last executing test programs:

6.808961559s ago: executing program 3:
process_madvise(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080))
r0 = getpid()
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
inotify_init1(0x0)
syz_mount_image$f2fs(&(0x7f00000000c0), &(0x7f0000000000)='./bus\x00', 0x2008418, &(0x7f0000000b40)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000000000000003b814e50a959736d65720f73ecea54b5e5be45aca9836c319f437199ff24212c651baef614d442ae89412ad3dcd0b7586d02fe296d6d65cacd4fc5002207ce994dda65c4b1d23a9bd5ba0f4ce5c2b5a5718c6aa918080002223d2753a5cac974110144cd0a1e368652324a41b31e1e73fa85bae63db763c51fc02936b3b32dccbdf8f68bd96a45a75427a5f789d267fd92f6a5540200b81d5b9fa9b40fe4d7fbd50a6afc3a989c6d60045663c500000000bc7f6b22df0191acf5912afdcc1c061835177068c40f757dd123d2680b1c544f1525aa8d00000000000000000000002e8b5c733d362417c17f527c0bfebec112d57fc69fabb9b31ef97b2100931ff60cdf666c25244218b1f1a6010000000100000020563b835d0e8e9a09070ef1691fcb2f37bda5d4e3d9d7a2d0ac82b45a53001057f321acc45d5e065a461de90100000077d200000000000040b78f0dd3836f5ab2f6a1a5b798bb7752f192c6b48e568973a59cd9c74bd9a14721856c5499cd8f93f8beaa9cf76718ce7244c84268030000000000000008886b313bd01a22d576e414011a4f0a897514329f86d4585fa0ea17068f8af349696da4a2b37828931cf6a369db22b556a8e24310ca52ec51bc23d8c73e6410eb41ca6748e0b57897cb55a2d513e6a00765ee3f58b471c54dd57f0af584afe4a21f92b515e34ac8c454a30dd54a580abcf2fa6fbb273ca0f751e684584320534667aea39ad7222c8ef531f514939177a47395e94c1723abb3fd44fd64fde4b45cc2f55f4ae05ff48648a4c998257856bcdcf2fa02010000001f54fb936570450e91c8d55a0016ff1ec9da9ccc1191c2116322020c66d907e4d9b23496ae19bac24dc23c43f514f1b4af19988bbe61ee29a368a999435d6872d01b79c7821e875859dfbf3c57e4f1fb0be46cb5f7a0fa13516c0926d19dd2d58633d97b4ca282e73ea142b01b4a742fa11c0927ba811dd60903d575e2449d775021b542db617086b3ed42e6e60fe043cff79b0c067c584bbf82657974c3736912b4ab22052b9467d0da116ccc1652d861a420f08baf67d3e9f6160100000001000000ae6335ad9896abd3cc00413638cb9bc62ab8054325d72e9144cfe0bc4060a7c8f4dce73b653177ecf8228e6e6fae02510000000000000000000000000000f43739fdd2d24e50e0233acfe1c863907079cbafe80d01f8a0000000000024589ec3f88e6e99bf1d4373f24d760da4d35e6658f54190e4ce3f5ae00b44b71e299d3f6c892d9abbafbc531d68a84b4688b282bf99dd29c2c037be31b0e7d320a941fb000000000000", @ANYRES32, @ANYRES32=0x0, @ANYRESDEC, @ANYRESHEX, @ANYRESHEX, @ANYRES64, @ANYRES16, @ANYRESOCT], 0x1, 0x5549, &(0x7f0000003d80)="$eJzs3EtvG9UXAPA7TpP++/xHiAW7jlQhJVJt1elDsAvQiodIFfFYsALHdiy3tieKHSeEDRIsEQu+CQKJFUs+AwvW7BALEDskkOeOKaE8WtmJk/b3k8Zn5s74zLkjK9GZsRyAJ9Zi+stPSbgYzoQQ5kII55OQryfFkluN4ZkQwqUQQulPS1KM/zGwEEI4G0K4OEoecybFrs+uDC/f+PG1n7/+9vSpc59/9d3sZg3M2rMhhO5WXN/txpi1YrxbjNeG7Tx2rw+LGHd07xXbWYy7zY08w25tfFwtj9da8fhsa6c/ipudWn0UW+3NfHyrF0/YH7bGefI33K1t59uN5kYe2/0sj639WNfefvzbtt8fxDyNIt/7efowGIxjHG/uNeN8tu7lsd4bFOMxb9Zo7o3isIjF6UI96zTyOjYmudLH2+vt3s5eOmxu99tZL71RqT5Xqd4sV7ezRnPQvF6udRs3r6dLrc7osPKgWeuutrKs1WlW6ll3OV1q1evlajVdutXcaNd6abVauVa5Wr6xXKxdSV++83baaaRLo/hiu7ez0O70081sO43vWE5XKteeX04vV9M319bT9Tdu315bf+vdW+/ceWHt1ZeKgx4oK11aubqyUq5eLa9Ul4/B/Ef/dx9y/oNJ5v9xUfQjzD+Z7PLAv3v0D9gHC4dSCMDJ8UD/H/T/wOE76f1/mGb/P2qp9P//3f+WJu//J+p/j2v/f4LnDxNxgwkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4In1/fwXr+Qri3H7XDF+oRh6qthOQgilEMJvf2MuLBzIOVfkmf+H4+f/UsM3ScgzjM5xuljOhhBWi+XX/x/2VQAAAIDH15cfXvo0duvxZXHWBXGU4k2b0vn3ppQvCSHML/4wpWyl0cvTU0qWf75Phb0pZctvYP1vSsniLbdT08r2UObG4aML9wfzCSUxlI60HAAA4EjMHQhH24UAAABwlD6ZdQHMRhLGjzLHz4Lzb97ff7R55sA+AAAA4ARKZl0AAAAAcOjy/t/v/wEAAMDjLf7+HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPzOzt3cJg6EYQD+bDA/+6NFq71vK3uDMraEPe4xUECaoATSQhqgBnJLCRFE2CMkRyCBsGOBnkfymLHR6xnw5RtLBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2vRSrGZPD78fr83Z7q7TzGwAAACAYzbFalZ+mFT9r+n493ToZ+pnEZFHxLHavReDWmYv5RQnvl98GMNzRJmwv8YwbV8i4k/a3n60/SsAAADA/VovltOqWq+aSdcD4jNVizb5t78N5WURUUxeG0rL982vhsLK+7sf/xtKKxewRg2FVUtu/ePnBueGjC+6ZK+2SzMZzcs/sezlF8UBAAA3oV4JnKhCAAAAuAP/uh4A3cgOzeE547DapQeC41oPAAAAuEFZ1wMAAAAAWlfW/97/BwAAAPetev8fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbdoUq9l6sZyeOj8/M2e7u05zMwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4Z3/ebQCEwRgMmjd0KPsPizwBZZq76tNvpQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwK81ydLYGm+SvdfG0fNIcnZqXJ0ad+fG0wdj9icAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjYn5cUCIEgiII5438nff/DSoKeQYQIaHhUUYsGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC/63S//J6bGmWTutLF0PJKsXTW2rhp7DxpHD8bbvwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYuX/eOIooAODv9m4vfwBhDHJhQEGigIbYl5CQEgqQRcFHQLKcczBcCCQuSGSB3ECFXKdBUCKEBDJdvkPqWEoTuhQujEQN2r1dZ5MYfFjH7sX+/aTZeXsezbzZO1l+3rUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABK2+/ES0kRt7PD1DAuX7uzs7aU9VuP9JlbG3dns5bFrf0W+ubt8Sc/2V6unpyaqZx8VX8yAAAAHA3tsr6PiHvp5kLWJ1N5/Z+WY7Ka//tnhnFZzz9a92/trB0vvjRb1v+//Xr/hd2FpobrZJMurwz684+n0vmftjjxnt13RCe/8vnvXtr5G5K8v/78dppfz9a3t2+/283DY3VkCwAcxOmyL4Ly56Gs7zWZGABHRqdSeJf1f3uq2ZwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6rC9Hk+VcSsiZjsP4szWztrSXv2tjbuzZTt/8+ZGdc5sijQillcG/bTGvUy6a9dvfLI4GPSvjhIk/2XwvsGpiBjrhAcJPhxhTMS/jyk+ntHcLv45aE1GGo0GSfH+TEo+4wzKz974Z27oGxIAAIdWWrSsrr+Xbi5kr7WmI/764eH6/7VKHCPW//c/On+nula1/u/VtsPJN7d6+bO5a9dvvLFyefFS/1L/0zfP9N7qnb1w7tyFuexazc8tR9KfbzpNAAAAnmDdolXr/2T68fv/JytxjFj/f/5d78vqWm31/54e3PRrOhMAAICjqLsbPffKn3+09hjR6nbji8XV1au94XH3/MzwWGu6B3SsaNX6vz3ddFYAAABAHbbXWw/d/79YiWPE+/9P//jiz9U52xFxIuJKRPRPL10ZXKxvOxOtjj9UzhfqNr1TAAAAmnKiaNX7/2n+/H+y+8hDEhGvvzqMy/91NUr9337v65+qa1Wf/z9b3xYnUjIzvB55PxPRmWk6IwAAAA6z40XLiv3f082Fj385+UHX8/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdfs7AAD//5X/Nho=")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x2d)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
mkdir(&(0x7f00000002c0)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

5.869056945s ago: executing program 4:
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000003c0)={'syz_tun\x00', <r1=>0x0})
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1802000000000000000000006f000000850000001700000095000000000000001b470500000000000000d83b4e7c6da6"], &(0x7f00000005c0)='GPL\x00'}, 0x80)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000180)={r2, r1, 0x25, 0x2, @void}, 0x10)
syz_emit_ethernet(0x34e, &(0x7f0000000780)=ANY=[], 0x0)

5.285050564s ago: executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0x8, &(0x7f0000002940)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000b0000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa035881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000004314d16d67ca160010c63a949e8b7955394ffa82b8e942c89112f4ab87430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a6de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fea1f1a629f4d44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a95a670f186a9d8027af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff90326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f570000000097004fa95eae87cacf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b74da42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1879879cbf1e7670968ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0f34d30dc94ef241875f3b44e0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc35f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf790842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc9da71c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8189bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd7040000000094235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced699b3e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c396b6ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920386f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54d232e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf974fcf36cbf6db49a47613808bad9832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f63af851c68f0fd05193cd574d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604ffffffff3e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc5525876fb24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d0104361c37c61a43b5afd865b60d4cae891b73220f17d25979a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f478ee9d3cec994aafe23de66fed972e0dddfb33f64e64701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4faa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a2689217380400a9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a20ffffffff682139c58ac1deb039a691ad640e12c12fe11d70fe495906f2d5d71778acbd4eee53a3996cb0de84bd"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x61}]}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000d40)=ANY=[@ANYBLOB="1800000000000000000000000000000095000000000000005fdb2971dfa2bff372df8cdbeb318ab2bec8fc36903c0ec359ca9daf3c914019395cc154010c693709800000000000000016a85adef34bf78c76e6222337923e1bea6ef682cc4375f594425d408ccc58187feb0e3d43347f989007a7c63f6dae682acb4af936461f34a8a32a50bbbb69ec85168947b86df9f2609bf93f7a1be259621818c3c75da30000bce645451b851111dd98ac4d8da9317c2c082020e0b2d6340809000000000000008e053645cc413790faf7e229c782845b5bb774f7f154263178151ea93ff2cac4b181332c9c9a1c7d85616c8100000000000000d8300d19d585000000fc005774b56a7142047326f940e95b8489e1c5650f5c61299a295f39c88456521cffdef93e29f10f4a11f0cfbfc0ff976b20fe"], &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, 0x0, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1, 0x0, 0xffffffffffffffff, 0xf5010000}, 0x6d)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x48)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r2, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
unshare(0x64000600)

5.192791769s ago: executing program 4:
socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x3a, &(0x7f0000000240)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000004c0), 0x32d, 0x20008090)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000380)='./file0\x00', 0x10cb0, 0x0, 0xfc, 0x0, &(0x7f0000000000))
r3 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000040)={'gre0\x00', &(0x7f0000000800)})
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000540)={0x3, &(0x7f0000000500)=[{0x0, 0x0, 0x7, 0x1f}, {0x4, 0x0, 0x3, 0x3}, {0x20, 0x7, 0x7d}]}, 0x10)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001900010026bd760000000000fc010000000000000000000000080000ac1414bb0000000000000000000000000000000000000000020010"], 0xb8}}, 0x0)
sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="8801000014"], 0x188}}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x8923, &(0x7f0000000680)={'syztnl2\x00', &(0x7f00000002c0)})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4)
ptrace$cont(0x9, r5, 0x6, 0x80020)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000980)=ANY=[@ANYBLOB="180000000000000000000000000002009500000000000000de3a5c5b7db6d340ac7e76ab27be3478ab00003c4bfca8b68f0ef4c3305a511b19a76958e9b7e970ebb213f67df9083207c87e1c212cd64da2b6b8c070f60d744c0bfe81c753e78c00bcca761ad3e4d95a3cd12cd2531de1d789d33a94267c725acf2c32377781d5b032197a7924e79d3165c5f63aee1a6604610d59fa089234349d9c53008382c166482a1e561f73ad9c530fe0c29f9ab6faba5b0213e9653b93fdbfbec09511d102b3b42ccc4006445d395418a87288c7c0a181f8f9f892d9d4fc7d30db9e51afe8e6fd7863062ce3aac3404f02392e0d8772582b4ca007eb08f0c0f4e8b8770d8f2ed60f049cdad9fa2dc3adda1ea29f3c8f6ff2fc7477767f0c14ca4afa19494db0f499160bc332647a809d56711544eef166a9a089"], &(0x7f00000000c0)='GPL\x00', 0x6}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r6}, 0x10)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder1\x00', 0x800, 0x0)
r8 = dup3(0xffffffffffffffff, r7, 0x80000)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000004c0)={'gre0\x00', &(0x7f0000000580)})
ioctl$TUNSETIFINDEX(r8, 0x400454da, &(0x7f0000000400))
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=@newlinkprop={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_NET_NS_PID={0x8}, @IFLA_OPERSTATE]}, 0x77}}, 0x0)

4.164257698s ago: executing program 0:
socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x3a, &(0x7f0000000240)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000004c0), 0x32d, 0x20008090)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000380)='./file0\x00', 0x10cb0, 0x0, 0xfc, 0x0, &(0x7f0000000000))
r3 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000040)={'gre0\x00', &(0x7f0000000800)})
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000540)={0x3, &(0x7f0000000500)=[{0x0, 0x0, 0x7, 0x1f}, {0x4, 0x0, 0x3, 0x3}, {0x20, 0x7, 0x7d}]}, 0x10)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001900010026bd760000000000fc010000000000000000000000080000ac1414bb0000000000000000000000000000000000000000020010"], 0xb8}}, 0x0)
sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="8801000014"], 0x188}}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x8923, &(0x7f0000000680)={'syztnl2\x00', &(0x7f00000002c0)})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4)
ptrace$cont(0x9, r5, 0x6, 0x80020)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000980)=ANY=[@ANYBLOB="180000000000000000000000000002009500000000000000de3a5c5b7db6d340ac7e76ab27be3478ab00003c4bfca8b68f0ef4c3305a511b19a76958e9b7e970ebb213f67df9083207c87e1c212cd64da2b6b8c070f60d744c0bfe81c753e78c00bcca761ad3e4d95a3cd12cd2531de1d789d33a94267c725acf2c32377781d5b032197a7924e79d3165c5f63aee1a6604610d59fa089234349d9c53008382c166482a1e561f73ad9c530fe0c29f9ab6faba5b0213e9653b93fdbfbec09511d102b3b42ccc4006445d395418a87288c7c0a181f8f9f892d9d4fc7d30db9e51afe8e6fd7863062ce3aac3404f02392e0d8772582b4ca007eb08f0c0f4e8b8770d8f2ed60f049cdad9fa2dc3adda1ea29f3c8f6ff2fc7477767f0c14ca4afa19494db0f499160bc332647a809d56711544eef166a9a089"], &(0x7f00000000c0)='GPL\x00', 0x6}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r6}, 0x10)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder1\x00', 0x800, 0x0)
r8 = dup3(0xffffffffffffffff, r7, 0x80000)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000004c0)={'gre0\x00', &(0x7f0000000580)})
ioctl$TUNSETIFINDEX(r8, 0x400454da, &(0x7f0000000400))
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=@newlinkprop={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_NET_NS_PID={0x8}, @IFLA_OPERSTATE]}, 0x77}}, 0x0)

4.161966648s ago: executing program 1:
socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x3a, &(0x7f0000000240)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000004c0), 0x32d, 0x20008090)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000380)='./file0\x00', 0x10cb0, 0x0, 0xfc, 0x0, &(0x7f0000000000))
r3 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000040)={'gre0\x00', &(0x7f0000000800)})
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000540)={0x3, &(0x7f0000000500)=[{0x0, 0x0, 0x7, 0x1f}, {0x4, 0x0, 0x3, 0x3}, {0x20, 0x7, 0x7d}]}, 0x10)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001900010026bd760000000000fc010000000000000000000000080000ac1414bb0000000000000000000000000000000000000000020010"], 0xb8}}, 0x0)
sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="8801000014"], 0x188}}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x8923, &(0x7f0000000680)={'syztnl2\x00', &(0x7f00000002c0)})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4)
ptrace$cont(0x9, r5, 0x6, 0x80020)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000980)=ANY=[@ANYBLOB="180000000000000000000000000002009500000000000000de3a5c5b7db6d340ac7e76ab27be3478ab00003c4bfca8b68f0ef4c3305a511b19a76958e9b7e970ebb213f67df9083207c87e1c212cd64da2b6b8c070f60d744c0bfe81c753e78c00bcca761ad3e4d95a3cd12cd2531de1d789d33a94267c725acf2c32377781d5b032197a7924e79d3165c5f63aee1a6604610d59fa089234349d9c53008382c166482a1e561f73ad9c530fe0c29f9ab6faba5b0213e9653b93fdbfbec09511d102b3b42ccc4006445d395418a87288c7c0a181f8f9f892d9d4fc7d30db9e51afe8e6fd7863062ce3aac3404f02392e0d8772582b4ca007eb08f0c0f4e8b8770d8f2ed60f049cdad9fa2dc3adda1ea29f3c8f6ff2fc7477767f0c14ca4afa19494db0f499160bc332647a809d56711544eef166a9a089"], &(0x7f00000000c0)='GPL\x00', 0x6}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r6}, 0x10)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder1\x00', 0x800, 0x0)
r8 = dup3(0xffffffffffffffff, r7, 0x80000)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000004c0)={'gre0\x00', &(0x7f0000000580)})
ioctl$TUNSETIFINDEX(r8, 0x400454da, &(0x7f0000000400))
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=@newlinkprop={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_NET_NS_PID={0x8}, @IFLA_OPERSTATE]}, 0x77}}, 0x0)

4.043493286s ago: executing program 4:
socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x3a, &(0x7f0000000240)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000004c0), 0x32d, 0x20008090)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000380)='./file0\x00', 0x10cb0, 0x0, 0xfc, 0x0, &(0x7f0000000000))
r3 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000040)={'gre0\x00', &(0x7f0000000800)})
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000540)={0x3, &(0x7f0000000500)=[{0x0, 0x0, 0x7, 0x1f}, {0x4, 0x0, 0x3, 0x3}, {0x20, 0x7, 0x7d}]}, 0x10)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001900010026bd760000000000fc010000000000000000000000080000ac1414bb0000000000000000000000000000000000000000020010"], 0xb8}}, 0x0)
sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="8801000014"], 0x188}}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x8923, &(0x7f0000000680)={'syztnl2\x00', &(0x7f00000002c0)})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4)
ptrace$cont(0x9, r5, 0x6, 0x80020)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000980)=ANY=[@ANYBLOB="180000000000000000000000000002009500000000000000de3a5c5b7db6d340ac7e76ab27be3478ab00003c4bfca8b68f0ef4c3305a511b19a76958e9b7e970ebb213f67df9083207c87e1c212cd64da2b6b8c070f60d744c0bfe81c753e78c00bcca761ad3e4d95a3cd12cd2531de1d789d33a94267c725acf2c32377781d5b032197a7924e79d3165c5f63aee1a6604610d59fa089234349d9c53008382c166482a1e561f73ad9c530fe0c29f9ab6faba5b0213e9653b93fdbfbec09511d102b3b42ccc4006445d395418a87288c7c0a181f8f9f892d9d4fc7d30db9e51afe8e6fd7863062ce3aac3404f02392e0d8772582b4ca007eb08f0c0f4e8b8770d8f2ed60f049cdad9fa2dc3adda1ea29f3c8f6ff2fc7477767f0c14ca4afa19494db0f499160bc332647a809d56711544eef166a9a089"], &(0x7f00000000c0)='GPL\x00', 0x6}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r6}, 0x10)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder1\x00', 0x800, 0x0)
r8 = dup3(0xffffffffffffffff, r7, 0x80000)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000004c0)={'gre0\x00', &(0x7f0000000580)})
ioctl$TUNSETIFINDEX(r8, 0x400454da, &(0x7f0000000400))
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=@newlinkprop={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_NET_NS_PID={0x8}, @IFLA_OPERSTATE]}, 0x77}}, 0x0)

2.978870701s ago: executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000001000000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0)
openat(r1, &(0x7f00000000c0)='./file0\x00', 0x601c2, 0x0)
faccessat(r1, &(0x7f0000000000)='./file0\x00', 0x0)

2.977109261s ago: executing program 1:
r0 = socket$inet6(0xa, 0x3, 0x6)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000100)={@loopback, 0x800, 0x0, 0x2000000000903, 0x1}, 0x20)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000040)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x800, 0x0, 0x2, 0x3}, 0x20)

2.848976501s ago: executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000014000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r0}, 0x10)
ftruncate(0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
pipe(&(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
write$binfmt_script(r2, &(0x7f0000000100), 0xb)
splice(r4, 0x0, r5, 0x0, 0x8000f28, 0x0)
splice(r1, 0x0, r5, 0x0, 0x80, 0x0)
write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0)
write(r3, 0x0, 0x0)

2.760721564s ago: executing program 2:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000000000008500000005000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000500)='jbd2_handle_stats\x00', r0}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

2.728749879s ago: executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
r3 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
close(r3)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000f0cd00000000000004000000850000000700000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r2, r4, 0x5}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r2}, &(0x7f00000006c0), &(0x7f0000000700)=r1}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
sendmsg$inet(r0, &(0x7f0000000980)={0x0, 0x0, 0x0}, 0x0)

2.715221521s ago: executing program 1:
socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x3a, &(0x7f0000000240)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000004c0), 0x32d, 0x20008090)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000380)='./file0\x00', 0x10cb0, 0x0, 0xfc, 0x0, &(0x7f0000000000))
r3 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000040)={'gre0\x00', &(0x7f0000000800)})
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000540)={0x3, &(0x7f0000000500)=[{0x0, 0x0, 0x7, 0x1f}, {0x4, 0x0, 0x3, 0x3}, {0x20, 0x7, 0x7d}]}, 0x10)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001900010026bd760000000000fc010000000000000000000000080000ac1414bb0000000000000000000000000000000000000000020010"], 0xb8}}, 0x0)
sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="8801000014"], 0x188}}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x8923, &(0x7f0000000680)={'syztnl2\x00', &(0x7f00000002c0)})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4)
ptrace$cont(0x9, r5, 0x6, 0x80020)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000980)=ANY=[@ANYBLOB="180000000000000000000000000002009500000000000000de3a5c5b7db6d340ac7e76ab27be3478ab00003c4bfca8b68f0ef4c3305a511b19a76958e9b7e970ebb213f67df9083207c87e1c212cd64da2b6b8c070f60d744c0bfe81c753e78c00bcca761ad3e4d95a3cd12cd2531de1d789d33a94267c725acf2c32377781d5b032197a7924e79d3165c5f63aee1a6604610d59fa089234349d9c53008382c166482a1e561f73ad9c530fe0c29f9ab6faba5b0213e9653b93fdbfbec09511d102b3b42ccc4006445d395418a87288c7c0a181f8f9f892d9d4fc7d30db9e51afe8e6fd7863062ce3aac3404f02392e0d8772582b4ca007eb08f0c0f4e8b8770d8f2ed60f049cdad9fa2dc3adda1ea29f3c8f6ff2fc7477767f0c14ca4afa19494db0f499160bc332647a809d56711544eef166a9a089"], &(0x7f00000000c0)='GPL\x00', 0x6}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r6}, 0x10)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder1\x00', 0x800, 0x0)
r8 = dup3(0xffffffffffffffff, r7, 0x80000)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000004c0)={'gre0\x00', &(0x7f0000000580)})
ioctl$TUNSETIFINDEX(r8, 0x400454da, &(0x7f0000000400))
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=@newlinkprop={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_NET_NS_PID={0x8}, @IFLA_OPERSTATE]}, 0x77}}, 0x0)

2.608749467s ago: executing program 2:
syz_mount_image$tmpfs(&(0x7f0000000180), &(0x7f0000000080)='./file0\x00', 0x8a0088, 0x0, 0xfe, 0x0, &(0x7f0000000040))
rt_sigprocmask(0x0, &(0x7f0000000200)={[0xfffffbfd]}, 0x0, 0x8)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c000000000000000000000c850000006d00000095"], &(0x7f0000001800)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='9p_protocol_dump\x00', r0}, 0x10)
pipe2$9p(&(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

2.554002466s ago: executing program 3:
socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x3a, &(0x7f0000000240)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000004c0), 0x32d, 0x20008090)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000380)='./file0\x00', 0x10cb0, 0x0, 0xfc, 0x0, &(0x7f0000000000))
r3 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000040)={'gre0\x00', &(0x7f0000000800)})
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000540)={0x3, &(0x7f0000000500)=[{0x0, 0x0, 0x7, 0x1f}, {0x4, 0x0, 0x3, 0x3}, {0x20, 0x7, 0x7d}]}, 0x10)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001900010026bd760000000000fc010000000000000000000000080000ac1414bb0000000000000000000000000000000000000000020010"], 0xb8}}, 0x0)
sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="8801000014"], 0x188}}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x8923, &(0x7f0000000680)={'syztnl2\x00', &(0x7f00000002c0)})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4)
ptrace$cont(0x9, r5, 0x6, 0x80020)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000980)=ANY=[@ANYBLOB="180000000000000000000000000002009500000000000000de3a5c5b7db6d340ac7e76ab27be3478ab00003c4bfca8b68f0ef4c3305a511b19a76958e9b7e970ebb213f67df9083207c87e1c212cd64da2b6b8c070f60d744c0bfe81c753e78c00bcca761ad3e4d95a3cd12cd2531de1d789d33a94267c725acf2c32377781d5b032197a7924e79d3165c5f63aee1a6604610d59fa089234349d9c53008382c166482a1e561f73ad9c530fe0c29f9ab6faba5b0213e9653b93fdbfbec09511d102b3b42ccc4006445d395418a87288c7c0a181f8f9f892d9d4fc7d30db9e51afe8e6fd7863062ce3aac3404f02392e0d8772582b4ca007eb08f0c0f4e8b8770d8f2ed60f049cdad9fa2dc3adda1ea29f3c8f6ff2fc7477767f0c14ca4afa19494db0f499160bc332647a809d56711544eef166a9a089"], &(0x7f00000000c0)='GPL\x00', 0x6}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r6}, 0x10)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder1\x00', 0x800, 0x0)
r8 = dup3(0xffffffffffffffff, r7, 0x80000)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000004c0)={'gre0\x00', &(0x7f0000000580)})
ioctl$TUNSETIFINDEX(r8, 0x400454da, &(0x7f0000000400))
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=@newlinkprop={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_NET_NS_PID={0x8}, @IFLA_OPERSTATE]}, 0x77}}, 0x0)

2.535550479s ago: executing program 0:
socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x3a, &(0x7f0000000240)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000004c0), 0x32d, 0x20008090)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000380)='./file0\x00', 0x10cb0, 0x0, 0xfc, 0x0, &(0x7f0000000000))
r3 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000040)={'gre0\x00', &(0x7f0000000800)})
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000540)={0x3, &(0x7f0000000500)=[{0x0, 0x0, 0x7, 0x1f}, {0x4, 0x0, 0x3, 0x3}, {0x20, 0x7, 0x7d}]}, 0x10)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001900010026bd760000000000fc010000000000000000000000080000ac1414bb0000000000000000000000000000000000000000020010"], 0xb8}}, 0x0)
sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="8801000014"], 0x188}}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x8923, &(0x7f0000000680)={'syztnl2\x00', &(0x7f00000002c0)})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4)
ptrace$cont(0x9, r5, 0x6, 0x80020)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000980)=ANY=[@ANYBLOB="180000000000000000000000000002009500000000000000de3a5c5b7db6d340ac7e76ab27be3478ab00003c4bfca8b68f0ef4c3305a511b19a76958e9b7e970ebb213f67df9083207c87e1c212cd64da2b6b8c070f60d744c0bfe81c753e78c00bcca761ad3e4d95a3cd12cd2531de1d789d33a94267c725acf2c32377781d5b032197a7924e79d3165c5f63aee1a6604610d59fa089234349d9c53008382c166482a1e561f73ad9c530fe0c29f9ab6faba5b0213e9653b93fdbfbec09511d102b3b42ccc4006445d395418a87288c7c0a181f8f9f892d9d4fc7d30db9e51afe8e6fd7863062ce3aac3404f02392e0d8772582b4ca007eb08f0c0f4e8b8770d8f2ed60f049cdad9fa2dc3adda1ea29f3c8f6ff2fc7477767f0c14ca4afa19494db0f499160bc332647a809d56711544eef166a9a089"], &(0x7f00000000c0)='GPL\x00', 0x6}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r6}, 0x10)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder1\x00', 0x800, 0x0)
r8 = dup3(0xffffffffffffffff, r7, 0x80000)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000004c0)={'gre0\x00', &(0x7f0000000580)})
ioctl$TUNSETIFINDEX(r8, 0x400454da, &(0x7f0000000400))
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=@newlinkprop={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_NET_NS_PID={0x8}, @IFLA_OPERSTATE]}, 0x77}}, 0x0)

2.355017407s ago: executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x63b6}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703002e774ae600b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='ext4_mballoc_alloc\x00', r1}, 0x10)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)

2.083642599s ago: executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
syz_mount_image$fuse(0x0, &(0x7f0000000340)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000180), 0x0, 0x0)
chdir(&(0x7f0000000180)='./file0\x00')
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})

1.354679561s ago: executing program 1:
socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x3a, &(0x7f0000000240)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000004c0), 0x32d, 0x20008090)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000380)='./file0\x00', 0x10cb0, 0x0, 0xfc, 0x0, &(0x7f0000000000))
r3 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000040)={'gre0\x00', &(0x7f0000000800)})
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000540)={0x3, &(0x7f0000000500)=[{0x0, 0x0, 0x7, 0x1f}, {0x4, 0x0, 0x3, 0x3}, {0x20, 0x7, 0x7d}]}, 0x10)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001900010026bd760000000000fc010000000000000000000000080000ac1414bb0000000000000000000000000000000000000000020010"], 0xb8}}, 0x0)
sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="8801000014"], 0x188}}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x8923, &(0x7f0000000680)={'syztnl2\x00', &(0x7f00000002c0)})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4)
ptrace$cont(0x9, r5, 0x6, 0x80020)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000980)=ANY=[@ANYBLOB="180000000000000000000000000002009500000000000000de3a5c5b7db6d340ac7e76ab27be3478ab00003c4bfca8b68f0ef4c3305a511b19a76958e9b7e970ebb213f67df9083207c87e1c212cd64da2b6b8c070f60d744c0bfe81c753e78c00bcca761ad3e4d95a3cd12cd2531de1d789d33a94267c725acf2c32377781d5b032197a7924e79d3165c5f63aee1a6604610d59fa089234349d9c53008382c166482a1e561f73ad9c530fe0c29f9ab6faba5b0213e9653b93fdbfbec09511d102b3b42ccc4006445d395418a87288c7c0a181f8f9f892d9d4fc7d30db9e51afe8e6fd7863062ce3aac3404f02392e0d8772582b4ca007eb08f0c0f4e8b8770d8f2ed60f049cdad9fa2dc3adda1ea29f3c8f6ff2fc7477767f0c14ca4afa19494db0f499160bc332647a809d56711544eef166a9a089"], &(0x7f00000000c0)='GPL\x00', 0x6}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r6}, 0x10)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder1\x00', 0x800, 0x0)
r8 = dup3(0xffffffffffffffff, r7, 0x80000)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000004c0)={'gre0\x00', &(0x7f0000000580)})
ioctl$TUNSETIFINDEX(r8, 0x400454da, &(0x7f0000000400))
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=@newlinkprop={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_NET_NS_PID={0x8}, @IFLA_OPERSTATE]}, 0x77}}, 0x0)

1.351437572s ago: executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000600000000005e00221a850000006d00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff"], 0x15)
r3 = dup(r2)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
write$FUSE_DIRENTPLUS(r3, &(0x7f00000005c0)=ANY=[@ANYBLOB="b8"], 0xb8)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000002c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})

1.220866842s ago: executing program 3:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000600000000005e00221a850000006d00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff"], 0x15)
r3 = dup(r2)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
write$FUSE_DIRENTPLUS(r3, &(0x7f00000005c0)=ANY=[@ANYBLOB="b8"], 0xb8)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000002c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})

1.203092655s ago: executing program 0:
bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0x8, &(0x7f0000002940)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000b0000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa035881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000004314d16d67ca160010c63a949e8b7955394ffa82b8e942c89112f4ab87430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a6de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fea1f1a629f4d44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a95a670f186a9d8027af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff90326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f570000000097004fa95eae87cacf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b74da42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1879879cbf1e7670968ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0f34d30dc94ef241875f3b44e0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc35f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf790842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc9da71c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8189bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd7040000000094235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced699b3e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c396b6ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920386f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54d232e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf974fcf36cbf6db49a47613808bad9832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f63af851c68f0fd05193cd574d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604ffffffff3e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc5525876fb24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d0104361c37c61a43b5afd865b60d4cae891b73220f17d25979a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f478ee9d3cec994aafe23de66fed972e0dddfb33f64e64701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4faa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a2689217380400a9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a20ffffffff682139c58ac1deb039a691ad640e12c12fe11d70fe495906f2d5d71778acbd4eee53a3996cb0de84bd"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x61}]}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000d40)=ANY=[@ANYBLOB="1800000000000000000000000000000095000000000000005fdb2971dfa2bff372df8cdbeb318ab2bec8fc36903c0ec359ca9daf3c914019395cc154010c693709800000000000000016a85adef34bf78c76e6222337923e1bea6ef682cc4375f594425d408ccc58187feb0e3d43347f989007a7c63f6dae682acb4af936461f34a8a32a50bbbb69ec85168947b86df9f2609bf93f7a1be259621818c3c75da30000bce645451b851111dd98ac4d8da9317c2c082020e0b2d6340809000000000000008e053645cc413790faf7e229c782845b5bb774f7f154263178151ea93ff2cac4b181332c9c9a1c7d85616c8100000000000000d8300d19d585000000fc005774b56a7142047326f940e95b8489e1c5650f5c61299a295f39c88456521cffdef93e29f10f4a11f0cfbfc0ff976b20fe"], &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, 0x0, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1, 0x0, 0xffffffffffffffff, 0xf5010000}, 0x6d)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x48)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r2, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
unshare(0x64000600)

1.175563539s ago: executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0x8, &(0x7f0000002940)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000b0000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa035881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000004314d16d67ca160010c63a949e8b7955394ffa82b8e942c89112f4ab87430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a6de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fea1f1a629f4d44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a95a670f186a9d8027af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff90326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f570000000097004fa95eae87cacf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b74da42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1879879cbf1e7670968ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0f34d30dc94ef241875f3b44e0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc35f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf790842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc9da71c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8189bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd7040000000094235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced699b3e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c396b6ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920386f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54d232e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf974fcf36cbf6db49a47613808bad9832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f63af851c68f0fd05193cd574d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604ffffffff3e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc5525876fb24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d0104361c37c61a43b5afd865b60d4cae891b73220f17d25979a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f478ee9d3cec994aafe23de66fed972e0dddfb33f64e64701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4faa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a2689217380400a9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a20ffffffff682139c58ac1deb039a691ad640e12c12fe11d70fe495906f2d5d71778acbd4eee53a3996cb0de84bd"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x61}]}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000d40)=ANY=[@ANYBLOB="1800000000000000000000000000000095000000000000005fdb2971dfa2bff372df8cdbeb318ab2bec8fc36903c0ec359ca9daf3c914019395cc154010c693709800000000000000016a85adef34bf78c76e6222337923e1bea6ef682cc4375f594425d408ccc58187feb0e3d43347f989007a7c63f6dae682acb4af936461f34a8a32a50bbbb69ec85168947b86df9f2609bf93f7a1be259621818c3c75da30000bce645451b851111dd98ac4d8da9317c2c082020e0b2d6340809000000000000008e053645cc413790faf7e229c782845b5bb774f7f154263178151ea93ff2cac4b181332c9c9a1c7d85616c8100000000000000d8300d19d585000000fc005774b56a7142047326f940e95b8489e1c5650f5c61299a295f39c88456521cffdef93e29f10f4a11f0cfbfc0ff976b20fe"], &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, 0x0, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1, 0x0, 0xffffffffffffffff, 0xf5010000}, 0x6d)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x48)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r2, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
unshare(0x64000600)

1.150580033s ago: executing program 2:
syz_mount_image$tmpfs(&(0x7f0000000180), &(0x7f0000000080)='./file0\x00', 0x8a0088, 0x0, 0xfe, 0x0, &(0x7f0000000040))
rt_sigprocmask(0x0, &(0x7f0000000200)={[0xfffffbfd]}, 0x0, 0x8)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c000000000000000000000c850000006d00000095"], &(0x7f0000001800)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='9p_protocol_dump\x00', r0}, 0x10)
pipe2$9p(&(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

838.283941ms ago: executing program 3:
socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x3a, &(0x7f0000000240)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000004c0), 0x32d, 0x20008090)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000380)='./file0\x00', 0x10cb0, 0x0, 0xfc, 0x0, &(0x7f0000000000))
r3 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000040)={'gre0\x00', &(0x7f0000000800)})
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000540)={0x3, &(0x7f0000000500)=[{0x0, 0x0, 0x7, 0x1f}, {0x4, 0x0, 0x3, 0x3}, {0x20, 0x7, 0x7d}]}, 0x10)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001900010026bd760000000000fc010000000000000000000000080000ac1414bb0000000000000000000000000000000000000000020010"], 0xb8}}, 0x0)
sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="8801000014"], 0x188}}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x8923, &(0x7f0000000680)={'syztnl2\x00', &(0x7f00000002c0)})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4)
ptrace$cont(0x9, r5, 0x6, 0x80020)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000980)=ANY=[@ANYBLOB="180000000000000000000000000002009500000000000000de3a5c5b7db6d340ac7e76ab27be3478ab00003c4bfca8b68f0ef4c3305a511b19a76958e9b7e970ebb213f67df9083207c87e1c212cd64da2b6b8c070f60d744c0bfe81c753e78c00bcca761ad3e4d95a3cd12cd2531de1d789d33a94267c725acf2c32377781d5b032197a7924e79d3165c5f63aee1a6604610d59fa089234349d9c53008382c166482a1e561f73ad9c530fe0c29f9ab6faba5b0213e9653b93fdbfbec09511d102b3b42ccc4006445d395418a87288c7c0a181f8f9f892d9d4fc7d30db9e51afe8e6fd7863062ce3aac3404f02392e0d8772582b4ca007eb08f0c0f4e8b8770d8f2ed60f049cdad9fa2dc3adda1ea29f3c8f6ff2fc7477767f0c14ca4afa19494db0f499160bc332647a809d56711544eef166a9a089"], &(0x7f00000000c0)='GPL\x00', 0x6}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r6}, 0x10)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder1\x00', 0x800, 0x0)
r8 = dup3(0xffffffffffffffff, r7, 0x80000)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000004c0)={'gre0\x00', &(0x7f0000000580)})
ioctl$TUNSETIFINDEX(r8, 0x400454da, &(0x7f0000000400))
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=@newlinkprop={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_NET_NS_PID={0x8}, @IFLA_OPERSTATE]}, 0x77}}, 0x0)

771.822371ms ago: executing program 2:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000000000008500000005000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000500)='jbd2_handle_stats\x00', r0}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

731.065787ms ago: executing program 2:
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000180000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000f0850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
open(0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x10)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000380)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
bpf$BPF_BTF_GET_NEXT_ID(0x17, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600b35, 0x15)

332.617099ms ago: executing program 1:
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
chdir(&(0x7f0000000000)='./file0\x00')
creat(&(0x7f0000000040)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0)
readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)

18.611287ms ago: executing program 1:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000003e5c0000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000340)={<r0=>0xffffffffffffffff})
close(r0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
close(r0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r2, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='ext4_free_inode\x00', r3}, 0x10)
unlink(&(0x7f0000000140)='./cgroup\x00')

0s ago: executing program 0:
r0 = syz_usb_connect$uac1(0x0, 0xa4, &(0x7f00000000c0)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000900850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kfree\x00', r2}, 0x10)
syz_usb_control_io$uac1(r0, &(0x7f0000000680)={0x14, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00032a0000002a03"]}, 0x0)

kernel console output (not intermixed with test programs):

   T37] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  575.802343][   T37] usb 3-1: config 0 descriptor??
[  575.920027][T24336] bridge0: port 1(bridge_slave_0) entered blocking state
[  575.926877][T24336] bridge0: port 1(bridge_slave_0) entered disabled state
[  575.934542][T24336] device bridge_slave_0 entered promiscuous mode
[  575.945041][T24336] bridge0: port 2(bridge_slave_1) entered blocking state
[  575.951988][T24336] bridge0: port 2(bridge_slave_1) entered disabled state
[  575.959199][T24336] device bridge_slave_1 entered promiscuous mode
[  576.025815][T24348] device bridge_slave_0 left promiscuous mode
[  576.032850][T24348] bridge0: port 1(bridge_slave_0) entered disabled state
[  576.040796][T24348] device bridge_slave_1 left promiscuous mode
[  576.046725][T24348] bridge0: port 2(bridge_slave_1) entered disabled state
[  576.062252][T24336] bridge0: port 2(bridge_slave_1) entered blocking state
[  576.069089][T24336] bridge0: port 2(bridge_slave_1) entered forwarding state
[  576.076208][T24336] bridge0: port 1(bridge_slave_0) entered blocking state
[  576.082996][T24336] bridge0: port 1(bridge_slave_0) entered forwarding state
[  576.091258][T24348] bridge0: port 1(syz_tun) entered blocking state
[  576.097489][T24348] bridge0: port 1(syz_tun) entered disabled state
[  576.104283][T24348] device syz_tun entered promiscuous mode
[  576.132343][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  576.140114][    T6] bridge0: port 1(bridge_slave_0) entered disabled state
[  576.147236][    T6] bridge0: port 2(bridge_slave_1) entered disabled state
[  576.164355][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  576.173167][  T332] bridge0: port 1(bridge_slave_0) entered blocking state
[  576.180027][  T332] bridge0: port 1(bridge_slave_0) entered forwarding state
[  576.187703][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  576.195942][  T332] bridge0: port 2(bridge_slave_1) entered blocking state
[  576.202880][  T332] bridge0: port 2(bridge_slave_1) entered forwarding state
[  576.213605][    T8] device bridge_slave_1 left promiscuous mode
[  576.220202][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[  576.229817][T24351] loop4: detected capacity change from 0 to 256
[  576.236844][    T8] device bridge_slave_0 left promiscuous mode
[  576.243173][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[  576.250228][T24351] exfat: Deprecated parameter 'utf8'
[  576.258039][T24351] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d)
[  576.279972][   T37] microsoft 0003:045E:07DA.009E: unknown main item tag 0x0
[  576.290287][   T37] microsoft 0003:045E:07DA.009E: unknown main item tag 0x1
[  576.303885][   T37] microsoft 0003:045E:07DA.009E: unbalanced collection at end of report description
[  576.323315][   T37] microsoft 0003:045E:07DA.009E: parse failed
[  576.336565][   T37] microsoft: probe of 0003:045E:07DA.009E failed with error -22
[  576.405380][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  576.415418][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  576.442611][ T6384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  576.460117][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  576.471580][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  576.491076][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  576.506878][T24336] device veth0_vlan entered promiscuous mode
[  576.513468][  T351] usb 3-1: USB disconnect, device number 49
[  576.536950][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  576.548518][T24336] device veth1_macvtap entered promiscuous mode
[  576.570190][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  576.584476][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  576.592990][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  576.667689][T23099] device syz_tun left promiscuous mode
[  576.673085][T23099] bridge0: port 1(syz_tun) entered disabled state
[  577.051618][T24370] bridge0: port 1(bridge_slave_0) entered blocking state
[  577.058658][T24370] bridge0: port 1(bridge_slave_0) entered disabled state
[  577.065901][T24370] device bridge_slave_0 entered promiscuous mode
[  577.073028][T24370] bridge0: port 2(bridge_slave_1) entered blocking state
[  577.080061][T24370] bridge0: port 2(bridge_slave_1) entered disabled state
[  577.087308][T24370] device bridge_slave_1 entered promiscuous mode
[  577.150997][T24370] bridge0: port 2(bridge_slave_1) entered blocking state
[  577.157858][T24370] bridge0: port 2(bridge_slave_1) entered forwarding state
[  577.164966][T24370] bridge0: port 1(bridge_slave_0) entered blocking state
[  577.171763][T24370] bridge0: port 1(bridge_slave_0) entered forwarding state
[  577.203534][ T6384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  577.211576][ T6384] bridge0: port 1(bridge_slave_0) entered disabled state
[  577.218816][ T6384] bridge0: port 2(bridge_slave_1) entered disabled state
[  577.248298][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  577.256322][  T332] bridge0: port 1(bridge_slave_0) entered blocking state
[  577.263179][  T332] bridge0: port 1(bridge_slave_0) entered forwarding state
[  577.270613][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  577.280156][  T332] bridge0: port 2(bridge_slave_1) entered blocking state
[  577.286992][  T332] bridge0: port 2(bridge_slave_1) entered forwarding state
[  577.294161][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  577.301917][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  577.315562][T24370] device veth0_vlan entered promiscuous mode
[  577.323737][T24379] device bridge_slave_0 left promiscuous mode
[  577.329705][T24379] bridge0: port 1(bridge_slave_0) entered disabled state
[  577.336990][T24379] device bridge_slave_1 left promiscuous mode
[  577.343077][T24379] bridge0: port 2(bridge_slave_1) entered disabled state
[  577.351036][ T6401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  577.359311][ T6401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  577.367190][ T6401] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  577.374551][ T6401] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  577.382641][T24379] bridge0: port 1(syz_tun) entered blocking state
[  577.388906][T24379] bridge0: port 1(syz_tun) entered disabled state
[  577.395536][T24379] device syz_tun entered promiscuous mode
[  577.456993][T24370] device veth1_macvtap entered promiscuous mode
[  577.464131][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  577.478117][  T351] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  577.486356][  T351] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  577.491627][T24384] loop1: detected capacity change from 0 to 1024
[  577.521331][T24384] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  577.550078][T24384] loop1: detected capacity change from 1024 to 64
[  577.562659][T24384] syz-executor.1: attempt to access beyond end of device
[  577.562659][T24384] loop1: rw=2049, sector=224, nr_sectors = 2 limit=64
[  577.576228][T24384] EXT4-fs warning (device loop1): ext4_end_bio:347: I/O error 10 writing to inode 15 starting block 112)
[  577.587354][T24384] buffer_io_error: 17 callbacks suppressed
[  577.587367][T24384] Buffer I/O error on device loop1, logical block 112
[  577.599824][T24384] syz-executor.1: attempt to access beyond end of device
[  577.599824][T24384] loop1: rw=2049, sector=228, nr_sectors = 124 limit=64
[  577.613785][T24384] EXT4-fs warning (device loop1): ext4_end_bio:347: I/O error 10 writing to inode 15 starting block 114)
[  577.625242][T24384] Buffer I/O error on device loop1, logical block 114
[  577.631819][T24384] Buffer I/O error on device loop1, logical block 115
[  577.638651][T24384] Buffer I/O error on device loop1, logical block 116
[  577.645223][T24384] Buffer I/O error on device loop1, logical block 117
[  577.651821][T24384] Buffer I/O error on device loop1, logical block 118
[  577.658414][T24384] Buffer I/O error on device loop1, logical block 119
[  577.665373][T24384] Buffer I/O error on device loop1, logical block 120
[  577.671950][T24384] Buffer I/O error on device loop1, logical block 121
[  577.671970][T24384] Buffer I/O error on device loop1, logical block 122
[  577.672454][T24384] syz-executor.1: attempt to access beyond end of device
[  577.672454][T24384] loop1: rw=2049, sector=352, nr_sectors = 4 limit=64
[  577.698825][T24384] EXT4-fs warning (device loop1): ext4_end_bio:347: I/O error 10 writing to inode 15 starting block 176)
[  577.819102][T24057] EXT4-fs warning (device loop1): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.1: error -12 reading directory block
[  577.833318][T24057] EXT4-fs warning (device loop1): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.1: error -12 reading directory block
[  577.847372][T24057] EXT4-fs warning (device loop1): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.1: error -12 reading directory block
[  577.861125][T24057] EXT4-fs warning (device loop1): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.1: error -12 reading directory block
[  577.874843][T24057] EXT4-fs warning (device loop1): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.1: error -12 reading directory block
[  577.888421][T24057] EXT4-fs warning (device loop1): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.1: error -12 reading directory block
[  577.902645][T24057] EXT4-fs warning (device loop1): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.1: error -12 reading directory block
[  577.983942][T24057] EXT4-fs (loop1): unmounting filesystem.
[  577.990381][T24387] kmmpd-loop1: attempt to access beyond end of device
[  577.990381][T24387] loop1: rw=14337, sector=128, nr_sectors = 2 limit=64
[  578.003772][T24387] buffer_io_error: 502 callbacks suppressed
[  578.003787][T24387] Buffer I/O error on dev loop1, logical block 64, lost sync page write
[  578.766810][T24417] bridge0: port 1(bridge_slave_0) entered blocking state
[  578.774092][T24417] bridge0: port 1(bridge_slave_0) entered disabled state
[  578.781815][T24417] device bridge_slave_0 entered promiscuous mode
[  578.789987][T24417] bridge0: port 2(bridge_slave_1) entered blocking state
[  578.797336][T24417] bridge0: port 2(bridge_slave_1) entered disabled state
[  578.805205][T24417] device bridge_slave_1 entered promiscuous mode
[  578.813743][    T8] device bridge_slave_1 left promiscuous mode
[  578.819923][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[  578.827775][    T8] device bridge_slave_0 left promiscuous mode
[  578.834200][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[  578.842822][    T8] device veth1_macvtap left promiscuous mode
[  578.848741][    T8] device veth0_vlan left promiscuous mode
[  579.109904][T24417] bridge0: port 2(bridge_slave_1) entered blocking state
[  579.116792][T24417] bridge0: port 2(bridge_slave_1) entered forwarding state
[  579.123893][T24417] bridge0: port 1(bridge_slave_0) entered blocking state
[  579.130671][T24417] bridge0: port 1(bridge_slave_0) entered forwarding state
[  579.163356][ T6384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  579.171229][ T6384] bridge0: port 1(bridge_slave_0) entered disabled state
[  579.178764][ T6384] bridge0: port 2(bridge_slave_1) entered disabled state
[  579.201286][ T6401] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  579.209368][ T6401] bridge0: port 1(bridge_slave_0) entered blocking state
[  579.216215][ T6401] bridge0: port 1(bridge_slave_0) entered forwarding state
[  579.223913][ T6401] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  579.231963][ T6401] bridge0: port 2(bridge_slave_1) entered blocking state
[  579.238812][ T6401] bridge0: port 2(bridge_slave_1) entered forwarding state
[  579.261376][ T6384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  579.269563][ T6384] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  579.277426][ T6384] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  579.289033][T24417] device veth0_vlan entered promiscuous mode
[  579.294900][T22485] usb 1-1: new high-speed USB device number 70 using dummy_hcd
[  579.308033][ T6384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  579.316322][ T6384] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  579.323647][ T6384] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  579.338868][T24417] device veth1_macvtap entered promiscuous mode
[  579.346000][ T6384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  579.363652][ T6401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  579.372335][ T6401] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  579.577841][T24441] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
[  579.587577][T24441] netlink: 43 bytes leftover after parsing attributes in process `syz-executor.1'.
[  579.597722][T24441] netlink: 'syz-executor.1': attribute type 5 has an invalid length.
[  579.606221][T24441] netlink: 43 bytes leftover after parsing attributes in process `syz-executor.1'.
[  579.616807][T24441] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
[  579.659545][T22485] usb 1-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config
[  579.672934][T22485] usb 1-1: config 9 has 0 interfaces, different from the descriptor's value: 1
[  579.688375][T22485] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  579.705465][T22485] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  580.097101][T22485] usb 1-1: string descriptor 0 read error: -71
[  580.110934][T22485] usb 1-1: USB disconnect, device number 70
[  580.237517][T24458] loop3: detected capacity change from 0 to 128
[  580.253211][T24458] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[  580.346108][    T8] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[  581.123396][T24476] loop4: detected capacity change from 0 to 40427
[  581.149309][T24476] F2FS-fs (loop4): Invalid Fs Meta Ino: node(1) meta(2) root(0)
[  581.156911][T24476] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  581.166664][T24476] F2FS-fs (loop4): invalid crc value
[  581.173469][T24476] F2FS-fs (loop4): Found nat_bits in checkpoint
[  581.202176][T24488] loop1: detected capacity change from 0 to 128
[  581.228817][T24476] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  581.235783][T24476] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  581.260934][T24488] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[  581.323399][T24370] syz-executor.4: attempt to access beyond end of device
[  581.323399][T24370] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  581.342215][    T8] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[  582.753903][T24519] hub 6-0:1.0: USB hub found
[  582.758485][T24519] hub 6-0:1.0: 1 port detected
[  583.362814][T24547] netlink: 'syz-executor.1': attribute type 4 has an invalid length.
[  583.373261][T24547] netlink: 'syz-executor.1': attribute type 4 has an invalid length.
[  583.867241][T24567] netlink: 'syz-executor.4': attribute type 5 has an invalid length.
[  583.912541][T24561] loop2: detected capacity change from 0 to 40427
[  583.921008][  T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0
[  583.928246][  T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0
[  583.935487][  T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0
[  583.942872][  T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0
[  583.950118][  T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0
[  583.957341][  T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0
[  583.964517][  T351] usb 4-1: new high-speed USB device number 58 using dummy_hcd
[  583.965792][T24561] F2FS-fs (loop2): invalid crc value
[  583.977091][  T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0
[  583.984465][  T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0
[  583.992544][T24561] F2FS-fs (loop2): Found nat_bits in checkpoint
[  583.998659][  T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0
[  584.005855][  T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0
[  584.013281][  T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0
[  584.021387][  T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0
[  584.028738][  T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0
[  584.035970][  T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0
[  584.043227][  T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0
[  584.045642][T24561] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  584.050507][  T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0
[  584.064745][T24561] serio: Serial port pts0
[  584.065014][  T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0
[  584.076309][  T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0
[  584.083507][  T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0
[  584.090792][  T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0
[  584.097895][  T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0
[  584.105108][  T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0
[  584.112329][  T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0
[  584.119538][  T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0
[  584.126716][  T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0
[  584.133930][  T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0
[  584.141162][  T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0
[  584.148320][  T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0
[  584.155540][  T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0
[  584.162791][  T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0
[  584.173061][  T332] hid-generic 0000:0000:0000.009F: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  584.209231][  T351] usb 4-1: Using ep0 maxpacket: 16
[  584.224751][T23398] syz-executor.2: attempt to access beyond end of device
[  584.224751][T23398] loop2: rw=2049, sector=45096, nr_sectors = 24 limit=40427
[  584.349250][  T351] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  584.357209][  T351] usb 4-1: config 0 has no interface number 0
[  584.549259][  T351] usb 4-1: New USB device found, idVendor=22b7, idProduct=150d, bcdDevice=27.77
[  584.558252][  T351] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  584.566103][  T351] usb 4-1: Product: syz
[  584.570137][  T351] usb 4-1: Manufacturer: syz
[  584.574476][  T351] usb 4-1: SerialNumber: syz
[  584.579532][  T351] usb 4-1: config 0 descriptor??
[  584.629879][  T351] ftdi_sio 4-1:0.1: FTDI USB Serial Device converter detected
[  584.637792][  T351] ftdi_sio ttyUSB0: unknown device type: 0x2777
[  584.835729][    T6] usb 4-1: USB disconnect, device number 58
[  584.843063][    T6] ftdi_sio 4-1:0.1: device disconnected
[  585.043897][T24604] loop0: detected capacity change from 0 to 256
[  585.139198][T24604] loop0: detected capacity change from 256 to 96
[  585.170187][T24058] device syz_tun left promiscuous mode
[  585.182626][T24058] bridge0: port 1(syz_tun) entered disabled state
[  585.240090][    T8] kworker/u4:0: attempt to access beyond end of device
[  585.240090][    T8] loop0: rw=1, sector=136, nr_sectors = 16 limit=96
[  585.260230][    T8] kworker/u4:0: attempt to access beyond end of device
[  585.260230][    T8] loop0: rw=1, sector=160, nr_sectors = 8 limit=96
[  585.295416][    T8] kworker/u4:0: attempt to access beyond end of device
[  585.295416][    T8] loop0: rw=1, sector=240, nr_sectors = 16 limit=96
[  585.670682][T24619] bridge0: port 1(bridge_slave_0) entered blocking state
[  585.677590][T24619] bridge0: port 1(bridge_slave_0) entered disabled state
[  585.684896][T24619] device bridge_slave_0 entered promiscuous mode
[  585.692581][T24619] bridge0: port 2(bridge_slave_1) entered blocking state
[  585.699452][T24619] bridge0: port 2(bridge_slave_1) entered disabled state
[  585.706706][T24619] device bridge_slave_1 entered promiscuous mode
[  585.712939][    T6] usb 4-1: new high-speed USB device number 59 using dummy_hcd
[  585.776714][T24619] bridge0: port 2(bridge_slave_1) entered blocking state
[  585.783645][T24619] bridge0: port 2(bridge_slave_1) entered forwarding state
[  585.790762][T24619] bridge0: port 1(bridge_slave_0) entered blocking state
[  585.797526][T24619] bridge0: port 1(bridge_slave_0) entered forwarding state
[  585.896697][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  585.904624][  T332] bridge0: port 1(bridge_slave_0) entered disabled state
[  585.912263][  T332] bridge0: port 2(bridge_slave_1) entered disabled state
[  585.927827][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  585.938246][  T332] bridge0: port 1(bridge_slave_0) entered blocking state
[  585.945085][  T332] bridge0: port 1(bridge_slave_0) entered forwarding state
[  585.952306][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  585.960228][  T332] bridge0: port 2(bridge_slave_1) entered blocking state
[  585.967053][  T332] bridge0: port 2(bridge_slave_1) entered forwarding state
[  585.979651][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  585.987485][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  585.995066][    T6] usb 4-1: Using ep0 maxpacket: 16
[  586.008187][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  586.019045][T24619] device veth0_vlan entered promiscuous mode
[  586.025370][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  586.042956][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  586.054722][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  586.063589][ T6384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  586.072358][T24619] device veth1_macvtap entered promiscuous mode
[  586.082074][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  586.094254][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  586.142491][    T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  586.153837][    T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  586.163635][    T6] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  586.176422][    T6] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  586.192628][    T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  586.201245][    T6] usb 4-1: config 0 descriptor??
[  586.371050][T24646] loop0: detected capacity change from 0 to 256
[  586.419313][T24646] loop0: detected capacity change from 256 to 96
[  586.426936][T24646] exFAT-fs (loop0): error, failed to bmap (inode : ffff888136b0ddb0 iblock : 16, err : -5)
[  586.437182][T24646] exFAT-fs (loop0): Filesystem has been set read-only
[  586.447246][T24646] exFAT-fs (loop0): error, failed to access to FAT (entry 0x00000005, err:-5)
[  586.467475][T24619] exFAT-fs (loop0): error, failed to access to FAT (entry 0x00000005, err:-5)
[  586.479236][  T351] usb 3-1: new high-speed USB device number 50 using dummy_hcd
[  586.679883][    T6] microsoft 0003:045E:07DA.00A0: unknown main item tag 0x0
[  586.686923][    T6] microsoft 0003:045E:07DA.00A0: unknown main item tag 0x1
[  586.694045][    T6] microsoft 0003:045E:07DA.00A0: unbalanced collection at end of report description
[  586.703433][    T6] microsoft 0003:045E:07DA.00A0: parse failed
[  586.709487][    T6] microsoft: probe of 0003:045E:07DA.00A0 failed with error -22
[  586.739219][  T351] usb 3-1: Using ep0 maxpacket: 16
[  586.830392][T24652] bridge0: port 1(bridge_slave_0) entered blocking state
[  586.837243][T24652] bridge0: port 1(bridge_slave_0) entered disabled state
[  586.844541][T24652] device bridge_slave_0 entered promiscuous mode
[  586.852985][T24652] bridge0: port 2(bridge_slave_1) entered blocking state
[  586.859912][T24652] bridge0: port 2(bridge_slave_1) entered disabled state
[  586.867097][T24652] device bridge_slave_1 entered promiscuous mode
[  586.879230][  T351] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  586.883642][T22485] usb 4-1: USB disconnect, device number 59
[  586.887883][  T351] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  586.907049][  T351] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  586.917558][  T351] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  586.966918][T24652] bridge0: port 2(bridge_slave_1) entered blocking state
[  586.973788][T24652] bridge0: port 2(bridge_slave_1) entered forwarding state
[  586.980853][T24652] bridge0: port 1(bridge_slave_0) entered blocking state
[  586.987647][T24652] bridge0: port 1(bridge_slave_0) entered forwarding state
[  586.999314][  T332] usb 5-1: new high-speed USB device number 67 using dummy_hcd
[  587.015971][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  587.023589][    T6] bridge0: port 1(bridge_slave_0) entered disabled state
[  587.030678][    T6] bridge0: port 2(bridge_slave_1) entered disabled state
[  587.043153][ T6384] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  587.051356][ T6384] bridge0: port 1(bridge_slave_0) entered blocking state
[  587.058191][ T6384] bridge0: port 1(bridge_slave_0) entered forwarding state
[  587.068290][  T664] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  587.076458][  T664] bridge0: port 2(bridge_slave_1) entered blocking state
[  587.083314][  T664] bridge0: port 2(bridge_slave_1) entered forwarding state
[  587.089260][  T351] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  587.099454][  T351] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  587.107375][  T351] usb 3-1: Product: syz
[  587.111505][  T351] usb 3-1: Manufacturer: syz
[  587.116008][  T351] usb 3-1: SerialNumber: syz
[  587.120861][  T664] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  587.128776][  T664] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  587.137000][  T419] device bridge_slave_1 left promiscuous mode
[  587.143073][  T419] bridge0: port 2(bridge_slave_1) entered disabled state
[  587.150410][  T419] device bridge_slave_0 left promiscuous mode
[  587.156406][  T419] bridge0: port 1(bridge_slave_0) entered disabled state
[  587.164134][  T419] device veth1_macvtap left promiscuous mode
[  587.169985][  T419] device veth0_vlan left promiscuous mode
[  587.229430][  T664] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  587.238859][ T6384] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  587.246568][ T6384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  587.254785][  T664] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  587.262648][  T664] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  587.271162][T24652] device veth0_vlan entered promiscuous mode
[  587.281923][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  587.290514][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  587.299572][T24652] device veth1_macvtap entered promiscuous mode
[  587.308218][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  587.315785][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  587.324003][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  587.333626][  T664] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  587.341760][  T664] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  587.409798][  T332] usb 5-1: config index 0 descriptor too short (expected 68, got 36)
[  587.410076][T24661] device pim6reg1 entered promiscuous mode
[  587.417722][  T332] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  587.417750][  T332] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  587.417776][  T332] usb 5-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00
[  587.417798][  T332] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  587.429988][  T332] usb 5-1: config 0 descriptor??
[  587.529407][  T351] usb 3-1: found format II with max.bitrate = 0, frame size=0
[  587.536809][  T351] usb 3-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  587.561780][  T351] usb 3-1: USB disconnect, device number 50
[  587.683441][   T28] kauditd_printk_skb: 3788 callbacks suppressed
[  587.683457][   T28] audit: type=1326 audit(2000000106.960:34373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24668 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa0047cee9 code=0x7ffc0000
[  587.713894][   T28] audit: type=1326 audit(2000000106.960:34374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24668 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa0047cee9 code=0x7ffc0000
[  587.738066][   T28] audit: type=1326 audit(2000000106.960:34375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24668 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7faa0047cee9 code=0x7ffc0000
[  587.762163][   T28] audit: type=1326 audit(2000000106.960:34376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24668 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa0047cee9 code=0x7ffc0000
[  587.786491][   T28] audit: type=1326 audit(2000000106.960:34377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24668 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa0047cee9 code=0x7ffc0000
[  587.810420][   T28] audit: type=1326 audit(2000000106.960:34378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24668 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7faa0047cee9 code=0x7ffc0000
[  587.834553][   T28] audit: type=1326 audit(2000000106.960:34379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24668 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa0047cee9 code=0x7ffc0000
[  587.858583][   T28] audit: type=1326 audit(2000000106.960:34380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24668 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7faa0047a667 code=0x7ffc0000
[  587.882448][   T28] audit: type=1326 audit(2000000106.980:34381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24668 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7faa00440329 code=0x7ffc0000
[  587.906765][   T28] audit: type=1326 audit(2000000106.980:34382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24668 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7faa0047a667 code=0x7ffc0000
[  587.935697][T24676] loop3: detected capacity change from 0 to 256
[  587.939272][ T6384] usb 1-1: new high-speed USB device number 71 using dummy_hcd
[  587.960486][  T332] hid-rmi 0003:06CB:81A7.00A1: unknown main item tag 0x0
[  587.967368][  T332] hid-rmi 0003:06CB:81A7.00A1: unknown main item tag 0x0
[  587.977197][  T332] hid-rmi 0003:06CB:81A7.00A1: unknown main item tag 0x0
[  587.986006][  T332] hid-rmi 0003:06CB:81A7.00A1: unknown main item tag 0x0
[  587.993014][  T332] hid-rmi 0003:06CB:81A7.00A1: unknown main item tag 0x0
[  588.001700][  T332] hid-rmi 0003:06CB:81A7.00A1: hidraw0: USB HID v0.00 Device [HID 06cb:81a7] on usb-dummy_hcd.4-1/input0
[  588.161825][T22485] usb 5-1: USB disconnect, device number 67
[  588.189248][ T6384] usb 1-1: Using ep0 maxpacket: 16
[  588.309243][ T6384] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  588.322887][ T6384] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  588.334655][ T6384] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  588.349832][ T6384] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  588.358764][ T6384] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  588.372521][ T6384] usb 1-1: config 0 descriptor??
[  588.439173][  T664] usb 4-1: new high-speed USB device number 60 using dummy_hcd
[  588.773900][T24694] device pim6reg1 entered promiscuous mode
[  588.799229][  T664] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  588.810088][  T664] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  588.823081][  T664] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  588.832728][ T6384] microsoft 0003:045E:07DA.00A2: unknown main item tag 0x0
[  588.840061][  T664] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  588.848314][ T6384] microsoft 0003:045E:07DA.00A2: unknown main item tag 0x1
[  588.855608][  T664] usb 4-1: config 0 descriptor??
[  588.860472][ T6384] microsoft 0003:045E:07DA.00A2: unbalanced collection at end of report description
[  588.870018][ T6384] microsoft 0003:045E:07DA.00A2: parse failed
[  588.875914][ T6384] microsoft: probe of 0003:045E:07DA.00A2 failed with error -22
[  589.035305][ T6405] usb 1-1: USB disconnect, device number 71
[  589.349847][  T664] plantronics 0003:047F:FFFF.00A3: unknown main item tag 0x0
[  589.357228][  T664] plantronics 0003:047F:FFFF.00A3: No inputs registered, leaving
[  589.365688][  T664] plantronics 0003:047F:FFFF.00A3: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  589.409186][  T332] usb 5-1: new high-speed USB device number 68 using dummy_hcd
[  589.607133][T24712] SELinux:  Context d is not valid (left unmapped).
[  589.669223][  T332] usb 5-1: Using ep0 maxpacket: 16
[  589.799281][  T332] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  589.807197][  T332] usb 5-1: config 0 has no interface number 0
[  589.989263][  T332] usb 5-1: New USB device found, idVendor=22b7, idProduct=150d, bcdDevice=27.77
[  589.998224][  T332] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  590.006076][  T332] usb 5-1: Product: syz
[  590.010082][  T332] usb 5-1: Manufacturer: syz
[  590.014469][  T332] usb 5-1: SerialNumber: syz
[  590.019732][  T332] usb 5-1: config 0 descriptor??
[  590.060829][  T332] ftdi_sio 5-1:0.1: FTDI USB Serial Device converter detected
[  590.068279][  T332] ftdi_sio ttyUSB0: unknown device type: 0x2777
[  590.107893][T24731] syz-executor.0[24731] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  590.107944][T24731] syz-executor.0[24731] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  590.263375][T22485] usb 5-1: USB disconnect, device number 68
[  590.281132][T22485] ftdi_sio 5-1:0.1: device disconnected
[  590.313353][T24736] device ip6_vti0 entered promiscuous mode
[  590.318991][T24736] device vlan2 entered promiscuous mode
[  590.324853][T24736] device ip6_vti0 left promiscuous mode
[  590.862955][T24751] loop0: detected capacity change from 0 to 40427
[  590.878528][T24751] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  590.880073][T24755] input: syz1 as /devices/virtual/input/input133
[  590.886148][T24751] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  590.902735][T24751] F2FS-fs (loop0): Found nat_bits in checkpoint
[  590.937857][T24751] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  590.944780][T24751] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  590.955632][T24751] syz-executor.0: attempt to access beyond end of device
[  590.955632][T24751] loop0: rw=2049, sector=45096, nr_sectors = 120 limit=40427
[  590.973793][T24761] input: syz1 as /devices/virtual/input/input134
[  591.118069][T24766] syz-executor.4[24766] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  591.118141][T24766] syz-executor.4[24766] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  591.160219][  T332] usb 4-1: USB disconnect, device number 60
[  591.188067][T24768] loop1: detected capacity change from 0 to 256
[  591.403565][T24774] loop3: detected capacity change from 0 to 512
[  591.422034][T24774] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock
[  591.431744][T24774] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock
[  591.441358][T24774] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 1 overlaps superblock
[  591.452397][T24774] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  591.454601][T24776] loop2: detected capacity change from 0 to 512
[  591.460250][T24774] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c040e118, mo2=0000]
[  591.474178][T24774] EXT4-fs (loop3): orphan cleanup on readonly fs
[  591.480962][T24774] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor.3: bg 0: block 34: padding at end of block bitmap is not set
[  591.484352][T24776] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  591.507016][T24776] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  591.507354][T24774] EXT4-fs (loop3): 1 truncate cleaned up
[  591.519332][T24776] EXT4-fs (loop2): 1 orphan inode deleted
[  591.527982][T24776] EXT4-fs (loop2): 1 truncate cleaned up
[  591.533824][T24776] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  591.548437][T24774] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  591.548875][T24776] EXT4-fs error (device loop2): ext4_lookup:1855: inode #15: comm syz-executor.2: iget: bad extra_isize 46 (inode size 256)
[  591.570169][T24776] EXT4-fs (loop2): Remounting filesystem read-only
[  591.591564][T23398] EXT4-fs (loop2): unmounting filesystem.
[  591.651727][T24336] EXT4-fs (loop3): unmounting filesystem.
[  591.820433][T24789] input: syz1 as /devices/virtual/input/input135
[  591.941210][T24798] input: syz1 as /devices/virtual/input/input136
[  592.013581][T24801] loop1: detected capacity change from 0 to 256
[  592.120117][T24806] overlayfs: upper fs does not support tmpfile.
[  592.359505][T24816] loop4: detected capacity change from 0 to 512
[  592.376463][T24816] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock
[  592.386194][T24816] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock
[  592.395779][T24816] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 1 overlaps superblock
[  592.405877][T24816] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  592.413695][T24816] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c040e118, mo2=0000]
[  592.421766][T24816] EXT4-fs (loop4): orphan cleanup on readonly fs
[  592.428638][T24816] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor.4: bg 0: block 34: padding at end of block bitmap is not set
[  592.443569][T24816] EXT4-fs (loop4): 1 truncate cleaned up
[  592.452723][T24816] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  592.494195][T24370] EXT4-fs (loop4): unmounting filesystem.
[  592.608835][T24828] input: syz1 as /devices/virtual/input/input137
[  592.820107][T24841] loop2: detected capacity change from 0 to 256
[  593.032615][T24852] serio: Serial port pts0
[  593.049282][T24851] loop1: detected capacity change from 0 to 256
[  593.372366][T24861] loop4: detected capacity change from 0 to 256
[  593.397005][T24861] exFAT-fs (loop4): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d)
[  593.511037][T24865] loop1: detected capacity change from 0 to 512
[  593.526742][T24865] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  593.541260][T24865] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor.1: bg 0: block 248: padding at end of block bitmap is not set
[  593.555980][T24865] __quota_error: 4065 callbacks suppressed
[  593.555995][T24865] Quota error (device loop1): write_blk: dquota write failed
[  593.568818][T24865] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[  593.578828][T24865] EXT4-fs (loop1): 1 truncate cleaned up
[  593.584448][T24865] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  593.593221][T24865] ext4 filesystem being mounted at /root/syzkaller-testdir1778662047/syzkaller.npLieg/44/bus supports timestamps until 2038 (0x7fffffff)
[  593.609638][T24865] EXT4-fs: Cannot change quota options when quota turned on
[  593.639507][T24417] EXT4-fs (loop1): unmounting filesystem.
[  593.651962][T24873] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  593.864025][T24883] loop0: detected capacity change from 0 to 512
[  593.911053][T24883] loop0: detected capacity change from 0 to 128
[  594.029183][  T332] usb 2-1: new high-speed USB device number 79 using dummy_hcd
[  594.198490][T24895] loop4: detected capacity change from 0 to 512
[  594.199232][ T6384] usb 4-1: new high-speed USB device number 61 using dummy_hcd
[  594.218473][T24895] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  594.231010][T24895] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor.4: bg 0: block 248: padding at end of block bitmap is not set
[  594.245823][T24895] Quota error (device loop4): write_blk: dquota write failed
[  594.253249][T24895] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[  594.263215][T24895] EXT4-fs (loop4): 1 truncate cleaned up
[  594.268676][T24895] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  594.277540][T24895] ext4 filesystem being mounted at /root/syzkaller-testdir3400509090/syzkaller.tS9J4z/45/bus supports timestamps until 2038 (0x7fffffff)
[  594.291426][  T332] usb 2-1: Using ep0 maxpacket: 8
[  594.295471][T24895] EXT4-fs: Cannot change quota options when quota turned on
[  594.307412][T24894] bridge0: port 1(bridge_slave_0) entered blocking state
[  594.314619][T24894] bridge0: port 1(bridge_slave_0) entered disabled state
[  594.321972][T24894] device bridge_slave_0 entered promiscuous mode
[  594.328734][T24894] bridge0: port 2(bridge_slave_1) entered blocking state
[  594.335767][T24894] bridge0: port 2(bridge_slave_1) entered disabled state
[  594.343089][T24894] device bridge_slave_1 entered promiscuous mode
[  594.343499][T24370] EXT4-fs (loop4): unmounting filesystem.
[  594.398960][T24894] bridge0: port 2(bridge_slave_1) entered blocking state
[  594.405950][T24894] bridge0: port 2(bridge_slave_1) entered forwarding state
[  594.413011][T24894] bridge0: port 1(bridge_slave_0) entered blocking state
[  594.419202][  T332] usb 2-1: config 0 has an invalid interface number: 52 but max is 0
[  594.419823][T24894] bridge0: port 1(bridge_slave_0) entered forwarding state
[  594.427788][  T332] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  594.445380][  T332] usb 2-1: config 0 has no interface number 0
[  594.451518][  T332] usb 2-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0
[  594.455421][T22485] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  594.461829][  T332] usb 2-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  594.479206][ T6384] usb 4-1: Using ep0 maxpacket: 32
[  594.481405][  T332] usb 2-1: config 0 interface 52 has no altsetting 0
[  594.486665][T22485] bridge0: port 1(bridge_slave_0) entered disabled state
[  594.500747][T22485] bridge0: port 2(bridge_slave_1) entered disabled state
[  594.520173][ T6405] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  594.528090][ T6405] bridge0: port 1(bridge_slave_0) entered blocking state
[  594.534926][ T6405] bridge0: port 1(bridge_slave_0) entered forwarding state
[  594.542543][ T6405] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  594.551194][ T6405] bridge0: port 2(bridge_slave_1) entered blocking state
[  594.558039][ T6405] bridge0: port 2(bridge_slave_1) entered forwarding state
[  594.565231][ T6405] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  594.572929][ T6405] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  594.587062][T22485] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  594.598926][ T6405] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  594.599289][ T6384] usb 4-1: config 0 has no interfaces?
[  594.606827][ T6405] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  594.612198][ T6384] usb 4-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00
[  594.619604][ T6405] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  594.627759][ T6384] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  594.643161][ T6384] usb 4-1: config 0 descriptor??
[  594.649230][T24894] device veth0_vlan entered promiscuous mode
[  594.659875][T22485] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  594.668895][T24894] device veth1_macvtap entered promiscuous mode
[  594.679333][  T332] usb 2-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  594.680922][T22485] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  594.688480][  T332] usb 2-1: New USB device strings: Mfr=22, Product=149, SerialNumber=35
[  594.704294][  T332] usb 2-1: Product: syz
[  594.708259][  T332] usb 2-1: Manufacturer: syz
[  594.712815][  T332] usb 2-1: SerialNumber: syz
[  594.713045][  T419] device bridge_slave_1 left promiscuous mode
[  594.723556][  T332] usb 2-1: config 0 descriptor??
[  594.724407][  T419] bridge0: port 2(bridge_slave_1) entered disabled state
[  594.735733][  T419] device bridge_slave_0 left promiscuous mode
[  594.741743][  T419] bridge0: port 1(bridge_slave_0) entered disabled state
[  594.749674][  T419] device veth1_macvtap left promiscuous mode
[  594.755487][  T419] device veth0_vlan left promiscuous mode
[  594.868654][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  594.986575][T24880] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  594.995092][T24880] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  595.004151][T24880] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  595.012458][T24880] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  595.026050][ T6384] usb 2-1: USB disconnect, device number 79
[  595.090035][T24885] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  595.098241][T24885] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  595.106686][T22485] usb 4-1: USB disconnect, device number 61
[  595.659224][   T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  595.659897][T23583] Bluetooth: hci0: command 0x1003 tx timeout
[  596.009778][T24949] loop4: detected capacity change from 0 to 1024
[  596.030913][T24949] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  596.071779][T24370] EXT4-fs (loop4): unmounting filesystem.
[  596.309235][T22485] usb 1-1: new high-speed USB device number 72 using dummy_hcd
[  596.377504][T24965] syz-executor.4[24965] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  596.377560][T24965] syz-executor.4[24965] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  596.549218][T22485] usb 1-1: Using ep0 maxpacket: 16
[  596.659611][T24975] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  596.679328][T22485] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  596.690316][T22485] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  596.699912][T22485] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  596.712682][T22485] usb 1-1: New USB device found, idVendor=1e7d, idProduct=31ce, bcdDevice= 0.00
[  596.721566][T22485] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  596.729772][T22485] usb 1-1: config 0 descriptor??
[  597.240235][T24993] loop1: detected capacity change from 0 to 2048
[  597.260605][T24993] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  597.269388][T22485] usbhid 1-1:0.0: can't add hid device: -71
[  597.275237][T22485] usbhid: probe of 1-1:0.0 failed with error -71
[  597.286200][T24993] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  597.289909][T22485] usb 1-1: USB disconnect, device number 72
[  597.375743][T24417] EXT4-fs (loop1): unmounting filesystem.
[  597.458433][T25004] loop2: detected capacity change from 0 to 256
[  597.610732][T25011] syz-executor.1[25011] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  597.610795][T25011] syz-executor.1[25011] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  598.099173][T22485] usb 5-1: new high-speed USB device number 69 using dummy_hcd
[  598.363318][T25046] loop2: detected capacity change from 0 to 256
[  598.381649][T25046] FAT-fs (loop2): Directory bread(block 64) failed
[  598.388204][T25046] FAT-fs (loop2): Directory bread(block 65) failed
[  598.394757][T25046] FAT-fs (loop2): Directory bread(block 66) failed
[  598.401197][T25046] FAT-fs (loop2): Directory bread(block 67) failed
[  598.407620][T25046] FAT-fs (loop2): Directory bread(block 68) failed
[  598.413940][T25046] FAT-fs (loop2): Directory bread(block 69) failed
[  598.420266][T25046] FAT-fs (loop2): Directory bread(block 70) failed
[  598.426627][T25046] FAT-fs (loop2): Directory bread(block 71) failed
[  598.433017][  T664] usb 4-1: new high-speed USB device number 62 using dummy_hcd
[  598.433128][T25046] FAT-fs (loop2): Directory bread(block 72) failed
[  598.446722][T25046] FAT-fs (loop2): Directory bread(block 73) failed
[  598.479298][T22485] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  598.490149][T22485] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  598.499782][T22485] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  598.508577][T22485] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  598.516930][T22485] usb 5-1: config 0 descriptor??
[  598.539218][ T6384] usb 2-1: new high-speed USB device number 80 using dummy_hcd
[  598.666719][T25052] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[  598.779432][ T6384] usb 2-1: Using ep0 maxpacket: 16
[  598.809257][  T664] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  598.820234][  T664] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  598.829869][  T664] usb 4-1: New USB device found, idVendor=12ba, idProduct=0100, bcdDevice= 0.00
[  598.838666][  T664] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  598.847142][  T664] usb 4-1: config 0 descriptor??
[  598.899278][ T6384] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  598.910149][ T6384] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  598.919766][ T6384] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  598.932411][ T6384] usb 2-1: New USB device found, idVendor=1e7d, idProduct=31ce, bcdDevice= 0.00
[  598.941393][ T6384] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  598.949851][ T6384] usb 2-1: config 0 descriptor??
[  599.259182][ T6405] usb 3-1: new high-speed USB device number 51 using dummy_hcd
[  599.328366][T25062] device wireguard0 entered promiscuous mode
[  599.556293][  T664] sony 0003:12BA:0100.00A5: unknown main item tag 0x0
[  599.563286][  T664] sony 0003:12BA:0100.00A5: unknown main item tag 0x0
[  599.569931][  T664] sony 0003:12BA:0100.00A5: item fetching failed at offset 2/5
[  599.577423][  T664] sony 0003:12BA:0100.00A5: parse failed
[  599.582895][  T664] sony: probe of 0003:12BA:0100.00A5 failed with error -22
[  599.590675][  T664] usb 4-1: USB disconnect, device number 62
[  599.649206][ T6384] usbhid 2-1:0.0: can't add hid device: -71
[  599.649224][ T6405] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  599.655073][ T6384] usbhid: probe of 2-1:0.0 failed with error -71
[  599.666055][T25021] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  599.673264][ T6384] usb 2-1: USB disconnect, device number 80
[  599.687546][T25021] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  599.689885][ T6405] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  599.704675][ T6405] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  599.713564][T22485] uclogic 0003:256C:006D.00A4: failed retrieving string descriptor #100: -71
[  599.713745][ T6405] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  599.722227][T22485] uclogic 0003:256C:006D.00A4: failed retrieving pen parameters: -71
[  599.731070][ T6405] usb 3-1: config 0 descriptor??
[  599.737845][T22485] uclogic 0003:256C:006D.00A4: failed probing pen v1 parameters: -71
[  599.750544][T22485] uclogic 0003:256C:006D.00A4: failed probing parameters: -71
[  599.757750][T22485] uclogic: probe of 0003:256C:006D.00A4 failed with error -71
[  599.765958][T22485] usb 5-1: USB disconnect, device number 69
[  600.239421][ T6405] hid (null): bogus close delimiter
[  600.769243][ T6405] usb 3-1: string descriptor 0 read error: -71
[  600.789261][ T6405] uclogic 0003:256C:006D.00A6: failed retrieving string descriptor #200: -71
[  600.798051][ T6405] uclogic 0003:256C:006D.00A6: failed retrieving pen parameters: -71
[  600.806084][ T6405] uclogic 0003:256C:006D.00A6: failed probing pen v2 parameters: -71
[  600.814093][ T6405] uclogic 0003:256C:006D.00A6: failed probing parameters: -71
[  600.821517][ T6405] uclogic: probe of 0003:256C:006D.00A6 failed with error -71
[  600.830219][ T6405] usb 3-1: USB disconnect, device number 51
[  600.833897][T25094] incfs: Options parsing error. -22
[  600.841099][T25094] incfs: mount failed -22
[  601.279237][ T6384] usb 4-1: new high-speed USB device number 63 using dummy_hcd
[  601.639242][ T6384] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  601.650229][ T6384] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  601.660034][ T6384] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  601.668931][ T6384] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  601.677490][ T6384] usb 4-1: config 0 descriptor??
[  602.429175][T22485] usb 5-1: new high-speed USB device number 70 using dummy_hcd
[  602.479189][ T6405] usb 2-1: new high-speed USB device number 81 using dummy_hcd
[  602.524313][T25144] loop2: detected capacity change from 0 to 512
[  602.539472][T25144] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz-executor.2: inode #1: comm syz-executor.2: iget: illegal inode #
[  602.553826][T25144] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor.2: error while reading EA inode 1 err=-117
[  602.566445][T25144] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz-executor.2: inode #1: comm syz-executor.2: iget: illegal inode #
[  602.580160][T25144] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor.2: error while reading EA inode 1 err=-117
[  602.593803][T25144] EXT4-fs (loop2): 1 orphan inode deleted
[  602.599882][T25144] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  602.694207][T23398] EXT4-fs (loop2): unmounting filesystem.
[  602.752264][T25148] loop0: detected capacity change from 0 to 1024
[  602.770996][T25148] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  602.799836][T25103] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  602.801897][T22485] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  602.808427][T25103] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  602.830330][T22485] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  602.839990][T22485] usb 5-1: New USB device found, idVendor=172f, idProduct=0502, bcdDevice= 0.00
[  602.848881][T22485] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  602.856761][ T6384] uclogic 0003:256C:006D.00A7: failed retrieving string descriptor #100: -71
[  602.865339][ T6384] uclogic 0003:256C:006D.00A7: failed retrieving pen parameters: -71
[  602.873777][T22485] usb 5-1: config 0 descriptor??
[  602.878637][ T6384] uclogic 0003:256C:006D.00A7: failed probing pen v1 parameters: -71
[  602.886551][ T6384] uclogic 0003:256C:006D.00A7: failed probing parameters: -71
[  602.893925][ T6384] uclogic: probe of 0003:256C:006D.00A7 failed with error -71
[  602.901206][ T6405] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  602.902354][ T6384] usb 4-1: USB disconnect, device number 63
[  602.917549][ T6405] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  602.918724][T24894] EXT4-fs (loop0): unmounting filesystem.
[  602.934525][ T6405] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  602.944119][ T6405] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  602.953601][ T6405] usb 2-1: config 0 descriptor??
[  603.350911][T22485] waltop 0003:172F:0502.00A8: hidraw0: USB HID v0.00 Device [HID 172f:0502] on usb-dummy_hcd.4-1/input0
[  603.429411][  T351] usb 3-1: new high-speed USB device number 52 using dummy_hcd
[  603.459478][ T6405] hid (null): bogus close delimiter
[  603.551022][T22485] usb 5-1: USB disconnect, device number 70
[  603.839214][  T351] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  603.856479][  T351] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  603.875873][  T351] usb 3-1: New USB device found, idVendor=0eef, idProduct=72d0, bcdDevice= 0.00
[  603.893437][  T351] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  603.910217][  T351] usb 3-1: config 0 descriptor??
[  604.009200][ T6405] usb 2-1: string descriptor 0 read error: -71
[  604.029192][ T6405] uclogic 0003:256C:006D.00A9: failed retrieving string descriptor #200: -71
[  604.037859][ T6405] uclogic 0003:256C:006D.00A9: failed retrieving pen parameters: -71
[  604.058173][ T6405] uclogic 0003:256C:006D.00A9: failed probing pen v2 parameters: -71
[  604.073783][ T6405] uclogic 0003:256C:006D.00A9: failed probing parameters: -71
[  604.087646][ T6405] uclogic: probe of 0003:256C:006D.00A9 failed with error -71
[  604.103119][ T6405] usb 2-1: USB disconnect, device number 81
[  604.245609][T25180] loop4: detected capacity change from 0 to 1024
[  604.290171][T25180] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  604.355527][T24370] EXT4-fs (loop4): unmounting filesystem.
[  604.390627][  T351] hid-multitouch 0003:0EEF:72D0.00AA: unknown main item tag 0x0
[  604.398203][  T351] hid-multitouch 0003:0EEF:72D0.00AA: unknown main item tag 0x0
[  604.406238][  T351] hid-multitouch 0003:0EEF:72D0.00AA: unknown main item tag 0x0
[  604.413986][  T351] hid-multitouch 0003:0EEF:72D0.00AA: unknown main item tag 0x0
[  604.421513][  T351] hid-multitouch 0003:0EEF:72D0.00AA: unknown main item tag 0x0
[  604.429503][  T351] hid-multitouch 0003:0EEF:72D0.00AA: hidraw0: USB HID v0.00 Device [HID 0eef:72d0] on usb-dummy_hcd.2-1/input0
[  604.593657][T22485] usb 3-1: USB disconnect, device number 52
[  605.137517][T25205] device wireguard0 entered promiscuous mode
[  605.381229][T25211] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  605.918321][T25235] loop2: detected capacity change from 0 to 1024
[  605.952343][T25235] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  606.032583][T23398] EXT4-fs (loop2): unmounting filesystem.
[  606.374566][T25253] loop2: detected capacity change from 0 to 256
[  606.401986][T25253] exFAT-fs (loop2): failed to load upcase table (idx : 0x00011a39, chksum : 0xd82bb37b, utbl_chksum : 0xe619d30d)
[  606.535371][T25259] loop4: detected capacity change from 0 to 128
[  606.550126][T25259] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1)
[  606.569929][T25259] syz-executor.4: attempt to access beyond end of device
[  606.569929][T25259] loop4: rw=3, sector=6950, nr_sectors = 2 limit=128
[  606.583755][T25259] syz-executor.4: attempt to access beyond end of device
[  606.583755][T25259] loop4: rw=2051, sector=6952, nr_sectors = 942 limit=128
[  606.764780][T25267] device wireguard0 entered promiscuous mode
[  607.748539][T25285] incfs: Can't find or create .index dir in ./file0
[  607.759189][T25285] incfs: mount failed -14
[  608.585226][T25315] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  612.339483][T25333] loop4: detected capacity change from 0 to 128
[  612.375381][T25333] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (30846!=65535)
[  612.400906][T25333] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  612.411089][T25333] EXT4-fs error (device loop4): htree_dirblock_to_tree:1082: inode #2: comm syz-executor.4: Directory block failed checksum
[  612.427990][T24370] EXT4-fs (loop4): unmounting filesystem.
[  613.125804][T25360] loop3: detected capacity change from 0 to 256
[  615.697356][T25389] loop4: detected capacity change from 0 to 256
[  616.243263][T25415] loop4: detected capacity change from 0 to 512
[  616.259185][T22485] usb 2-1: new high-speed USB device number 82 using dummy_hcd
[  616.278832][T25415] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  616.311525][T25415] EXT4-fs error (device loop4): ext4_orphan_get:1396: inode #17: comm syz-executor.4: iget: bad i_size value: -6917529027641081756
[  616.325115][T25415] EXT4-fs error (device loop4): ext4_orphan_get:1401: comm syz-executor.4: couldn't read orphan inode 17 (err -117)
[  616.337557][T25415] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  616.360773][T25415] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor.4: bg 0: block 65: padding at end of block bitmap is not set
[  616.377557][T25415] Quota error (device loop4): write_blk: dquota write failed
[  616.385337][T25415] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[  616.395814][T25415] Quota error (device loop4): do_check_range: Getting block 144 out of range 0-5
[  616.499150][T22485] usb 2-1: Using ep0 maxpacket: 32
[  616.523778][T24370] EXT4-fs (loop4): unmounting filesystem.
[  616.589264][T25383] loop2: detected capacity change from 0 to 262144
[  616.619258][T22485] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  616.630065][T22485] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  616.643820][T25383] F2FS-fs (loop2): Found nat_bits in checkpoint
[  616.676776][T25383] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  616.759227][T22485] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  616.768283][T22485] usb 2-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  616.776600][T22485] usb 2-1: Product: syz
[  616.780620][T22485] usb 2-1: Manufacturer: syz
[  616.819649][T22485] hub 2-1:4.0: USB hub found
[  616.829188][  T664] usb 1-1: new high-speed USB device number 73 using dummy_hcd
[  617.004900][T25427] loop4: detected capacity change from 0 to 40427
[  617.026958][T25427] F2FS-fs (loop4): Unrecognized mount option "nouser_xattrheap" or missing value
[  617.036010][T22485] hub 2-1:4.0: 2 ports detected
[  617.069240][  T664] usb 1-1: Using ep0 maxpacket: 32
[  617.239196][  T664] usb 1-1: unable to get BOS descriptor or descriptor too short
[  617.249244][T22485] hub 2-1:4.0: hub_hub_status failed (err = -71)
[  617.255527][T22485] hub 2-1:4.0: config failed, can't get hub status (err -71)
[  617.289438][T22485] usb 2-1: USB disconnect, device number 82
[  617.319265][  T664] usb 1-1: config 0 has no interfaces?
[  617.399170][  T203] usb 5-1: new high-speed USB device number 71 using dummy_hcd
[  617.406780][T25439] loop2: detected capacity change from 0 to 2048
[  617.430753][T25439] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  617.439025][T25439] ext4 filesystem being mounted at /root/syzkaller-testdir3844091992/syzkaller.9Do77P/173/bus supports timestamps until 2038 (0x7fffffff)
[  617.471244][T23398] EXT4-fs (loop2): unmounting filesystem.
[  617.559224][  T664] usb 1-1: language id specifier not provided by device, defaulting to English
[  617.659162][  T203] usb 5-1: Using ep0 maxpacket: 16
[  617.679307][  T664] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  617.688330][  T664] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  617.696173][  T664] usb 1-1: Product: syz
[  617.700273][  T664] usb 1-1: Manufacturer: syz
[  617.704674][  T664] usb 1-1: SerialNumber: syz
[  617.709790][  T664] usb 1-1: config 0 descriptor??
[  617.799229][  T203] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  617.810289][  T203] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  617.820139][  T203] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  617.828998][  T203] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  617.837369][  T203] usb 5-1: config 0 descriptor??
[  617.885128][T25450] loop2: detected capacity change from 0 to 512
[  617.910073][T25450] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  617.940996][T25450] EXT4-fs error (device loop2): ext4_orphan_get:1396: inode #17: comm syz-executor.2: iget: bad i_size value: -6917529027641081756
[  617.958032][  T664] usb 1-1: USB disconnect, device number 73
[  617.964816][T25450] EXT4-fs error (device loop2): ext4_orphan_get:1401: comm syz-executor.2: couldn't read orphan inode 17 (err -117)
[  617.977650][T25450] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  617.996579][T25450] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor.2: bg 0: block 65: padding at end of block bitmap is not set
[  618.011318][T25450] Quota error (device loop2): write_blk: dquota write failed
[  618.018585][T25450] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[  618.028953][T25450] Quota error (device loop2): do_check_range: Getting block 144 out of range 0-5
[  618.124435][T23398] EXT4-fs (loop2): unmounting filesystem.
[  618.188110][T25461] loop3: detected capacity change from 0 to 128
[  618.204434][T25461] FAT-fs (loop3): bogus number of FAT structure
[  618.210881][T25461] FAT-fs (loop3): Can't find a valid FAT filesystem
[  618.319967][  T203] kovaplus 0003:1E7D:2D50.00AB: nested delimiters
[  618.329772][  T203] kovaplus 0003:1E7D:2D50.00AB: item 0 1 2 10 parsing failed
[  618.337225][  T203] kovaplus 0003:1E7D:2D50.00AB: parse failed
[  618.343370][  T203] kovaplus: probe of 0003:1E7D:2D50.00AB failed with error -22
[  618.366728][   T28] audit: type=1400 audit(2000000649.636:38444): avc:  denied  { watch } for  pid=25468 comm="syz-executor.3" path="/root/syzkaller-testdir3571981234/syzkaller.3rVuOI/75/file0/bus" dev="tmpfs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  618.401867][T25462] kvm_set_msr_common: 8 callbacks suppressed
[  618.401891][T25462] kvm [25460]: vcpu0, guest rIP: 0x20e disabled perfctr wrmsr: 0xc1 data 0x800
[  618.418128][T25462] kvm [25460]: vcpu0, guest rIP: 0x20e ignored wrmsr: 0x11e data 0x800
[  618.480221][T25471] loop2: detected capacity change from 0 to 512
[  618.491123][T25471] EXT4-fs (loop2): filesystem is read-only
[  618.497341][T25471] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  618.509691][T25471] EXT4-fs (loop2): filesystem is read-only
[  618.515437][T25471] EXT4-fs (loop2): orphan cleanup on readonly fs
[  618.523431][  T203] usb 5-1: USB disconnect, device number 71
[  618.533356][T25471] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor.2: bg 0: block 64: padding at end of block bitmap is not set
[  618.548494][T25471] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6157: Corrupt filesystem
[  618.557878][T25471] EXT4-fs (loop2): 1 orphan inode deleted
[  618.563839][T25471] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  618.576321][T25471] netlink: 172 bytes leftover after parsing attributes in process `syz-executor.2'.
[  618.629715][T25474] device pim6reg1 entered promiscuous mode
[  618.658517][T23398] EXT4-fs (loop2): unmounting filesystem.
[  619.000547][T25493] loop2: detected capacity change from 0 to 512
[  619.022403][T25493] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  619.059295][T25493] EXT4-fs error (device loop2): ext4_orphan_get:1396: inode #17: comm syz-executor.2: iget: bad i_size value: -6917529027641081756
[  619.086969][T25493] EXT4-fs error (device loop2): ext4_orphan_get:1401: comm syz-executor.2: couldn't read orphan inode 17 (err -117)
[  619.105996][T25493] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  619.123993][T25493] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor.2: bg 0: block 65: padding at end of block bitmap is not set
[  619.140374][T25493] Quota error (device loop2): write_blk: dquota write failed
[  619.147978][T25493] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[  619.158574][T25493] Quota error (device loop2): do_check_range: Getting block 144 out of range 0-5
[  619.206834][T25500] overlayfs: statfs failed on './file0'
[  619.253295][T23398] EXT4-fs (loop2): unmounting filesystem.
[  619.342096][T25502] netlink: 'syz-executor.1': attribute type 23 has an invalid length.
[  619.350393][T25502] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[  619.359603][T25502] bridge0: port 2(bridge_slave_1) entered disabled state
[  619.366615][T25502] bridge0: port 1(bridge_slave_0) entered disabled state
[  619.373676][T25502] device bridge0 entered promiscuous mode
[  619.439587][T25505] loop2: detected capacity change from 0 to 2048
[  619.460354][T25505] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  619.468657][T25505] ext4 filesystem being mounted at /root/syzkaller-testdir3844091992/syzkaller.9Do77P/181/bus supports timestamps until 2038 (0x7fffffff)
[  619.472733][T25510] loop4: detected capacity change from 0 to 512
[  619.501191][T25510] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  619.520630][T25510] EXT4-fs error (device loop4): ext4_orphan_get:1396: inode #17: comm syz-executor.4: iget: bad i_size value: -6917529027641081756
[  619.534150][T25510] EXT4-fs error (device loop4): ext4_orphan_get:1401: comm syz-executor.4: couldn't read orphan inode 17 (err -117)
[  619.546415][T25510] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  619.546718][T23398] EXT4-fs (loop2): unmounting filesystem.
[  619.566100][T25510] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor.4: bg 0: block 65: padding at end of block bitmap is not set
[  619.660688][T24370] EXT4-fs (loop4): unmounting filesystem.
[  620.057152][T25535] loop0: detected capacity change from 0 to 512
[  620.078603][T25535] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[  620.109217][  T351] usb 3-1: new high-speed USB device number 53 using dummy_hcd
[  620.117968][T25535] EXT4-fs error (device loop0): ext4_orphan_get:1396: inode #17: comm syz-executor.0: iget: bad i_size value: -6917529027641081756
[  620.139602][T25535] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor.0: couldn't read orphan inode 17 (err -117)
[  620.155871][T25535] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  620.193417][T25535] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor.0: bg 0: block 65: padding at end of block bitmap is not set
[  620.358227][T24894] EXT4-fs (loop0): unmounting filesystem.
[  620.431254][T25543] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
[  620.509303][  T351] usb 3-1: config 0 has no interfaces?
[  620.589261][  T351] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  620.598285][  T351] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  620.627484][T25547] device syzkaller0 entered promiscuous mode
[  620.627773][  T351] usb 3-1: SerialNumber: syz
[  620.654080][  T351] usb 3-1: config 0 descriptor??
[  620.902848][ T6405] usb 3-1: USB disconnect, device number 53
[  620.962933][T25553] 9pnet_fd: Insufficient options for proto=fd
[  621.592319][T25575] device syzkaller0 entered promiscuous mode
[  621.800116][T25580] device veth0_vlan left promiscuous mode
[  621.806195][T25580] device veth0_vlan entered promiscuous mode
[  622.079414][T25587] bridge0: port 3(veth1_macvtap) entered blocking state
[  622.086192][T25587] bridge0: port 3(veth1_macvtap) entered disabled state
[  624.030807][T24928] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  624.031091][T23582] Bluetooth: hci0: command 0x1003 tx timeout
[  625.387405][T25594] loop4: detected capacity change from 0 to 256
[  625.418800][T25597] x_tables: duplicate underflow at hook 4
[  625.439246][  T664] usb 3-1: new high-speed USB device number 54 using dummy_hcd
[  625.679164][  T664] usb 3-1: Using ep0 maxpacket: 32
[  625.775704][T25616] loop1: detected capacity change from 0 to 512
[  625.799254][  T664] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  625.810432][  T664] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  625.820230][  T664] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  625.820296][T25616] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem
[  625.837180][  T664] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  625.839299][T25616] EXT4-fs error (device loop1): ext4_ext_check_inode:520: inode #15: comm syz-executor.1: pblk 0 bad header/extent: invalid eh_entries - magic f30a, entries 24833, max 4(4), depth 0(0)
[  625.845744][  T664] usb 3-1: config 0 descriptor??
[  625.868156][T25616] EXT4-fs error (device loop1): ext4_orphan_get:1401: comm syz-executor.1: couldn't read orphan inode 15 (err -117)
[  625.880500][T25616] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  625.888872][T25616] ext2 filesystem being mounted at /root/syzkaller-testdir1778662047/syzkaller.npLieg/91/file0 supports timestamps until 2038 (0x7fffffff)
[  625.903355][  T664] hub 3-1:0.0: USB hub found
[  625.965194][T24417] EXT4-fs (loop1): unmounting filesystem.
[  626.069252][  T332] usb 4-1: new high-speed USB device number 64 using dummy_hcd
[  626.180726][  T664] hub 3-1:0.0: config failed, can't read hub descriptor (err -22)
[  626.192933][T25622] loop0: detected capacity change from 0 to 40427
[  626.209601][T25622] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  626.217254][T25622] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  626.226037][T25622] F2FS-fs (loop0): invalid crc value
[  626.232824][T25622] F2FS-fs (loop0): Found nat_bits in checkpoint
[  626.272051][T25622] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  626.278984][T25622] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  626.289199][  T664] usbhid 3-1:0.0: can't add hid device: -71
[  626.295042][  T664] usbhid: probe of 3-1:0.0 failed with error -71
[  626.379683][  T664] usb 3-1: USB disconnect, device number 54
[  626.768563][  T332] usb 4-1: config 0 has no interfaces?
[  626.849228][  T332] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  626.858169][  T332] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  626.866030][  T332] usb 4-1: SerialNumber: syz
[  626.871321][  T332] usb 4-1: config 0 descriptor??
[  627.017821][  T419] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  627.026942][  T419] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  627.122102][  T419] Bluetooth: hci0: Frame reassembly failed (-84)
[  627.128983][  T203] usb 4-1: USB disconnect, device number 64
[  627.186624][   T28] kauditd_printk_skb: 6 callbacks suppressed
[  627.186642][   T28] audit: type=1326 audit(2000000658.456:38445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25635 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa875e7cee9 code=0x7fc00000
[  627.206282][T25638] overlayfs: missing 'lowerdir'
[  627.217923][   T28] audit: type=1326 audit(2000000658.456:38446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25635 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa875e7cee9 code=0x7fc00000
[  627.245026][   T28] audit: type=1326 audit(2000000658.456:38447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25635 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa875e7cee9 code=0x7fc00000
[  627.268938][   T28] audit: type=1326 audit(2000000658.456:38448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25635 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa875e7cee9 code=0x7fc00000
[  627.292911][   T28] audit: type=1326 audit(2000000658.456:38449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25635 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa875e7cee9 code=0x7fc00000
[  627.316905][   T28] audit: type=1326 audit(2000000658.456:38450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25635 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa875e7cee9 code=0x7fc00000
[  627.340898][   T28] audit: type=1326 audit(2000000658.456:38451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25635 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa875e7cee9 code=0x7fc00000
[  627.364916][   T28] audit: type=1326 audit(2000000658.456:38452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25635 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa875e7cee9 code=0x7fc00000
[  627.389181][   T28] audit: type=1326 audit(2000000658.456:38453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25635 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa875e7cee9 code=0x7fc00000
[  627.413159][   T28] audit: type=1326 audit(2000000658.456:38454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25635 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa875e7cee9 code=0x7fc00000
[  627.455708][T25643] overlayfs: missing 'lowerdir'
[  628.339215][  T203] usb 2-1: new high-speed USB device number 83 using dummy_hcd
[  628.599142][  T203] usb 2-1: Using ep0 maxpacket: 32
[  628.623718][T25686] serio: Serial port pts1
[  628.719250][  T203] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  628.730054][  T203] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  628.739819][  T203] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  628.748746][  T203] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  628.769322][  T203] usb 2-1: config 0 descriptor??
[  628.809553][  T203] hub 2-1:0.0: USB hub found
[  629.069187][  T203] hub 2-1:0.0: config failed, can't read hub descriptor (err -22)
[  629.179156][   T45] Bluetooth: hci0: command 0x1003 tx timeout
[  629.179177][T24928] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  629.190945][  T203] usbhid 2-1:0.0: can't add hid device: -71
[  629.205649][  T203] usbhid: probe of 2-1:0.0 failed with error -71
[  629.239356][  T203] usb 2-1: USB disconnect, device number 83
[  629.684151][T25711] loop0: detected capacity change from 0 to 40427
[  629.701486][T25711] F2FS-fs (loop0): Found nat_bits in checkpoint
[  629.737474][T25711] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  629.819616][T24894] syz-executor.0: attempt to access beyond end of device
[  629.819616][T24894] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  629.874326][T25723] overlayfs: missing 'lowerdir'
[  630.892257][T25762] bridge0: port 1(bridge_slave_0) entered blocking state
[  630.899205][T25762] bridge0: port 1(bridge_slave_0) entered disabled state
[  630.906596][T25762] device bridge_slave_0 entered promiscuous mode
[  630.913480][T25762] bridge0: port 2(bridge_slave_1) entered blocking state
[  630.920395][T25762] bridge0: port 2(bridge_slave_1) entered disabled state
[  630.927684][T25762] device bridge_slave_1 entered promiscuous mode
[  630.959604][T25769] loop1: detected capacity change from 0 to 256
[  631.046297][T25773] serio: Serial port pts0
[  631.072963][T25762] bridge0: port 2(bridge_slave_1) entered blocking state
[  631.079854][T25762] bridge0: port 2(bridge_slave_1) entered forwarding state
[  631.086935][T25762] bridge0: port 1(bridge_slave_0) entered blocking state
[  631.093720][T25762] bridge0: port 1(bridge_slave_0) entered forwarding state
[  631.121063][  T638] device bridge_slave_1 left promiscuous mode
[  631.127167][  T638] bridge0: port 2(bridge_slave_1) entered disabled state
[  631.135149][  T638] device bridge_slave_0 left promiscuous mode
[  631.141447][  T638] bridge0: port 1(bridge_slave_0) entered disabled state
[  631.149492][  T638] device veth1_macvtap left promiscuous mode
[  631.155459][  T638] device veth0_vlan left promiscuous mode
[  631.320306][T22485] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  631.332715][T22485] bridge0: port 1(bridge_slave_0) entered disabled state
[  631.341251][T22485] bridge0: port 2(bridge_slave_1) entered disabled state
[  631.364867][ T6401] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  631.373410][ T6401] bridge0: port 1(bridge_slave_0) entered blocking state
[  631.380272][ T6401] bridge0: port 1(bridge_slave_0) entered forwarding state
[  631.388333][ T6401] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  631.396784][ T6401] bridge0: port 2(bridge_slave_1) entered blocking state
[  631.403627][ T6401] bridge0: port 2(bridge_slave_1) entered forwarding state
[  631.411162][ T6401] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  631.419062][ T6401] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  631.449920][ T6401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  631.458740][ T6401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  631.466950][ T6401] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  631.474179][ T6401] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  631.482907][T25762] device veth0_vlan entered promiscuous mode
[  631.498535][ T6401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  631.508470][T25762] device veth1_macvtap entered promiscuous mode
[  631.520238][ T6401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  631.551042][  T664] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  631.559262][  T664] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  632.149049][T25800] loop2: detected capacity change from 0 to 40427
[  632.160562][T25807] syz-executor.1[25807] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  632.160708][T25807] syz-executor.1[25807] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  632.162421][T25800] F2FS-fs (loop2): Found nat_bits in checkpoint
[  632.207525][T25807] incfs: Can't find or create .index dir in ./file0
[  632.218290][T25807] incfs: mount failed -14
[  632.232769][T25800] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  632.300255][T23398] syz-executor.2: attempt to access beyond end of device
[  632.300255][T23398] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  632.359031][   T28] kauditd_printk_skb: 64 callbacks suppressed
[  632.359048][   T28] audit: type=1326 audit(2000000663.626:38519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25815 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f812907cee9 code=0x7ffc0000
[  632.392313][   T28] audit: type=1326 audit(2000000663.626:38520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25815 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f812907cee9 code=0x7ffc0000
[  632.416409][  T351] usb 1-1: new high-speed USB device number 74 using dummy_hcd
[  632.424002][   T28] audit: type=1326 audit(2000000663.666:38521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25815 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=166 compat=0 ip=0x7f812907cee9 code=0x7ffc0000
[  632.448866][   T28] audit: type=1326 audit(2000000663.666:38522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25815 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f812907cee9 code=0x7ffc0000
[  632.473024][   T28] audit: type=1326 audit(2000000663.666:38523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25815 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f812907cee9 code=0x7ffc0000
[  632.552238][T25823] loop2: detected capacity change from 0 to 2048
[  632.590539][T25823]  loop2: p1 p2 p3
[  632.755924][T25833] loop1: detected capacity change from 0 to 2048
[  632.781590][T25833] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  632.784186][T25829] loop3: detected capacity change from 0 to 40427
[  632.803897][T25829] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  632.811606][T25829] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  632.821946][T25829] F2FS-fs (loop3): Found nat_bits in checkpoint
[  632.852121][T25829] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  632.864408][T25829] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  632.871294][T25829] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  632.879838][T24417] EXT4-fs (loop1): unmounting filesystem.
[  632.909254][  T351] usb 1-1: config 0 has no interfaces?
[  632.914679][  T351] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  632.923649][  T351] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  632.932246][  T351] usb 1-1: config 0 descriptor??
[  633.010638][T25844] overlayfs: failed to resolve './file0': -2
[  633.173466][T25806] loop0: detected capacity change from 0 to 256
[  633.183648][T25806] exfat: Bad value for 'uid'
[  633.236377][  T351] usb 1-1: USB disconnect, device number 74
[  633.903370][T25869] syz-executor.3[25869] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  633.903495][T25869] syz-executor.3[25869] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  634.229336][T22485] usb 2-1: new high-speed USB device number 84 using dummy_hcd
[  634.309157][  T664] usb 3-1: new high-speed USB device number 55 using dummy_hcd
[  634.316695][ T6401] usb 4-1: new high-speed USB device number 65 using dummy_hcd
[  634.517649][T25897] syz-executor.4[25897] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  634.517706][T25897] syz-executor.4[25897] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  634.589193][  T664] usb 3-1: Using ep0 maxpacket: 32
[  634.669223][T22485] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  634.680134][T22485] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  634.689882][T22485] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  634.698739][T22485] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  634.707056][T22485] usb 2-1: config 0 descriptor??
[  634.729266][ T6401] usb 4-1: New USB device found, idVendor=1235, idProduct=0018, bcdDevice=f0.ee
[  634.738355][ T6401] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  634.747109][ T6401] usb 4-1: config 0 descriptor??
[  634.789799][ T6401] usb 4-1: selecting invalid altsetting 1
[  634.796941][ T6401] snd-usb-audio: probe of 4-1:0.0 failed with error -22
[  634.829741][T25903] syz-executor.4[25903] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  634.829795][T25903] syz-executor.4[25903] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  634.919288][  T664] usb 3-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed
[  634.940282][  T664] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  634.948129][  T664] usb 3-1: Product: syz
[  634.952211][  T664] usb 3-1: Manufacturer: syz
[  634.956764][  T664] usb 3-1: SerialNumber: syz
[  634.964182][  T664] usb 3-1: config 0 descriptor??
[  634.991983][  T203] usb 4-1: USB disconnect, device number 65
[  635.462897][T25918] loop4: detected capacity change from 0 to 40427
[  635.501289][T25918] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  635.508852][T25918] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  635.517802][T25918] F2FS-fs (loop4): invalid crc value
[  635.524711][T25918] F2FS-fs (loop4): Found nat_bits in checkpoint
[  635.563129][T25927] syz-executor.3[25927] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  635.563201][T25927] syz-executor.3[25927] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  635.584408][T25918] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  635.603313][T25918] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  635.859893][T22485] uclogic 0003:256C:006D.00AC: interface is invalid, ignoring
[  636.009192][ T6384] usb 4-1: new high-speed USB device number 66 using dummy_hcd
[  636.081278][T22485] usb 2-1: USB disconnect, device number 84
[  636.199701][  T638] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  636.208869][  T638] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  636.289243][ T6384] usb 4-1: Using ep0 maxpacket: 32
[  636.438605][T25943] loop4: detected capacity change from 0 to 512
[  636.453076][T25943] EXT4-fs (loop4): 1 truncate cleaned up
[  636.458601][T25943] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  636.543477][T24370] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 13: comm syz-executor.4: path /root/syzkaller-testdir3400509090/syzkaller.tS9J4z/141/file0: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=196608, rec_len=0, size=1024 fake=0
[  636.569230][T24370] EXT4-fs error (device loop4): ext4_lookup:1855: inode #11: comm syz-executor.4: iget: Dir with htree data on filesystem without dir_index feature.
[  636.584528][T24370] EXT4-fs error (device loop4): ext4_lookup:1855: inode #11: comm syz-executor.4: iget: Dir with htree data on filesystem without dir_index feature.
[  636.589410][ T6384] usb 4-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed
[  636.608423][ T6384] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  636.616331][ T6384] usb 4-1: Product: syz
[  636.620459][ T6384] usb 4-1: Manufacturer: syz
[  636.624916][ T6384] usb 4-1: SerialNumber: syz
[  636.629982][ T6384] usb 4-1: config 0 descriptor??
[  636.671282][T24370] EXT4-fs (loop4): unmounting filesystem.
[  636.808117][T25954] loop1: detected capacity change from 0 to 512
[  636.856206][T25954] EXT4-fs error (device loop1): ext4_orphan_get:1396: inode #15: comm syz-executor.1: casefold flag without casefold feature
[  636.870397][T25954] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #2: comm syz-executor.1: missing EA_INODE flag
[  636.882259][T25954] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz-executor.1: error while reading EA inode 2 err=-117
[  636.894784][T25954] EXT4-fs (loop1): 1 orphan inode deleted
[  636.900442][T25954] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  637.061543][T25960] bridge0: port 1(bridge_slave_0) entered blocking state
[  637.068436][T25960] bridge0: port 1(bridge_slave_0) entered disabled state
[  637.075843][T25960] device bridge_slave_0 entered promiscuous mode
[  637.082628][T25960] bridge0: port 2(bridge_slave_1) entered blocking state
[  637.089517][T25960] bridge0: port 2(bridge_slave_1) entered disabled state
[  637.096721][T25960] device bridge_slave_1 entered promiscuous mode
[  637.143492][  T638] device bridge_slave_1 left promiscuous mode
[  637.149913][  T638] bridge0: port 2(bridge_slave_1) entered disabled state
[  637.157386][  T638] device bridge_slave_0 left promiscuous mode
[  637.163690][  T638] bridge0: port 1(bridge_slave_0) entered disabled state
[  637.171882][  T638] device veth1_macvtap left promiscuous mode
[  637.178220][  T638] device veth0_vlan left promiscuous mode
[  637.309011][T25960] bridge0: port 2(bridge_slave_1) entered blocking state
[  637.316012][T25960] bridge0: port 2(bridge_slave_1) entered forwarding state
[  637.323093][T25960] bridge0: port 1(bridge_slave_0) entered blocking state
[  637.329895][T25960] bridge0: port 1(bridge_slave_0) entered forwarding state
[  637.363408][ T6384] rtl8150 4-1:0.0: eth1: rtl8150 is detected
[  637.375176][ T6384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  637.383428][ T6384] bridge0: port 1(bridge_slave_0) entered disabled state
[  637.391180][ T6384] bridge0: port 2(bridge_slave_1) entered disabled state
[  637.402248][  T203] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  637.410322][  T203] bridge0: port 1(bridge_slave_0) entered blocking state
[  637.417175][  T203] bridge0: port 1(bridge_slave_0) entered forwarding state
[  637.435854][  T351] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  637.444139][  T351] bridge0: port 2(bridge_slave_1) entered blocking state
[  637.451000][  T351] bridge0: port 2(bridge_slave_1) entered forwarding state
[  637.458491][  T351] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  637.470110][T25972] loop0: detected capacity change from 0 to 512
[  637.474622][  T351] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  637.491503][T25960] device veth0_vlan entered promiscuous mode
[  637.498122][  T203] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  637.498562][T25972] EXT4-fs (loop0): 1 truncate cleaned up
[  637.506454][  T203] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  637.520892][  T203] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  637.525688][T25972] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  637.528193][  T203] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  637.549318][ T6384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  637.569819][T25960] device veth1_macvtap entered promiscuous mode
[  637.583334][T22485] usb 4-1: USB disconnect, device number 66
[  637.593988][T24894] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 13: comm syz-executor.0: path /root/syzkaller-testdir4115751966/syzkaller.ev5HID/86/file0: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=196608, rec_len=0, size=1024 fake=0
[  637.625578][T24894] EXT4-fs error (device loop0): ext4_lookup:1855: inode #11: comm syz-executor.0: iget: Dir with htree data on filesystem without dir_index feature.
[  637.627033][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  637.648364][  T664] rtl8150 3-1:0.0: couldn't reset the device
[  637.654580][T24894] EXT4-fs error (device loop0): ext4_lookup:1855: inode #11: comm syz-executor.0: iget: Dir with htree data on filesystem without dir_index feature.
[  637.670107][  T664] rtl8150: probe of 3-1:0.0 failed with error -5
[  637.676955][  T664] usb 3-1: USB disconnect, device number 55
[  637.683093][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  637.751156][T24894] EXT4-fs (loop0): unmounting filesystem.
[  637.757444][T24417] EXT4-fs (loop1): unmounting filesystem.
[  637.856736][T25977] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'.
[  638.027495][T25982] bridge0: port 1(bridge_slave_0) entered blocking state
[  638.034508][T25982] bridge0: port 1(bridge_slave_0) entered disabled state
[  638.042494][T25982] device bridge_slave_0 entered promiscuous mode
[  638.049382][T25982] bridge0: port 2(bridge_slave_1) entered blocking state
[  638.056214][T25982] bridge0: port 2(bridge_slave_1) entered disabled state
[  638.060586][T25980] overlayfs: failed to resolve './file0': -2
[  638.063908][T25982] device bridge_slave_1 entered promiscuous mode
[  638.125171][T25982] bridge0: port 2(bridge_slave_1) entered blocking state
[  638.132063][T25982] bridge0: port 2(bridge_slave_1) entered forwarding state
[  638.139129][T25982] bridge0: port 1(bridge_slave_0) entered blocking state
[  638.145910][T25982] bridge0: port 1(bridge_slave_0) entered forwarding state
[  638.170385][T22485] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  638.178166][T22485] bridge0: port 1(bridge_slave_0) entered disabled state
[  638.185938][T22485] bridge0: port 2(bridge_slave_1) entered disabled state
[  638.197691][  T203] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  638.205731][  T203] bridge0: port 1(bridge_slave_0) entered blocking state
[  638.212577][  T203] bridge0: port 1(bridge_slave_0) entered forwarding state
[  638.230396][  T203] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  638.238428][  T203] bridge0: port 2(bridge_slave_1) entered blocking state
[  638.245268][  T203] bridge0: port 2(bridge_slave_1) entered forwarding state
[  638.252443][  T203] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  638.260749][  T203] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  638.275231][  T664] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  638.287500][  T664] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  638.295683][  T664] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  638.303117][  T664] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  638.311593][T25982] device veth0_vlan entered promiscuous mode
[  638.323343][T25982] device veth1_macvtap entered promiscuous mode
[  638.330467][  T638] device bridge_slave_1 left promiscuous mode
[  638.336394][  T638] bridge0: port 2(bridge_slave_1) entered disabled state
[  638.343707][  T638] device bridge_slave_0 left promiscuous mode
[  638.350030][  T638] bridge0: port 1(bridge_slave_0) entered disabled state
[  638.357677][  T638] device veth1_macvtap left promiscuous mode
[  638.363583][  T638] device veth0_vlan left promiscuous mode
[  638.435952][  T351] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  638.452102][  T203] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  638.460328][  T203] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  638.539432][  T332] usb 3-1: new high-speed USB device number 56 using dummy_hcd
[  638.564448][T26002] loop3: detected capacity change from 0 to 512
[  638.576989][T26004] 9pnet_fd: Insufficient options for proto=fd
[  638.581287][T26002] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  638.591945][T26002] ext4 filesystem being mounted at /root/syzkaller-testdir871882328/syzkaller.qYYHFt/10/file0 supports timestamps until 2038 (0x7fffffff)
[  638.613189][T26002] EXT4-fs: Cannot change journaled quota options when quota turned on
[  638.657308][T25762] EXT4-fs (loop3): unmounting filesystem.
[  638.779245][  T664] usb 1-1: new high-speed USB device number 75 using dummy_hcd
[  638.899229][  T332] usb 3-1: New USB device found, idVendor=1235, idProduct=0018, bcdDevice=f0.ee
[  638.908826][  T332] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  638.909156][T22485] usb 2-1: new high-speed USB device number 85 using dummy_hcd
[  638.917717][  T332] usb 3-1: config 0 descriptor??
[  638.969834][  T332] usb 3-1: selecting invalid altsetting 1
[  638.976974][  T332] snd-usb-audio: probe of 3-1:0.0 failed with error -22
[  639.069223][  T664] usb 1-1: Using ep0 maxpacket: 8
[  639.189656][   T37] usb 3-1: USB disconnect, device number 56
[  639.199280][  T664] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  639.210185][  T664] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  639.219880][  T664] usb 1-1: New USB device found, idVendor=056a, idProduct=0035, bcdDevice= 0.00
[  639.228817][  T664] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  639.238584][  T664] usb 1-1: config 0 descriptor??
[  639.299198][T22485] usb 2-1: New USB device found, idVendor=1235, idProduct=0018, bcdDevice=f0.ee
[  639.308218][T22485] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  639.317879][T22485] usb 2-1: config 0 descriptor??
[  639.359671][T22485] usb 2-1: selecting invalid altsetting 1
[  639.369514][T22485] snd-usb-audio: probe of 2-1:0.0 failed with error -22
[  639.564109][  T332] usb 2-1: USB disconnect, device number 85
[  639.710579][  T664] wacom 0003:056A:0035.00AD: unknown main item tag 0x0
[  639.729259][  T664] wacom 0003:056A:0035.00AD: hidraw0: USB HID v0.00 Device [HID 056a:0035] on usb-dummy_hcd.0-1/input0
[  639.911666][  T664] usb 1-1: USB disconnect, device number 75
[  640.295453][T26034] loop1: detected capacity change from 0 to 512
[  640.321439][T26034] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  640.330249][T26034] ext4 filesystem being mounted at /root/syzkaller-testdir1778662047/syzkaller.npLieg/116/file0 supports timestamps until 2038 (0x7fffffff)
[  640.348346][T26034] EXT4-fs: Cannot change journaled quota options when quota turned on
[  640.401249][T24417] EXT4-fs (loop1): unmounting filesystem.
[  640.601661][T26042] overlayfs: statfs failed on './file0'
[  640.752729][T26049] 9pnet_fd: Insufficient options for proto=fd
[  640.976995][T26064] device batadv_slave_0 entered promiscuous mode
[  640.983531][T26062] device batadv_slave_0 left promiscuous mode
[  641.004397][T26066] loop0: detected capacity change from 0 to 512
[  641.039230][  T332] usb 4-1: new high-speed USB device number 67 using dummy_hcd
[  641.062575][T26066] EXT4-fs error (device loop0): __ext4_fill_super:5386: inode #2: comm syz-executor.0: iget: special inode unallocated
[  641.075113][T26066] EXT4-fs (loop0): get root inode failed
[  641.080073][T26068] loop2: detected capacity change from 0 to 512
[  641.080821][T26066] EXT4-fs (loop0): mount failed
[  641.120889][T26068] Quota error (device loop2): do_check_range: Getting dqdh_entries 1536 out of range 0-14
[  641.130963][T26068] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[  641.138908][T26066] loop0: detected capacity change from 0 to 256
[  641.141454][T26068] EXT4-fs (loop2): 1 truncate cleaned up
[  641.147645][T26066] exFAT-fs (loop0): invalid boot record signature
[  641.152436][T26068] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  641.158650][T26066] exFAT-fs (loop0): failed to read boot sector
[  641.167334][T26068] ext4 filesystem being mounted at /root/syzkaller-testdir3844091992/syzkaller.9Do77P/216/file0 supports timestamps until 2038 (0x7fffffff)
[  641.173758][T26066] exFAT-fs (loop0): failed to recognize exfat type
[  641.193737][T26068] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor.2: bg 0: block 248: padding at end of block bitmap is not set
[  641.209168][T26068] Quota error (device loop2): do_check_range: Getting dqdh_entries 1536 out of range 0-14
[  641.219243][T26068] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[  641.229358][T26068] EXT4-fs error (device loop2): ext4_lookup:1859: inode #2: comm syz-executor.2: deleted inode referenced: 12
[  641.241627][T26068] EXT4-fs error (device loop2): ext4_lookup:1859: inode #2: comm syz-executor.2: deleted inode referenced: 12
[  641.253863][T26068] EXT4-fs error (device loop2): ext4_lookup:1859: inode #2: comm syz-executor.2: deleted inode referenced: 12
[  641.350364][   T28] audit: type=1326 audit(2000000672.626:38524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26072 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f207167cee9 code=0x7ffc0000
[  641.374955][   T28] audit: type=1326 audit(2000000672.626:38525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26072 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f207167cee9 code=0x7ffc0000
[  641.398964][   T28] audit: type=1326 audit(2000000672.626:38526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26072 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f207167cee9 code=0x7ffc0000
[  641.423031][  T332] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  641.430979][   T28] audit: type=1326 audit(2000000672.626:38527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26072 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f207167cee9 code=0x7ffc0000
[  641.457636][  T332] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  641.467222][  T332] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  641.473092][   T28] audit: type=1326 audit(2000000672.626:38528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26072 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f207167cee9 code=0x7ffc0000
[  641.476045][  T332] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  641.476696][  T332] usb 4-1: config 0 descriptor??
[  641.501568][   T28] audit: type=1326 audit(2000000672.646:38529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26072 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f207167cee9 code=0x7ffc0000
[  641.829795][T26087] overlayfs: statfs failed on './file0'
[  641.946407][T23398] EXT4-fs (loop2): unmounting filesystem.
[  642.179244][  T203] usb 1-1: new high-speed USB device number 76 using dummy_hcd
[  642.419169][  T203] usb 1-1: Using ep0 maxpacket: 32
[  642.437083][  T664] hid-generic 0000:0000:0000.00AF: unknown main item tag 0x0
[  642.444787][  T664] hid-generic 0000:0000:0000.00AF: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  642.689228][  T332] uclogic 0003:256C:006D.00AE: interface is invalid, ignoring
[  642.699342][  T203] usb 1-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed
[  642.708763][  T203] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  642.719174][  T203] usb 1-1: Product: syz
[  642.723185][  T203] usb 1-1: Manufacturer: syz
[  642.727623][  T203] usb 1-1: SerialNumber: syz
[  642.732565][  T203] usb 1-1: config 0 descriptor??
[  642.895593][ T6405] usb 4-1: USB disconnect, device number 67
[  643.388399][T26124] loop2: detected capacity change from 0 to 40427
[  643.431140][  T203] rtl8150 1-1:0.0: eth1: rtl8150 is detected
[  643.465309][T26124] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  643.473331][T26124] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  643.482597][T26124] F2FS-fs (loop2): invalid crc value
[  643.489288][T26124] F2FS-fs (loop2): Found nat_bits in checkpoint
[  643.537841][T26124] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  643.544785][T26124] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  643.640439][  T664] usb 1-1: USB disconnect, device number 76
[  643.803377][T26143] syz-executor.3[26143] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  643.803741][T26143] syz-executor.3[26143] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  643.926753][T26145] loop4: detected capacity change from 0 to 8192
[  644.054099][  T419] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  644.066842][  T419] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  644.139788][T26150] loop3: detected capacity change from 0 to 8192
[  644.432772][T26153] loop0: detected capacity change from 0 to 40427
[  644.450996][T26153] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  644.463670][T26153] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  644.464029][T26157] loop2: detected capacity change from 0 to 8192
[  644.473068][T26153] F2FS-fs (loop0): invalid crc value
[  644.484408][T26153] F2FS-fs (loop0): Found nat_bits in checkpoint
[  644.579629][T26153] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  644.586576][T26153] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  644.641419][  T357] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  644.658738][  T357] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  644.710797][T26153] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint
[  644.829225][ T6405] usb 2-1: new high-speed USB device number 86 using dummy_hcd
[  644.838763][T26162] loop3: detected capacity change from 0 to 40427
[  644.855791][T26162] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  644.873534][T26162] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  644.893421][T26162] F2FS-fs (loop3): invalid crc value
[  644.913487][T26162] F2FS-fs (loop3): Found nat_bits in checkpoint
[  645.002092][T26162] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  645.009381][T26162] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  645.060655][  T638] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  645.069446][ T6405] usb 2-1: Using ep0 maxpacket: 8
[  645.074911][  T638] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  645.114545][T26162] F2FS-fs (loop3): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint
[  645.189323][ T6405] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  645.210285][ T6405] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  645.240873][ T6405] usb 2-1: New USB device found, idVendor=056a, idProduct=0035, bcdDevice= 0.00
[  645.262883][ T6405] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  645.282165][ T6405] usb 2-1: config 0 descriptor??
[  645.699268][  T203] usb 3-1: new high-speed USB device number 57 using dummy_hcd
[  645.733480][T26196] futex_wake_op: syz-executor.4 tries to shift op by -1; fix this program
[  645.743412][ T6405] wacom 0003:056A:0035.00B0: unknown main item tag 0x0
[  645.750955][ T6405] wacom 0003:056A:0035.00B0: hidraw0: USB HID v0.00 Device [HID 056a:0035] on usb-dummy_hcd.1-1/input0
[  645.841644][T26200] loop4: detected capacity change from 0 to 512
[  645.860976][T26200] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  645.869988][T26200] ext4 filesystem being mounted at /root/syzkaller-testdir4134462799/syzkaller.AqvWP1/26/bus supports timestamps until 2038 (0x7fffffff)
[  645.910214][T25960] EXT4-fs (loop4): unmounting filesystem.
[  645.944837][   T37] usb 2-1: USB disconnect, device number 86
[  645.949219][  T203] usb 3-1: Using ep0 maxpacket: 32
[  646.077754][T26205] kvm [26204]: vcpu0, guest rIP: 0x20e disabled perfctr wrmsr: 0xc1 data 0x800
[  646.086711][T26205] kvm [26204]: vcpu0, guest rIP: 0x20e disabled perfctr wrmsr: 0xc2 data 0x800
[  646.092963][T26214] loop4: detected capacity change from 0 to 2048
[  646.099890][T26205] kvm [26204]: vcpu0, guest rIP: 0x20e ignored wrmsr: 0x11e data 0x800
[  646.114079][T26205] kvm [26204]: vcpu0, guest rIP: 0x20e disabled perfctr wrmsr: 0x186 data 0x800
[  646.123096][T26205] kvm [26204]: vcpu0, guest rIP: 0x20e disabled perfctr wrmsr: 0x187 data 0x800
[  646.152278][T26214]  loop4: p1 p2 p3
[  646.229420][  T203] usb 3-1: New USB device found, idVendor=0499, idProduct=1006, bcdDevice=15.0a
[  646.238587][  T203] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  646.247123][  T203] usb 3-1: Product: syz
[  646.251350][  T203] usb 3-1: Manufacturer: syz
[  646.255892][  T203] usb 3-1: SerialNumber: syz
[  646.264652][  T203] usb 3-1: config 0 descriptor??
[  646.312301][  T203] snd-usb-audio: probe of 3-1:0.0 failed with error -2
[  646.519379][T22485] usb 3-1: USB disconnect, device number 57
[  646.831383][T26228] loop1: detected capacity change from 0 to 40427
[  646.847726][T26228] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  646.855450][T26228] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  646.864218][T26228] F2FS-fs (loop1): invalid crc value
[  646.871689][T26228] F2FS-fs (loop1): Found nat_bits in checkpoint
[  646.911355][T26228] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  646.918296][T26228] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  647.423544][  T638] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  647.432644][  T638] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  647.569163][T22485] usb 4-1: new high-speed USB device number 68 using dummy_hcd
[  647.714693][T26265] syz-executor.4[26265] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  647.714776][T26265] syz-executor.4[26265] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  647.749204][   T37] usb 1-1: new high-speed USB device number 77 using dummy_hcd
[  647.858672][T26267] loop4: detected capacity change from 0 to 256
[  647.979311][T22485] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  647.992566][T22485] usb 4-1: config 1 interface 0 altsetting 0 has an invalid endpoint with address 0x94, skipping
[  648.042979][T22485] usb 4-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  648.189382][   T37] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 41811, setting to 64
[  648.203540][   T37] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  648.299319][T22485] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  648.308277][T22485] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  648.316302][T22485] usb 4-1: Product: syz
[  648.320411][T22485] usb 4-1: Manufacturer: syz
[  648.324814][T22485] usb 4-1: SerialNumber: syz
[  648.409218][   T37] usb 1-1: New USB device found, idVendor=1b3d, idProduct=9310, bcdDevice= 0.c8
[  648.418105][   T37] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  648.426002][   T37] usb 1-1: Product: syz
[  648.430059][   T37] usb 1-1: Manufacturer: syz
[  648.434439][   T37] usb 1-1: SerialNumber: syz
[  648.439470][   T37] usb 1-1: config 0 descriptor??
[  648.489645][   T37] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected
[  648.497212][   T37] usb 1-1: Detected SIO
[  648.501293][   T37] ftdi_sio ttyUSB0: Overriding wMaxPacketSize on endpoint 11
[  648.508907][   T37] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  649.197244][ T6384] usb 1-1: USB disconnect, device number 77
[  649.206970][ T6384] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  649.216740][ T6384] ftdi_sio 1-1:0.0: device disconnected
[  649.328733][T26302] loop0: detected capacity change from 0 to 512
[  649.342531][T26302] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002]
[  649.350972][T26302] EXT4-fs (loop0): orphan cleanup on readonly fs
[  649.357528][T26302] EXT4-fs warning (device loop0): ext4_enable_quotas:6987: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix.
[  649.389202][T26302] EXT4-fs (loop0): Cannot turn on quotas: error -22
[  649.395876][T26302] EXT4-fs error (device loop0): ext4_ext_check_inode:520: inode #13: comm syz-executor.0: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0)
[  649.414192][T26302] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor.0: couldn't read orphan inode 13 (err -117)
[  649.426468][T26302] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  649.437765][T26302] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended
[  649.447426][T26302] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002]
[  649.459219][T22485] cdc_ncm 4-1:1.0: bind() failure
[  649.465533][T26302] EXT4-fs warning (device loop0): ext4_enable_quotas:6987: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix.
[  649.480096][T22485] cdc_ncm: probe of 4-1:1.1 failed with error -71
[  649.509185][T22485] cdc_mbim: probe of 4-1:1.1 failed with error -71
[  649.516799][T22485] usb 4-1: USB disconnect, device number 68
[  649.524391][T26305] EXT4-fs (loop0): warning: mounting unchecked fs, running e2fsck is recommended
[  649.533587][T26305] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002]
[  649.551369][T26305] EXT4-fs warning (device loop0): ext4_enable_quotas:6987: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix.
[  649.568082][T26295] loop4: detected capacity change from 0 to 131072
[  649.620894][T26295] F2FS-fs (loop4): invalid crc value
[  649.627519][T26295] F2FS-fs (loop4): Found nat_bits in checkpoint
[  649.659754][T26295] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  649.670660][T25982] EXT4-fs (loop0): unmounting filesystem.
[  649.677476][T26295] F2FS-fs (loop4): sanity_check_inode: corrupted inode footer i_ino=7, ino,nid: [2097159, 7] run fsck to fix.
[  649.923656][T26320] loop2: detected capacity change from 0 to 256
[  649.964947][T26323] device syzkaller0 entered promiscuous mode
[  650.118746][T26329] loop1: detected capacity change from 0 to 256
[  650.669175][T26343] netlink: 312 bytes leftover after parsing attributes in process `syz-executor.4'.
[  650.816570][T26339] netlink: 312 bytes leftover after parsing attributes in process `syz-executor.0'.
[  650.843922][T26343] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'.
[  650.864885][T26339] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
[  650.941597][T26347] loop1: detected capacity change from 0 to 512
[  650.957204][T26347] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002]
[  650.965570][T26347] EXT4-fs (loop1): orphan cleanup on readonly fs
[  650.972369][T26347] EXT4-fs warning (device loop1): ext4_enable_quotas:6987: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix.
[  650.987253][T26347] EXT4-fs (loop1): Cannot turn on quotas: error -22
[  650.993900][T26347] EXT4-fs error (device loop1): ext4_ext_check_inode:520: inode #13: comm syz-executor.1: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0)
[  651.012258][T26347] EXT4-fs error (device loop1): ext4_orphan_get:1401: comm syz-executor.1: couldn't read orphan inode 13 (err -117)
[  651.024618][T26347] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  651.036034][T26347] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended
[  651.046028][T26347] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002]
[  651.079677][T26347] EXT4-fs warning (device loop1): ext4_enable_quotas:6987: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix.
[  651.095471][T26352] EXT4-fs (loop1): warning: mounting unchecked fs, running e2fsck is recommended
[  651.104785][T26352] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002]
[  651.119433][T26352] EXT4-fs warning (device loop1): ext4_enable_quotas:6987: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix.
[  651.198982][T24417] EXT4-fs (loop1): unmounting filesystem.
[  651.619196][T26359] netlink: 312 bytes leftover after parsing attributes in process `syz-executor.2'.
[  651.634914][T26356] netlink: 312 bytes leftover after parsing attributes in process `syz-executor.3'.
[  651.670804][T26359] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
[  651.693150][T26356] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
[  652.027051][T26363] loop4: detected capacity change from 0 to 40427
[  652.038938][T26366] loop0: detected capacity change from 0 to 256
[  652.048849][T26363] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  652.057017][T26363] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  652.075587][T26363] F2FS-fs (loop4): Found nat_bits in checkpoint
[  652.118286][T26363] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  652.130730][T26363] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  652.137623][T26363] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  652.238930][T26367] loop1: detected capacity change from 0 to 40427
[  652.269223][T26367] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  652.278996][T26367] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  652.324609][T26367] F2FS-fs (loop1): Found nat_bits in checkpoint
[  652.388167][T26367] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  652.411849][T26385] overlayfs: failed to resolve './file0': -2
[  652.446752][T26367] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  652.462566][T26367] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  652.573364][T26375] loop3: detected capacity change from 0 to 40427
[  652.663106][T26390] netlink: 312 bytes leftover after parsing attributes in process `syz-executor.2'.
[  652.684204][T26390] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
[  652.751185][T26375] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  652.854024][T26375] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  652.937700][T26375] F2FS-fs (loop3): Found nat_bits in checkpoint
[  652.982923][T26375] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  653.050916][T26397] overlayfs: failed to resolve './file0': -2
[  653.095234][T26375] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  653.105494][T26375] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  653.400307][T26399] overlayfs: failed to resolve './file0': -2
[  655.865693][T26431] __nla_validate_parse: 10 callbacks suppressed
[  655.865712][T26431] netlink: 312 bytes leftover after parsing attributes in process `syz-executor.4'.
[  655.882731][T26431] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'.
[  656.538585][T26451] netlink: 312 bytes leftover after parsing attributes in process `syz-executor.1'.
[  656.557912][T26451] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'.
[  657.322485][T26463] netlink: 312 bytes leftover after parsing attributes in process `syz-executor.0'.
[  657.440206][T26460] netlink: 312 bytes leftover after parsing attributes in process `syz-executor.3'.
[  657.451006][T26460] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
[  657.464565][T26461] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
[  657.654638][T26468] overlayfs: failed to create directory ./file0/work (errno: 22); mounting read-only
[  657.763518][T26472] netlink: 312 bytes leftover after parsing attributes in process `syz-executor.1'.
[  657.782689][T26472] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'.
[  658.554384][T26489] loop1: detected capacity change from 0 to 1024
[  658.579027][T26489] EXT4-fs: Ignoring removed orlov option
[  658.587672][T26489] EXT4-fs: Ignoring removed nomblk_io_submit option
[  658.626160][T26489] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  658.635138][  T357] device bridge_slave_1 left promiscuous mode
[  658.641498][  T357] bridge0: port 2(bridge_slave_1) entered disabled state
[  658.652712][  T357] device bridge_slave_0 left promiscuous mode
[  658.667096][T26489] EXT4-fs error (device loop1): get_max_inline_xattr_value_size:69: inode #12: comm syz-executor.1: corrupt xattr in inline inode
[  658.680491][  T357] bridge0: port 1(bridge_slave_0) entered disabled state
[  658.719969][T26489] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2213: inode #12: comm syz-executor.1: corrupted in-inode xattr
[  658.822054][T24417] ==================================================================
[  658.829954][T24417] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xcd0/0xce0
[  658.837762][T24417] Read of size 4 at addr ffff88813f3e0000 by task syz-executor.1/24417
[  658.845837][T24417] 
[  658.848005][T24417] CPU: 1 PID: 24417 Comm: syz-executor.1 Tainted: G        W          6.1.78-syzkaller-00134-g997e6b3f6a21 #0
[  658.859461][T24417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  658.869357][T24417] Call Trace:
[  658.872490][T24417]  <TASK>
[  658.875259][T24417]  dump_stack_lvl+0x151/0x1b7
[  658.879771][T24417]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[  658.885065][T24417]  ? _printk+0xd1/0x111
[  658.889058][T24417]  ? __virt_addr_valid+0x242/0x2f0
[  658.894008][T24417]  print_report+0x158/0x4e0
[  658.898347][T24417]  ? __virt_addr_valid+0x242/0x2f0
[  658.903292][T24417]  ? kasan_addr_to_slab+0xd/0x80
[  658.908068][T24417]  ? ext4_xattr_delete_inode+0xcd0/0xce0
[  658.913534][T24417]  kasan_report+0x13c/0x170
[  658.917875][T24417]  ? ext4_xattr_delete_inode+0xcd0/0xce0
[  658.923342][T24417]  __asan_report_load4_noabort+0x14/0x20
[  658.928809][T24417]  ext4_xattr_delete_inode+0xcd0/0xce0
[  658.934100][T24417]  ? sb_end_intwrite+0x130/0x130
[  658.938879][T24417]  ? ext4_expand_extra_isize_ea+0x1c40/0x1c40
[  658.944779][T24417]  ? __kasan_check_read+0x11/0x20
[  658.949640][T24417]  ? ext4_inode_is_fast_symlink+0x295/0x3d0
[  658.955362][T24417]  ? ext4_evict_inode+0xbc2/0x1550
[  658.960310][T24417]  ext4_evict_inode+0xef9/0x1550
[  658.965087][T24417]  ? _raw_spin_unlock+0x4c/0x70
[  658.969773][T24417]  ? ext4_inode_is_fast_symlink+0x3d0/0x3d0
[  658.975499][T24417]  ? _raw_spin_unlock+0x4c/0x70
[  658.980185][T24417]  ? inode_io_list_del+0x18b/0x1a0
[  658.985131][T24417]  ? ext4_inode_is_fast_symlink+0x3d0/0x3d0
[  658.990868][T24417]  evict+0x2a3/0x630
[  658.994598][T24417]  iput+0x642/0x870
[  658.998241][T24417]  vfs_rmdir+0x3c2/0x500
[  659.002325][T24417]  do_rmdir+0x3ab/0x630
[  659.006313][T24417]  ? d_delete_notify+0x160/0x160
[  659.011117][T24417]  __x64_sys_unlinkat+0xdf/0xf0
[  659.015778][T24417]  do_syscall_64+0x3d/0xb0
[  659.020022][T24417]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  659.025753][T24417] RIP: 0033:0x7faa0047c6c7
[  659.030004][T24417] Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  659.049444][T24417] RSP: 002b:00007fff42cb85a8 EFLAGS: 00000207 ORIG_RAX: 0000000000000107
[  659.057688][T24417] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007faa0047c6c7
[  659.065508][T24417] RDX: 0000000000000200 RSI: 00007fff42cb9750 RDI: 00000000ffffff9c
[  659.073312][T24417] RBP: 00007faa004c8336 R08: 0000000000000000 R09: 0000000000000000
[  659.081126][T24417] R10: 0000000000000100 R11: 0000000000000207 R12: 00007fff42cb9750
[  659.088935][T24417] R13: 00007faa004c8336 R14: 00000000000a0c4e R15: 0000000000000009
[  659.096756][T24417]  </TASK>
[  659.099609][T24417] 
[  659.101783][T24417] The buggy address belongs to the physical page:
[  659.108039][T24417] page:ffffea0004fcf800 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x1 pfn:0x13f3e0
[  659.118356][T24417] flags: 0x4000000000000000(zone=1)
[  659.123395][T24417] raw: 4000000000000000 ffffea0004d82808 ffffea0004edf008 0000000000000000
[  659.131819][T24417] raw: 0000000000000001 0000000000000004 00000000ffffff7f 0000000000000000
[  659.140227][T24417] page dumped because: kasan: bad access detected
[  659.146485][T24417] page_owner tracks the page as freed
[  659.151687][T24417] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 26363, tgid 26361 (syz-executor.4), ts 652175099599, free_ts 652854095726
[  659.169739][T24417]  post_alloc_hook+0x213/0x220
[  659.174337][T24417]  prep_new_page+0x1b/0x110
[  659.178676][T24417]  get_page_from_freelist+0x27ea/0x2870
[  659.184075][T24417]  __alloc_pages+0x3a1/0x780
[  659.188483][T24417]  __folio_alloc+0x15/0x40
[  659.192736][T24417]  shmem_alloc_and_acct_folio+0x78c/0xa50
[  659.198292][T24417]  shmem_get_folio_gfp+0x12d4/0x24b0
[  659.203411][T24417]  shmem_fault+0x1f7/0x840
[  659.207664][T24417]  do_fault+0xdb6/0x1cd0
[  659.211753][T24417]  handle_mm_fault+0x184a/0x2f40
[  659.216519][T24417]  __get_user_pages+0x377/0xf20
[  659.221207][T24417]  __mm_populate+0x375/0x570
[  659.225631][T24417]  vm_mmap_pgoff+0x290/0x430
[  659.230059][T24417]  ksys_mmap_pgoff+0xed/0x1e0
[  659.234568][T24417]  __x64_sys_mmap+0x103/0x120
[  659.239083][T24417]  do_syscall_64+0x3d/0xb0
[  659.243336][T24417] page last free stack trace:
[  659.247850][T24417]  free_unref_page_prepare+0x83d/0x850
[  659.253143][T24417]  free_unref_page_list+0xf1/0x7b0
[  659.258090][T24417]  release_pages+0xf7f/0xfe0
[  659.262602][T24417]  __pagevec_release+0x84/0x100
[  659.267289][T24417]  shmem_undo_range+0x5fc/0x1660
[  659.272068][T24417]  shmem_evict_inode+0x25f/0xa30
[  659.276837][T24417]  evict+0x2a3/0x630
[  659.280569][T24417]  iput+0x642/0x870
[  659.284215][T24417]  dentry_unlink_inode+0x34f/0x440
[  659.289161][T24417]  __dentry_kill+0x447/0x650
[  659.293588][T24417]  dentry_kill+0xc0/0x2a0
[  659.297754][T24417]  dput+0x40/0x80
[  659.301228][T24417]  __fput+0x5f0/0x870
[  659.305047][T24417]  ____fput+0x15/0x20
[  659.308862][T24417]  task_work_run+0x24d/0x2e0
[  659.313289][T24417]  do_exit+0xbd5/0x2b80
[  659.317283][T24417] 
[  659.319452][T24417] Memory state around the buggy address:
[  659.324924][T24417]  ffff88813f3dff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  659.332822][T24417]  ffff88813f3dff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  659.340718][T24417] >ffff88813f3e0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  659.348613][T24417]                    ^
[  659.352521][T24417]  ffff88813f3e0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  659.360420][T24417]  ffff88813f3e0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
2033/05/18 03:44:50 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF
[  659.368316][T24417] ==================================================================
[  659.376805][T24417] Disabling lock debugging due to kernel taint