usb 1-1: Product: syz
[  422.824347][   T24] usb 1-1: Manufacturer: syz
[  422.834216][   T24] usb 1-1: SerialNumber: syz
[  422.848477][   T24] r8152-cfgselector 1-1: config 0 descriptor??
[  422.936333][ T7988] loop3: detected capacity change from 0 to 512
[  422.985935][ T7988] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  422.994969][ T7988] ext4 filesystem being mounted at /31/file0 supports timestamps until 2038 (0x7fffffff)
[  423.832994][   T24] usb 1-1: USB disconnect, device number 43
[  424.015425][ T7446] EXT4-fs (loop3): unmounting filesystem.
[  424.829502][ T8000] loop0: detected capacity change from 0 to 256
[  424.836425][   T28] audit: type=1400 audit(2000000163.959:2274): avc:  denied  { setopt } for  pid=7997 comm="syz.0.2244" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  424.857556][   T28] audit: type=1400 audit(2000000163.968:2275): avc:  denied  { remount } for  pid=7997 comm="syz.0.2244" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  424.878991][   T28] audit: type=1400 audit(2000000164.015:2276): avc:  denied  { create } for  pid=7997 comm="syz.0.2244" name="#87" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  425.744305][   T28] audit: type=1400 audit(2000000164.015:2277): avc:  denied  { link } for  pid=7997 comm="syz.0.2244" name="#87" dev="tmpfs" ino=320 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  425.800716][   T28] audit: type=1400 audit(2000000164.015:2278): avc:  denied  { rename } for  pid=7997 comm="syz.0.2244" name="#88" dev="tmpfs" ino=320 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  425.823389][  T401] usb 2-1: USB disconnect, device number 47
[  425.823384][   T28] audit: type=1400 audit(2000000164.286:2279): avc:  denied  { map } for  pid=8004 comm="syz.4.2245" path="/dev/ashmem" dev="devtmpfs" ino=177 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  425.823420][   T28] audit: type=1400 audit(2000000164.398:2280): avc:  denied  { bind } for  pid=8001 comm="syz.3.2243" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  425.872217][   T28] audit: type=1400 audit(2000000164.398:2281): avc:  denied  { node_bind } for  pid=8001 comm="syz.3.2243" saddr=fe80::bb scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1
[  426.030741][  T301] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  426.415589][  T301] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  426.426309][  T301] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  426.435808][  T301] usb 5-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  426.444699][  T301] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  426.452971][  T301] usb 5-1: config 0 descriptor??
[  426.962177][  T301] hid-multitouch 0003:1FD2:6007.005A: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.4-1/input0
[  427.175919][  T301] usb 5-1: USB disconnect, device number 42
[  427.730159][ T8020] loop4: detected capacity change from 0 to 512
[  427.743272][ T8014] loop0: detected capacity change from 0 to 128
[  427.762278][ T8018] loop1: detected capacity change from 0 to 128
[  427.793440][ T8020] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  427.809519][   T28] audit: type=1400 audit(2000000166.746:2282): avc:  denied  { mount } for  pid=8012 comm="syz.0.2259" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  427.845587][   T28] audit: type=1400 audit(2000000166.784:2283): avc:  denied  { watch } for  pid=8012 comm="syz.0.2259" path="/55/file0/bus" dev="sysfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1
[  428.410809][   T28] audit: type=1400 audit(2000000167.092:2284): avc:  denied  { unmount } for  pid=7107 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  428.436710][ T8020] EXT4-fs (loop4): 1 truncate cleaned up
[  428.442428][ T8020] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  428.519581][ T8035] fuse: Unknown parameter 'Yn0x0000000000000003ÿÿÿÿÿÿÿÿ00000000000000000000'
[  428.550704][ T8035] tap0: tun_chr_ioctl cmd 1074025677
[  428.556051][ T8035] tap0: linktype set to 821
[  430.030593][ T6517] EXT4-fs error (device loop4): ext4_lookup:1855: inode #11: comm syz-executor: iget: bad extra_isize 46 (inode size 256)
[  430.361748][ T8054] loop3: detected capacity change from 0 to 128
[  430.470895][ T8054] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  430.527949][ T8054] ext4 filesystem being mounted at /36/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff)
[  430.755125][ T6517] EXT4-fs (loop4): Remounting filesystem read-only
[  430.761816][ T6517] EXT4-fs error (device loop4): ext4_lookup:1855: inode #11: comm syz-executor: iget: bad extra_isize 46 (inode size 256)
[  430.850694][ T8057] loop0: detected capacity change from 0 to 128
[  430.885818][ T6517] EXT4-fs (loop4): unmounting filesystem.
[  431.283413][ T7446] EXT4-fs (loop3): unmounting filesystem.
[  431.486632][ T8072] xt_CT: You must specify a L4 protocol and not use inversions on it
[  431.597330][ T8073] loop3: detected capacity change from 0 to 512
[  431.691200][ T8073] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  431.739266][ T8075] syz.0.2262: attempt to access beyond end of device
[  431.739266][ T8075] loop0: rw=0, sector=121, nr_sectors = 120 limit=128
[  431.758696][ T8073] EXT4-fs (loop3): 1 truncate cleaned up
[  431.764276][ T8073] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  431.792932][   T28] audit: type=1400 audit(2000000170.469:2285): avc:  denied  { create } for  pid=8065 comm="syz.3.2266" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1
[  431.865752][ T8083] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=60 sclass=netlink_route_socket pid=8083 comm=syz.1.2270
[  431.922979][ T4033] device bridge_slave_1 left promiscuous mode
[  431.928945][ T4033] bridge0: port 2(bridge_slave_1) entered disabled state
[  431.963271][ T4033] device bridge_slave_0 left promiscuous mode
[  431.985421][ T4033] bridge0: port 1(bridge_slave_0) entered disabled state
[  432.003854][ T4033] device veth1_macvtap left promiscuous mode
[  432.013757][ T4033] device veth0_vlan left promiscuous mode
[  432.135834][   T43] kworker/u4:2: attempt to access beyond end of device
[  432.135834][   T43] loop0: rw=1, sector=241, nr_sectors = 800 limit=128
[  432.195501][ T8068] bridge0: port 1(bridge_slave_0) entered blocking state
[  432.210660][ T8068] bridge0: port 1(bridge_slave_0) entered disabled state
[  432.221214][ T8068] device bridge_slave_0 entered promiscuous mode
[  432.232191][ T8068] bridge0: port 2(bridge_slave_1) entered blocking state
[  432.247092][ T8068] bridge0: port 2(bridge_slave_1) entered disabled state
[  432.260519][ T8068] device bridge_slave_1 entered promiscuous mode
[  432.391590][ T8103] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  432.489273][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  432.501769][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  432.581219][  T425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  432.589672][  T425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  432.597983][  T425] bridge0: port 1(bridge_slave_0) entered blocking state
[  432.604859][  T425] bridge0: port 1(bridge_slave_0) entered forwarding state
[  432.612867][  T425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  432.621182][  T425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  432.629556][  T425] bridge0: port 2(bridge_slave_1) entered blocking state
[  432.636411][  T425] bridge0: port 2(bridge_slave_1) entered forwarding state
[  432.651933][  T425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  432.659623][  T425] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  432.667440][  T425] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  432.683710][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  432.695419][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  432.703584][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  432.710894][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  432.718687][ T8068] device veth0_vlan entered promiscuous mode
[  432.732592][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  432.742184][ T8068] device veth1_macvtap entered promiscuous mode
[  432.753031][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  432.769226][  T425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  432.812403][ T8105] loop4: detected capacity change from 0 to 1024
[  432.829944][ T8105] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  432.853030][ T8105] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  432.888286][ T8105] EXT4-fs error (device loop4): ext4_read_inline_dir:1589: inode #12: block 16: comm syz.4.2264: path /0/file0/file0: bad entry in directory: rec_len is smaller than minimal - offset=40, inode=301989902, rec_len=0, size=80 fake=0
[  432.927283][ T8068] EXT4-fs (loop4): unmounting filesystem.
[  433.489862][ T8118] overlayfs: failed to resolve './file0': -2
[  433.649888][   T29] INFO: task syz.2.617:2523 blocked for more than 270 seconds.
[  433.669637][   T29]       Tainted: G        W          6.1.90-syzkaller-00005-g8288de83062c #0
[  433.706536][   T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  433.725003][   T29] task:syz.2.617       state:D stack:24504 pid:2523  ppid:1862   flags:0x00004004
[  433.744008][   T29] Call Trace:
[  433.750448][   T29]  <TASK>
[  433.755421][   T29]  __schedule+0xca7/0x1550
[  433.765199][   T29]  ? release_firmware_map_entry+0x191/0x191
[  433.776491][   T29]  ? blk_check_plugged+0x260/0x260
[  433.787027][   T29]  ? __kasan_check_write+0x14/0x20
[  433.797543][   T29]  ? _raw_spin_lock_irq+0xa5/0x1b0
[  433.807983][   T29]  schedule+0xc3/0x180
[  433.816292][   T29]  io_schedule+0x8f/0x120
[  433.824254][   T29]  folio_wait_bit_common+0x847/0xb80
[  433.836141][   T29]  ? folio_wait_bit+0x30/0x30
[  433.845106][   T29]  ? erofs_map_dev+0x6c4/0x7e0
[  433.855256][   T29]  ? migration_entry_wait_on_locked+0x860/0x860
[  433.868275][   T29]  ? __kasan_check_write+0x14/0x20
[  433.878781][   T29]  ? _raw_spin_lock+0xa4/0x1b0
[  433.888433][   T29]  ? _raw_spin_trylock_bh+0x190/0x190
[  433.900343][   T29]  __folio_lock+0x1e/0x30
[  433.908988][   T29]  z_erofs_runqueue+0xafa/0x1a40
[  433.918219][   T29]  ? __kasan_check_write+0x14/0x20
[  433.928778][   T29]  ? z_erofs_do_read_page+0x3b70/0x3b70
[  433.940790][   T29]  ? __mutex_lock_slowpath+0x10/0x10
[  433.951446][   T29]  z_erofs_readahead+0x8e2/0xbb0
[  433.963126][   T29]  ? z_erofs_read_folio+0x5f0/0x5f0
[  433.973651][   T29]  ? memset+0x35/0x40
[  433.989478][   T29]  ? blk_start_plug+0x9c/0x130
[  434.123720][   T29]  read_pages+0x1be/0xd40
[  434.132273][   T29]  ? workingset_activation+0x430/0x430
[  434.144134][   T29]  ? folio_add_lru+0x280/0x3f0
[  434.154230][   T29]  ? page_cache_ra_unbounded+0x690/0x690
[  434.165174][   T29]  ? filemap_add_folio+0x18f/0x200
[  434.177121][   T29]  ? __filemap_add_folio+0xd10/0xd10
[  434.187856][   T29]  page_cache_ra_unbounded+0x4c1/0x690
[  434.193395][   T29]  ? readahead_gfp_mask+0x190/0x190
[  434.198629][   T29]  force_page_cache_ra+0x2c2/0x330
[  434.203764][   T29]  generic_fadvise+0x501/0x790
[  434.208499][   T29]  ? __this_cpu_preempt_check+0x13/0x20
[  434.214155][   T29]  ? oom_evaluate_task+0x520/0x520
[  434.219357][   T29]  ? __fdget+0x1b7/0x240
[  434.223590][   T29]  __x64_sys_fadvise64+0x13f/0x180
[  434.467310][   T29]  x64_sys_call+0x5ca/0x9a0
[  434.594673][   T29]  do_syscall_64+0x3b/0xb0
[  434.599302][   T29]  ? clear_bhb_loop+0x55/0xb0
[  434.603983][   T29]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  434.609753][   T29] RIP: 0033:0x7f55aff799f9
[  434.614084][   T29] RSP: 002b:00007f55b0d25038 EFLAGS: 00000246 ORIG_RAX: 00000000000000dd
[  434.622364][   T29] RAX: ffffffffffffffda RBX: 00007f55b0115f80 RCX: 00007f55aff799f9
[  434.630268][   T29] RDX: 0000000000000000 RSI: 0000000000e0ffff RDI: 0000000000000005
[  434.638074][   T29] RBP: 00007f55affe78ee R08: 0000000000000000 R09: 0000000000000000
[  434.645880][   T29] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000
[  434.653707][   T29] R13: 0000000000000000 R14: 00007f55b0115f80 R15: 00007ffec33215f8
[  434.661602][   T29]  </TASK>
[  434.666121][   T29] NMI backtrace for cpu 1
[  434.670262][   T29] CPU: 1 PID: 29 Comm: khungtaskd Tainted: G        W          6.1.90-syzkaller-00005-g8288de83062c #0
[  434.681106][   T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  434.691001][   T29] Call Trace:
[  434.694126][   T29]  <TASK>
[  434.696907][   T29]  dump_stack_lvl+0x151/0x1b7
[  434.701415][   T29]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[  434.706711][   T29]  dump_stack+0x15/0x1a
[  434.710705][   T29]  nmi_cpu_backtrace+0x2e4/0x2f0
[  434.715476][   T29]  ? nmi_trigger_cpumask_backtrace+0x3c0/0x3c0
[  434.721464][   T29]  ? sched_show_task+0x3d8/0x620
[  434.726238][   T29]  ? nmi_trigger_cpumask_backtrace+0x114/0x3c0
[  434.732229][   T29]  ? arch_trigger_cpumask_backtrace+0x20/0x20
[  434.738130][   T29]  nmi_trigger_cpumask_backtrace+0x19b/0x3c0
[  434.743943][   T29]  ? arch_trigger_cpumask_backtrace+0x20/0x20
[  434.749847][   T29]  arch_trigger_cpumask_backtrace+0x10/0x20
[  434.755576][   T29]  watchdog+0xdb0/0xf20
[  434.759566][   T29]  ? __kasan_check_write+0x14/0x20
[  434.764516][   T29]  ? hungtask_pm_notify+0x50/0x50
[  434.769375][   T29]  ? __kasan_check_read+0x11/0x20
[  434.774233][   T29]  ? __kthread_parkme+0x12d/0x180
[  434.779101][   T29]  kthread+0x26d/0x300
[  434.783000][   T29]  ? hungtask_pm_notify+0x50/0x50
[  434.787861][   T29]  ? kthread_blkcg+0xd0/0xd0
[  434.792287][   T29]  ret_from_fork+0x1f/0x30
[  434.796543][   T29]  </TASK>
[  434.801185][   T29] Sending NMI from CPU 1 to CPUs 0:
[  434.806950][    C0] NMI backtrace for cpu 0
[  434.806963][    C0] CPU: 0 PID: 8113 Comm: syz.4.2278 Tainted: G        W          6.1.90-syzkaller-00005-g8288de83062c #0
[  434.806981][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  434.806991][    C0] RIP: 0010:update_stack_state+0x12b/0x460
[  434.807014][    C0] Code: 89 85 60 ff ff ff 49 8d 5f 28 49 8d 47 20 48 89 85 68 ff ff ff 4c 89 e0 48 c1 e8 03 48 89 85 48 ff ff ff 48 89 95 70 ff ff ff <48> c1 ea 03 48 89 95 50 ff ff ff 4c 89 7d d0 48 89 5d b8 4c 89 a5
[  434.807028][    C0] RSP: 0018:ffffc90000b76cf0 EFLAGS: 00000806
[  434.807042][    C0] RAX: 1ffff9200016edc9 RBX: ffffc90000b76e68 RCX: ffffc90000b76fc0
[  434.807054][    C0] RDX: ffffc90000b76e50 RSI: ffffc90000b76fb0 RDI: ffffc90000b76e98
[  434.807066][    C0] RBP: ffffc90000b76da8 R08: ffffc90000b76f28 R09: 0000000000000000
[  434.807078][    C0] R10: ffffc90000b76f30 R11: dffffc0000000001 R12: ffffc90000b76e48
[  434.807090][    C0] R13: ffffc90000b76e90 R14: dffffc0000000000 R15: ffffc90000b76e40
[  434.807102][    C0] FS:  00007ff8313846c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[  434.807115][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  434.807127][    C0] CR2: 0000001b33f17ff8 CR3: 0000000113d34000 CR4: 00000000003506b0
[  434.807141][    C0] Call Trace:
[  434.807146][    C0]  <NMI>
[  434.807152][    C0]  ? show_regs+0x58/0x60
[  434.807168][    C0]  ? nmi_cpu_backtrace+0x285/0x2f0
[  434.807186][    C0]  ? nmi_trigger_cpumask_backtrace+0x3c0/0x3c0
[  434.807205][    C0]  ? update_stack_state+0x12b/0x460
[  434.807222][    C0]  ? update_stack_state+0x12b/0x460
[  434.807239][    C0]  ? nmi_cpu_backtrace_handler+0xc/0x20
[  434.807256][    C0]  ? nmi_handle+0xa7/0x280
[  434.807272][    C0]  ? update_stack_state+0x12b/0x460
[  434.807289][    C0]  ? default_do_nmi+0x69/0x160
[  434.807305][    C0]  ? exc_nmi+0xad/0x100
[  434.807319][    C0]  ? end_repeat_nmi+0x16/0x31
[  434.807338][    C0]  ? update_stack_state+0x12b/0x460
[  434.807355][    C0]  ? update_stack_state+0x12b/0x460
[  434.807372][    C0]  ? update_stack_state+0x12b/0x460
[  434.807390][    C0]  </NMI>
[  434.807394][    C0]  <TASK>
[  434.807403][    C0]  unwind_next_frame+0x3cb/0x700
[  434.807422][    C0]  ? stack_trace_save+0x1c0/0x1c0
[  434.807438][    C0]  arch_stack_walk+0x10d/0x140
[  434.807458][    C0]  ? stack_trace_save+0x113/0x1c0
[  434.807474][    C0]  stack_trace_save+0x113/0x1c0
[  434.807489][    C0]  ? stack_trace_snprint+0xf0/0xf0
[  434.807506][    C0]  ? __stack_depot_save+0x36/0x480
[  434.807526][    C0]  kasan_save_stack+0x3b/0x60
[  434.807557][    C0]  __kasan_record_aux_stack+0xb4/0xc0
[  434.807584][    C0]  kasan_record_aux_stack_noalloc+0xb/0x10
[  434.807605][    C0]  irq_work_queue_on+0x103/0x230
[  434.807627][    C0]  tell_cpu_to_push+0x18e/0x1e0
[  434.807641][    C0]  balance_rt+0x2d3/0x4c0
[  434.807660][    C0]  ? set_next_task_rt+0x4d0/0x4d0
[  434.807679][    C0]  ? dequeue_task+0x17a/0xa30
[  434.807697][    C0]  __schedule+0x4de/0x1550
[  434.807714][    C0]  ? avc_denied+0x1b0/0x1b0
[  434.807735][    C0]  ? release_firmware_map_entry+0x191/0x191
[  434.807755][    C0]  schedule+0xc3/0x180
[  434.807772][    C0]  schedule_timeout+0xa9/0x380
[  434.807791][    C0]  ? console_conditional_schedule+0x10/0x10
[  434.807812][    C0]  ? _raw_spin_unlock_irqrestore+0x5b/0x80
[  434.807834][    C0]  ? prepare_to_wait_exclusive+0x1ac/0x1f0
[  434.807853][    C0]  unix_wait_for_peer+0x24b/0x330
[  434.807872][    C0]  ? unix_find_other+0x8e0/0x8e0
[  434.807888][    C0]  ? wake_bit_function+0x230/0x230
[  434.807905][    C0]  ? _raw_spin_trylock_bh+0x190/0x190
[  434.807926][    C0]  ? security_unix_may_send+0x7b/0xa0
[  434.807943][    C0]  unix_dgram_sendmsg+0x1348/0x2050
[  434.807966][    C0]  ? unix_dgram_poll+0x710/0x710
[  434.807986][    C0]  ? security_socket_sendmsg+0x82/0xb0
[  434.808002][    C0]  ? unix_dgram_poll+0x710/0x710
[  434.808020][    C0]  ____sys_sendmsg+0x5d3/0x9a0
[  434.808039][    C0]  ? __sys_sendmsg_sock+0x40/0x40
[  434.808060][    C0]  __sys_sendmmsg+0x3b9/0x6f0
[  434.808080][    C0]  ? __ia32_sys_sendmsg+0x90/0x90
[  434.808101][    C0]  ? futex_wait+0x4b7/0x7e0
[  434.808129][    C0]  ? _raw_spin_trylock_bh+0x190/0x190
[  434.808149][    C0]  ? do_futex+0x55a/0x9a0
[  434.808169][    C0]  ? xfd_validate_state+0x6f/0x170
[  434.808191][    C0]  ? fpregs_restore_userregs+0x130/0x290
[  434.808208][    C0]  __x64_sys_sendmmsg+0xa0/0xb0
[  434.808227][    C0]  x64_sys_call+0x81d/0x9a0
[  434.808242][    C0]  do_syscall_64+0x3b/0xb0
[  434.808262][    C0]  ? clear_bhb_loop+0x55/0xb0
[  434.808277][    C0]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  434.808292][    C0] RIP: 0033:0x7ff8305799f9
[  434.808305][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  434.808317][    C0] RSP: 002b:00007ff831384038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  434.808333][    C0] RAX: ffffffffffffffda RBX: 00007ff830715f80 RCX: 00007ff8305799f9
[  434.808344][    C0] RDX: 0000000000000651 RSI: 0000000020000000 RDI: 0000000000000007
[  434.808354][    C0] RBP: 00007ff8305e78ee R08: 0000000000000000 R09: 0000000000000000
[  434.808364][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  434.808373][    C0] R13: 0000000000000000 R14: 00007ff830715f80 R15: 00007ffeffa6c5d8
[  434.808387][    C0]  </TASK>
[  435.411785][ T8116] loop4: detected capacity change from 0 to 256
[  435.469735][   T28] audit: type=1400 audit(2000000173.911:2286): avc:  denied  { watch } for  pid=8127 comm="syz.2.2281" path="/329/file1" dev="tmpfs" ino=1861 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  435.529629][   T28] audit: type=1400 audit(2000000173.939:2287): avc:  denied  { execute_no_trans } for  pid=8127 comm="syz.2.2281" path="/329/file1" dev="tmpfs" ino=1861 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  435.582048][ T8128] device syzkaller0 entered promiscuous mode
[  435.644135][ T8139] loop4: detected capacity change from 0 to 128
[  435.776037][   T28] audit: type=1326 audit(2000000174.183:2288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8141 comm="syz.2.2284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f750a9799f9 code=0x7ffc0000
[  435.814241][   T28] audit: type=1326 audit(2000000174.183:2289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8141 comm="syz.2.2284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=27 compat=0 ip=0x7f750a9799f9 code=0x7ffc0000
[  435.871018][ T8145] ipt_REJECT: ECHOREPLY no longer supported.
[  435.882616][   T28] audit: type=1326 audit(2000000174.183:2290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8141 comm="syz.2.2284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f750a9799f9 code=0x7ffc0000
[  435.930233][   T28] audit: type=1326 audit(2000000174.183:2291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8141 comm="syz.2.2284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f750a9799f9 code=0x7ffc0000
[  435.953532][   T28] audit: type=1326 audit(2000000174.183:2292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8141 comm="syz.2.2284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f750a9799f9 code=0x7ffc0000
[  435.993761][   T28] audit: type=1326 audit(2000000174.183:2293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8141 comm="syz.2.2284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f750a9799f9 code=0x7ffc0000
[  436.065365][   T28] audit: type=1326 audit(2000000174.183:2294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8141 comm="syz.2.2284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f750a9799f9 code=0x7ffc0000
[  436.128998][ T8147] syz.4.2282: attempt to access beyond end of device
[  436.128998][ T8147] loop4: rw=0, sector=121, nr_sectors = 120 limit=128
[  436.937301][ T4033] kworker/u4:7: attempt to access beyond end of device
[  436.937301][ T4033] loop4: rw=1, sector=241, nr_sectors = 800 limit=128
[  437.360508][   T28] kauditd_printk_skb: 35 callbacks suppressed
[  437.360528][   T28] audit: type=1400 audit(2000000175.483:2330): avc:  denied  { name_bind } for  pid=8155 comm="syz.0.2299" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1
[  437.490042][ T8165] loop1: detected capacity change from 0 to 128
[  437.567269][ T8171] loop4: detected capacity change from 0 to 512
[  437.580187][ T8171] EXT4-fs: Ignoring removed mblk_io_submit option
[  437.600656][ T8171] EXT4-fs: Ignoring removed i_version option
[  437.616790][ T8171] EXT4-fs error (device loop4): __ext4_iget:5046: inode #11: block 1: comm syz.4.2294: invalid block
[  437.632063][ T8171] EXT4-fs (loop4): Remounting filesystem read-only
[  437.729365][ T8171] EXT4-fs error (device loop4): ext4_orphan_get:1401: comm syz.4.2294: couldn't read orphan inode 11 (err -117)
[  438.004329][ T8171] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  438.490981][ T8183] loop1: detected capacity change from 0 to 2048
[  438.513548][ T8183] EXT4-fs (loop1): #clusters per group too big: 20480
[  439.005709][ T8068] EXT4-fs (loop4): unmounting filesystem.
[  439.030072][ T8189] bridge0: port 2(bridge_slave_1) entered disabled state
[  439.037115][ T8189] bridge0: port 1(bridge_slave_0) entered disabled state
[  439.541711][ T8204] loop4: detected capacity change from 0 to 256
[  439.554420][  T401] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[  439.563326][ T8204] exFAT-fs (loop4): Invalid boot checksum (boot checksum : 0x1119ac00, checksum : 0x1119c060)
[  439.575741][ T8204] exFAT-fs (loop4): invalid boot region
[  439.581102][ T8204] exFAT-fs (loop4): failed to recognize exfat type
[  439.810876][  T401] usb 2-1: Using ep0 maxpacket: 8
[  439.939227][  T401] usb 2-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00
[  439.948098][  T401] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  439.967465][  T401] usb 2-1: config 0 descriptor??
[  439.992676][ T6912] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  440.014555][  T401] usb-storage 2-1:0.0: USB Mass Storage device detected
[  440.059687][  T401] usb-storage 2-1:0.0: Quirks match for vid 04e6 pid 000b: 4
[  440.251271][  T425] usb 2-1: USB disconnect, device number 48
[  440.281291][ T6912] usb 5-1: Using ep0 maxpacket: 32
[  440.417695][ T6912] usb 5-1: config 7 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  440.450043][ T6912] usb 5-1: config 7 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  440.459874][ T6912] usb 5-1: config 7 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  440.735927][ T6912] usb 5-1: config 7 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  440.748914][ T6912] usb 5-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00
[  440.757955][ T6912] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  440.912424][   T28] audit: type=1400 audit(2000000179.009:2331): avc:  denied  { setattr } for  pid=8208 comm="syz.0.2306" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  441.010632][ T8222] loop1: detected capacity change from 0 to 512
[  441.140594][ T8222] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  441.153104][ T8222] ext4 filesystem being mounted at /163/file0 supports timestamps until 2038 (0x7fffffff)
[  441.425931][ T6912] ntrig 0003:1B96:000A.005B: unknown main item tag 0x0
[  441.435877][ T6912] ntrig 0003:1B96:000A.005B: unknown main item tag 0x0
[  441.442653][ T6912] ntrig 0003:1B96:000A.005B: unknown main item tag 0x0
[  441.457264][ T6912] ntrig 0003:1B96:000A.005B: unknown main item tag 0x0
[  441.472304][ T6912] ntrig 0003:1B96:000A.005B: unknown main item tag 0x0
[  441.494036][ T6912] ntrig 0003:1B96:000A.005B: hidraw0: USB HID v0.00 Device [HID 1b96:000a] on usb-dummy_hcd.4-1/input0
[  441.640564][ T6912] usb 5-1: USB disconnect, device number 43
[  441.971559][ T8242] fuse: Bad value for 'fd'
[  441.983310][   T28] audit: type=1400 audit(2000000180.010:2332): avc:  denied  { watch } for  pid=8241 comm="syz.2.2313" path="/334/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  442.027533][ T8242] device syzkaller0 entered promiscuous mode
[  442.097716][ T5595] EXT4-fs (loop1): unmounting filesystem.
[  442.879094][   T19] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  443.563339][   T19] usb 5-1: Using ep0 maxpacket: 32
[  443.691624][   T19] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  443.712942][   T19] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  443.722527][   T19] usb 5-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00
[  443.733281][   T19] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  443.757576][   T19] usb 5-1: config 0 descriptor??
[  443.976924][ T8268] loop0: detected capacity change from 0 to 256
[  444.004203][ T8268] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d)
[  444.141605][ T8278] device syzkaller0 entered promiscuous mode
[  444.462171][   T19] hkems 0003:2006:0118.005C: unbalanced delimiter at end of report description
[  444.481908][   T19] hkems 0003:2006:0118.005C: parse failed
[  444.487525][   T19] hkems: probe of 0003:2006:0118.005C failed with error -22
[  444.679229][   T19] usb 5-1: USB disconnect, device number 44
[  444.710582][ T8284] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2326'.
[  444.956654][ T8293] device wireguard0 entered promiscuous mode
[  447.981328][ T8331] raw_sendmsg: syz.4.2337 forgot to set AF_INET. Fix it!
[  448.094724][ T8334] netlink: 'syz.2.2335': attribute type 4 has an invalid length.
[  448.134405][ T8334] netlink: 'syz.2.2335': attribute type 4 has an invalid length.
[  448.200747][   T28] audit: type=1400 audit(2000000185.800:2333): avc:  denied  { mount } for  pid=8321 comm="syz.2.2335" name="/" dev="ramfs" ino=57144 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  448.326577][   T28] audit: type=1400 audit(2000000185.810:2334): avc:  denied  { create } for  pid=8321 comm="syz.2.2335" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[  448.475081][ T8324] loop1: detected capacity change from 0 to 40427
[  448.485798][ T8324] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  448.493501][ T8324] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  448.507602][ T8324] F2FS-fs (loop1): invalid crc value
[  448.526580][ T8324] F2FS-fs (loop1): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 39874397669)
[  448.536961][ T6912] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[  448.573939][ T8324] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  448.584346][ T8324] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  449.240090][ T6912] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xB has an invalid bInterval 48, changing to 7
[  449.260813][ T6912] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 8240, setting to 1024
[  449.278230][   T28] audit: type=1400 audit(2000000186.829:2335): avc:  denied  { bind } for  pid=8350 comm="syz.2.2351" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  449.299472][ T8351] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8351 comm=syz.2.2351
[  449.354319][ T8352] loop0: detected capacity change from 0 to 8192
[  449.443220][ T6912] usb 5-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[  449.467427][ T6912] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  449.487893][ T6912] usb 5-1: Product: syz
[  449.491900][ T6912] usb 5-1: Manufacturer: syz
[  449.511479][ T6912] usb 5-1: SerialNumber: syz
[  449.522460][ T6912] usb 5-1: config 0 descriptor??
[  449.808040][ T6912] snd-usb-audio: probe of 5-1:0.0 failed with error -2
[  449.819726][ T6912] usb 5-1: USB disconnect, device number 45
[  449.822695][ T6944] udevd[6944]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  450.870051][ T8369] EXT4-fs warning (device sda1): verify_group_input:151: Cannot add at group 925 (only 8 groups)
[  450.991018][ T8361] loop4: detected capacity change from 0 to 40427
[  451.016887][ T8361] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  451.024444][ T8361] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  451.050721][ T8361] F2FS-fs (loop4): Found nat_bits in checkpoint
[  451.106908][ T8361] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  451.115097][ T8361] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  452.039288][   T28] audit: type=1400 audit(2000000189.411:2336): avc:  denied  { connect } for  pid=8384 comm="syz.1.2349" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  452.040841][ T8383] tipc: Started in network mode
[  452.094889][   T28] audit: type=1400 audit(2000000189.467:2337): avc:  denied  { accept } for  pid=8384 comm="syz.1.2349" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  452.130470][ T8383] tipc: Node identity fe8000000000000000000000000000aa, cluster identity 4711
[  452.144972][ T8388] loop1: detected capacity change from 0 to 512
[  452.155276][ T8068] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix.
[  452.155298][ T8068] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix.
[  452.169285][ T8068] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix.
[  452.169864][ T8383] tipc: Enabled bearer <udp:syz0>, priority 0
[  452.176884][ T8068] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix.
[  452.176901][ T8068] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix.
[  452.176910][ T8068] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix.
[  452.176918][ T8068] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix.
[  452.215310][ T8388] EXT4-fs: Ignoring removed nobh option
[  452.266138][ T8388] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -13
[  452.308671][ T8388] EXT4-fs error (device loop1): ext4_clear_blocks:883: inode #13: comm syz.1.2352: attempt to clear invalid blocks 2 len 1
[  452.362085][ T8388] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  452.415245][ T8388] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.2352: invalid indirect mapped block 1819239214 (level 0)
[  452.469050][ T8388] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.2352: invalid indirect mapped block 1819239214 (level 1)
[  452.512413][ T8388] EXT4-fs (loop1): 1 truncate cleaned up
[  452.517895][ T8388] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  453.147725][ T5595] EXT4-fs error (device loop1): htree_dirblock_to_tree:1111: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0
[  453.176333][ T5595] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor: corrupted in-inode xattr
[  453.192413][ T5595] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor: corrupted in-inode xattr
[  453.228704][ T6064] EXT4-fs (loop1): unmounting filesystem.
[  453.238360][  T401] tipc: Node number set to 4269801642
[  453.687995][ T8409] bridge0: port 1(bridge_slave_0) entered blocking state
[  453.694854][ T8409] bridge0: port 1(bridge_slave_0) entered disabled state
[  453.709306][ T8409] device bridge_slave_0 entered promiscuous mode
[  453.716126][ T8409] bridge0: port 2(bridge_slave_1) entered blocking state
[  453.730134][ T8409] bridge0: port 2(bridge_slave_1) entered disabled state
[  453.737450][ T8409] device bridge_slave_1 entered promiscuous mode
[  453.841296][   T43] device bridge_slave_1 left promiscuous mode
[  453.847264][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[  453.858848][   T43] device bridge_slave_0 left promiscuous mode
[  453.864785][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[  453.880948][   T43] device veth1_macvtap left promiscuous mode
[  453.886791][   T43] device veth0_vlan left promiscuous mode
[  453.994677][ T8409] bridge0: port 2(bridge_slave_1) entered blocking state
[  454.001564][ T8409] bridge0: port 2(bridge_slave_1) entered forwarding state
[  454.008673][ T8409] bridge0: port 1(bridge_slave_0) entered blocking state
[  454.015424][ T8409] bridge0: port 1(bridge_slave_0) entered forwarding state
[  454.041554][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  454.049219][   T19] bridge0: port 1(bridge_slave_0) entered disabled state
[  454.057391][   T19] bridge0: port 2(bridge_slave_1) entered disabled state
[  454.074086][  T667] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  454.082099][  T667] bridge0: port 1(bridge_slave_0) entered blocking state
[  454.088971][  T667] bridge0: port 1(bridge_slave_0) entered forwarding state
[  454.096596][  T667] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  454.104815][  T667] bridge0: port 2(bridge_slave_1) entered blocking state
[  454.111645][  T667] bridge0: port 2(bridge_slave_1) entered forwarding state
[  454.126407][  T667] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  454.134184][  T667] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  454.149648][ T8409] device veth0_vlan entered promiscuous mode
[  454.158383][  T667] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  454.166652][  T667] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  454.174856][  T667] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  454.182532][  T667] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  454.194542][ T8409] device veth1_macvtap entered promiscuous mode
[  454.202685][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  454.219221][  T667] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  454.227836][  T667] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  455.283198][ T8430] loop0: detected capacity change from 0 to 16
[  455.357243][ T8430] erofs: (device loop0): erofs_read_inode: unsupported i_format 16 of nid 36
[  456.390064][ T4033] Bluetooth: hci0: Frame reassembly failed (-84)
[  456.391568][   T28] audit: type=1400 audit(2000000193.480:2338): avc:  denied  { bind } for  pid=8420 comm="syz.4.2361" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  456.422949][   T28] audit: type=1400 audit(2000000193.480:2339): avc:  denied  { ioctl } for  pid=8420 comm="syz.4.2361" path="socket:[57697]" dev="sockfs" ino=57697 ioctlcmd=0x48e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  457.205613][   T28] audit: type=1400 audit(2000000194.247:2340): avc:  denied  { mounton } for  pid=8439 comm="syz.2.2367" path="/349/file0" dev="tmpfs" ino=1986 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1
[  457.205980][  T401] kernel write not supported for file bpf-prog (pid: 401 comm: kworker/1:6)
[  457.354757][   T29] INFO: task syz.2.617:2523 blocked for more than 292 seconds.
[  457.399157][   T29]       Tainted: G        W          6.1.90-syzkaller-00005-g8288de83062c #0
[  457.509652][   T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  457.518212][   T29] task:syz.2.617       state:D stack:24504 pid:2523  ppid:1862   flags:0x00004004
[  457.527237][   T29] Call Trace:
[  457.530422][   T29]  <TASK>
[  457.533202][   T29]  __schedule+0xca7/0x1550
[  457.538133][   T29]  ? release_firmware_map_entry+0x191/0x191
[  457.543855][   T29]  ? blk_check_plugged+0x260/0x260
[  457.548872][   T29]  ? __kasan_check_write+0x14/0x20
[  457.553792][   T29]  ? _raw_spin_lock_irq+0xa5/0x1b0
[  457.560773][   T29]  schedule+0xc3/0x180
[  457.564681][   T29]  io_schedule+0x8f/0x120
[  457.568882][   T29]  folio_wait_bit_common+0x847/0xb80
[  457.574019][   T29]  ? folio_wait_bit+0x30/0x30
[  457.578493][   T29]  ? erofs_map_dev+0x6c4/0x7e0
[  457.583161][   T29]  ? migration_entry_wait_on_locked+0x860/0x860
[  457.589195][   T29]  ? __kasan_check_write+0x14/0x20
[  457.594282][   T29]  ? _raw_spin_lock+0xa4/0x1b0
[  457.598874][   T29]  ? _raw_spin_trylock_bh+0x190/0x190
[  457.604391][   T29]  __folio_lock+0x1e/0x30
[  457.608540][   T29]  z_erofs_runqueue+0xafa/0x1a40
[  457.613590][   T29]  ? __kasan_check_write+0x14/0x20
[  457.618564][   T29]  ? z_erofs_do_read_page+0x3b70/0x3b70
[  457.624292][   T29]  ? __mutex_lock_slowpath+0x10/0x10
[  457.629442][   T29]  z_erofs_readahead+0x8e2/0xbb0
[  457.634371][   T29]  ? z_erofs_read_folio+0x5f0/0x5f0
[  457.639389][   T29]  ? memset+0x35/0x40
[  457.643674][   T29]  ? blk_start_plug+0x9c/0x130
[  457.648262][   T29]  read_pages+0x1be/0xd40
[  457.652427][   T29]  ? workingset_activation+0x430/0x430
[  457.658356][   T29]  ? folio_add_lru+0x280/0x3f0
[  457.662944][   T29]  ? page_cache_ra_unbounded+0x690/0x690
[  457.668656][   T29]  ? filemap_add_folio+0x18f/0x200
[  457.673623][   T29]  ? __filemap_add_folio+0xd10/0xd10
[  457.678910][   T29]  page_cache_ra_unbounded+0x4c1/0x690
[  457.684193][   T29]  ? readahead_gfp_mask+0x190/0x190
[  457.689459][   T29]  force_page_cache_ra+0x2c2/0x330
[  457.694520][   T29]  generic_fadvise+0x501/0x790
[  457.699349][   T29]  ? __this_cpu_preempt_check+0x13/0x20
[  457.704748][   T29]  ? oom_evaluate_task+0x520/0x520
[  457.709879][   T29]  ? __fdget+0x1b7/0x240
[  457.713936][   T29]  __x64_sys_fadvise64+0x13f/0x180
[  457.719100][   T29]  x64_sys_call+0x5ca/0x9a0
[  457.723416][   T29]  do_syscall_64+0x3b/0xb0
[  457.727669][   T29]  ? clear_bhb_loop+0x55/0xb0
[  457.732566][   T29]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  457.738269][   T29] RIP: 0033:0x7f55aff799f9
[  457.742709][   T29] RSP: 002b:00007f55b0d25038 EFLAGS: 00000246 ORIG_RAX: 00000000000000dd
[  457.751117][   T29] RAX: ffffffffffffffda RBX: 00007f55b0115f80 RCX: 00007f55aff799f9
[  457.758905][   T29] RDX: 0000000000000000 RSI: 0000000000e0ffff RDI: 0000000000000005
[  457.767115][   T29] RBP: 00007f55affe78ee R08: 0000000000000000 R09: 0000000000000000
[  457.775063][   T29] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000
[  457.783044][   T29] R13: 0000000000000000 R14: 00007f55b0115f80 R15: 00007ffec33215f8
[  457.790831][   T29]  </TASK>
[  457.793962][   T29] NMI backtrace for cpu 0
[  457.798095][   T29] CPU: 0 PID: 29 Comm: khungtaskd Tainted: G        W          6.1.90-syzkaller-00005-g8288de83062c #0
[  457.808944][   T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  457.818841][   T29] Call Trace:
[  457.821962][   T29]  <TASK>
[  457.824740][   T29]  dump_stack_lvl+0x151/0x1b7
[  457.829256][   T29]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[  457.834551][   T29]  dump_stack+0x15/0x1a
[  457.838540][   T29]  nmi_cpu_backtrace+0x2e4/0x2f0
[  457.843316][   T29]  ? nmi_trigger_cpumask_backtrace+0x3c0/0x3c0
[  457.849302][   T29]  ? sched_show_task+0x3d8/0x620
[  457.854076][   T29]  ? nmi_trigger_cpumask_backtrace+0x114/0x3c0
[  457.860068][   T29]  ? arch_trigger_cpumask_backtrace+0x20/0x20
[  457.865969][   T29]  nmi_trigger_cpumask_backtrace+0x19b/0x3c0
[  457.871783][   T29]  ? arch_trigger_cpumask_backtrace+0x20/0x20
[  457.877685][   T29]  arch_trigger_cpumask_backtrace+0x10/0x20
[  457.883420][   T29]  watchdog+0xdb0/0xf20
[  457.887406][   T29]  ? __kasan_check_write+0x14/0x20
[  457.892359][   T29]  ? hungtask_pm_notify+0x50/0x50
[  457.897215][   T29]  ? __kasan_check_read+0x11/0x20
[  457.902071][   T29]  ? __kthread_parkme+0x12d/0x180
[  457.906933][   T29]  kthread+0x26d/0x300
[  457.910837][   T29]  ? hungtask_pm_notify+0x50/0x50
[  457.915699][   T29]  ? kthread_blkcg+0xd0/0xd0
[  457.920128][   T29]  ret_from_fork+0x1f/0x30
[  457.924383][   T29]  </TASK>
[  457.927312][   T29] Sending NMI from CPU 0 to CPUs 1:
[  457.932303][    C1] NMI backtrace for cpu 1
[  457.932315][    C1] CPU: 1 PID: 84 Comm: syslogd Tainted: G        W          6.1.90-syzkaller-00005-g8288de83062c #0
[  457.932333][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  457.932342][    C1] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x60
[  457.932365][    C1] Code: 84 00 00 00 00 00 0f 1f 40 00 55 48 89 e5 53 48 89 fb e8 13 00 00 00 48 8b 3d 84 e0 fc 05 48 89 de e8 24 61 46 00 5b 5d c3 cc <55> 48 89 e5 48 8b 45 08 65 48 8b 0d 00 cb 8c 7e 65 8b 15 01 cb 8c
[  457.932378][    C1] RSP: 0018:ffffc900009d77f8 EFLAGS: 00000246
[  457.932393][    C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffc900009d7803
[  457.932404][    C1] RDX: ffff88810eb02880 RSI: 0000000000000000 RDI: 0000000000000000
[  457.932414][    C1] RBP: ffffc900009d7910 R08: ffffffff84064f0c R09: ffffc900009d7a20
[  457.932426][    C1] R10: ffffffffffffffff R11: dffffc0000000001 R12: dffffc0000000000
[  457.932437][    C1] R13: ffff88810e86eaec R14: ffffc900009d7a20 R15: 0000000000000000
[  457.932449][    C1] FS:  00007f77f774e380(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[  457.932463][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  457.932474][    C1] CR2: 00007f55ad4e8178 CR3: 000000010ed58000 CR4: 00000000003506a0
[  457.932488][    C1] Call Trace:
[  457.932493][    C1]  <NMI>
[  457.932498][    C1]  ? show_regs+0x58/0x60
[  457.932514][    C1]  ? nmi_cpu_backtrace+0x285/0x2f0
[  457.932532][    C1]  ? nmi_trigger_cpumask_backtrace+0x3c0/0x3c0
[  457.932550][    C1]  ? audit_tree_destroy_watch+0x20/0x20
[  457.932566][    C1]  ? audit_tree_destroy_watch+0x20/0x20
[  457.932583][    C1]  ? nmi_cpu_backtrace_handler+0xc/0x20
[  457.932600][    C1]  ? nmi_handle+0xa7/0x280
[  457.932616][    C1]  ? audit_tree_destroy_watch+0x20/0x20
[  457.932632][    C1]  ? default_do_nmi+0x69/0x160
[  457.932647][    C1]  ? exc_nmi+0xad/0x100
[  457.932661][    C1]  ? end_repeat_nmi+0x16/0x31
[  457.932679][    C1]  ? __skb_try_recv_datagram+0x21c/0x6a0
[  457.932695][    C1]  ? audit_tree_destroy_watch+0x20/0x20
[  457.932712][    C1]  ? audit_tree_destroy_watch+0x20/0x20
[  457.932728][    C1]  ? audit_tree_destroy_watch+0x20/0x20
[  457.932771][    C1]  </NMI>
[  457.932776][    C1]  <TASK>
[  457.932781][    C1]  ? __skb_try_recv_datagram+0x4a4/0x6a0
[  457.932797][    C1]  ? sock_load_diag_module+0x130/0x130
[  457.932816][    C1]  ? __skb_try_recv_from_queue+0x750/0x750
[  457.932830][    C1]  ? avc_has_perm+0x16f/0x260
[  457.932851][    C1]  __unix_dgram_recvmsg+0x2a0/0x12b0
[  457.932872][    C1]  ? unix_unhash+0x10/0x10
[  457.932886][    C1]  ? avc_has_perm+0x16f/0x260
[  457.932907][    C1]  ? generic_perform_write+0x520/0x5c0
[  457.932928][    C1]  unix_dgram_recvmsg+0xb7/0xd0
[  457.932945][    C1]  ? unix_dgram_sendmsg+0x2050/0x2050
[  457.932963][    C1]  sock_read_iter+0x3b2/0x4b0
[  457.932983][    C1]  ? kernel_sock_ip_overhead+0x280/0x280
[  457.933005][    C1]  ? __kasan_check_read+0x11/0x20
[  457.933019][    C1]  ? fsnotify_perm+0x470/0x5d0
[  457.933035][    C1]  vfs_read+0x771/0xad0
[  457.933056][    C1]  ? kernel_read+0x1f0/0x1f0
[  457.933074][    C1]  ? finish_task_switch+0x167/0x7b0
[  457.933097][    C1]  ? __kasan_check_read+0x11/0x20
[  457.933110][    C1]  ? __fdget_pos+0x204/0x390
[  457.933131][    C1]  ksys_read+0x199/0x2c0
[  457.933149][    C1]  ? save_fpregs_to_fpstate+0x220/0x220
[  457.933166][    C1]  ? vfs_write+0xeb0/0xeb0
[  457.933185][    C1]  ? debug_smp_processor_id+0x17/0x20
[  457.933204][    C1]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  457.933223][    C1]  __x64_sys_read+0x7b/0x90
[  457.933241][    C1]  x64_sys_call+0x28/0x9a0
[  457.933258][    C1]  do_syscall_64+0x3b/0xb0
[  457.933278][    C1]  ? clear_bhb_loop+0x55/0xb0
[  457.933294][    C1]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  457.933309][    C1] RIP: 0033:0x7f77f78a2b6a
[  457.933321][    C1] Code: 00 3d 00 00 41 00 75 0d 50 48 8d 3d 2d 08 0a 00 e8 ea 7d 01 00 31 c0 e9 07 ff ff ff 64 8b 04 25 18 00 00 00 85 c0 75 1b 0f 05 <48> 3d 00 f0 ff ff 76 6c 48 8b 15 8f a2 0d 00 f7 d8 64 89 02 48 83
[  457.933334][    C1] RSP: 002b:00007ffe210a4328 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  457.933349][    C1] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f77f78a2b6a
[  457.933360][    C1] RDX: 00000000000000ff RSI: 000056540e243300 RDI: 0000000000000000
[  457.933370][    C1] RBP: 000056540e2432c0 R08: 0000000000000001 R09: 0000000000000000
[  457.933380][    C1] R10: 00007f77f7a413a3 R11: 0000000000000246 R12: 000056540e24335b
[  457.933391][    C1] R13: 000056540e243300 R14: 0000000000000000 R15: 00007f77f7a7fa80
[  457.933405][    C1]  </TASK>
[  458.583618][  T682] Bluetooth: hci0: command 0x1003 tx timeout
[  458.589520][   T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  459.092952][ T8450] loop4: detected capacity change from 0 to 512
[  459.099545][   T28] audit: type=1400 audit(2000000196.024:2341): avc:  denied  { read } for  pid=8452 comm="syz.1.2369" name="loop-control" dev="devtmpfs" ino=113 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  460.038655][   T28] audit: type=1400 audit(2000000196.024:2342): avc:  denied  { open } for  pid=8452 comm="syz.1.2369" path="/dev/loop-control" dev="devtmpfs" ino=113 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  460.089573][   T28] audit: type=1400 audit(2000000196.286:2343): avc:  denied  { ioctl } for  pid=8452 comm="syz.1.2369" path="/dev/loop-control" dev="devtmpfs" ino=113 ioctlcmd=0x4c80 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  460.126225][ T8450] EXT4-fs error (device loop4): ext4_orphan_get:1396: inode #15: comm syz.4.2371: casefold flag without casefold feature
[  460.149526][ T8470] device veth0_vlan left promiscuous mode
[  460.156017][ T8450] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #2: comm syz.4.2371: missing EA_INODE flag
[  460.160552][ T8470] device veth0_vlan entered promiscuous mode
[  460.180868][  T401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  460.188560][ T8450] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz.4.2371: error while reading EA inode 2 err=-117
[  460.197213][  T401] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  460.208094][  T401] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  460.216614][ T8473] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  460.252704][ T8450] EXT4-fs (loop4): 1 orphan inode deleted
[  460.258657][ T8450] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  460.572052][   T19] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  460.967650][   T19] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  460.975475][   T19] usb 5-1: config 0 has no interface number 0
[  460.988999][   T19] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  461.010430][   T19] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  461.020026][   T19] usb 5-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.18
[  461.030814][   T19] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  461.052538][   T19] usb 5-1: config 0 descriptor??
[  461.589095][   T19] input: HID 04d9:a055 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.1/0003:04D9:A055.005D/input/input44
[  461.689388][   T19] holtek_kbd 0003:04D9:A055.005D: input,hidraw0: USB HID v0.00 Keyboard [HID 04d9:a055] on usb-dummy_hcd.4-1/input1
[  461.805406][   T19] usb 5-1: USB disconnect, device number 46
[  462.129172][ T8489] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2378'.
[  462.356865][ T8068] EXT4-fs (loop4): unmounting filesystem.
[  463.801518][ T8497] loop4: detected capacity change from 0 to 512
[  463.844459][ T8497] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: comm syz.4.2385: inode #1: comm syz.4.2385: iget: illegal inode #
[  463.875720][ T8497] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz.4.2385: error while reading EA inode 1 err=-117
[  464.299573][ T8497] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: comm syz.4.2385: inode #1: comm syz.4.2385: iget: illegal inode #
[  464.369092][ T8497] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz.4.2385: error while reading EA inode 1 err=-117
[  464.459357][ T8497] EXT4-fs (loop4): 1 orphan inode deleted
[  464.469320][ T8497] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  465.151040][ T8497] EXT4-fs (loop4): shut down requested (2)
[  465.281129][ T8511] loop1: detected capacity change from 0 to 40427
[  465.306594][ T8511] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  465.325091][ T8511] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  465.369992][ T8068] EXT4-fs (loop4): unmounting filesystem.
[  465.376052][ T8511] F2FS-fs (loop1): invalid crc value
[  465.405532][ T8511] F2FS-fs (loop1): Found nat_bits in checkpoint
[  465.468599][ T8511] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  465.475585][ T8511] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  465.508864][   T28] audit: type=1400 audit(2000000202.011:2344): avc:  denied  { ioctl } for  pid=8510 comm="syz.1.2387" path="/6/bus/file0" dev="loop1" ino=10 ioctlcmd=0xf501 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  465.543500][ T8511] syz.1.2387: attempt to access beyond end of device
[  465.543500][ T8511] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  466.916768][ T8526] loop4: detected capacity change from 0 to 2048
[  467.009548][ T8526]  loop4: p1 < > p4
[  467.014859][ T8526] loop4: p4 size 8388608 extends beyond EOD, truncated
[  467.323685][  T102]  loop4: p1 < > p4
[  467.328128][  T102] loop4: p4 size 8388608 extends beyond EOD, truncated
[  467.364366][ T6944] udevd[6944]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory
[  467.380927][ T6945] udevd[6945]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory
[  469.755554][   T28] audit: type=1400 audit(2000000205.603:2345): avc:  denied  { write } for  pid=8551 comm="syz.4.2398" name="ptp0" dev="devtmpfs" ino=172 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  469.893132][ T8560] bridge0: port 2(bridge_slave_1) entered disabled state
[  470.160627][ T8565] loop4: detected capacity change from 0 to 2048
[  470.271205][ T8565] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  470.319298][ T8569] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2397'.
[  470.365364][ T8570] EXT4-fs (loop4): shut down requested (0)
[  470.372449][ T8569] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2397'.
[  470.418586][   T28] audit: type=1400 audit(2000000206.613:2346): avc:  denied  { append } for  pid=8550 comm="syz.0.2397" name="ppp" dev="devtmpfs" ino=138 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  470.466397][ T8565] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.2400: bg 0: block 234: padding at end of block bitmap is not set
[  470.480791][ T8565] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28
[  470.493079][ T8565] EXT4-fs (loop4): This should not happen!! Data will be lost
[  470.493079][ T8565] 
[  470.502506][ T8565] EXT4-fs (loop4): Total free blocks count 0
[  470.514332][ T8565] EXT4-fs (loop4): Free/Dirty block details
[  470.520064][ T8565] EXT4-fs (loop4): free_blocks=0
[  470.524919][ T8565] EXT4-fs (loop4): dirty_blocks=8192
[  470.535725][ T8565] EXT4-fs (loop4): Block reservation details
[  470.541631][ T8565] EXT4-fs (loop4): i_reserved_data_blocks=512
SYZFAIL: proc stdout read failed
 (errno 61: No data available)
[  472.310690][   T28] audit: type=1400 audit(2000000208.381:2347): avc:  denied  { write } for  pid=280 comm="syz-executor" path="pipe:[5878]" dev="pipefs" ino=5878 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[  473.230582][ T4033] device bridge_slave_1 left promiscuous mode
[  473.236531][ T4033] bridge0: port 2(bridge_slave_1) entered disabled state
[  473.251498][ T4033] device bridge_slave_0 left promiscuous mode
[  473.257423][ T4033] bridge0: port 1(bridge_slave_0) entered disabled state
[  473.273442][ T4033] device veth1_macvtap left promiscuous mode
[  473.703581][ T4033] tipc: Disabling bearer <udp:syz0>
[  473.710887][ T4033] tipc: Left network mode
[  474.267756][ T4033] device bridge_slave_1 left promiscuous mode
[  474.273699][ T4033] bridge0: port 2(bridge_slave_1) entered disabled state
[  474.288491][ T4033] device bridge_slave_0 left promiscuous mode
[  474.294552][ T4033] bridge0: port 1(bridge_slave_0) entered disabled state
[  474.310708][ T4033] device bridge_slave_1 left promiscuous mode
[  474.316647][ T4033] bridge0: port 2(bridge_slave_1) entered disabled state
[  474.331214][ T4033] device bridge_slave_0 left promiscuous mode
[  474.337129][ T4033] bridge0: port 1(bridge_slave_0) entered disabled state
[  474.353422][ T4033] device bridge_slave_1 left promiscuous mode
[  474.359339][ T4033] bridge0: port 2(bridge_slave_1) entered disabled state
[  474.374031][ T4033] device bridge_slave_0 left promiscuous mode
[  474.379953][ T4033] bridge0: port 1(bridge_slave_0) entered disabled state
[  474.396436][ T4033] device veth1_macvtap left promiscuous mode
[  474.402260][ T4033] device veth0_vlan left promiscuous mode
[  474.416700][ T4033] device veth1_macvtap left promiscuous mode
[  474.422526][ T4033] device veth0_vlan left promiscuous mode
[  474.438037][ T4033] device veth1_macvtap left promiscuous mode
[  474.443862][ T4033] device veth0_vlan left promiscuous mode
[  479.879352][   T29] INFO: task syz.2.617:2523 blocked for more than 314 seconds.
[  479.886820][   T29]       Tainted: G        W          6.1.90-syzkaller-00005-g8288de83062c #0
[  479.900661][   T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  479.909131][   T29] task:syz.2.617       state:D stack:24504 pid:2523  ppid:1862   flags:0x00004004
[  479.932731][   T29] Call Trace:
[  479.935826][   T29]  <TASK>
[  479.938598][   T29]  __schedule+0xca7/0x1550
[  479.942954][   T29]  ? release_firmware_map_entry+0x191/0x191
[  479.954111][   T29]  ? blk_check_plugged+0x260/0x260
[  479.959030][   T29]  ? __kasan_check_write+0x14/0x20
[  479.963979][   T29]  ? _raw_spin_lock_irq+0xa5/0x1b0
[  479.969231][   T29]  schedule+0xc3/0x180
[  479.973127][   T29]  io_schedule+0x8f/0x120
[  479.977317][   T29]  folio_wait_bit_common+0x847/0xb80
[  479.982425][   T29]  ? folio_wait_bit+0x30/0x30
[  479.987059][   T29]  ? erofs_map_dev+0x6c4/0x7e0
[  479.991621][   T29]  ? migration_entry_wait_on_locked+0x860/0x860
[  479.997714][   T29]  ? __kasan_check_write+0x14/0x20
[  480.002645][   T29]  ? _raw_spin_lock+0xa4/0x1b0
[  480.007251][   T29]  ? _raw_spin_trylock_bh+0x190/0x190
[  480.012467][   T29]  __folio_lock+0x1e/0x30
[  480.016617][   T29]  z_erofs_runqueue+0xafa/0x1a40
[  480.021420][   T29]  ? __kasan_check_write+0x14/0x20
[  480.026461][   T29]  ? z_erofs_do_read_page+0x3b70/0x3b70
[  480.031874][   T29]  ? __mutex_lock_slowpath+0x10/0x10
[  480.036947][   T29]  z_erofs_readahead+0x8e2/0xbb0
[  480.041831][   T29]  ? z_erofs_read_folio+0x5f0/0x5f0
[  480.046846][   T29]  ? memset+0x35/0x40
[  480.050693][   T29]  ? blk_start_plug+0x9c/0x130
[  480.055258][   T29]  read_pages+0x1be/0xd40
[  480.059426][   T29]  ? workingset_activation+0x430/0x430
[  480.064747][   T29]  ? folio_add_lru+0x280/0x3f0
[  480.069419][   T29]  ? page_cache_ra_unbounded+0x690/0x690
[  480.074898][   T29]  ? filemap_add_folio+0x18f/0x200
[  480.079831][   T29]  ? __filemap_add_folio+0xd10/0xd10
[  480.085006][   T29]  page_cache_ra_unbounded+0x4c1/0x690
[  480.090249][   T29]  ? readahead_gfp_mask+0x190/0x190
[  480.095298][   T29]  force_page_cache_ra+0x2c2/0x330
[  480.100228][   T29]  generic_fadvise+0x501/0x790
[  480.104841][   T29]  ? __this_cpu_preempt_check+0x13/0x20
[  480.110210][   T29]  ? oom_evaluate_task+0x520/0x520
[  480.115185][   T29]  ? __fdget+0x1b7/0x240
[  480.119236][   T29]  __x64_sys_fadvise64+0x13f/0x180
[  480.124183][   T29]  x64_sys_call+0x5ca/0x9a0
[  480.128536][   T29]  do_syscall_64+0x3b/0xb0
[  480.132775][   T29]  ? clear_bhb_loop+0x55/0xb0
[  480.137298][   T29]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  480.143016][   T29] RIP: 0033:0x7f55aff799f9
[  480.147298][   T29] RSP: 002b:00007f55b0d25038 EFLAGS: 00000246 ORIG_RAX: 00000000000000dd
[  480.155685][   T29] RAX: ffffffffffffffda RBX: 00007f55b0115f80 RCX: 00007f55aff799f9
[  480.163540][   T29] RDX: 0000000000000000 RSI: 0000000000e0ffff RDI: 0000000000000005
[  480.171331][   T29] RBP: 00007f55affe78ee R08: 0000000000000000 R09: 0000000000000000
[  480.179160][   T29] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000
[  480.186930][   T29] R13: 0000000000000000 R14: 00007f55b0115f80 R15: 00007ffec33215f8
[  480.194766][   T29]  </TASK>
[  480.197623][   T29] NMI backtrace for cpu 0
[  480.201778][   T29] CPU: 0 PID: 29 Comm: khungtaskd Tainted: G        W          6.1.90-syzkaller-00005-g8288de83062c #0
[  480.212622][   T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  480.222517][   T29] Call Trace:
[  480.225650][   T29]  <TASK>
[  480.228426][   T29]  dump_stack_lvl+0x151/0x1b7
[  480.232942][   T29]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[  480.238230][   T29]  dump_stack+0x15/0x1a
[  480.242218][   T29]  nmi_cpu_backtrace+0x2e4/0x2f0
[  480.246992][   T29]  ? nmi_trigger_cpumask_backtrace+0x3c0/0x3c0
[  480.252983][   T29]  ? sched_show_task+0x3d8/0x620
[  480.257754][   T29]  ? nmi_trigger_cpumask_backtrace+0x114/0x3c0
[  480.263747][   T29]  ? arch_trigger_cpumask_backtrace+0x20/0x20
[  480.269647][   T29]  nmi_trigger_cpumask_backtrace+0x19b/0x3c0
[  480.275459][   T29]  ? arch_trigger_cpumask_backtrace+0x20/0x20
[  480.281364][   T29]  arch_trigger_cpumask_backtrace+0x10/0x20
[  480.287093][   T29]  watchdog+0xdb0/0xf20
[  480.291083][   T29]  ? __kasan_check_write+0x14/0x20
[  480.296119][   T29]  ? hungtask_pm_notify+0x50/0x50
[  480.300978][   T29]  ? __kasan_check_read+0x11/0x20
[  480.305838][   T29]  ? __kthread_parkme+0x12d/0x180
[  480.310700][   T29]  kthread+0x26d/0x300
[  480.314603][   T29]  ? hungtask_pm_notify+0x50/0x50
[  480.319475][   T29]  ? kthread_blkcg+0xd0/0xd0
[  480.323894][   T29]  ret_from_fork+0x1f/0x30
[  480.328147][   T29]  </TASK>
[  480.331067][   T29] Sending NMI from CPU 0 to CPUs 1:
[  480.336052][    C1] NMI backtrace for cpu 1
[  480.336064][    C1] CPU: 1 PID: 8085 Comm: syz.3.2266 Tainted: G        W          6.1.90-syzkaller-00005-g8288de83062c #0
[  480.336082][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  480.336092][    C1] RIP: 0010:kasan_check_range+0x1c6/0x2a0
[  480.336117][    C1] Code: ed 49 0f 49 dd 48 83 e3 f8 49 29 dd 74 12 41 80 39 00 0f 85 a6 00 00 00 49 ff c1 49 ff cd 75 ee 5b 41 5c 41 5d 41 5e 41 5f 5d <c3> 45 84 f6 75 61 41 f7 c6 00 ff 00 00 75 5d 41 f7 c6 00 00 ff 00
[  480.336131][    C1] RSP: 0018:ffffc900009beb28 EFLAGS: 00000256
[  480.336146][    C1] RAX: ffffffff81f3ba01 RBX: 000000000000601b RCX: ffffffff81f3bb58
[  480.336158][    C1] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff88811a1897e0
[  480.336169][    C1] RBP: ffffc900009beb30 R08: dffffc0000000000 R09: ffffed10234312fd
[  480.336181][    C1] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88811a1897e0
[  480.336192][    C1] R13: dffffc0000000000 R14: 000000000000000a R15: ffff88811a1897e0
[  480.336203][    C1] FS:  00007f40529186c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[  480.336218][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  480.336229][    C1] CR2: 00007efc9ad0f866 CR3: 00000001299f1000 CR4: 00000000003506a0
[  480.336243][    C1] Call Trace:
[  480.336248][    C1]  <NMI>
[  480.336255][    C1]  ? show_regs+0x58/0x60
[  480.336271][    C1]  ? nmi_cpu_backtrace+0x285/0x2f0
[  480.336289][    C1]  ? nmi_trigger_cpumask_backtrace+0x3c0/0x3c0
[  480.336308][    C1]  ? kasan_check_range+0x1c6/0x2a0
[  480.336326][    C1]  ? kasan_check_range+0x1c6/0x2a0
[  480.336345][    C1]  ? nmi_cpu_backtrace_handler+0xc/0x20
[  480.336363][    C1]  ? nmi_handle+0xa7/0x280
[  480.336379][    C1]  ? kasan_check_range+0x1c6/0x2a0
[  480.336398][    C1]  ? default_do_nmi+0x69/0x160
[  480.336414][    C1]  ? exc_nmi+0xad/0x100
[  480.336428][    C1]  ? end_repeat_nmi+0x16/0x31
[  480.336446][    C1]  ? __ext4_get_inode_loc+0x4c1/0xe40
[  480.336464][    C1]  ? __ext4_get_inode_loc+0x618/0xe40
[  480.336482][    C1]  ? kasan_check_range+0x1c6/0x2a0
[  480.336501][    C1]  ? kasan_check_range+0x1c6/0x2a0
[  480.336521][    C1]  ? kasan_check_range+0x1c6/0x2a0
[  480.336540][    C1]  </NMI>
[  480.336545][    C1]  <TASK>
[  480.336550][    C1]  ? __kasan_check_read+0x11/0x20
[  480.336563][    C1]  __ext4_get_inode_loc+0x618/0xe40
[  480.336584][    C1]  ? __kasan_check_read+0x11/0x20
[  480.336599][    C1]  ? ext4_get_inode_loc+0x190/0x190
[  480.336618][    C1]  ? __kasan_check_write+0x14/0x20
[  480.336633][    C1]  ext4_reserve_inode_write+0x17e/0x360
[  480.336653][    C1]  ? ext4_mark_iloc_dirty+0x1970/0x1970
[  480.336671][    C1]  ? _raw_spin_trylock_bh+0x190/0x190
[  480.336692][    C1]  ? ext4_dirty_inode+0xbd/0x100
[  480.336711][    C1]  __ext4_mark_inode_dirty+0x12e/0x7d0
[  480.336729][    C1]  ? sb_end_intwrite+0x130/0x130
[  480.336746][    C1]  ? __dquot_alloc_space+0x267/0xc10
[  480.336767][    C1]  ? __kasan_check_read+0x11/0x20
[  480.336780][    C1]  ? __ext4_journal_start_sb+0x2f1/0x4b0
[  480.336800][    C1]  ext4_dirty_inode+0xbd/0x100
[  480.336818][    C1]  ? __ext4_expand_extra_isize+0x420/0x420
[  480.336837][    C1]  __mark_inode_dirty+0x200/0xa60
[  480.336857][    C1]  ext4_xattr_block_set+0x1f8e/0x3760
[  480.336878][    C1]  ? ext4_xattr_block_find+0x320/0x320
[  480.336900][    C1]  ? ext4_reserve_inode_write+0x2b3/0x360
[  480.336920][    C1]  ? ext4_mark_iloc_dirty+0x1970/0x1970
[  480.336938][    C1]  ? ext4_xattr_ibody_find+0x102/0x530
[  480.336960][    C1]  ext4_xattr_set_handle+0xdac/0x1560
[  480.336984][    C1]  ? ext4_xattr_set_entry+0x3ef0/0x3ef0
[  480.337014][    C1]  ? selinux_inode_free_security+0x210/0x210
[  480.337037][    C1]  ext4_initxattrs+0xa7/0x120
[  480.337053][    C1]  security_inode_init_security+0x252/0x390
[  480.337074][    C1]  ? ext4_init_security+0x40/0x40
[  480.337091][    C1]  ? security_dentry_create_files_as+0xc0/0xc0
[  480.337113][    C1]  ? __ext4_set_acl+0x5e0/0x5e0
[  480.337129][    C1]  ? _raw_spin_unlock+0x4c/0x70
[  480.337149][    C1]  ext4_init_security+0x34/0x40
[  480.337165][    C1]  __ext4_new_inode+0x31ef/0x40a0
[  480.337185][    C1]  ? ext4_has_group_desc_csum+0x1f0/0x1f0
[  480.337200][    C1]  ? dquot_initialize+0x20/0x20
[  480.337221][    C1]  ext4_create+0x275/0x550
[  480.337239][    C1]  ? ext4_lookup+0x740/0x740
[  480.337256][    C1]  ? selinux_inode_create+0x22/0x30
[  480.337276][    C1]  ? security_inode_create+0xbc/0x100
[  480.337296][    C1]  ? ext4_lookup+0x740/0x740
[  480.337311][    C1]  path_openat+0x12ee/0x2d60
[  480.337332][    C1]  ? do_filp_open+0x480/0x480
[  480.337350][    C1]  do_filp_open+0x230/0x480
[  480.337365][    C1]  ? vfs_tmpfile+0x480/0x480
[  480.337383][    C1]  ? alloc_fd+0x4fa/0x5a0
[  480.337405][    C1]  do_sys_openat2+0x151/0x890
[  480.337423][    C1]  ? __ia32_sys_get_robust_list+0x90/0x90
[  480.337441][    C1]  ? __sys_bpf+0x479/0x7f0
[  480.337459][    C1]  ? do_sys_open+0x220/0x220
[  480.337478][    C1]  ? __se_sys_futex+0x35e/0x3c0
[  480.337497][    C1]  __x64_sys_openat+0x243/0x290
[  480.337515][    C1]  ? __ia32_sys_open+0x270/0x270
[  480.337534][    C1]  ? switch_fpu_return+0xe/0x10
[  480.337550][    C1]  ? exit_to_user_mode_prepare+0x7e/0xa0
[  480.337569][    C1]  x64_sys_call+0x6bf/0x9a0
[  480.337585][    C1]  do_syscall_64+0x3b/0xb0
[  480.337605][    C1]  ? clear_bhb_loop+0x55/0xb0
[  480.337620][    C1]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  480.337636][    C1] RIP: 0033:0x7f4051b799f9
[  480.337724][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  480.337737][    C1] RSP: 002b:00007f4052918038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  480.337767][    C1] RAX: ffffffffffffffda RBX: 00007f4051d16130 RCX: 00007f4051b799f9
[  480.337779][    C1] RDX: 00000000000026e1 RSI: 0000000020000280 RDI: ffffffffffffff9c
[  480.337790][    C1] RBP: 00007f4051be78ee R08: 0000000000000000 R09: 0000000000000000
[  480.337800][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  480.337810][    C1] R13: 0000000000000000 R14: 00007f4051d16130 R15: 00007ffdff3981e8
[  480.337824][    C1]  </TASK>