last executing test programs:

3.038307301s ago: executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x6, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='workqueue_queue_work\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='workqueue_queue_work\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

3.026475643s ago: executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000080b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000400)='track_foreign_dirty\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000400)='track_foreign_dirty\x00', r2}, 0x10)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0)
write$cgroup_int(r3, &(0x7f0000000100), 0x1001)

3.009411936s ago: executing program 2:
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x20100cc, &(0x7f0000000400), 0x1, 0x7b5, &(0x7f0000000440)="$eJzs3U1oHFUcAPD/bDbZfmlS8WBFNCDa4kfStCKpCE1ED4oHwV7Ei6FJS+z2gyaiLUJTvOpNvKlU8KoIetFL6cGLN29ePUm1iPbgcWVmZ5N1s5uP7SZjs78fTPPevJ2+N9n8983Oe8wLoG+Npv+UIg5ExFISMZzvTyJiMEuVI6bqr7v91/sn0y2JWu31P5PsNWk+mo5J7c0P2xURP99I4r6B1fUuXLp8ZqZanbuY58cXz14YX7h0+en5szOn507PnZuYPDZ5dPLIsWcnuz2145WWHS9/+vkbNz975fGrH709/f2bv/+dxFQcz8uaz6NXRmN0+XcSQ/Ufg/VfTbzY68oKMpCfT6lpX1IusEFsSqnpPXwghmMgVt684bjxbaGNAwC2RC3dAIA+k+j/AaDPNO4DNMb2tmIcDPh/ujUd2UD96vgvx1T2c1c2Zr3ndtI0MljOxrVHe1B/+n/88ePXX6ZbbNE4PNDe0tVs4L9N/CdZ/I9ks3ha478+Z2CqB/W3foaIf9g+dxL/r/WgfvEPAAAAAAAAvXN9OiIm243/lZbn/0Sb8b9KRBzuQf3rj/+VbvagGqCNW9MRz7ed/7v8RJeRgTx3TzYfYDA5NV+dS2P/3og4FIOVND+xRh0/vfvrC53Kmuf/pVtaf2MuYN6Om+WWB/nMzizO3Mk5A3W3rkY8WO48/yft/5M2/X9a9tYG6/jmk68e61Q2mm1rxT+wVWrXIg7mT/qL+G/8NyRrP59vPLseGG9cFaz28EvX/ulU//r9fydPbPZUgRZp/7+n7fX/cvyPJM3P61zYfB1ffHjioU5l3V7/DyUnsqeK5o/VjPdmFhcvTkQMJa+u3n9k822GnagRD414SeP/0KNZ/E91uv/X7vo/vWK4sME6J/b98FSnsu77f+BOpfE/u6n+f/OJ01eOnulU/8b6/2eyPv1Qvsf9P1jbRgO06HYCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAvlSJiXySlseV0qTQ2FrE3Iu6PPaXq+YXFJ0+df+fcbFoWMRKDpVPz1bnDETFczydpfiJLr+SPtOSPRsT+iPi4sjvLj508X50t+uQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAILe3w/r/qd8qRbcOANgyu4puAACw7fT/ANB/9P8A0H/a9P8ni2gHALB9fP8HgP7TZf//Xa/bAQAAAAAAAAAAAAAAAAAAAAAAAAA71P5Hrv+SRMTSc7uzLTWUlw0W2jJgq5WKbgBQmIGiGwAUplx0A4DC+I4PJG33VpZTrUuErLzeHQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPrHwQPrrP/ffmEwYAdoXr2vVqtdKbApwDaz/j/0L+v/Q/+y/j+w3m2+lfX/l2p1jbz1/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6B8Lly6fmalW5y5K3NWJ+Q+6OGp3/kfQk2aUo7vDe1O7RFeJSueigj+YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4K/wbAAD//3ZIMe8=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0)
quotactl_fd$Q_GETFMT(r0, 0xffffffff80000400, 0xee01, 0x0)

2.948070325s ago: executing program 2:
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000002000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000f00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000088500000082"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$int_in(r2, 0x5452, &(0x7f0000000080)=0x1a43)
pipe(&(0x7f00000000c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
splice(r2, 0x0, r4, 0x0, 0x7, 0x0)
shutdown(r3, 0x2)

2.809835776s ago: executing program 2:
sendmsg$NFT_MSG_GETSET(0xffffffffffffffff, 0x0, 0x4000)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007600000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='xdp_exception\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000038c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da97e22f4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ad0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bff3b89c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c2ed01faa7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497dad64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6fba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd2310801570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb414c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a000000000000000000000000000000000000000000000000000000a0cc2b89ce1525748ce167cbabb881f060599a6a59f645edca1d5c24b2f6b8c997a8f3e1b7679984a566d98d4d31198ee4c5ea7be0d99cf89bba4a6fd0bec12e7792bec3c5038e13b1982f80cdecd07f8908a983a7c9fb81c2ba7f7e87c991f30e50d1b3bbe4cf2a2f5d4571b6568ada51bc121c9139d2a8e0638c84066b1759081802"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10)
socket$inet_udplite(0x2, 0x2, 0x88)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000001100)='./file0\x00', 0x3014490, &(0x7f0000000100)={[{@nombcache}, {@usrjquota}, {@errors_remount}, {@norecovery}, {@max_batch_time={'max_batch_time', 0x3d, 0x5}}, {@mblk_io_submit}, {@minixdf}, {@barrier_val}, {@grpjquota}, {}]}, 0x45, 0x7b1, &(0x7f00000004c0)="$eJzs3c9rHNcdAPDvrFY/7VYqFFr3JCi0BuNV5ap2C4Wq9FAKNRjaUw+1xWotHK20RrsylhCJTQjkEkhCbsnF5/y8hFzz45BL8n8EGyeRTRxyCAqzP6SVtCvvOtKuHX8+MNZ7M2/2ve+82TfPmtFuAE+tyfSfTMSJiHg5iRivr08iYrCaykbM1so92NzIp0sSW1v/+Sqplrm/uZGPpn1Sx+qZX0fExy9EnMrsr7e8tr44VywWVur5qcrS1any2vrpK0tzC4WFwvLZ6ZmZM+f+dO7s4cX6zefrx++88s/fvzP73fO/evelT5KYjeP1bc1xHJbJmKwfk8H0EO7yj8OurG/ef7aDQk1nQPYoG0OX0o4ZqPfKiRiPgYP6Z7SXLQMAjspzEbHVzkDbLQDAEy2pXf//1u92AAC90vg9wP3NjXxj6e9vJHrr7t8jYqQWf+P+Zm1Ltn7PbqR6H3TsfrLrzkgSEROHUP9kRLzxwf/fSpc4ovuQAK3cuBkRlyYm94//yb5nFrr1h9arF5ozk3s2Gv+gdz5M5z9/bjX/y2zPf6LF/Ge4xXv3UTz8/Z+5fQjVtJXO//7a9Gzbg6b46yYG6rmfVed8g8nlK8VCOrb9PCJOxuBwmp8+oI6T976/125b8/zv61efeTOtP/25UyJzOzu8e5/5ucrcj4m52d2bEb/Jtoo/Hf+Hq/2ftJn/Xuiwjn/95cXX221L40/jbSz74z9aW7ciftey/5PtMsmBzydOVU+HqcZJ0cJ7szHWrv7J7E7/p0taf+P/Ar2Q9v/YwfFPJM3Pa5Y7funtp8U+uzX+UbtCzed/6/hbn/9DyX+r6aH6uutzlcrKdMRQ8u/968/s7NvIN8qn8Z/8bev3f2P8a3H+/y99/UsdHojsnS/ffvT4j1Ya/3xX/d91IkYeLA60q7+z/p/ZtU8n41+nDXzU4wYAAAAAAAAAAAAAAAAAAAAAAAAA3chExPFIMrntdCaTy9W+w/uXMZYplsqVU5dLq8vzUf2u7IkYzDQ+6nK86fNQp+ufh9/In9mT/2NE/CIiXhsereZz+VJxvt/BAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDdsTbf/5/6YnhP4YF+tBAAOBIjLuwA8LRJstl+NwEA6LWRrkqPHlk7AIDe6e76DwD8FLj+A8DT5yHX/71/BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdunD+fLpsfbu5kU/z89fWVhdL107PF8qLuaXVfC5fWrmaWyiVFoqFXL601PaFbtR+FEulqzOxvHp9qlIoV6bKa+sXl0qry5WLV5bmFgoXC4M9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOldeW1+cKxYLKxJ9SSx+WuuHx6U9Et0l4kat/x6X9hxeIoZ2RonR/gxOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE+AHwIAAP//4VQjgA==")
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
ioctl$FIBMAP(r2, 0x660c, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000fdffffee0000000000000000850000002c00000095"], &(0x7f0000000040)='GPL\x00', 0x5, 0xbf, &(0x7f00000020c0)=""/191}, 0x80)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r5=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r4, r5}, 0x40)
syz_emit_ethernet(0x9a, &(0x7f0000000380)={@local, @local, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "5bfb0e", 0x64, 0x11, 0x0, @local, @private0, {[], {0x0, 0x0, 0x64, 0x0, @wg=@response={0x2, 0x0, 0x0, "6ed612edbd1c85a773ef833827e4dce1f3299ae6369abc08d32518e61e7803a5", "49e47903611b013bcdd2b9f6cf724946", {"1f879575f83ffb6f09c4dcf22507e4f5", "1b4973301520f29e2ddb1df1f85c1e44"}}}}}}}}, 0x0)

2.429004605s ago: executing program 2:
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001100)=@newlink={0x20}, 0x20}}, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000540)={0x2c, &(0x7f0000000200)={0x0, 0x0, 0x5, {0x5, 0x0, "a8c6df"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, &(0x7f0000000380)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000400)={0x24, 0x0, &(0x7f0000000240)={0x0, 0x3, 0x4, @lang_id={0x4}}, 0x0, 0x0}, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r3}, 0x10)
syz_usb_control_io$hid(r0, &(0x7f0000000280)={0x24, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0003"], 0x0, 0x0}, 0x0)

1.55469842s ago: executing program 0:
socket$nl_route(0x10, 0x3, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x7, 0x2, 0x4, 0x5}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000b00), &(0x7f0000000300)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
setsockopt$MRT_ADD_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd2, &(0x7f00000004c0)={@private=0xa010100, @remote, 0x1, "86d3f51d9ee89f5616398aaaac44c7c0e2c94604c75dff8bdf49238ac5a9abff", 0x0, 0x0, 0x0, 0x1}, 0x3c)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r2}, 0x10)
process_madvise(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
syz_mount_image$f2fs(&(0x7f00000000c0), &(0x7f0000000080)='./file1\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYRES32=0x0, @ANYRES16, @ANYRES16, @ANYBLOB="c2b83a83fb121e4e844e5d7a09e7d4a4979f3fdfe200b83e593144c1cf15b5624e3448b3b40065bc381005ed653b2e5aeafdfb38eeddb8c08b04fb2e46eba33d22f32db6a9608832f35ee976140648653030c5a052c7197494046b00916b8f07b5b9f05f77f79225aa4996a01e41453c53b7f6c7e6777764334c5352def7a6078229384108c95320a4abf33afd65548efaf0b3dc54c4c10995d3e08a9017ae0c8828d59983d23cf29ff4ff4a16908f199ba7"], 0x1, 0x555b, &(0x7f0000006400)="$eJzs3EtvG1UUAOA7TtPSJxFiAauOVCElUm3V6UOwK9CKh0gV8ViwKo7tWG5tTxQ7TsgKCZaoC/4JAokVS34DC9bsEAsQOySQ544JoTyK7MRJ+33S+MzcGZ85d2QlOjOWA/DEWkh/+SkJF8LpEMJcCOFcEvL1pFhyN2N4LoRwMYRQ+tOSFON/DJwMIZwJIVwYJY85k3zX3edjljd//vrbUyfOfv7VdzOaMnAEvBBC6G7E9e1ujFkrxnvFeG3YzmP32rCIcUf3frGdxbjdXMszbNfGx9XyeLUVj882tvqjuN6p1Uex1V7Pxzd68YT9YWucJ3/Dvdpmvt1oruWx3c/y2NqNde3sxr9tu/1BzNMo8n2Ypw+DwTjG8eZOM85n434e671BMR7zZo3mzigOi1icLtSzTiOvY22SK320vdXube2kw+Zmv5310uuV6ouV6o1ydTNrNAfNa+Vat3HjWrrY6owOKw+ate7NVpa1Os1KPesupYuter1craaLt5pr7VovrVYrVytXyteXirXL6Wt33ks7jXRxFF9p97ZOtjv9dD3bTOM7ltLlytWXltJL1fSdldV09e3bt1dW37176/07L6+88Wpx0ENlpYvLV5aXy9Ur5eXq0hGY/+j/7iPOfzDJ/D8piv4f808muzzw7/Y+YA9mWgfAMfJQ/x8Oqv8P4bPLw0vXf9T/A1v7to5j/x+m2f+PWir9/3/3v6XJ+/+J+t+j2v8f4/nDRNxgAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4Yn0//8Xr+cpC3D5bjJ8vhp4ptpMQQimE8NvfmAsn9+WcK/LM/8Px83+p4Zsk5BlG5zhVLGdCCDeL5denD/oqAAAAwOPry48uPojdenxZmHVBHKZ406Z07oMp5UtCCPMLP0wpW2n08uyUkuWf7xNhZ0rZ8htYT00pWbzldmJa2R7J3Dh8fH5vMJ9QEkPpUMsBAAAOxdy+cLhdCAAAAIfp01kXwGwkYfwoc/wsOP/m/d6jzdP79gEAAADHUDLrAgAAAIADl/f/fv8PAAAAHm/x9/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5n525uEweiAAA/G7zA/mjRau/byt6gjJSQY46BAtIEJZAW0gA1kFtKiCDCHiEZxRIRdqyg75NseMZ68wa4vBnJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTpuVjPH+//PTTfMTkrz25/mfZmBAAAAJzaFut5+WZaxT/S9V/p0p8UZxGRR8R7vfsgvtVyDlKeouH+4qSGp4gyw2GMUTq+R8T/dLz+7vpbAAAAgOu1Wa5mVbdenaZ9F8RnqhZt8p83LeXLIqKYvrSULT+c/raUrPx/D+PuGO9HH0xQW+EqF7DGLZVWLbkNzxi2PYPaS5rJeFH+iGWUdzMuAADQp3on0NCFAAAAcAVu+y6AfmTH03GfMe2Kpg3BSS0CAAAAvqCs7wIAAACAzpX9v+f/AQAAwHWrnv8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAl7bFer5ZrmZNny/OzLPbX6a9GQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvLE/7ygQAmEQBnvXdyZz/8NKg4bGJlUgfPyNwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8+d1f/k9MjTPJ3Gtj6XkkWTs1tk6NvXPj6A/j69cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxf68pEAIBEEUzBn/O+n7H1YS9AwiREDDo4paNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF/0u1/+T0yNM8ncaWPpeCRZu2psXTX2HjSOHoy3fwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxc7988ZRRAEAf7t3e/kDKMYgFwYUJApoiH0JCSmhAFkUfAQkyzkHg0MgcUEiC+QGKuQ6DYISISSQ6fIdUsdSmtClcGEk6qDd27XXiSGnxNq9OL+fNDtvz6uZN3sny8+zNgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQ2Xo/Xk3LuJMfJoZx9drt7dWFvN98oM/dXL8znbc8Th410ffvHXzyYyzpxmv185NTtZNvm88HAACAQ2ifYrxT1fcRcTfbmMv7dKKo/7Pqmrzm/+mFvUM8WPdvbq8eLb80XdX/f/5x7+WdiSaG8+SDLi4tD2YfTqV7UMt82px45BXd4s4Xv3vpFG9I+tHaS1tZcT+TH27d+qBXhEeayBYAeBynqr4Mqp+H8r7fZmIAPDO6tcK7qv87E+3mBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANCErbV4roqTiJju7sa5ze3Vhf36m+t3pqt27saN9fqY+RBZRCwuLQ+yBtcy7q5eu/75/PLy4ErzwcmIaG/2MvhkhGsi/v+a8uMZ7a3iv4NkPNJoNUjL92dc8tkN7p+IeLJxqs/ewWfY0jckAAAOraxseV1/N9uYy19LJiPu/7y3/n+zFseI9f+9T8/drs9Vr//7ja1w/M2sXPpy5uq1628vXZq/OLg4+OKd0/13+2fOnz17fia/V7Mzi5EOZttOEwAAgKdYr2z1+j+dfHj//3gtjhHr/69+7H9Tn6uj/t/X7qZf25kAAAA8i3o70Yuv//N3ss8VSa8XX8+vrFzpD48756eHx0bTfUxHylav/zuTbWcFAAAANGFrLdmz/3+hFseI+//P//LKb/UxOxFxLOJyRAxOLVxevtDccsZaE3/nXEzUa3ulAAAAtOVY2er7/1nx/H+688hDGhFvvTGMq/91NUr93/nwu1/rc9Wf/z/T3BLHUjo1vB9FPxXRnWo7IwAAAA6zo2XLi/2/so25z34//nHP8/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATfs3AAD//3adNIc=")
r3 = socket$inet6(0xa, 0x0, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(r3, 0x29, 0x3b, &(0x7f0000000080)=ANY=[], 0x8)
setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, &(0x7f0000000040), 0x4)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700)
pwritev2(0xffffffffffffffff, &(0x7f0000000880)=[{&(0x7f0000000540)="df", 0x1}], 0x1, 0x0, 0x0, 0x0)
symlinkat(&(0x7f0000000200)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./file0\x00')
renameat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f0000000140)='./file0\x00')
mknodat$loop(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x4, 0x1)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff)
getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000200))

1.23393799s ago: executing program 0:
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x30, 0x4, 0x0, 0x0, 0xc0, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x10, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0]}, @timestamp_prespec={0x44, 0x44, 0xc0, 0x3, 0x0, [{@private=0xa010100}, {@multicast1}, {@remote}, {@dev}, {@broadcast}, {@empty}, {@multicast1, 0xffd200}, {@private=0xa010100}]}, @timestamp_prespec={0x44, 0x34, 0x0, 0x3, 0x0, [{@dev}, {@remote}, {@multicast2}, {@private=0xa010101}, {@rand_addr=0x64010101}, {@broadcast, 0x52b1}]}, @noop, @noop, @noop, @lsrr={0x83, 0xf, 0x0, [@private=0xa010102, @rand_addr=0x64010102, @multicast1]}, @rr={0x7, 0xf, 0x0, [@dev, @remote, @multicast1]}]}}}}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8b24, &(0x7f0000000000)={'wlan1\x00'})
ioctl$KVM_NMI(r4, 0xae9a)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

1.180317808s ago: executing program 1:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c000006000000000000f183850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0x5, 0x0, 0x0)

1.171786179s ago: executing program 4:
unshare(0xe020600)
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000540), 0x0, 0x0)
ioctl$ASHMEM_SET_PROT_MASK(r0, 0x40087705, &(0x7f0000000580))

1.159063931s ago: executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000))
pipe2$9p(&(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f000000850000002a00000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
mount$incfs(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x0, 0x0)

1.147009143s ago: executing program 4:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
pipe2$9p(&(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff"], 0x15)
r4 = dup(r3)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r4])
write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r4, &(0x7f0000000540)=ANY=[@ANYBLOB="a8"], 0xa8)
write$FUSE_BMAP(r4, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r4, &(0x7f0000001800)=ANY=[@ANYBLOB='\b'], 0x168)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r4}})
openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)

1.123552557s ago: executing program 4:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x70, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0xc, 0x6, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @empty}]}]}, 0x70}}, 0x0)
sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x14, 0x2, 0x1, 0x301}, 0x14}}, 0x0)

1.117023098s ago: executing program 1:
syz_emit_ethernet(0x40, &(0x7f00000002c0)={@local, @empty, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "76b2af", 0xa, 0x2f, 0x0, @private0, @mcast2, {[], {0x0, 0x883e, 0xa, 0x0, @opaque='8u'}}}}}}, 0x0)

1.063451226s ago: executing program 1:
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7ffffffe}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000001380))
fchown(r0, 0xee01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x12)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10001}, 0x90)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
creat(&(0x7f00000000c0)='./file0/../file0\x00', 0x12a)
ioctl$EVIOCGABS2F(0xffffffffffffffff, 0x8018456f, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x8413, &(0x7f0000000080)={[{@noload}, {@discard}, {@nogrpid}, {@noblock_validity}]}, 0x0, 0x50e, &(0x7f0000000a40)="$eJzs3c9rHG0dAPDvbLJ5myZ9k1c96Au+b7WVtGh3k4a2wUOtIHoqqPVeY7IJIZtsyW7aJhSb4h8giKjgSS9eBP8AQQpePIpQ0LOiooi2elDQjuzubJomu0nedJtNk88HpvP82Jnv8zSZ2XlmJjMBnFg3sul5mqYXI2IkK89l0yfrmY2IsxHx7OmDmfqURJre+nsSSVbWWlfa8FYMNRdprOCrX4r4RrIzbnVtfXG6XC6tZPlibelOsbq2fmlhaXq+NF9anpycuDp1berK1PirdG9uKEuciYjrX/jz9779ky9e/8Vn7v3h9l8vfDNptvlhbOvHB9S/W2Wz6/k4ta1s5YDBjqL+rYnB/S3zKPsVAQDgcNWPSz+UHedfjJHo2/1wFgAAAHgDpZ8bjv8mrWt3Owx0KAcAAADeILmIGI4kV8ju9x2OXK5QiMY9vB+J07lypVr79FxldXm2XhcxGvnc3EK5NJ7dKzwa+aSen2ikX+Qvb8tPRsQ7EfHdkcFGvjBTKc/2+uQHAAAAnBBD28b//xppjv8BAACAY2a01w0AAAAAXjvjfwAAADj+jP8BAADgWPvyzZv1KW29/3r27trqYuXupdlSdbGwtDpTmKms3CnMVyrzjWf2Le26ss1XBy6v3i/WStVasbq2fnupsrpcu73w0iuwAQAAgEP0zvuPf5dExMZnBxtT3cCW+v9k7wnoWQOB12bzlF0k2Xxg54d+/3Zz/qdDahRwKPp63QCgZ/p73QCgZ/K9bgDQc8ke9R1v3vl1Nv9Ed9sDAAB039jHOl//z+265Mbu1cCRZyOGk8v1fzi5Gtf/29zy15aDBThW8o4A4MR75ev/e/I3RAAA0GvDjSnJFbLTe8ORyxUKEWcarwXIJ3ML5dJ4RLwdEb8dyb9Vz080lkz2HDMAAAAAAAAAAAAAAAAAAAAAAAAAAE1pmkQKAAAAHGsRub8kv2w+y39s5Pzw9vMDA8m/RyJ7Rei9H976/v3pWm1lol7+j83y2g+y8su9OIMBAAAAbNcap7fG8QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQTc+ePphpTYcZ92+fj4jRdvH741RjfiryEXH6n0n0b1kuiYi+LsTfeBQRH20XP6k3azNku/iDrz9+jGb/C+3iD3UhPpxkj+v7nxvttr9cnG3M229//REv5Q+q8/4vNvd/fR22/zP7jPHuk58VO8Z/FPFuf/v9Tyt+0iH+uX3G//rX1tc71aU/ihhr+/2TvBSrWFu6U6yurV9aWJqeL82XlicnJ65OXZu6MjVenFsol7J/28b4zsd//ny3/p/uEH90j/6f32f///fk/tMPN5P5dvEvnGsT/1c/zj6xM34u++77VJau14+10hvN9Fbv/fQ37+3W/9kO/d/r539hn/2/+JVv/XGfHwUADkF1bX1xulwurRzbRH2UfgSaIXEEEw93Vr0fB15hmqZpfZt6hYYlB4/enUSyWdLrPRMAANBtL47+e90SAAAAAAAAAAAAAAAAAAAAOLkO47li22NubKaSbjxCGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgK/4fAAD//1X76Tc=")
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
getsockname(r4, 0x0, 0x0)

1.006381545s ago: executing program 4:
r0 = syz_open_procfs(0x0, &(0x7f0000000300)='map_files\x00')
fchdir(r0)
r1 = inotify_init1(0x0)
inotify_add_watch(r1, &(0x7f0000000200)='.\x00', 0x10000a8)
getdents(r0, 0x0, 0x0)

829.731422ms ago: executing program 4:
mkdir(&(0x7f0000000340)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f00000012c0)=ANY=[@ANYBLOB="b0"], 0xb0)
getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)=<r3=>0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000020000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7020000140000fbb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r5}, 0x10)
write$FUSE_IOCTL(r2, &(0x7f0000000180)={0x20}, 0x20)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',privport,access=', @ANYRESDEC=r3])
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f00000001c0)=@known='trusted.overlay.redirect\x00', 0x0, 0x0)

612.458325ms ago: executing program 4:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000001200)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000002a00)={0x84, 0x0, 0x0, 0x0, &(0x7f0000002700)={0x20, 0x0, 0x4, {0x3}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f00000012c0)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000f40)=ANY=[@ANYBLOB="2000040000006f"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0})

155.076196ms ago: executing program 3:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c000006000000000000f183850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0x5, 0x0, 0x0)

129.57284ms ago: executing program 1:
syz_mount_image$vfat(&(0x7f0000000180), &(0x7f0000000040)='./file1\x00', 0x300001a, &(0x7f0000000480)=ANY=[@ANYBLOB="7379735f696d6d757461626c652c666d61736b3d30313737373737373737373737373737373737373737332c73686f72746e616d653d6c6f7765722c636865636b3d7374726963742c2c756e695f786c6174653d302c726f6469722c726f6469722c73686f72746e616d653d6c6f7765722c73686f72746e616d653d6c6f7765722c6e6f6e756d7461696c3d302c756e695f786c6174653d312c756e695f786c6174653d312c6572726f72733d636f6e74696e75652c74696d655f6f66667365743d3078303030303030303030303030303465302c757466383d302c0077b5b28056fc4549d277ed7fab6b0be29df17f888ccab55cccc917ad315c8ea56f5a89c104f92d058b92f5881e69e06002f5914c03fefbeb09121733eaf5ded73df976fbd4cfcba170b0bf44da1b46bc3935431d5e60a641f9e4ebbf71c77fc9a810ce726b8c6d6295a5f2e2b069b95ba8ecce52d6d99b82923228c37d5e1ec11cdbcabb8a89cbf2cf2771d69e3cf0e6760094145e542e426bceaab9b2cf261046247bce0565db3ac5888b74efd48bc9f455e60f49496ca8137aba85fe39756814fda1f0624b33a2025792a477ccfff09befb1d0cf1599d272628028b9786e1fbfb3d637c2561421488c9de8d3739a94bf13ac582f6b67de0cad933631794271b2259fe5d73a74ad7da615c31505c7c0c168052d38e5b64c4bb7d0599e5dcf0000000000000000000000000000002790cf17418aa278cfc0c9d1c81c63e58b877706a4b7eed8a5aff253298db2939adc0efdab4745ab0e09ef8beaaf04e5374c2e7e4672e47fe5a25502919954242f8d779d84091f20646210edf871d3f20ad66fcf4b816323b8abb307381d4ada887dcc71e35f364baa1b93fd5ee36c02aa4628511442992ced893ab946472440b53fc08cc41403e167b1f2605e04d5f0c16ed49969b59d650d88642b10c7893fe9b664421a40f4822ffcc284dfe9aea76e4a04293c970f2dae776decf07b085e16511b0bd365b0f86c7fcd8df00a87f4dbbf8e623667e3b65e4c487055a2e5cd64402a4de537bf113fc7370099e4faebe6ea9d4f155f8f5f4c5f9b205ce1bbc8c0002a19457e05a210d9e9820bc7f318ebfdfcc22f83150503b2", @ANYRES64, @ANYRESDEC, @ANYRES32, @ANYBLOB="bfc4d8527f11a288937ea9095dd1f411661109f535a2c436e387847965f0143c7a232b3c75b86b57f4c893a5a53d1a7a2c10210c10afa415ebb7f8acfc2e1057113af96b8997c9d0c3bb69a8cad5741df3844762f5b9562da7786d9000f108d1928e18c41f9f1d08f573375fdc8aef4ac0978111fb6781e49eb7c88e283c387bb9a8478f455bfe5a7befabe1b83c58e12a19ad0a96c041555d5c61a953ee1f01951117245aba139f82d1258d76c09df17a399cc0c83c4aa0c656d2897d082d2a727ec488f1d0368f2101d53d2ca4b9f7191ef79f94591ec57798cdf1a880532a97cf18f847d9baa9cb6a8fca7ac5585e4976cd698636e17f65a6fffab1d58861262f5b308d61ba6139292e3f3f03ffd95f0fbbf5e2a471c3fd213228d5d178cc1a4e937e826491e6d04beb2db75ad81f8b7ca0e2c67436b33e6206930f23d4779f6f8f97a2212006a7e27085f931846d579e79a257bfe4ba02d0815ddbe3b5bf6dd9cd2d6a1c4b972471c3042aace89bab9f1267c697ef5594ce8edbdeba8cedc0273f9c34326ff549c29cadbbae3f161164031698def27830318c3e385094776c1c8dc020b1646efda15bf0b1155f122e2366ea7a9382c7f3971f7e2cbece25550ca388b90d417b7cf19a63bd4f3c1017152a3fd2f94a1699f06493a326f3582850d191a7468ad61c49e02d603486384733c483c505744fb236ff203151205029baf253ff536ce1934399f50d0ab4a1bb9522ebd32a73e6d65416d9e3e8014adde20430d5feec94ff7a8008fe8e16f3844212995a5ef8fec4dc7e51d1f47abd5e541bca418404dc8dad257d657b298095959704b1726ff75503e7f92e8c90443130f0f8b4fa487738acdade2ed0f51bd176cf03cf2e522f1ea8eb29f53fe862bed6dc872031efe41d27743419f834b8fde1334f4cd9475bac426e99dbcb0651510ad08dad61afb63399d95613ac6d88fbb47e837977df0ce66b325ce2bae6f2a146e78689989b783b2bf6fb091b098fbcd61d9ff03bf2df324480c3a0f6cbf6b85fa46f9bd054c60645d11dcffb071d72d55a6752e99ce7327df3331b7f361b495f581f3dd8a5f620d8c475e1cf429a89c67bbb8f49f3323765cc16fd3b35271f801d14bb09b995e7ac91427d9ce01a68d5819989f4c4632dcd6b298852b8adc29c3b5a731408c46853a7f9172952c4332cbda10123046a838da8d752eddc4faff0c524666bd3a921844226fd2d66ef54ec26d29d25bd45996bd4afafa79c0f6a65f551676115237a09d6a283cd5e74df5fb8a2fb57e52e4623ba8357ed70d4288d79d6716ddfef3d1cc767ca60385defcbad284d911bb187b4f7b53ac86cdb61c9e1e89fc50e037eaa705c08ca559292b3aead1d79ed3046ca07d5b69609c9b6fb7352d160303ba1cff23b71df0ddc5abc753d4e8e4885f79283096d64737439ff967b19b7579a898e6ea5497b91643eb049d3b2bfa0988d3f57f034b0f497a62d4e35c8d1c57024d2c88a663a4b4c3d49c0ef0e061f52854c3f356871f4086a3a6728e014cae0ad0dfacb5e0e8b00e18720005fe764bafa6774d84a377a7b7f267fbcf46d0497ad1c82b6e1078e98e4d2db994fd951aafe385d250ffe7743d1591cfbd18ababcbf1a73d33ec59a21517cfe4fb06060d9fff95ba796fe8bbdc8fa29fa27003372db6ca020fe806d056ac0922a48e16535f22415f5f45aa56a8edfc461229509545e619326852fe43e5231ccb117f2f42dab69d3659cf12d14686f3bcfdf0d5d0a57bafe20cdeb4f06abea4abf2b19bbdc7e1068cd0777315ee72a49229efd447b1ed1e897b6dbec6f28b8830ff3f8c33e06bbeb51602f6e33ab2636d26b4e38dbc4843b600c3d3fb06dc4cc3f70bbb0f8b5a4956881313003abe2b95bbf62cc259856690f31708f67ddc5a2b9127dfcfd5ea141164a942ad5603aa75dd804dd8493bedd56a88cd10341fae10f06e8a03cfd7a3380f1172eae1801e697a2086e38578f7adbc1ef18e01853f3a6f096eee7892a43fc26f7735dbe8cd67264b824c82da6f272d1e8c2bfea869c2b1d2b6ab6008443f30ddbcf1df62fe5f8951c8a86b9354b12235a49fa57b4b26186e0daa2bf331142cd213e4ea3478234132c156f37820c5732fb650d7421113726c43ca32e123e550d3ebf789424c0bc2c0b08f9f94678322e40d52029945396b4baafcb301686236023b64e380aa023d502fb42e87618f31cb5c200e659d4544b587e7ea5cb59f1f71507f6abe0169d9fa0f752c7a7df07488e0d8abf211f07e908e7c3b71b60d774a4e5c9667340bb716917858ccd478a91dcf86985a90d5a1d789d6bc4eaaf11069c237831902faae0cb58c40ec50599ba3c646cf8d8f1f49dc25bf38496c5e34cb6f7831b807cd3bbbb769cf484f6a10bb1f755e4de8c3659c8731f30a27f3da94b6441e56a43909821c318d3833a25fa9c73b4efd2c834d2e7c788be165a5b119b9d1b5373b083ec409d9abc33064f08674390caa2973394730515689229a355beb92e079e1b39375a371810cf323cd67b442938264f099d9140fb1e0e3c6c8dd4aa6300edf6752cbd0e0d2cc33c0b524461087f04bbb716c92fa7abbcdbb4e449ca2a6f2228b362a963d639a4ec27dc461cb3e1f6a041b65a7d75633075e77f79edf5b50944be052e840694a0b217b261140d81ea8333b435a71e40771ea7baff0fa38fbb7c78a8555462f0ff4bbc4e464d913dfdcf9f6591c40d68a32e86cbeb400f4eb134b1576ae7f34aeea6f654dc1dd549bd3a8e51b7b8d53d359a40353586588f8b3c653b374d06de0ef827c97b4fa63bc6794979385ec09306032b3c294b8cb6d6696b3c401f1e1839f21c4a2a7cb66e471aa019da2826c5ff2f2c467cc4011da114fbecb93b33bb5b04fb8c187da3b4a3c93965a210379c53c24018a5983a591d1fe5252718f930692160c6d7ce0118b24f7c550660ce403e06092d919205500239cee42b386629b7130eb04a57010081594f779e4c92e877f9fa669cbeb1d7a1b2cd4dbf5376bcdc63a327549a178908a0f878b5f9b41c1bc3123a69af4c18220e5835af779094586a3a5d7c00f6fd6310c7d127d4fa2d49f142d1563cf972539b6e405ce48cb448ab7715d976ff316eb91db93f2e9f0fabc51a9b39a584498a79abf8693d44a285bf2b1c2e9f0b019ce65aded8a211f18d1ffec4edf481366b715a15d1fd6c8698a0be68a0964365a7cb062d9834a4b4dd1d3fd242ad9736eb1ad65c90761cabbba13add3ed1a9dfaad76dc460d86cd53b98ae46f059620df734615a28bbe3bad779bddd8c5a880d2252f2ccecb0d7108ac433fb64f22275c8363cbdf2a11c02478d0f7170225da7e736cd41ea40a1f8525a69cc69785edd67bb91a9aeb65d611bb4cf75aac5f7d727aa505f8dba7284f848f078d1b89a057f7eccb687c22678592616579c722f51d3da24226556224d6f0d4f8428a66f182516727035fd0e9e1a71ce88ee091df0129552c9bdd147bc2a2f2af103ce2b09752cbf4c3d45c340c2c2787baf47276fcdbe2de09f877dbcc12c7a2b2cd22ec77d158eb0323a92103c4a6e44127f317e060ad6ebdadf6510b51f6ba9a8b0e4f599592271158b7f935ad4711bf018f75571796c8d1466b45145fbd770649660351c1013a41166b67bcd62612a969695298741ad9ab9e94eeabe03b5e72818105e768d8e33ec0ac81103a60f5d771a616990695016e519661c3174d48b36713fffbbe322877d1dfcfcfd4ee681490d2d02a6a02034b9e652b0245bcd750ee51f15f70cd0777787ebdba6580fc746d3d04d54fcd4d3165603647e6253a7e9a1c2328aa2be4f5bcb80da607dbe9adb67f2f172758e10bdc7e6859814d76a479fe1bfa3e0e2111d338e231fcd567f8b1a5734a96da57445f262de04d5fde12bfb5f4a7d26f4dd58301bd626fb8af62b22cf92d845e7b6842d68dc027e1bc5810bf1851a754a32d06694aebb2c35441fa8e153aeb712619fb59b2a59756fabc1746281ce1c71d5ca590939117118050f6f98fd1b76eeeb472357449acc274f1e17cd019ae1567f972570e78a7c6b567d6b7eb8297dbb276791bfa62e4279510b0f514c8466c5e18d02c421be6c51135ce051ead728a8825feaf23794ac95d7dbac1b243708fb49ef9da12929e13959d096f24167e9d9bc274e9875a0d95473ba6848998390bac77433584af28ed4c4ca4748aa6858e3a890fcc4d335c94a28133a445aac031e3cc61a29013a6889822f3f77096af33f70cc8fb7866c10452837261fd7b376232d376c6abc041a2c99535a4d3224a14859347b7d8be47680b29d9b3bf5a94ab51cb493cb824dd0070acf9ffb041a6c3e07041822bedde51e38124bb1577f6d0350a762f65decd1f11ef2e9e32f3ffbfd115c4815ca668c9c45d83e371512aa262126d933938e081039ce4f96d30b71cd305ffd362507f5261406616017124ceed1b3e7251a7aa05d69690264c2c6f0f4da4742540a1d95ddb6aabd156efaeacdb9e91665c09af6d62b6e71d6a366e5a2b4323e875f2cdfc86172e1f568cff61cc5c6f05f9b1caf37cc8e1bd2d803d4a7a0e0db508abec6190a360947048e8bdf61c68cf8c2211c4a9335403ceafacc37d82319cb4d5d07de97674e546f153a6bb6f8b76b5edf7bd78cfb087474d387493a833ad1e91e58c2163b168dd7d5e3f0a425b456de08a2105b19908cad6a375b73e49b196396253a4fa9b05f9fe4fd7e5c3a933b428c3465a95369805bc425e249420a40fa32e9b31c1a5233605634d85642771f3cc6f083c868a8d00f5af961ab4e8fb53612aacd9244c0d4b04856a49e97f4abf1513c3945bce8b40fce24ae8d864e117e8fe94b1fdecb8332df37c5be34507b667b369bed2542ba31e4e8d614dc415aff8cc145f4433b727185bd653adaa22511db983545cdf0991ee68a1d845785968edd950142dbdf68563fc8b535a2a5fd0ef610da76ea87f41e2d360d3e4bb9c48d6eb6f4263f516573f2f6152775c443f52f9661ae2e5990bb58eef69305902d0c3833ee92f544a2f8058d4ebe6ddb85c377f31c8c5d84c0f530b88b80a0ea878ba752ca24955dea38b08974218d0d9c53cc20a76a8e20bac992246e4aecf219a852d25c9dd0724033d1e85219b5acc644155e830777678558019f8d0cd1c00203b346a22063a39e7a5a1016153f1a12030619b49c3240c4ef1d875da9b6b9b289d76f754b906e3f347dd27555ef7cabfd5080083e08c1fbc32edc4922074a1be1f2187b732b5d58cddc0b0afcee10d5e9089dfa1444d90e7de252eec43710c82c0701ac3ca72d08ab6bd45cd06b7ca0112e3bff6b443fa22e4733a3fc77f6b01aa3d4c6843300f6ee08faf0f754b0795e8344e2629715f4cb5894ab4865fd2370d4f8f8d48f23c25fb275b4bd83652c49bc6fff7daec71da5ccad2e2f99be65448a90fd5296a5884e800f19520d99aca9a8f2e60064d247e505e861973b595bfa5baab70eb9e28fd004fdda66025751f9232a5e58a645e614bb1b23d5548696e59cd874be1d043f5a3bf243b3c1279e0ba6c4a2bbb1ef5009b1b583fbb0587da82840685d4d91dfa9ed9be3983cf2fb3fbd3c19c8b511c9045a5f1bb7603077dde7049d23903c2251f707328b992686e1d275e0e31bfc6db3c73db7588ca446e793d6303fd4198a57d387f085b8e2011969404769255c3dd7d01962e21f7dfa2ffb7a5bdd37c87281660cf2d74df35c2c513ec1ecc6ee31dad7de0fcd38afb00620c939259d0986", @ANYRES64=0x0, @ANYBLOB="d9e9aee9afb18270208988e87b8ee46c4e5fcb4148906b1b4cc6510d7df0cb3154fa4fe7e2ba6d0c10506d56b1b50613a52ea8787081c5f468b6143e7169d85d3198d422ba8211fecb99b77d0f9876c6e8364dc8a3072f3560ad0faed8d79f7c52870eb4b82ad228210fdbe3fb8556e17e922ab874a77720680a0d285fb45a2ba45bb4283a5e83070707102c25be0ede5d304e9bc132a5195ee22ada3e68fdc44c050b5d9744295b2dd946aa260fce3c7a33983552f2a761eba99aacde515f6e9b72cbdcfd23a767671c0b9ac69da2f85839ee4dc83b8c64e50b64ff5df7f603295422533ec4", @ANYRES32, @ANYBLOB="c5c52941a9eacffa0b431af409dfbeb2db5c161e5c6e82e2d0d596cc5c556407e8da8bc3b5848e4e650bd1261a5f8d1826bf41463adc1b0f4eef29aa563b6fd22e2f01a5bad75c7e4e8a91"], 0x9, 0x2b4, &(0x7f00000001c0)="$eJzs3c9qK2UUAPAzydw06iJF3CiCA7pwVW7dummUChezUiKoCw3ee0GScOEWAlYw3lWfwKXv4SO4ceMbCG4Fd+2iMjKZmSZt0z+0MYX6+60O880538l8IVnl5Os3x8PHz5J4cfhHtNtJNHZiJ46S2IxG1H6MNACA++Moz+Pv/CaZaWP13QAA61B+/5fuuhcAYD0+/fyLj7u93u4nWdaO1zsHk34SEeODSb9c7z6Nb2MUT+JhdOI4Ij9Rxh896u1GmhU2453xdNIvMsdf/VbV7/4VMcvfjk5sLs/fzkp1frPKfTmy6D59ULfaidfO5KcR8ai3+96Z/IjxNPqtePfthf63ohO/fxPPYhSPo6gz3/+H7Sz7MP/p8Psvi22K/KQR/Y3ZfXN5c11nAgAAAAAAAAAAAAAAAAAAAADA/beVZUk5vmc2v6e4NJufM+k3j2frW1ltcb7PtJ4PlNSFyvlAeVQjeqZ5/FzP13mYZVle3TjPT+ON1B8LAAAAAAAAAAAAAAAAAAAAQGHvu/3hYDR68nwlQT0NoP5Z/03r7CxceSv2h4PmxQU3rr/X4rSBotdLb440jRU9lquCl4p+Vl55Y364n0UZ1Aez0r1e/aAsuj8cZNVS/ZCHg+Sqvdr1wf0yX4q0FbdtLJ+9JY7z02faPmn1dFZrRU+j9crilb36vfZPnufXq/P+n+UZVVeS2YiN6+3+oAqWvsAiaJ8/i18vLnjhR0bz1h86AAAAAAAAAAAAAAAAAADAUvMf/S5ZfHFpauM/awoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1mz+//910I6IwShZuHIumFbJl91TBa14vnfHLxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/gX8DAAD//3boRtk=")
truncate(&(0x7f0000000080)='./file1\x00', 0x8)

127.843431ms ago: executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
pipe2$9p(&(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff"], 0x15)
r4 = dup(r3)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r4])
write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r4, &(0x7f0000000540)=ANY=[@ANYBLOB="a8"], 0xa8)
write$FUSE_BMAP(r4, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r4, &(0x7f0000001800)=ANY=[@ANYBLOB='\b'], 0x168)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r4}})
openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)

117.528442ms ago: executing program 3:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="180000000000000000000000008000008500000050000000a50000009700000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r1 = dup2(r0, r0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000740)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r4 = dup(r3)
write$FUSE_BMAP(r4, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r4, &(0x7f0000000700)=ANY=[@ANYBLOB="3801"], 0x138)
write$FUSE_CREATE_OPEN(r4, &(0x7f00000004c0)={0xa0}, 0xa0)
write$FUSE_INIT(r4, &(0x7f00000003c0)={0x50}, 0x50)
write$FUSE_INIT(r4, &(0x7f0000000580)={0x50}, 0x50)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
setxattr$incfs_id(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340), 0x0, 0x0, 0x0)

102.800604ms ago: executing program 3:
syz_emit_ethernet(0x40, &(0x7f00000002c0)={@local, @empty, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "76b2af", 0xa, 0x2f, 0x0, @private0, @mcast2, {[], {0x0, 0x883e, 0xa, 0x0, @opaque='8u'}}}}}}, 0x0)

100.327964ms ago: executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10)
waitid(0x0, 0x0, 0x0, 0x0, 0x0)

58.308121ms ago: executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x3, 0x4, &(0x7f00000010c0)=ANY=[@ANYBLOB="8500000029000000350000000000000085000000230000009500000000000000f4670880271e3503200ffa95b20100010000000000d76287066c51adde96fcc309926fa397fabd5f9810e81ae0b737126ea6f7be39cd34d5aeed8d38e65cb6e22ff5dde0b5e37939286a2c23e2eb157c9e2d1f00a7c09c06337a06f284fe77f0a8320e13822c45c0f8612c10b100000000b0d3712c7e93363af3c075ff1e23166a0500000000000000d576090c4867a7b62e3e366c6286d5ec72db852caf0f3012e9576e51a7f57846c744ae6af3e4195cc037102147d80522f6649dd76d067a82f5fe47fe5f17f9ab800f4104dbaba46aa43a815b1e5c6d1d224b64be6c4d7f0000000000000009000000f8555eaea768c1f2c221c410ef4b253d110ee282ab94de93d928cf95846be6277c04b4c53248120300623cd8a4f8dc8dcba00b1b2d2747c45b0c52087b5efabf8496b9a951667d510ba3e3c4c00356ffebfb19a34268335648e1f844ce328c10752a42dca52fb98c1452b6518a6ef7297f7b2744419a2f238f173d0cd46dafc6ac5500f53e5309ec1e7e2bdb6d8d9b10c07d8d591a4d8c60ff000000b78863e629b3b2000000000000000000000000f9000000000000449c810d3174c87ee545867a3126af7a8b20744ea967875b9cba735b9594aaa34e5a4bb2c3dfa805640700000000000000009966b3c9f0e9e203911a3f7035c9c4ac929a4fc6e625247510bc24e20ad88d3442a5d143c3047dd08e56a1b97642657a70147d32959d70c6ab80045101614a3eb95e22f30a85f5681ca3000000000000000076b0b0cc1146a33b37d12f0ff63b180551f90966d46fcdc60d90833f244ef5087aaa1dda6d51315a8b5f011d2dd3e8d50f28f35ba4d4ee674f5ba99803fedac826e1e28bb9916dcc33524d7fd55c162f3d18c66d1ae190cf4d31c0a916eca764e95e9f2e08104d3f77dc4f63aa4d26f7d08660c00a635b299b64469fc5ed0f685ed8a9e3f444d138a2c1d569826e8ff3835d71d1a248454eb05ed603e844ef8e4d72c41079ded3a9c242d2bc5d44666ad95b85ad3648d1c6c870843251c237ac76f7040000207702005153f49b387aadbf52da6b6029ca2049ef494e4b5c1c9ef157e622bf0716931b5de83440b534f4d12a156516cfdd8bf407ab000000000000000000bbc6a480aaf09fa5fec8d54ab2182c88e239525968ec9c10d512f8102026d8e448dc823b0335643431525643fd22249e5d46603d0df6ba8a578c4efbf3066e9c20de31b0d664cbb62a76fdf03288d2c6a9c78d3ff1766451fc01335e775ea89a976de6c31d78e011d58ba975ea897bce8e5db2015dee89830b2a1549588d7f4bbdced67f9f4d6e50409f07a07a2f7fe2dd0cd26d254e499e582fed89164146516ae76948594590e0230ae5bac10f4b13b6d82701cf01b221d7830f30017b588eb5c2bcbf7813bd450470129ec0643cec96d0617cea6ad41d4d9ccb86c29718489d8b4c9c147a59a8e0a656e724b8634fe8aa9db4119b0f652838b99da0f76eb90b07db7745542fee6bd75ce0ffbd5644584ef6b6007c839de58d87cf6398eb101c22aee5ee6dff4144a3385f265ef5ed5f37d7f9f766f814014525dca01f948acb196763e1044e60fc"], &(0x7f0000000140)='GPL\x00', 0x0, 0xe0, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffc1a}, 0x15)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r0, 0xfffff002, 0xe, 0x0, &(0x7f0000000980)="61df712bc884fed5722780b6c2a7", 0x0, 0x8000, 0x0, 0x0, 0x60}, 0x28)

40.144544ms ago: executing program 3:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='oom_adj\x00')
preadv(r0, &(0x7f0000000300)=[{0x0}, {&(0x7f0000000140)=""/72, 0x48}], 0x2, 0x0, 0x0)

27.846646ms ago: executing program 1:
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x2, 0x4, 0x2}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r2}, 0x10)
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$AUTOFS_IOC_FAIL(r3, 0x4c80, 0xffffffffffffffb6)

27.213806ms ago: executing program 3:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000000700000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
socket$netlink(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x96c}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r1, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = getpid()
sched_setscheduler(r3, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x8000, 0x0)
bind$inet(r2, &(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10)
sendto$inet(r2, 0x0, 0x0, 0x20020084, &(0x7f00000018c0)={0x2, 0x4e20}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='ext4_es_lookup_extent_enter\x00', r0}, 0x10)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f00000005c0), 0x6}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001300000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

14.655628ms ago: executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000000001000850000008600000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='ext4_remove_blocks\x00', r2}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='ext4_remove_blocks\x00', r3}, 0x10)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.stat\x00', 0x275a, 0x0)
write$cgroup_int(r4, &(0x7f0000000100), 0x1001)
ioctl$SIOCSIFHWADDR(r4, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}})

0s ago: executing program 0:
mlockall(0x1)
syz_emit_ethernet(0x2a, &(0x7f0000000040)=ANY=[], 0x0)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x3, &(0x7f0000000000)=[{0x87}, {0x50, 0x0, 0x0, 0x10000}, {0x6}]})

kernel console output (not intermixed with test programs):

2FS-fs (loop2): Found nat_bits in checkpoint
[  195.407189][ T4617] hid-generic 0000:0000:0000.0018: unknown main item tag 0x0
[  195.420470][ T4617] hid-generic 0000:0000:0000.0018: unknown main item tag 0x0
[  195.427661][ T4617] hid-generic 0000:0000:0000.0018: unknown main item tag 0x0
[  195.463783][ T7505] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  195.468024][ T4617] hid-generic 0000:0000:0000.0018: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  195.473965][ T7505] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  195.496473][ T6504] attempt to access beyond end of device
[  195.496473][ T6504] loop2: rw=2049, want=45104, limit=40427
[  195.636464][  T331] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  195.651601][  T331] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  195.653730][ T7547] loop0: detected capacity change from 0 to 2048
[  195.663404][  T331] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  195.672263][  T331] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  195.679457][  T331] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  195.688998][  T331] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  195.696293][  T331] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  195.703985][  T331] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  195.711432][  T331] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  195.718829][  T331] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  195.718852][ T7547] EXT4-fs (loop0): couldn't mount as ext3 due to feature incompatibilities
[  195.726099][  T331] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  195.741748][  T331] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  195.748885][  T331] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  195.756194][  T331] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  195.763390][  T331] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  195.770580][  T331] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  195.777812][  T331] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  195.785006][  T331] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  195.792193][  T331] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  195.799415][  T331] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  195.806702][  T331] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  195.813885][  T331] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  195.821193][  T331] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  195.828465][  T331] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  195.835631][  T331] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  195.842877][  T331] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  195.850034][  T331] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  195.857398][  T331] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  195.864624][  T331] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  195.871813][  T331] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  195.879027][  T331] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  195.886220][  T331] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  195.893790][  T331] hid-generic 0000:0000:0000.0019: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  195.928357][ T7557] incfs: mount failed -22
[  196.439192][ T7584] device syzkaller0 entered promiscuous mode
[  196.473532][ T7574] loop4: detected capacity change from 0 to 40427
[  196.535298][ T7574] F2FS-fs (loop4): Invalid log blocks per segment (4278190089)
[  196.547241][ T7574] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  196.565067][ T7588] loop1: detected capacity change from 0 to 40427
[  196.567559][ T7574] F2FS-fs (loop4): invalid crc value
[  196.587687][ T7574] F2FS-fs (loop4): Found nat_bits in checkpoint
[  196.621929][ T7574] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  196.628979][ T7574] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  196.647546][ T7574] F2FS-fs (loop4): Corrupted max_depth of 3: 8454145
[  196.654656][ T7574] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  196.655010][ T7588] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  196.671155][ T7588] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  196.683157][    C0] bridge0: port 2(syz_tun) entered forwarding state
[  196.689592][    C0] bridge0: topology change detected, propagating
[  196.923646][ T7588] F2FS-fs (loop1): Found nat_bits in checkpoint
[  197.010639][ T7588] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  197.022719][ T7588] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  197.030215][ T7588] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  197.099421][ T7617] loop0: detected capacity change from 0 to 40427
[  197.109271][ T7622] attempt to access beyond end of device
[  197.109271][ T7622] loop1: rw=2049, want=45104, limit=40427
[  197.120965][ T7588] attempt to access beyond end of device
[  197.120965][ T7588] loop1: rw=2049, want=45112, limit=40427
[  197.160537][ T7617] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(2) root(0)
[  197.168090][ T7617] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  197.177187][ T7617] F2FS-fs (loop0): invalid crc value
[  197.183844][ T7617] F2FS-fs (loop0): Found nat_bits in checkpoint
[  197.207129][ T7617] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  197.214081][ T7617] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  197.238386][ T5211] attempt to access beyond end of device
[  197.238386][ T5211] loop0: rw=2049, want=45104, limit=40427
[  197.238652][ T1669] attempt to access beyond end of device
[  197.238652][ T1669] loop1: rw=1, want=45128, limit=40427
[  197.401671][ T7629] input: syz0 as /devices/virtual/input/input29
[  197.452607][ T7638] SELinux: security_context_str_to_sid(s) failed for (dev ?, type ?) errno=-22
[  197.461764][ T7638] SELinux: security_context_str_to_sid(s) failed for (dev tmpfs, type tmpfs) errno=-22
[  197.496371][   T30] audit: type=1326 audit(2000000150.301:1481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7640 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7633894ea9 code=0x7ffc0000
[  197.543370][   T30] audit: type=1326 audit(2000000150.311:1482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7640 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7633894ea9 code=0x7ffc0000
[  197.570684][   T30] audit: type=1326 audit(2000000150.366:1483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7640 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7f7633894ea9 code=0x7ffc0000
[  197.605653][   T30] audit: type=1326 audit(2000000150.366:1484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7640 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7633894ea9 code=0x7ffc0000
[  197.640705][ T7651] loop2: detected capacity change from 0 to 256
[  198.318257][ T7651] FAT-fs (loop2): Directory bread(block 64) failed
[  198.325412][ T7651] FAT-fs (loop2): Directory bread(block 65) failed
[  198.332218][ T7651] FAT-fs (loop2): Directory bread(block 66) failed
[  198.339202][ T7651] FAT-fs (loop2): Directory bread(block 67) failed
[  198.377833][ T7651] FAT-fs (loop2): Directory bread(block 68) failed
[  198.422262][ T7651] FAT-fs (loop2): Directory bread(block 69) failed
[  198.427507][ T7662] input: syz0 as /devices/virtual/input/input30
[  198.435064][ T7651] FAT-fs (loop2): Directory bread(block 70) failed
[  198.441533][ T7651] FAT-fs (loop2): Directory bread(block 71) failed
[  198.448069][ T7651] FAT-fs (loop2): Directory bread(block 72) failed
[  198.454484][ T7651] FAT-fs (loop2): Directory bread(block 73) failed
[  198.534018][ T7676] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'.
[  198.571794][   T30] audit: type=1326 audit(2000000151.289:1485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7679 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb040938ea9 code=0x7ffc0000
[  198.619495][   T30] audit: type=1326 audit(2000000151.307:1486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7679 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7fb040938ea9 code=0x7ffc0000
[  198.809080][   T30] audit: type=1326 audit(2000000151.307:1487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7679 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb040938ea9 code=0x7ffc0000
[  198.844049][ T7684] loop0: detected capacity change from 0 to 256
[  198.847925][ T7692] input: syz0 as /devices/virtual/input/input31
[  198.966764][ T7711] loop4: detected capacity change from 0 to 1024
[  198.989148][ T7713] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
[  199.000331][ T7711] EXT4-fs (loop4): Quota format mount options ignored when QUOTA feature is enabled
[  199.012195][ T7711] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,journal_ioprio=0x0000000000000003,resuid=0x0000000000000000,max_batch_time=0x0000000000000efe,data=ordered,jqfmt=vfsold,barrier=0x0000000000000648,barrier=0x0000000000000007,,errors=continue. Quota mode: writeback.
[  200.102747][ T7728] netlink: 472 bytes leftover after parsing attributes in process `syz-executor.1'.
[  200.143513][ T7740] loop1: detected capacity change from 0 to 512
[  200.162259][ T7740] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem
[  200.179832][ T7747] syz-executor.0[7747] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  200.179909][ T7747] syz-executor.0[7747] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  200.181642][ T7740] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended
[  200.214845][ T7740] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006]
[  200.222833][ T7740] System zones: 0-2, 18-18, 34-35
[  200.228364][ T7740] EXT4-fs (loop1): mounted filesystem without journal. Opts: debug,lazytime,,errors=continue. Quota mode: none.
[  200.263589][ T7751] loop3: detected capacity change from 0 to 256
[  200.401949][ T7760] loop4: detected capacity change from 0 to 1024
[  200.718835][ T7760] EXT4-fs (loop4): Quota format mount options ignored when QUOTA feature is enabled
[  200.778922][ T7760] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,journal_ioprio=0x0000000000000003,resuid=0x0000000000000000,max_batch_time=0x0000000000000efe,data=ordered,jqfmt=vfsold,barrier=0x0000000000000648,barrier=0x0000000000000007,,errors=continue. Quota mode: writeback.
[  200.973182][ T7772] netlink: 472 bytes leftover after parsing attributes in process `syz-executor.4'.
[  200.992757][   T30] audit: type=1326 audit(2000000153.523:1488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7773 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb040938ea9 code=0x7ffc0000
[  201.021072][   T30] audit: type=1326 audit(2000000153.523:1489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7773 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb040938ea9 code=0x7ffc0000
[  201.048346][   T30] audit: type=1326 audit(2000000153.523:1490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7773 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7fb040938ea9 code=0x7ffc0000
[  201.135519][ T7788] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[  201.759420][ T7799] loop4: detected capacity change from 0 to 16
[  201.763306][ T7780] loop2: detected capacity change from 0 to 40427
[  201.798233][ T7799] erofs: (device loop4): mounted with root inode @ nid 36.
[  201.810228][ T7780] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  201.827797][ T7780] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  201.849085][ T7815] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[  201.873437][ T7780] F2FS-fs (loop2): Found nat_bits in checkpoint
[  201.876714][ T7823] cgroup: name respecified
[  201.899119][ T7827] syz-executor.1[7827] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  201.899181][ T7827] syz-executor.1[7827] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  201.947578][ T7780] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  201.984592][ T7780] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  201.992705][ T7780] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  202.159620][ T7857] x_tables: ip6_tables: CT target: only valid in raw table, not 
[  202.262700][  T536] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  202.294494][ T7868] loop4: detected capacity change from 0 to 256
[  202.338635][ T7868] FAT-fs (loop4): Directory bread(block 64) failed
[  202.345008][ T7868] FAT-fs (loop4): Directory bread(block 65) failed
[  202.369074][ T7868] FAT-fs (loop4): Directory bread(block 66) failed
[  202.376724][ T7868] FAT-fs (loop4): Directory bread(block 67) failed
[  202.383599][ T7877] syz-executor.2[7877] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  202.383678][ T7877] syz-executor.2[7877] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  202.395760][ T7868] FAT-fs (loop4): Directory bread(block 68) failed
[  202.414661][ T7868] FAT-fs (loop4): Directory bread(block 69) failed
[  202.421146][ T7868] FAT-fs (loop4): Directory bread(block 70) failed
[  202.428574][ T7868] FAT-fs (loop4): Directory bread(block 71) failed
[  202.436081][ T7868] FAT-fs (loop4): Directory bread(block 72) failed
[  202.448805][ T7868] FAT-fs (loop4): Directory bread(block 73) failed
[  202.576884][  T536] usb 4-1: Using ep0 maxpacket: 16
[  202.900870][ T7886] syz-executor.2[7886] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  202.900944][ T7886] syz-executor.2[7886] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  202.912806][  T536] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  202.935560][  T536] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  202.945162][  T536] usb 4-1: New USB device found, idVendor=17ef, idProduct=6009, bcdDevice= 0.00
[  202.954025][  T536] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  202.962510][  T536] usb 4-1: config 0 descriptor??
[  203.271882][ T7915] loop4: detected capacity change from 0 to 256
[  203.357051][    T6] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  203.377716][   T30] kauditd_printk_skb: 31 callbacks suppressed
[  203.377732][   T30] audit: type=1400 audit(2000000155.719:1522): avc:  denied  { getopt } for  pid=7924 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  203.405529][ T7927] loop4: detected capacity change from 0 to 512
[  203.433729][ T7927] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem
[  203.442814][ T7927] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended
[  203.452645][ T7927] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006]
[  203.460660][ T7927] System zones: 0-2, 18-18, 34-35
[  203.466332][ T7927] EXT4-fs (loop4): mounted filesystem without journal. Opts: debug,lazytime,,errors=continue. Quota mode: none.
[  203.487245][   T63] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  203.499861][  T536] lenovo 0003:17EF:6009.001A: hidraw0: USB HID v0.00 Device [HID 17ef:6009] on usb-dummy_hcd.3-1/input0
[  203.560215][ T7931] loop4: detected capacity change from 0 to 256
[  203.613569][ T7931] FAT-fs (loop4): Directory bread(block 64) failed
[  203.620304][ T7931] FAT-fs (loop4): Directory bread(block 65) failed
[  203.626713][ T7931] FAT-fs (loop4): Directory bread(block 66) failed
[  203.633595][ T7931] FAT-fs (loop4): Directory bread(block 67) failed
[  203.639977][ T7931] FAT-fs (loop4): Directory bread(block 68) failed
[  203.646264][ T7931] FAT-fs (loop4): Directory bread(block 69) failed
[  203.649530][    T6] usb 1-1: device descriptor read/64, error -71
[  203.656201][ T7931] FAT-fs (loop4): Directory bread(block 70) failed
[  203.665090][ T7931] FAT-fs (loop4): Directory bread(block 71) failed
[  203.671518][ T7931] FAT-fs (loop4): Directory bread(block 72) failed
[  203.677854][ T7931] FAT-fs (loop4): Directory bread(block 73) failed
[  203.718250][   T30] audit: type=1400 audit(2000000156.042:1523): avc:  denied  { append } for  pid=7831 comm="syz-executor.3" name="hidraw0" dev="devtmpfs" ino=617 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  203.790754][ T7833] lenovo 0003:17EF:6009.001A: pid 7833 passed too short report
[  203.798654][ T2551] usb 4-1: USB disconnect, device number 17
[  204.061246][   T63] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  204.072172][   T63] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  204.081709][   T63] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  204.090597][   T63] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  204.099110][   T63] usb 3-1: config 0 descriptor??
[  204.277883][    T6] usb 1-1: device descriptor read/64, error -71
[  204.516544][ T7937] SELinux: security_context_str_to_sid(sysadm_u) failed for (dev ?, type ?) errno=-22
[  204.526185][ T7937] SELinux: security_context_str_to_sid(sysadm_u) failed for (dev bpf, type bpf) errno=-22
[  204.551904][ T7941] loop3: detected capacity change from 0 to 512
[  204.570494][    T6] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  204.573692][ T7945] loop4: detected capacity change from 0 to 256
[  204.594325][ T7941] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #16: comm syz-executor.3: invalid indirect mapped block 65536 (level 1)
[  204.608555][ T7941] EXT4-fs (loop3): 1 truncate cleaned up
[  204.614194][ T7941] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  204.756503][ T1669] Bluetooth: hci0: Frame reassembly failed (-84)
[  204.834460][ T7965] device syzkaller0 entered promiscuous mode
[  204.863321][    T6] usb 1-1: device descriptor read/64, error -71
[  204.917791][ T7967] syz-executor.3[7967] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  204.917843][ T7967] syz-executor.3[7967] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  204.973231][ T7972] loop3: detected capacity change from 0 to 512
[  205.017008][ T7972] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #16: comm syz-executor.3: invalid indirect mapped block 65536 (level 1)
[  205.025451][ T5742] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  205.038589][ T7972] EXT4-fs (loop3): 1 truncate cleaned up
[  205.044111][ T7972] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  205.107123][ T7975] xt_SECMARK: invalid security context 'system_u:object_r:devicekit_exec_t:s0'
[  205.517870][ T5742] usb 5-1: Using ep0 maxpacket: 16
[  205.517882][ T7998] x_tables: unsorted underflow at hook 3
[  205.528391][    T6] usb 1-1: device descriptor read/64, error -71
[  205.629585][ T8006] loop3: detected capacity change from 0 to 512
[  205.653890][ T5742] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  205.664724][    T6] usb usb1-port1: attempt power cycle
[  205.669971][ T5742] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  205.679696][ T5742] usb 5-1: New USB device found, idVendor=17ef, idProduct=6009, bcdDevice= 0.00
[  205.680610][ T8006] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  205.688668][   T63] uclogic 0003:256C:006D.001B: failed retrieving string descriptor #100: -71
[  205.706644][ T5742] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  205.714494][   T63] uclogic 0003:256C:006D.001B: failed retrieving pen parameters: -71
[  205.723179][ T5742] usb 5-1: config 0 descriptor??
[  205.724521][ T8006] EXT4-fs error (device loop3): ext4_orphan_get:1397: inode #17: comm syz-executor.3: iget: bad i_size value: -6917529027641081756
[  205.728013][   T63] uclogic 0003:256C:006D.001B: failed probing pen v1 parameters: -71
[  205.741757][ T8006] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz-executor.3: couldn't read orphan inode 17 (err -117)
[  205.749128][   T63] uclogic 0003:256C:006D.001B: failed probing parameters: -71
[  205.761529][ T8006] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  205.769188][   T63] uclogic: probe of 0003:256C:006D.001B failed with error -71
[  205.783142][ T8006] fuse: Unknown parameter 'alloc_oth'
[  205.787850][   T63] usb 3-1: USB disconnect, device number 22
[  205.798157][   T30] audit: type=1326 audit(2000000157.962:1524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8005 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f733dca4ea9 code=0x0
[  205.906282][   T30] audit: type=1400 audit(2000000158.055:1525): avc:  denied  { ioctl } for  pid=8005 comm="syz-executor.3" path="/dev/fuse" dev="devtmpfs" ino=91 ioctlcmd=0x4b67 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[  205.911827][ T8009] fuse: Unknown parameter 'default_permkssio'
[  206.130521][    T6] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  206.263366][ T5742] lenovo 0003:17EF:6009.001C: hidraw0: USB HID v0.00 Device [HID 17ef:6009] on usb-dummy_hcd.4-1/input0
[  206.336389][    T6] usb 1-1: device descriptor read/8, error -71
[  206.354440][ T8025] loop2: detected capacity change from 0 to 256
[  206.391877][ T8025] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  206.418978][ T8025] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe621765a, utbl_chksum : 0xe619d30d)
[  206.537837][ T3742] EXT4-fs error (device loop3): ext4_readdir:260: inode #11: block 4: comm syz-executor.3: path (unknown): bad entry in directory: inode out of bounds - offset=0, inode=65, rec_len=12, size=4096 fake=1
[  206.553265][ T7961] lenovo 0003:17EF:6009.001C: pid 7961 passed too short report
[  206.564797][    T6] usb 1-1: device descriptor read/8, error -71
[  206.591632][ T3742] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor.3: bg 0: block 65: padding at end of block bitmap is not set
[  206.596285][ T5742] usb 5-1: USB disconnect, device number 20
[  206.628525][ T3742] Quota error (device loop3): write_blk: dquota write failed
[  206.649098][ T3742] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  206.959070][ T8035] bridge0: port 1(bridge_slave_0) entered blocking state
[  206.966221][ T8035] bridge0: port 1(bridge_slave_0) entered disabled state
[  206.973474][ T8035] device bridge_slave_0 entered promiscuous mode
[  206.983473][ T8035] bridge0: port 2(bridge_slave_1) entered blocking state
[  206.990430][ T8035] bridge0: port 2(bridge_slave_1) entered disabled state
[  206.997780][ T8035] device bridge_slave_1 entered promiscuous mode
[  207.048239][ T8035] bridge0: port 2(bridge_slave_1) entered blocking state
[  207.055178][ T8035] bridge0: port 2(bridge_slave_1) entered forwarding state
[  207.062417][ T8035] bridge0: port 1(bridge_slave_0) entered blocking state
[  207.069380][ T8035] bridge0: port 1(bridge_slave_0) entered forwarding state
[  207.096332][ T7722] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  207.104256][ T7722] bridge0: port 1(bridge_slave_0) entered disabled state
[  207.111863][ T7722] bridge0: port 2(bridge_slave_1) entered disabled state
[  207.129285][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  207.169196][  T331] bridge0: port 1(bridge_slave_0) entered blocking state
[  207.176078][  T331] bridge0: port 1(bridge_slave_0) entered forwarding state
[  207.183767][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  207.192672][  T331] bridge0: port 2(bridge_slave_1) entered blocking state
[  207.199619][  T331] bridge0: port 2(bridge_slave_1) entered forwarding state
[  207.206981][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  207.224169][ T7722] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  207.237493][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  207.271781][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  207.281849][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  207.289952][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  207.334052][ T8035] device veth0_vlan entered promiscuous mode
[  207.373651][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  207.384392][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  207.400759][ T8035] device veth1_macvtap entered promiscuous mode
[  207.452450][   T63] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  207.463790][ T8047] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.3'.
[  207.475920][   T63] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  207.484250][   T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  207.513061][   T63] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  207.521549][   T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  207.543226][ T1669] Bluetooth: hci0: Frame reassembly failed (-84)
[  207.618790][  T371] device bridge_slave_1 left promiscuous mode
[  207.625096][  T371] bridge0: port 2(bridge_slave_1) entered disabled state
[  207.633742][  T371] device bridge_slave_0 left promiscuous mode
[  207.640540][  T371] bridge0: port 1(bridge_slave_0) entered disabled state
[  207.648751][  T371] device veth0_vlan left promiscuous mode
[  207.668296][   T30] audit: type=1400 audit(2000000159.679:1526): avc:  denied  { watch } for  pid=8070 comm="syz-executor.4" path="/root/syzkaller-testdir2755981045/syzkaller.MxT84e/229/file0" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=dir permissive=1
[  207.704514][   T30] audit: type=1400 audit(2000000159.716:1527): avc:  denied  { unmount } for  pid=5676 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  208.053467][ T8075] loop4: detected capacity change from 0 to 40427
[  208.056860][    T6] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  208.092980][ T8079] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.1'.
[  208.096418][ T8075] F2FS-fs (loop4): Found nat_bits in checkpoint
[  208.122488][ T8086] loop1: detected capacity change from 0 to 512
[  208.134753][ T8075] F2FS-fs (loop4): Cannot turn on quotas: -2 on 2
[  208.141509][ T8075] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  208.150268][ T8086] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem
[  208.156666][  T500] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  208.167105][ T8086] EXT4-fs (loop1): warning: checktime reached, running e2fsck is recommended
[  208.177303][ T8086] EXT4-fs error (device loop1): ext4_validate_block_bitmap:429: comm syz-executor.1: bg 0: block 18: invalid block bitmap
[  208.190149][ T8086] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6153: Corrupt filesystem
[  208.198983][ T8086] EXT4-fs (loop1): 1 truncate cleaned up
[  208.204555][ T8086] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  208.215391][ T5676] attempt to access beyond end of device
[  208.215391][ T5676] loop4: rw=2049, want=45104, limit=40427
[  208.215458][ T8086] ext2 filesystem being mounted at /root/syzkaller-testdir2668481720/syzkaller.dkMoKf/153/file0 supports timestamps until 2038 (0x7fffffff)
[  208.251994][ T8086] EXT4-fs error (device loop1): ext4_map_blocks:602: inode #2: block 3: comm syz-executor.1: lblock 0 mapped to illegal pblock 3 (length 1)
[  208.308324][    T6] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  208.318299][    T6] usb 1-1: config 0 interface 0 altsetting 129 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  208.331833][   T30] audit: type=1326 audit(2000000160.297:1528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8089 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2726d5ea9 code=0x7ffc0000
[  208.336383][    T6] usb 1-1: config 0 interface 0 altsetting 129 endpoint 0x81 has invalid wMaxPacketSize 0
[  208.374916][   T30] audit: type=1326 audit(2000000160.297:1529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8089 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd2726d5ea9 code=0x7ffc0000
[  208.398754][    T6] usb 1-1: config 0 interface 0 has no altsetting 0
[  208.405191][    T6] usb 1-1: New USB device found, idVendor=0c12, idProduct=0005, bcdDevice= 0.00
[  208.420842][    T6] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  208.428775][  T500] usb 4-1: Using ep0 maxpacket: 32
[  208.434474][    T6] usb 1-1: config 0 descriptor??
[  208.480959][ T8099] loop4: detected capacity change from 0 to 256
[  208.745884][  T500] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  208.756660][  T500] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  208.765315][ T8099] FAT-fs (loop4): Directory bread(block 64) failed
[  208.766714][  T500] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  208.781576][ T8099] FAT-fs (loop4): Directory bread(block 65) failed
[  208.788107][  T500] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  208.796105][ T8099] FAT-fs (loop4): Directory bread(block 66) failed
[  208.802441][ T8099] FAT-fs (loop4): Directory bread(block 67) failed
[  208.811035][  T500] usb 4-1: config 0 descriptor??
[  208.816281][ T8099] FAT-fs (loop4): Directory bread(block 68) failed
[  208.822851][ T8099] FAT-fs (loop4): Directory bread(block 69) failed
[  208.829282][ T8099] FAT-fs (loop4): Directory bread(block 70) failed
[  208.835512][ T8099] FAT-fs (loop4): Directory bread(block 71) failed
[  208.841918][ T8099] FAT-fs (loop4): Directory bread(block 72) failed
[  208.848183][ T8099] FAT-fs (loop4): Directory bread(block 73) failed
[  208.855720][  T500] hub 4-1:0.0: USB hub found
[  209.215664][    T6] zeroplus 0003:0C12:0005.001D: item fetching failed at offset 1/5
[  209.232156][  T500] hub 4-1:0.0: 1 port detected
[  209.236910][    T6] zeroplus 0003:0C12:0005.001D: parse failed
[  209.242778][    T6] zeroplus: probe of 0003:0C12:0005.001D failed with error -22
[  209.251371][    T6] usb 1-1: USB disconnect, device number 18
[  209.336401][ T8111] loop1: detected capacity change from 0 to 512
[  209.370670][ T8111] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  209.381178][ T8111] EXT4-fs (loop1): orphan cleanup on readonly fs
[  209.388936][ T8111] EXT4-fs (loop1): 1 truncate cleaned up
[  209.421467][ T1669] __quota_error: 3 callbacks suppressed
[  209.421486][ T1669] Quota error (device loop1): free_dqentry: Quota structure has offset to other block (1) than it should (5)
[  209.438916][ T8111] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpjquota=,noblock_validity,discard,errors=remount-ro,noinit_itable,noinit_itable,noauto_da_alloc,resgid=0x0000000000000000,resgid=0x000000000000ee002. Quota mode: writeback.
[  209.568353][   T30] audit: type=1326 audit(2000000161.442:1533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8123 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2726d5ea9 code=0x7ffc0000
[  209.593836][   T30] audit: type=1326 audit(2000000161.442:1534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8123 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2726d5ea9 code=0x7ffc0000
[  209.618205][   T30] audit: type=1326 audit(2000000161.442:1535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8123 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd2726d5ea9 code=0x7ffc0000
[  209.643236][   T30] audit: type=1326 audit(2000000161.460:1536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8123 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2726d5ea9 code=0x7ffc0000
[  209.667166][   T30] audit: type=1326 audit(2000000161.470:1537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8123 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd2726d5ea9 code=0x7ffc0000
[  209.691070][   T30] audit: type=1326 audit(2000000161.479:1538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8123 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2726d5ea9 code=0x7ffc0000
[  209.714950][   T30] audit: type=1326 audit(2000000161.488:1539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8123 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=132 compat=0 ip=0x7fd2726d5ea9 code=0x7ffc0000
[  209.740127][   T30] audit: type=1326 audit(2000000161.488:1540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8123 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2726d5ea9 code=0x7ffc0000
[  209.764212][   T30] audit: type=1326 audit(2000000161.488:1541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8123 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2726d5ea9 code=0x7ffc0000
[  209.793111][  T331] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  209.801640][ T8128] syzkaller0: refused to change device tx_queue_len
[  210.336472][  T500] hub 4-1:0.0: activate --> -90
[  210.442644][  T331] usb 5-1: Using ep0 maxpacket: 32
[  210.540110][  T500] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  210.778935][ T8141] usb 4-1: USB disconnect, device number 18
[  210.792507][ T8148] loop0: detected capacity change from 0 to 512
[  210.800145][  T500] usb 3-1: Using ep0 maxpacket: 8
[  210.822200][ T8148] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[  210.832312][ T8148] EXT4-fs (loop0): orphan cleanup on readonly fs
[  210.832654][  T331] usb 5-1: New USB device found, idVendor=06cd, idProduct=0115, bcdDevice=c3.cc
[  210.840007][ T8148] EXT4-fs (loop0): 1 truncate cleaned up
[  210.847762][  T331] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  210.861018][  T331] usb 5-1: Product: syz
[  210.861374][ T8148] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpjquota=,noblock_validity,discard,errors=remount-ro,noinit_itable,noinit_itable,noauto_da_alloc,resgid=0x0000000000000000,resgid=0x000000000000ee002. Quota mode: writeback.
[  210.864967][  T331] usb 5-1: Manufacturer: syz
[  210.893246][  T331] usb 5-1: SerialNumber: syz
[  210.900892][  T331] usb 5-1: config 0 descriptor??
[  210.908492][  T500] usb 3-1: unable to get BOS descriptor or descriptor too short
[  210.983891][ T8163] syzkaller0: refused to change device tx_queue_len
[  210.995135][  T500] usb 3-1: config index 0 descriptor too short (expected 16914, got 18)
[  211.003451][  T500] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  211.013361][  T500] usb 3-1: config 0 has no interfaces?
[  211.028230][ T8165] loop0: detected capacity change from 0 to 512
[  211.051079][ T8165] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem
[  211.060447][ T8165] EXT4-fs (loop0): warning: checktime reached, running e2fsck is recommended
[  211.070461][ T8165] EXT4-fs error (device loop0): ext4_validate_block_bitmap:429: comm syz-executor.0: bg 0: block 18: invalid block bitmap
[  211.083454][ T8165] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6153: Corrupt filesystem
[  211.092182][ T8165] EXT4-fs (loop0): 1 truncate cleaned up
[  211.097681][ T8165] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  211.108146][ T8165] ext2 filesystem being mounted at /root/syzkaller-testdir1360642269/syzkaller.2GJvEB/164/file0 supports timestamps until 2038 (0x7fffffff)
[  211.124592][ T8165] EXT4-fs error (device loop0): ext4_map_blocks:602: inode #2: block 3: comm syz-executor.0: lblock 0 mapped to illegal pblock 3 (length 1)
[  211.190218][  T500] usb 3-1: New USB device found, idVendor=0bb4, idProduct=0a9b, bcdDevice=30.9b
[  211.200388][  T500] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  211.203895][ T8114] loop4: detected capacity change from 0 to 8192
[  211.208221][  T500] usb 3-1: Product: syz
[  211.218382][  T500] usb 3-1: Manufacturer: syz
[  211.222880][  T500] usb 3-1: SerialNumber: syz
[  211.227901][  T500] usb 3-1: config 0 descriptor??
[  211.255658][ T8114] FAT-fs (loop4): Unrecognized mount option "nl80211" or missing value
[  211.366789][ T8180] loop3: detected capacity change from 0 to 512
[  211.396924][ T8180] EXT4-fs (loop3): Ignoring removed mblk_io_submit option
[  211.409597][ T8182] bridge: RTM_NEWNEIGH with invalid ether address
[  211.418904][ T8180] EXT4-fs error (device loop3): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor.3: inline data xattr refers to an external xattr inode
[  211.438006][ T8180] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz-executor.3: couldn't read orphan inode 12 (err -117)
[  211.461375][ T8180] EXT4-fs (loop3): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000100409e,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: writeback.
[  211.498989][  T331] usb 3-1: USB disconnect, device number 23
[  211.510716][ T8180] EXT4-fs error (device loop3): ext4_find_dest_de:2112: inode #2: block 255: comm syz-executor.3: bad entry in directory: inode out of bounds - offset=0, inode=1633771873, rec_len=1024, size=1024 fake=0
[  211.533697][ T8141] usb 5-1: USB disconnect, device number 21
[  211.637809][ T8196] loop3: detected capacity change from 0 to 8192
[  211.678161][ T8196]  loop3: p4 < >
[  211.688268][ T1669] Bluetooth: hci0: Frame reassembly failed (-84)
[  212.061597][ T8208] loop2: detected capacity change from 0 to 512
[  212.090287][ T8208] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  212.100680][ T8208] EXT4-fs (loop2): orphan cleanup on readonly fs
[  212.108038][ T8208] EXT4-fs (loop2): 1 truncate cleaned up
[  212.116550][ T8208] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpjquota=,noblock_validity,discard,errors=remount-ro,noinit_itable,noinit_itable,noauto_da_alloc,resgid=0x0000000000000000,resgid=0x000000000000ee002. Quota mode: writeback.
[  212.143577][ T8141] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  212.153180][ T8215] bridge: RTM_NEWNEIGH with invalid ether address
[  212.170039][ T8218] loop4: detected capacity change from 0 to 512
[  212.220353][ T8218] EXT4-fs (loop4): Ignoring removed mblk_io_submit option
[  212.229332][ T8218] EXT4-fs error (device loop4): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor.4: inline data xattr refers to an external xattr inode
[  212.245005][ T8218] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz-executor.4: couldn't read orphan inode 12 (err -117)
[  212.257390][ T8218] EXT4-fs (loop4): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000100409e,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: writeback.
[  212.290593][ T8218] EXT4-fs error (device loop4): ext4_find_dest_de:2112: inode #2: block 255: comm syz-executor.4: bad entry in directory: inode out of bounds - offset=0, inode=1633771873, rec_len=1024, size=1024 fake=0
[  212.330509][ T8226] loop2: detected capacity change from 0 to 512
[  212.361082][ T8226] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  212.372677][ T8226] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #17: comm syz-executor.2: iget: bad i_size value: -6917529027641081756
[  212.386807][ T8226] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz-executor.2: couldn't read orphan inode 17 (err -117)
[  212.399255][ T8226] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  212.413183][ T8226] fuse: Unknown parameter 'alloc_oth'
[  212.418429][ T8141] usb 4-1: Using ep0 maxpacket: 32
[  212.468578][   T63] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  212.535260][ T8238] fuse: Unknown parameter 'default_permkssio'
[  212.544545][ T8141] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  212.555490][ T8141] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  212.565147][ T8141] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  212.574021][ T8141] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  212.582262][ T8141] usb 4-1: config 0 descriptor??
[  212.620724][ T8141] hub 4-1:0.0: USB hub found
[  212.815356][  T500] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  212.858668][   T63] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  212.868588][   T63] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  212.877429][ T8141] hub 4-1:0.0: 1 port detected
[  212.967261][   T63] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  212.976120][   T63] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  212.983999][   T63] usb 2-1: SerialNumber: syz
[  213.097203][  T500] usb 5-1: Using ep0 maxpacket: 8
[  213.183684][  T500] usb 5-1: unable to get BOS descriptor or descriptor too short
[  213.234105][ T6504] EXT4-fs error (device loop2): ext4_readdir:260: inode #11: block 4: comm syz-executor.2: path (unknown): bad entry in directory: inode out of bounds - offset=0, inode=65, rec_len=12, size=4096 fake=1
[  213.254920][ T6504] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor.2: bg 0: block 65: padding at end of block bitmap is not set
[  213.270440][  T500] usb 5-1: config index 0 descriptor too short (expected 16914, got 18)
[  213.278640][  T500] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  213.288723][  T500] usb 5-1: config 0 has no interfaces?
[  213.335865][   T63] usb 2-1: 0:2 : does not exist
[  213.380108][   T63] usb 2-1: USB disconnect, device number 15
[  213.432168][ T8240] bridge0: port 1(bridge_slave_0) entered blocking state
[  213.439144][ T8240] bridge0: port 1(bridge_slave_0) entered disabled state
[  213.446632][ T8240] device bridge_slave_0 entered promiscuous mode
[  213.455750][ T8240] bridge0: port 2(bridge_slave_1) entered blocking state
[  213.462586][ T8240] bridge0: port 2(bridge_slave_1) entered disabled state
[  213.469589][  T500] usb 5-1: New USB device found, idVendor=0bb4, idProduct=0a9b, bcdDevice=30.9b
[  213.470021][ T8240] device bridge_slave_1 entered promiscuous mode
[  213.478475][  T500] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  213.478496][  T500] usb 5-1: Product: syz
[  213.496520][  T500] usb 5-1: Manufacturer: syz
[  213.501200][  T500] usb 5-1: SerialNumber: syz
[  213.506381][  T500] usb 5-1: config 0 descriptor??
[  213.545088][ T8240] bridge0: port 2(bridge_slave_1) entered blocking state
[  213.551989][ T8240] bridge0: port 2(bridge_slave_1) entered forwarding state
[  213.559096][ T8240] bridge0: port 1(bridge_slave_0) entered blocking state
[  213.562870][ T8141] hub 4-1:0.0: activate --> -90
[  213.565955][ T8240] bridge0: port 1(bridge_slave_0) entered forwarding state
[  213.593456][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  213.601339][  T331] bridge0: port 1(bridge_slave_0) entered disabled state
[  213.608923][  T331] bridge0: port 2(bridge_slave_1) entered disabled state
[  213.629161][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  213.637189][  T331] bridge0: port 1(bridge_slave_0) entered blocking state
[  213.644044][  T331] bridge0: port 1(bridge_slave_0) entered forwarding state
[  213.651670][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  213.659696][  T331] bridge0: port 2(bridge_slave_1) entered blocking state
[  213.666541][  T331] bridge0: port 2(bridge_slave_1) entered forwarding state
[  213.673889][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  213.681665][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  213.694977][   T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  213.706295][  T536] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  213.714178][  T536] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  213.721487][  T536] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  213.732359][ T8240] device veth0_vlan entered promiscuous mode
[  213.743279][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  213.752724][ T8240] device veth1_macvtap entered promiscuous mode
[  213.767462][  T536] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  213.776480][  T536] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  213.780169][  T500] usb 5-1: USB disconnect, device number 22
[  213.816271][   T10] device bridge_slave_1 left promiscuous mode
[  213.822314][   T10] bridge0: port 2(bridge_slave_1) entered disabled state
[  213.830490][   T10] device bridge_slave_0 left promiscuous mode
[  213.836863][   T10] bridge0: port 1(bridge_slave_0) entered disabled state
[  213.844961][   T10] device veth1_macvtap left promiscuous mode
[  213.850892][   T10] device veth0_vlan left promiscuous mode
[  213.931206][    T6] Bluetooth: hci0: command 0x1003 tx timeout
[  213.937115][ T3032] Bluetooth: hci0: sending frame failed (-49)
[  214.018647][  T500] usb 4-1: USB disconnect, device number 19
[  214.086516][ T8261] device pim6reg1 entered promiscuous mode
[  214.485802][ T8282] loop1: detected capacity change from 0 to 1024
[  214.538900][ T8282] EXT4-fs (loop1): Quota format mount options ignored when QUOTA feature is enabled
[  214.550145][ T8282] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,debug_want_extra_isize=0x0000000000000084,resuid=0x0000000000000000,max_batch_time=0x0000000000000003,lazytime,jqfmt=vfsold,usrquota,data_err=abort,,errors=continue. Quota mode: writeback.
[  214.573235][ T8286] loop3: detected capacity change from 0 to 16
[  214.603865][ T8286] erofs: (device loop3): mounted with root inode @ nid 36.
[  214.612785][ T8286] erofs: (device loop3): z_erofs_map_blocks_iter: invalid logical cluster 0 at nid 36
[  214.622321][ T8286] attempt to access beyond end of device
[  214.622321][ T8286] loop3: rw=0, want=304, limit=16
[  214.633025][ T8286] erofs: (device loop3): z_erofs_readpage: failed to read, err [-117]
[  214.765434][  T500] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  215.165050][ T1935] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  215.339672][  T500] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  215.349717][  T500] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  215.426284][ T1935] usb 4-1: Using ep0 maxpacket: 8
[  215.437246][  T500] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  215.446104][  T500] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  215.454034][  T500] usb 5-1: SerialNumber: syz
[  215.513017][ T1935] usb 4-1: unable to get BOS descriptor or descriptor too short
[  215.599719][ T1935] usb 4-1: config index 0 descriptor too short (expected 16914, got 18)
[  215.608058][ T1935] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  215.617929][ T1935] usb 4-1: config 0 has no interfaces?
[  215.762737][  T500] usb 5-1: 0:2 : does not exist
[  215.794725][ T1935] usb 4-1: New USB device found, idVendor=0bb4, idProduct=0a9b, bcdDevice=30.9b
[  215.803662][ T1935] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  215.811934][ T1935] usb 4-1: Product: syz
[  215.816570][  T500] usb 5-1: USB disconnect, device number 23
[  215.822622][ T1935] usb 4-1: Manufacturer: syz
[  215.827700][ T1935] usb 4-1: SerialNumber: syz
[  215.833262][ T1935] usb 4-1: config 0 descriptor??
[  216.100148][  T500] usb 4-1: USB disconnect, device number 20
[  216.184905][ T7722] Bluetooth: hci0: command 0x1001 tx timeout
[  216.190782][ T3032] Bluetooth: hci0: sending frame failed (-49)
[  218.438209][ T7722] Bluetooth: hci0: command 0x1009 tx timeout
[  219.170879][ T8326] loop4: detected capacity change from 0 to 2048
[  219.220014][ T8326] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  219.781770][ T7722] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  220.041709][ T7722] usb 4-1: Using ep0 maxpacket: 32
[  220.197469][ T7722] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  220.208255][ T7722] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  220.217842][ T7722] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  220.226900][ T7722] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  220.235407][ T7722] usb 4-1: config 0 descriptor??
[  220.369000][ T7722] hub 4-1:0.0: USB hub found
[  220.605086][ T7722] hub 4-1:0.0: 1 port detected
[  220.611047][ T8395] loop1: detected capacity change from 0 to 2048
[  220.672028][ T8395] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  220.710185][ T8398] loop4: detected capacity change from 0 to 40427
[  220.737235][ T1669] tipc: Left network mode
[  220.746741][ T8398] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  220.754385][ T8398] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  220.764709][ T8398] F2FS-fs (loop4): Found nat_bits in checkpoint
[  220.809195][ T8398] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  220.816220][ T8398] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  220.846314][ T8398] overlayfs: failed to resolve './file0': -2
[  220.886982][ T8407] bridge0: port 1(bridge_slave_0) entered blocking state
[  220.893917][ T8407] bridge0: port 1(bridge_slave_0) entered disabled state
[  220.902103][ T8407] device bridge_slave_0 entered promiscuous mode
[  220.910739][ T8407] bridge0: port 2(bridge_slave_1) entered blocking state
[  220.917578][ T8407] bridge0: port 2(bridge_slave_1) entered disabled state
[  220.924976][ T8407] device bridge_slave_1 entered promiscuous mode
[  220.969765][ T8407] bridge0: port 2(bridge_slave_1) entered blocking state
[  220.976723][ T8407] bridge0: port 2(bridge_slave_1) entered forwarding state
[  220.983840][ T8407] bridge0: port 1(bridge_slave_0) entered blocking state
[  220.990694][ T8407] bridge0: port 1(bridge_slave_0) entered forwarding state
[  221.017935][ T8360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  221.025702][ T8360] bridge0: port 1(bridge_slave_0) entered disabled state
[  221.033937][ T8360] bridge0: port 2(bridge_slave_1) entered disabled state
[  221.051552][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  221.059637][  T331] bridge0: port 1(bridge_slave_0) entered blocking state
[  221.066520][  T331] bridge0: port 1(bridge_slave_0) entered forwarding state
[  221.075165][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  221.083255][  T331] bridge0: port 2(bridge_slave_1) entered blocking state
[  221.090095][  T331] bridge0: port 2(bridge_slave_1) entered forwarding state
[  221.108637][ T7722] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  221.116421][ T7722] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  221.127450][ T1935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  221.140947][ T8407] device veth0_vlan entered promiscuous mode
[  221.148386][ T8141] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  221.156383][ T8141] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  221.163995][ T8141] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  221.183426][ T8141] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  221.191911][ T8407] device veth1_macvtap entered promiscuous mode
[  221.204585][ T8141] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  221.218281][ T8360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  221.250077][ T8428] loop1: detected capacity change from 0 to 1024
[  221.278337][ T8428] EXT4-fs (loop1): mounted filesystem without journal. Opts: user_xattr,noquota,barrier=0x0000000000000002,jqfmt=vfsv1,block_validity,max_dir_size_kb=0x00000000000007b1,noquota,min_batch_time=0x0000000000000008,delalloc,user_xattr,quota,,errors=continue. Quota mode: writeback.
[  221.306514][ T1669] device bridge_slave_1 left promiscuous mode
[  221.313149][ T1669] bridge0: port 2(bridge_slave_1) entered disabled state
[  221.320908][ T1669] device bridge_slave_0 left promiscuous mode
[  221.326978][ T1669] bridge0: port 1(bridge_slave_0) entered disabled state
[  221.335139][ T1669] device veth1_macvtap left promiscuous mode
[  221.341084][ T1669] device veth0_vlan left promiscuous mode
[  221.363521][ T7722] hub 4-1:0.0: activate --> -90
[  221.408220][  T331] Bluetooth: hci1: command 0x1003 tx timeout
[  221.414102][ T8331] Bluetooth: hci1: sending frame failed (-49)
[  221.673411][ T8438] overlayfs: './file2' not a directory
[  221.874063][ T8442] loop4: detected capacity change from 0 to 512
[  221.896001][ T8442] EXT4-fs (loop4): Test dummy encryption mode enabled
[  221.904207][ T8442] EXT4-fs error (device loop4): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor.4: inline data xattr refers to an external xattr inode
[  221.919594][ T8442] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz-executor.4: couldn't read orphan inode 12 (err -117)
[  221.927502][   T26] usb 4-1: USB disconnect, device number 21
[  221.931912][ T8442] EXT4-fs (loop4): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,user_xattr,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000000409e,test_dummy_encryption,,errors=continue. Quota mode: writeback.
[  221.969853][ T8442] EXT4-fs error (device loop4): htree_dirblock_to_tree:1082: inode #2: comm syz-executor.4: Directory hole found for htree leaf block
[  221.985466][ T8442] fscrypt: AES-256-XTS using implementation "xts-aes-aesni"
[  222.006207][ T8442] device vlan2 entered promiscuous mode
[  222.011720][ T8442] device bond_slave_1 entered promiscuous mode
[  222.018361][ T8442] device bond_slave_1 left promiscuous mode
[  222.372336][  T536] hid-generic 0000:0000:0000.001E: unknown main item tag 0x0
[  222.380060][  T536] hid-generic 0000:0000:0000.001E: unknown main item tag 0x0
[  222.387651][  T536] hid-generic 0000:0000:0000.001E: unknown main item tag 0x0
[  222.395047][  T536] hid-generic 0000:0000:0000.001E: unknown main item tag 0x0
[  222.402250][  T536] hid-generic 0000:0000:0000.001E: unknown main item tag 0x0
[  222.409702][  T536] hid-generic 0000:0000:0000.001E: unknown main item tag 0x0
[  222.416958][  T536] hid-generic 0000:0000:0000.001E: unknown main item tag 0x0
[  222.424307][  T536] hid-generic 0000:0000:0000.001E: unknown main item tag 0x0
[  222.431570][  T536] hid-generic 0000:0000:0000.001E: unknown main item tag 0x0
[  222.439030][  T536] hid-generic 0000:0000:0000.001E: unknown main item tag 0x0
[  222.446316][  T536] hid-generic 0000:0000:0000.001E: unknown main item tag 0x0
[  222.454125][  T536] hid-generic 0000:0000:0000.001E: unknown main item tag 0x0
[  222.461488][  T536] hid-generic 0000:0000:0000.001E: unknown main item tag 0x0
[  222.468873][  T536] hid-generic 0000:0000:0000.001E: unknown main item tag 0x0
[  222.476130][  T536] hid-generic 0000:0000:0000.001E: unknown main item tag 0x0
[  222.483467][  T536] hid-generic 0000:0000:0000.001E: unknown main item tag 0x0
[  222.490758][  T536] hid-generic 0000:0000:0000.001E: unknown main item tag 0x0
[  222.498016][  T536] hid-generic 0000:0000:0000.001E: unknown main item tag 0x0
[  222.505302][  T536] hid-generic 0000:0000:0000.001E: unknown main item tag 0x0
[  222.507236][   T30] kauditd_printk_skb: 5 callbacks suppressed
[  222.507250][   T30] audit: type=1400 audit(2000000173.386:1543): avc:  denied  { mounton } for  pid=8461 comm="syz-executor.4" path="/root/syzkaller-testdir2755981045/syzkaller.MxT84e/269/file0" dev="sda1" ino=1958 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=blk_file permissive=1
[  222.512544][  T536] hid-generic 0000:0000:0000.001E: unknown main item tag 0x0
[  222.518560][ T8462] blk_update_request: I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  222.563683][  T536] hid-generic 0000:0000:0000.001E: unknown main item tag 0x0
[  222.563713][  T536] hid-generic 0000:0000:0000.001E: unknown main item tag 0x0
[  222.563732][  T536] hid-generic 0000:0000:0000.001E: unknown main item tag 0x0
[  222.563749][  T536] hid-generic 0000:0000:0000.001E: unknown main item tag 0x0
[  222.571401][ T8462] FAT-fs (loop9): unable to read boot sector
[  222.578504][  T536] hid-generic 0000:0000:0000.001E: unknown main item tag 0x0
[  222.609419][  T536] hid-generic 0000:0000:0000.001E: unknown main item tag 0x0
[  222.618095][  T536] hid-generic 0000:0000:0000.001E: unknown main item tag 0x0
[  222.625933][  T536] hid-generic 0000:0000:0000.001E: unknown main item tag 0x0
[  222.633239][  T536] hid-generic 0000:0000:0000.001E: unknown main item tag 0x0
[  222.691182][  T536] hid-generic 0000:0000:0000.001E: unknown main item tag 0x0
[  222.698490][  T536] hid-generic 0000:0000:0000.001E: unknown main item tag 0x0
[  222.705617][  T536] hid-generic 0000:0000:0000.001E: unknown main item tag 0x0
[  222.713764][  T536] hid-generic 0000:0000:0000.001E: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  223.028592][ T8473] input: syz1 as /devices/virtual/input/input32
[  223.227089][  T536] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  223.294520][   T30] audit: type=1326 audit(2000000174.106:1544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8477 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7633894ea9 code=0x0
[  223.627887][  T536] usb 2-1: config 0 has no interfaces?
[  223.633192][  T536] usb 2-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00
[  223.648123][  T536] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  223.696516][  T536] usb 2-1: config 0 descriptor??
[  223.702792][  T331] Bluetooth: hci1: command 0x1001 tx timeout
[  223.708681][ T1922] Bluetooth: hci1: sending frame failed (-49)
[  223.716411][   T30] audit: type=1400 audit(2000000174.502:1545): avc:  denied  { ioctl } for  pid=8487 comm="syz-executor.3" path="/root/syzkaller-testdir1053385955/syzkaller.EzYSh8/32/file0/.pending_reads" dev="incremental-fs" ino=2 ioctlcmd=0x671e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  223.727684][ T8488] incfs_lookup_dentry err:-13
[  223.894915][ T8497] loop3: detected capacity change from 0 to 2048
[  223.932008][ T8497] EXT4-fs (loop3): Ignoring removed mblk_io_submit option
[  223.943494][ T8497] EXT4-fs (loop3): mounted filesystem without journal. Opts: nombcache,usrjquota=,errors=remount-ro,norecovery,max_batch_time=0x0000000000000005,mblk_io_submit,minixdf,barrier=0x0000000000000000,grpjquota=,bsddf,. Quota mode: none.
[  223.966125][  T331] usb 2-1: USB disconnect, device number 16
[  224.030775][ T8500] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor.3: bg 0: block 234: padding at end of block bitmap is not set
[  224.045475][ T8500] EXT4-fs (loop3): Remounting filesystem read-only
[  224.062137][ T8497] Illegal XDP return value 4294967274, expect packet loss!
[  224.147860][    T6] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  224.429541][    T6] usb 5-1: Using ep0 maxpacket: 32
[  224.594254][ T8514] input: syz1 as /devices/virtual/input/input33
[  224.808901][    T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  224.819687][    T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  224.829156][    T6] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  224.838121][    T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  224.847972][    T6] usb 5-1: config 0 descriptor??
[  224.895756][    T6] hub 5-1:0.0: USB hub found
[  224.917128][  T500] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  225.123178][    T6] hub 5-1:0.0: 1 port detected
[  225.350610][  T500] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  225.360102][  T500] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  225.392678][ T8534] usb usb8: usbfs: process 8534 (syz-executor.3) did not claim interface 0 before use
[  225.469681][  T500] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  225.478552][  T500] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  225.486402][  T500] usb 1-1: SerialNumber: syz
[  225.509500][ T8544] loop3: detected capacity change from 0 to 2048
[  225.535680][ T8544] EXT4-fs (loop3): Ignoring removed mblk_io_submit option
[  225.547112][ T8544] EXT4-fs (loop3): mounted filesystem without journal. Opts: nombcache,usrjquota=,errors=remount-ro,norecovery,max_batch_time=0x0000000000000005,mblk_io_submit,minixdf,barrier=0x0000000000000000,grpjquota=,bsddf,. Quota mode: none.
[  225.557051][  T500] cdc_ether: probe of 1-1:1.0 failed with error -22
[  225.634179][ T8547] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor.3: bg 0: block 234: padding at end of block bitmap is not set
[  225.648950][ T8547] EXT4-fs (loop3): Remounting filesystem read-only
[  225.796299][   T26] usb 1-1: USB disconnect, device number 19
[  225.800935][ T8563] usb usb8: usbfs: process 8563 (syz-executor.1) did not claim interface 0 before use
[  225.821886][   T30] audit: type=1326 audit(2000000176.441:1546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8566 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5bd8993ea9 code=0x0
[  225.845443][    T6] hub 5-1:0.0: activate --> -90
[  225.882417][ T8571] loop3: detected capacity change from 0 to 128
[  225.892641][    T6] Bluetooth: hci1: command 0x1009 tx timeout
[  226.055489][ T8576] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  226.066520][ T8576] FAT-fs (loop7): unable to read boot sector
[  226.296242][  T331] usb 5-1: USB disconnect, device number 24
[  226.862354][ T8603] loop1: detected capacity change from 0 to 1024
[  227.222095][ T8603] EXT4-fs (loop1): mounted filesystem without journal. Opts: user_xattr,noquota,barrier=0x0000000000000002,jqfmt=vfsv1,block_validity,max_dir_size_kb=0x00000000000007b1,noquota,min_batch_time=0x0000000000000008,delalloc,user_xattr,quota,,errors=continue. Quota mode: writeback.
[  227.281426][ T8610] syz-executor.3[8610] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  227.281513][ T8610] syz-executor.3[8610] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  227.531102][ T8624] overlayfs: './file2' not a directory
[  227.629823][ T8622] netem: change failed
[  227.656685][   T30] audit: type=1326 audit(2000000178.130:1547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8630 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6e137f1ea9 code=0x0
[  227.827262][ T8647] loop0: detected capacity change from 0 to 1024
[  227.974474][ T8647] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  228.007003][   T30] audit: type=1326 audit(2000000178.462:1548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8663 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb040938ea9 code=0x7ffc0000
[  228.034565][   T30] audit: type=1326 audit(2000000178.481:1549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8663 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb040938ea9 code=0x7ffc0000
[  228.059662][   T30] audit: type=1326 audit(2000000178.481:1550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8663 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb040938ea9 code=0x7ffc0000
[  228.105046][ T8672] loop0: detected capacity change from 0 to 1024
[  228.119872][   T30] audit: type=1326 audit(2000000178.481:1551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8663 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb040938ea9 code=0x7ffc0000
[  228.153690][   T30] audit: type=1326 audit(2000000178.481:1552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8663 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb040938ea9 code=0x7ffc0000
[  228.179466][   T30] audit: type=1326 audit(2000000178.481:1553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8663 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb040938ea9 code=0x7ffc0000
[  228.180584][ T8677] loop1: detected capacity change from 0 to 2048
[  228.203942][   T30] audit: type=1326 audit(2000000178.481:1554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8663 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=92 compat=0 ip=0x7fb040938ea9 code=0x7ffc0000
[  228.233789][   T30] audit: type=1326 audit(2000000178.481:1555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8663 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb040938ea9 code=0x7ffc0000
[  228.258990][ T8672] EXT4-fs (loop0): mounted filesystem without journal. Opts: user_xattr,noquota,barrier=0x0000000000000002,jqfmt=vfsv1,block_validity,max_dir_size_kb=0x00000000000007b1,noquota,min_batch_time=0x0000000000000008,delalloc,user_xattr,quota,,errors=continue. Quota mode: writeback.
[  228.262702][   T30] audit: type=1326 audit(2000000178.481:1556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8663 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb040938ea9 code=0x7ffc0000
[  228.309219][   T30] audit: type=1326 audit(2000000178.545:1557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8673 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bd8993ea9 code=0x7ffc0000
[  228.341727][ T8677] EXT4-fs (loop1): Ignoring removed mblk_io_submit option
[  228.361094][ T8677] EXT4-fs (loop1): mounted filesystem without journal. Opts: nombcache,usrjquota=,errors=remount-ro,norecovery,max_batch_time=0x0000000000000005,mblk_io_submit,minixdf,barrier=0x0000000000000000,grpjquota=,bsddf,. Quota mode: none.
[  228.446589][ T8687] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor.1: bg 0: block 234: padding at end of block bitmap is not set
[  228.461395][ T8687] EXT4-fs (loop1): Remounting filesystem read-only
[  228.616177][ T8690] overlayfs: './file2' not a directory
[  228.648897][ T8698] loop4: detected capacity change from 0 to 1024
[  228.677638][ T8702] netem: change failed
[  228.693498][ T8698] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  228.788800][ T8720] syz_tun: refused to change device tx_queue_len
[  228.794962][ T8720] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check.
[  228.831651][ T8726] tmpfs: Unknown parameter 'f'
[  228.872260][ T8730] netem: change failed
[  229.183525][ T8744] loop0: detected capacity change from 0 to 1024
[  229.206850][ T8750] loop3: detected capacity change from 0 to 256
[  229.220208][ T8744] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  229.224310][ T8750] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x72684843, utbl_chksum : 0xe619d30d)
[  229.299752][ T8763] device pim6reg1 entered promiscuous mode
[  229.360267][ T8769] loop1: detected capacity change from 0 to 128
[  229.387497][ T8778] loop3: detected capacity change from 0 to 256
[  229.397339][ T8780] loop0: detected capacity change from 0 to 1024
[  229.404207][ T8769] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  229.416230][ T8769] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  229.416972][ T8778] exFAT-fs (loop3): bogus number of FAT structure
[  229.431442][ T8778] exFAT-fs (loop3): failed to read boot sector
[  229.437544][ T8778] exFAT-fs (loop3): failed to recognize exfat type
[  229.437845][ T1669] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  229.454598][ T8780] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  229.556880][ T8790] loop0: detected capacity change from 0 to 2048
[  229.587587][ T8790] EXT4-fs (loop0): Ignoring removed mblk_io_submit option
[  229.599244][ T8790] EXT4-fs (loop0): mounted filesystem without journal. Opts: nombcache,usrjquota=,errors=remount-ro,norecovery,max_batch_time=0x0000000000000005,mblk_io_submit,minixdf,barrier=0x0000000000000000,grpjquota=,bsddf,. Quota mode: none.
[  229.738517][ T8800] loop3: detected capacity change from 0 to 512
[  229.788196][ T8800] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock
[  229.797868][ T8800] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock
[  229.807884][ T8800] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 1 overlaps superblock
[  229.825556][ T8800] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  229.833315][ T8800] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c040e118, mo2=0000]
[  229.841560][ T8800] EXT4-fs (loop3): orphan cleanup on readonly fs
[  229.848820][ T8800] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor.3: bg 0: block 34: padding at end of block bitmap is not set
[  229.863893][ T8800] EXT4-fs (loop3): 1 truncate cleaned up
[  229.869711][ T8800] EXT4-fs (loop3): mounted filesystem without journal. Opts: noload,discard,nogrpid,noblock_validity,,errors=continue. Quota mode: writeback.
[  229.894523][ T8804] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor.0: bg 0: block 234: padding at end of block bitmap is not set
[  229.917663][ T8804] EXT4-fs (loop0): Remounting filesystem read-only
[  230.057130][ T8826] loop1: detected capacity change from 0 to 256
[  230.064864][ T8826] exFAT-fs (loop1): bogus number of FAT structure
[  230.071190][ T8826] exFAT-fs (loop1): failed to read boot sector
[  230.077275][ T8826] exFAT-fs (loop1): failed to recognize exfat type
[  230.171719][ T8832] overlayfs: statfs failed on './file0'
[  230.401386][ T8839] device pim6reg1 entered promiscuous mode
[  230.540571][ T8859] : renamed from ipvlan1
[  230.554613][ T8854] loop3: detected capacity change from 0 to 8192
[  230.632769][ T8868] device pim6reg1 entered promiscuous mode
[  230.660274][ T8874] loop1: detected capacity change from 0 to 2048
[  230.898192][ T8874] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  231.296976][ T8911] loop0: detected capacity change from 0 to 256
[  231.322138][ T8910] device pim6reg1 entered promiscuous mode
[  231.373707][ T8915] loop2: detected capacity change from 0 to 256
[  231.399294][ T8915] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x72684843, utbl_chksum : 0xe619d30d)
[  231.472454][ T8935] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
[  231.506324][ T8940] device pim6reg1 entered promiscuous mode
[  231.716257][ T8965] SELinux: security_context_str_to_sid() failed for (dev ?, type ?) errno=-22
[  231.729647][ T8965] SELinux: security_context_str_to_sid() failed for (dev incremental-fs, type incremental-fs) errno=-22
[  231.746239][ T8965] ------------[ cut here ]------------
[  231.751528][ T8965] WARNING: CPU: 0 PID: 8965 at fs/overlayfs/util.c:470 ovl_dir_modified+0x1a5/0x1e0
[  231.754752][ T8948] loop2: detected capacity change from 0 to 40427
[  231.761019][ T8965] Modules linked in:
[  231.770760][ T8965] CPU: 0 PID: 8965 Comm: syz-executor.1 Not tainted 5.15.149-syzkaller-00131-g79bd336c7a94 #0
[  231.781074][ T8965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  231.791153][ T8965] RIP: 0010:ovl_dir_modified+0x1a5/0x1e0
[  231.796682][ T8965] Code: 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ff e8 f2 b8 9f ff 49 ff 07 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 6b 7f 5d ff <0f> 0b e9 06 ff ff ff e8 5f 7f 5d ff 0f 0b e9 3d ff ff ff 44 89 e1
[  231.807663][  T536] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  231.816169][ T8965] RSP: 0018:ffffc900009b79e0 EFLAGS: 00010287
[  231.829526][ T8965] RAX: ffffffff8212b6b5 RBX: 0000000000000000 RCX: 0000000000040000
[  231.837442][ T8965] RDX: ffffc90002b49000 RSI: 0000000000005205 RDI: 0000000000005206
[  231.845334][ T8965] RBP: ffffc900009b7a10 R08: ffffffff8212b5b4 R09: ffffed1025ed5a05
[  231.853193][ T8965] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88812f75fdd0
[  231.853323][ T8948] F2FS-fs (loop2): invalid crc value
[  231.860975][ T8965] R13: ffff88812f75fe00 R14: 1ffff11025eebfc0 R15: ffff88812f6acf80
[  231.860996][ T8965] FS:  00007f5bd7d0e6c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[  231.883271][ T8965] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  231.886332][ T8948] F2FS-fs (loop2): Found nat_bits in checkpoint
[  231.889761][ T8965] CR2: 0000001b31e2b000 CR3: 0000000129692000 CR4: 00000000003506a0
[  231.903705][ T8965] DR0: 0000000000002800 DR1: 0000000000000000 DR2: 0000000000000000
[  231.911535][ T8965] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  231.919565][ T8965] Call Trace:
[  231.922659][ T8965]  <TASK>
[  231.925449][ T8965]  ? show_regs+0x58/0x60
[  231.929635][ T8965]  ? __warn+0x160/0x2f0
[  231.933701][ T8965]  ? ovl_dir_modified+0x1a5/0x1e0
[  231.938529][ T8965]  ? report_bug+0x3d9/0x5b0
[  231.942802][ T8965]  ? ovl_dir_modified+0x1a5/0x1e0
[  231.944027][ T8948] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  231.947766][ T8965]  ? handle_bug+0x41/0x70
[  231.959434][ T8965]  ? exc_invalid_op+0x1b/0x50
[  231.963933][ T8965]  ? asm_exc_invalid_op+0x1b/0x20
[  231.968794][ T8965]  ? ovl_dir_modified+0xa4/0x1e0
[  231.977021][ T8965]  ? ovl_dir_modified+0x1a5/0x1e0
[  231.986351][ T8240] attempt to access beyond end of device
[  231.986351][ T8240] loop2: rw=2049, want=45104, limit=40427
[  231.986542][ T8965]  ? ovl_dir_modified+0x1a5/0x1e0
[  232.010070][ T8965]  ovl_do_remove+0x64c/0xa30
[  232.019959][ T8965]  ? inode_permission+0xf8/0x460
[  232.024849][ T8965]  ? ovl_set_redirect+0x690/0x690
[  232.029769][ T8965]  ? selinux_inode_rmdir+0x22/0x30
[  232.034691][ T8965]  ovl_rmdir+0x1a/0x20
[  232.038635][ T8965]  vfs_rmdir+0x324/0x470
[  232.042686][ T8965]  incfs_kill_sb+0x113/0x230
[  232.048803][ T8965]  deactivate_locked_super+0xad/0x110
[  232.054074][ T8965]  fc_drop_locked+0x7f/0x90
[  232.058475][ T8965]  vfs_get_tree+0x1d2/0x290
[  232.062798][ T8965]  do_new_mount+0x2ba/0xb30
[  232.067392][ T8965]  ? do_move_mount_old+0x160/0x160
[  232.072442][ T8965]  ? security_capable+0x87/0xb0
[  232.077024][ T8965]  ? ns_capable+0x89/0xe0
[  232.087331][ T8965]  path_mount+0x671/0x1070
[  232.091831][ T8965]  __se_sys_mount+0x2c4/0x3b0
[  232.100310][ T8965]  ? __x64_sys_mount+0xd0/0xd0
[  232.104950][ T8965]  ? __kasan_check_read+0x11/0x20
[  232.112325][ T8965]  __x64_sys_mount+0xbf/0xd0
[  232.117556][ T8965]  do_syscall_64+0x3d/0xb0
[  232.122103][ T8965]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  232.127835][ T8965] RIP: 0033:0x7f5bd8993ea9
[  232.132089][ T8965] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  232.152005][ T8965] RSP: 002b:00007f5bd7d0e0c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  232.160362][ T8965] RAX: ffffffffffffffda RBX: 00007f5bd8acaf80 RCX: 00007f5bd8993ea9
[  232.168640][ T8965] RDX: 00000000200004c0 RSI: 0000000020000440 RDI: 00000000200003c0
[  232.176615][ T8965] RBP: 00007f5bd8a02ff4 R08: 0000000020000dc0 R09: 0000000000000000
[  232.184476][ T8965] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  232.192634][ T8965] R13: 000000000000000b R14: 00007f5bd8acaf80 R15: 00007ffd13afeff8
[  232.200509][ T8965]  </TASK>
[  232.203327][ T8965] ---[ end trace 16b7cf130c110052 ]---
[  232.209243][ T8965] ------------[ cut here ]------------
[  232.214660][ T8965] WARNING: CPU: 1 PID: 8965 at fs/overlayfs/util.c:470 ovl_dir_modified+0x1a5/0x1e0
[  232.223844][ T8965] Modules linked in:
[  232.227611][ T8965] CPU: 1 PID: 8965 Comm: syz-executor.1 Tainted: G        W         5.15.149-syzkaller-00131-g79bd336c7a94 #0
[  232.239219][  T536] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  232.249951][ T8965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  232.270928][ T8981] loop3: detected capacity change from 0 to 256
[  232.272984][ T8978] device pim6reg1 entered promiscuous mode
[  232.277117][  T536] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  232.288806][ T8965] RIP: 0010:ovl_dir_modified+0x1a5/0x1e0
[  232.291656][  T536] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  232.297115][ T8965] Code: 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ff e8 f2 b8 9f ff 49 ff 07 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 6b 7f 5d ff <0f> 0b e9 06 ff ff ff e8 5f 7f 5d ff 0f 0b e9 3d ff ff ff 44 89 e1
[  232.305474][  T536] usb 1-1: config 0 descriptor??
[  232.324567][ T8965] RSP: 0018:ffffc900009b79e0 EFLAGS: 00010246
[  232.335167][ T8965] RAX: ffffffff8212b6b5 RBX: 0000000000000000 RCX: 0000000000040000
[  232.343049][ T8965] RDX: ffffc90002b49000 RSI: 000000000003ffff RDI: 0000000000040000
[  232.343670][ T8981] exfat: Deprecated parameter 'namecase'
[  232.358603][ T8965] RBP: ffffc900009b7a10 R08: ffffffff8212b5b4 R09: ffffed1025ed5a05
[  232.365171][ T8981] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d)
[  232.366591][ T8965] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88812f75fdd0
[  232.386807][ T8965] R13: ffff88812f75fe00 R14: 1ffff11025eebfc0 R15: ffff88812f6acf80
[  232.394744][ T8965] FS:  00007f5bd7d0e6c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[  232.403669][ T8965] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  232.410251][ T8965] CR2: 0000001b2eb32000 CR3: 0000000129692000 CR4: 00000000003506b0
[  232.418476][ T8965] DR0: 0000000000002800 DR1: 0000000000000000 DR2: 0000000000000000
[  232.434274][ T8965] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  232.442494][ T8965] Call Trace:
[  232.445931][ T8965]  <TASK>
[  232.448795][ T8965]  ? show_regs+0x58/0x60
[  232.452797][ T8965]  ? __warn+0x160/0x2f0
[  232.456752][ T8965]  ? ovl_dir_modified+0x1a5/0x1e0
[  232.461925][ T8965]  ? report_bug+0x3d9/0x5b0
[  232.466969][ T8965]  ? ovl_dir_modified+0x1a5/0x1e0
[  232.482044][ T8965]  ? handle_bug+0x41/0x70
[  232.487111][ T8965]  ? exc_invalid_op+0x1b/0x50
[  232.491942][ T8965]  ? asm_exc_invalid_op+0x1b/0x20
[  232.498294][ T8965]  ? ovl_dir_modified+0xa4/0x1e0
[  232.503487][ T8965]  ? ovl_dir_modified+0x1a5/0x1e0
[  232.508347][ T8965]  ? ovl_dir_modified+0x1a5/0x1e0
[  232.513730][ T8965]  ovl_do_remove+0x64c/0xa30
[  232.519049][ T8965]  ? inode_permission+0xf8/0x460
[  232.523932][ T8965]  ? ovl_set_redirect+0x690/0x690
[  232.528832][ T8965]  ? selinux_inode_rmdir+0x22/0x30
[  232.535732][ T8965]  ovl_rmdir+0x1a/0x20
[  232.547604][ T8965]  vfs_rmdir+0x324/0x470
[  232.551574][ T8999] syz-executor.3[8999] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  232.551688][ T8965]  incfs_kill_sb+0x1b4/0x230
[  232.551736][ T8999] syz-executor.3[8999] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  232.563292][ T8965]  deactivate_locked_super+0xad/0x110
[  232.600285][ T8965]  fc_drop_locked+0x7f/0x90
[  232.606594][ T8965]  vfs_get_tree+0x1d2/0x290
[  232.611989][ T8965]  do_new_mount+0x2ba/0xb30
[  232.615781][ T9001] loop4: detected capacity change from 0 to 128
[  232.616465][ T8965]  ? do_move_mount_old+0x160/0x160
[  232.627563][ T8965]  ? security_capable+0x87/0xb0
[  232.652413][ T8965]  ? ns_capable+0x89/0xe0
[  232.657063][ T8965]  path_mount+0x671/0x1070
[  232.661774][ T8965]  __se_sys_mount+0x2c4/0x3b0
[  232.667582][ T8965]  ? __x64_sys_mount+0xd0/0xd0
[  232.672232][ T8965]  ? __kasan_check_read+0x11/0x20
[  232.677138][ T8965]  __x64_sys_mount+0xbf/0xd0
[  232.681467][ T8965]  do_syscall_64+0x3d/0xb0
[  232.685804][ T8965]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  232.691647][ T8965] RIP: 0033:0x7f5bd8993ea9
[  232.695856][ T8965] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  232.716055][ T9001] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  232.716142][ T8965] RSP: 002b:00007f5bd7d0e0c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  232.737215][ T8965] RAX: ffffffffffffffda RBX: 00007f5bd8acaf80 RCX: 00007f5bd8993ea9
[  232.745594][ T8965] RDX: 00000000200004c0 RSI: 0000000020000440 RDI: 00000000200003c0
[  232.746655][ T9001] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  232.753950][ T8965] RBP: 00007f5bd8a02ff4 R08: 0000000020000dc0 R09: 0000000000000000
[  232.770215][ T8965] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  232.786522][ T8965] R13: 000000000000000b R14: 00007f5bd8acaf80 R15: 00007ffd13afeff8
[  232.794696][ T8965]  </TASK>
[  232.797686][ T8965] ---[ end trace 16b7cf130c110053 ]---
[  232.849619][ T1669] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  232.859213][  T536] keytouch 0003:0926:3333.001F: fixing up Keytouch IEC report descriptor
[  232.879304][  T536] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.001F/input/input34
[  232.958477][  T536] keytouch 0003:0926:3333.001F: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0
[  233.338111][  T536] usb 1-1: USB disconnect, device number 20
[  233.460382][ T9081] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  233.464058][ T9050] loop1: detected capacity change from 0 to 40427
[  233.477318][ T9081] netlink: 'syz-executor.4': attribute type 4 has an invalid length.
[  233.478189][ T9050] F2FS-fs (loop1): invalid crc value
[  233.491610][ T9050] F2FS-fs (loop1): Found nat_bits in checkpoint
[  233.513664][ T9050] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  233.533216][ T8407] attempt to access beyond end of device
[  233.533216][ T8407] loop1: rw=2049, want=45104, limit=40427
[  234.648391][ T9124] bridge0: port 2(syz_tun) entered disabled state
[  234.656199][ T9124] device syz_tun left promiscuous mode
[  234.661660][ T9124] bridge0: port 2(syz_tun) entered disabled state
[  234.758261][ T9142] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  234.826147][ T9152] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[  234.839039][   T30] kauditd_printk_skb: 31 callbacks suppressed
[  234.839055][   T30] audit: type=1107 audit(2000000184.757:1587): pid=9144 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg=''
[  235.039929][ T9152] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[  235.177806][ T9179] netlink: 'syz-executor.0': attribute type 4 has an invalid length.
[  235.186011][ T9179] netlink: 'syz-executor.0': attribute type 5 has an invalid length.
[  235.193966][ T9179] netlink: 'syz-executor.0': attribute type 2 has an invalid length.
[  235.204066][ T9179] netlink: 'syz-executor.0': attribute type 1 has an invalid length.
[  235.212111][ T9179] netlink: 'syz-executor.0': attribute type 1 has an invalid length.
[  235.222999][ T9179] netlink: 'syz-executor.0': attribute type 12 has an invalid length.
[  235.242103][ T8141] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  235.919209][ T9198] loop0: detected capacity change from 0 to 512
[  235.957164][ T7722] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  235.968867][ T9198] EXT4-fs (loop0): Ignoring removed nobh option
[  235.980849][ T9198] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobh,noblock_validity,,errors=continue. Quota mode: writeback.
[  235.993828][ T9198] ext4 filesystem being mounted at /root/syzkaller-testdir1360642269/syzkaller.2GJvEB/221/bus supports timestamps until 2038 (0x7fffffff)
[  236.082552][ T9198] EXT4-fs error (device loop0): ext4_do_update_inode:5191: inode #19: comm syz-executor.0: corrupted inode contents
[  236.094815][ T8141] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  236.105787][ T8141] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  236.114703][ T9198] EXT4-fs error (device loop0): ext4_dirty_inode:6024: inode #19: comm syz-executor.0: mark_inode_dirty error
[  236.121629][ T9203] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  236.126559][ T8141] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  236.143749][ T9198] EXT4-fs error (device loop0): ext4_do_update_inode:5191: inode #19: comm syz-executor.0: corrupted inode contents
[  236.147738][ T9203] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  236.156573][ T8141] usb 3-1: config 0 descriptor??
[  236.166195][ T9198] EXT4-fs error (device loop0): ext4_xattr_delete_inode:2954: inode #19: comm syz-executor.0: mark_inode_dirty error
[  236.187769][ T9198] EXT4-fs error (device loop0): ext4_xattr_delete_inode:2957: inode #19: comm syz-executor.0: mark inode dirty (error -117)
[  236.203675][ T9198] EXT4-fs warning (device loop0): ext4_evict_inode:303: xattr delete (err -117)
[  236.238831][ T7722] usb 2-1: Using ep0 maxpacket: 8
[  236.264112][ T9207] loop3: detected capacity change from 0 to 2048
[  236.294329][ T9211] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  236.303549][ T9207] EXT4-fs (loop3): Ignoring removed mblk_io_submit option
[  236.306586][ T9213] loop0: detected capacity change from 0 to 2048
[  236.327252][ T9207] EXT4-fs (loop3): mounted filesystem without journal. Opts: nombcache,usrjquota=,errors=remount-ro,norecovery,max_batch_time=0x0000000000000005,mblk_io_submit,minixdf,barrier=0x0000000000000000,grpjquota=,bsddf,. Quota mode: none.
[  236.331894][ T9217] netlink: 'syz-executor.4': attribute type 4 has an invalid length.
[  236.357786][ T9217] netlink: 'syz-executor.4': attribute type 5 has an invalid length.
[  236.365770][ T9217] netlink: 'syz-executor.4': attribute type 2 has an invalid length.
[  236.373783][ T7722] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[  236.382183][ T9213] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  236.390581][ T7722] usb 2-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config
[  236.403158][ T7722] usb 2-1: config 179 has no interface number 0
[  236.409726][ T7722] usb 2-1: config 179 interface 65 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 23
[  236.424166][ T7722] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  236.432588][ T9213] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a002e01c, mo2=0002]
[  236.433087][ T7722] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  236.441788][ T9218] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor.3: bg 0: block 234: padding at end of block bitmap is not set
[  236.450036][ T9213] System zones: 0-19
[  236.463701][ T9218] EXT4-fs (loop3): Remounting filesystem read-only
[  236.468181][ T9213] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  236.652008][   T30] audit: type=1326 audit(2000000186.437:1588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9239 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb040938ea9 code=0x7ffc0000
[  236.683681][ T8141] keytouch 0003:0926:3333.0020: fixing up Keytouch IEC report descriptor
[  236.693265][ T8141] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.0020/input/input35
[  236.697862][   T30] audit: type=1326 audit(2000000186.437:1589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9239 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb040938ea9 code=0x7ffc0000
[  236.732772][ T7722] usb 2-1: USB disconnect, device number 17
[  236.740743][ T9226] loop0: detected capacity change from 0 to 40427
[  236.769810][   T30] audit: type=1326 audit(2000000186.437:1590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9239 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=265 compat=0 ip=0x7fb040938ea9 code=0x7ffc0000
[  236.815018][   T30] audit: type=1326 audit(2000000186.437:1591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9239 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb040938ea9 code=0x7ffc0000
[  236.839025][ T8141] keytouch 0003:0926:3333.0020: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0
[  236.862214][ T9226] F2FS-fs (loop0): invalid crc value
[  236.864874][   T30] audit: type=1326 audit(2000000186.437:1592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9239 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb040938ea9 code=0x7ffc0000
[  236.884258][ T9226] F2FS-fs (loop0): Found nat_bits in checkpoint
[  236.920778][ T9226] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  236.991039][ T9256] loop4: detected capacity change from 0 to 512
[  237.278116][ T9256] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  237.290181][  T500] usb 3-1: USB disconnect, device number 24
[  237.313861][ T9256] EXT4-fs (loop4): failed to initialize system zone (-117)
[  237.321154][ T9256] EXT4-fs (loop4): mount failed
[  237.392407][ T9256] 9pnet: Insufficient options for proto=fd
[  237.419239][ T9281] loop1: detected capacity change from 0 to 128
[  237.475612][ T9281] FAT-fs (loop1): Directory bread(block 160) failed
[  237.487941][ T5211] attempt to access beyond end of device
[  237.487941][ T5211] loop0: rw=524288, want=45072, limit=40427
[  237.493020][ T9281] FAT-fs (loop1): Directory bread(block 161) failed
[  237.500944][ T5211] attempt to access beyond end of device
[  237.500944][ T5211] loop0: rw=0, want=45072, limit=40427
[  237.516829][ T9281] FAT-fs (loop1): Directory bread(block 162) failed
[  237.534720][ T9281] FAT-fs (loop1): Directory bread(block 163) failed
[  237.541320][ T9281] FAT-fs (loop1): Directory bread(block 164) failed
[  237.547798][ T9281] FAT-fs (loop1): Directory bread(block 165) failed
[  237.550135][ T1669] attempt to access beyond end of device
[  237.550135][ T1669] loop0: rw=2049, want=45120, limit=40427
[  237.565246][ T9281] FAT-fs (loop1): Directory bread(block 166) failed
[  237.573469][ T9281] FAT-fs (loop1): Directory bread(block 167) failed
[  237.600027][ T9281] FAT-fs (loop1): Directory bread(block 160) failed
[  237.614940][ T9281] FAT-fs (loop1): Directory bread(block 161) failed
[  237.707855][ T9295] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
[  237.768429][  T500] hid-generic 0000:0000:0000.0021: unknown main item tag 0x1
[  237.781837][  T500] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  237.789424][  T500] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  237.796983][  T500] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  237.804787][  T500] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  237.812081][  T500] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  237.819331][  T500] hid-generic 0000:0000:0000.0021: unknown main item tag 0x4
[  237.829014][  T500] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  237.837185][  T500] hid-generic 0000:0000:0000.0021: unknown main item tag 0x2
[  237.846824][  T500] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  237.858014][  T500] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  237.865282][  T500] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  237.884778][  T500] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  237.894946][  T500] hid-generic 0000:0000:0000.0021: unknown main item tag 0x4
[  237.903231][  T500] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  237.925064][  T500] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  237.936377][  T500] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  237.944240][ T9311] bridge0: port 1(bridge_slave_0) entered blocking state
[  237.950122][  T500] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  237.951217][ T9311] bridge0: port 1(bridge_slave_0) entered disabled state
[  237.965720][  T500] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  237.965898][ T9311] device bridge_slave_0 entered promiscuous mode
[  237.980089][ T9311] bridge0: port 2(bridge_slave_1) entered blocking state
[  237.987120][ T9311] bridge0: port 2(bridge_slave_1) entered disabled state
[  237.990333][  T500] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  237.994585][ T9311] device bridge_slave_1 entered promiscuous mode
[  238.019947][  T500] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  238.028890][ T9321] syz-executor.2[9321] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  238.028965][ T9321] syz-executor.2[9321] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  238.033345][  T500] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  238.063163][  T500] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  238.074746][  T500] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  238.082120][  T500] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  238.089484][  T500] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  238.096761][  T500] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  238.104101][  T500] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  238.111422][  T500] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  238.118781][  T500] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  238.127782][  T500] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  238.135908][  T500] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  238.143234][  T500] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  238.150546][  T500] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  238.157922][  T500] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  238.165201][  T500] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  238.172451][  T500] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  238.180179][  T500] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  238.192035][  T500] hid-generic 0000:0000:0000.0021: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  238.192511][ T9311] bridge0: port 2(bridge_slave_1) entered blocking state
[  238.208259][ T9311] bridge0: port 2(bridge_slave_1) entered forwarding state
[  238.215398][ T9311] bridge0: port 1(bridge_slave_0) entered blocking state
[  238.222170][ T9311] bridge0: port 1(bridge_slave_0) entered forwarding state
[  238.253408][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  238.262350][  T331] bridge0: port 1(bridge_slave_0) entered disabled state
[  238.274388][  T331] bridge0: port 2(bridge_slave_1) entered disabled state
[  238.287181][ T8360] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  238.295809][ T8360] bridge0: port 1(bridge_slave_0) entered blocking state
[  238.302783][ T8360] bridge0: port 1(bridge_slave_0) entered forwarding state
[  238.324684][ T1669] device bridge_slave_0 left promiscuous mode
[  238.331410][ T1669] bridge0: port 1(bridge_slave_0) entered disabled state
[  238.341577][ T1669] device veth1_macvtap left promiscuous mode
[  238.347470][ T1669] device veth0_vlan left promiscuous mode
[  238.356832][   T30] audit: type=1400 audit(2000000188.006:1593): avc:  denied  { relabelfrom } for  pid=9327 comm="syz-executor.2" name="UNIX-STREAM" dev="sockfs" ino=56792 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[  238.390608][   T30] audit: type=1401 audit(2000000188.034:1594): op=setxattr invalid_context=""
[  238.440423][ T9338] loop2: detected capacity change from 0 to 2048
[  238.450610][ T9338] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  238.462206][ T9338] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a002e01c, mo2=0002]
[  238.470171][ T9338] System zones: 0-19
[  238.474808][ T9338] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  238.539297][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  238.549796][    T6] bridge0: port 2(bridge_slave_1) entered blocking state
[  238.556651][    T6] bridge0: port 2(bridge_slave_1) entered forwarding state
[  238.563922][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  238.571986][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  238.590108][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  238.604254][ T7722] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  238.612286][ T7722] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  238.620174][ T7722] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  238.636231][ T9311] device veth0_vlan entered promiscuous mode
[  238.660795][  T500] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  238.676194][ T9311] device veth1_macvtap entered promiscuous mode
[  238.681538][ T9350] loop2: detected capacity change from 0 to 2048
[  238.684546][ T9355] loop4: detected capacity change from 0 to 256
[  238.702307][  T500] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  238.710792][  T500] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  238.718796][ T9350] EXT4-fs (loop2): Ignoring removed mblk_io_submit option
[  238.727140][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  238.735844][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  238.764275][ T9350] EXT4-fs (loop2): mounted filesystem without journal. Opts: nombcache,usrjquota=,errors=remount-ro,norecovery,max_batch_time=0x0000000000000005,mblk_io_submit,minixdf,barrier=0x0000000000000000,grpjquota=,bsddf,. Quota mode: none.
[  238.863348][ T9368] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor.2: bg 0: block 234: padding at end of block bitmap is not set
[  238.888906][ T9368] EXT4-fs (loop2): Remounting filesystem read-only
[  238.916857][ T9372] overlayfs: missing 'lowerdir'
[  239.123755][ T9395] loop3: detected capacity change from 0 to 512
[  239.154332][ T9395] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  239.197161][ T9395] EXT4-fs (loop3): failed to initialize system zone (-117)
[  239.204332][ T9395] EXT4-fs (loop3): mount failed
[  239.342519][ T9395] 9pnet: Insufficient options for proto=fd
[  239.369941][   T63] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  239.641304][ T9413] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.3'.
[  239.650454][ T9413] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.3'.
[  239.751976][ T9423] loop1: detected capacity change from 0 to 256
[  239.767622][ T9425] loop3: detected capacity change from 0 to 128
[  239.782152][ T9423] exfat: Deprecated parameter 'namecase'
[  239.790142][ T9423] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d)
[  239.802320][   T63] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  239.804547][ T9425] FAT-fs (loop3): Directory bread(block 160) failed
[  239.813419][   T63] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  239.823171][ T9425] FAT-fs (loop3): Directory bread(block 161) failed
[  239.829396][   T63] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  239.835959][ T9425] FAT-fs (loop3): Directory bread(block 162) failed
[  239.847826][   T63] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  239.851223][ T9425] FAT-fs (loop3): Directory bread(block 163) failed
[  239.861313][   T63] usb 3-1: config 0 descriptor??
[  239.865375][ T9425] FAT-fs (loop3): Directory bread(block 164) failed
[  239.876445][ T9425] FAT-fs (loop3): Directory bread(block 165) failed
[  239.883194][ T9425] FAT-fs (loop3): Directory bread(block 166) failed
[  239.889852][ T9425] FAT-fs (loop3): Directory bread(block 167) failed
[  239.905676][ T9425] FAT-fs (loop3): Directory bread(block 160) failed
[  239.912215][ T9425] FAT-fs (loop3): Directory bread(block 161) failed
[  240.023336][ T9427] loop0: detected capacity change from 0 to 40427
[  240.064244][ T9427] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  240.071964][ T9427] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  240.072316][ T9439] rtc_cmos 00:00: Alarms can be up to one day in the future
[  240.083374][ T9427] F2FS-fs (loop0): Found nat_bits in checkpoint
[  240.116462][ T9446] syz-executor.4[9446] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  240.116538][ T9446] syz-executor.4[9446] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  240.124896][ T9427] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  240.146486][ T9427] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  240.154705][  T500] rtc_cmos 00:00: Alarms can be up to one day in the future
[  240.162257][  T500] rtc_cmos 00:00: Alarms can be up to one day in the future
[  240.170887][  T500] rtc_cmos 00:00: Alarms can be up to one day in the future
[  240.182364][  T500] rtc_cmos 00:00: Alarms can be up to one day in the future
[  240.189650][  T500] rtc rtc0: __rtc_set_alarm: err=-22
[  240.307698][ T9457] incfs: Can't find or create .index dir in ./file0
[  240.314664][ T9457] incfs: mount failed -14
[  240.410303][   T63] hid (null): bogus close delimiter
[  240.442581][   T30] audit: type=1400 audit(2000000189.935:1595): avc:  denied  { watch } for  pid=9470 comm="syz-executor.4" path="/proc/9470/map_files" dev="proc" ino=57127 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  240.541242][ T9473] loop1: detected capacity change from 0 to 512
[  240.620074][ T9473] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock
[  240.629738][ T9473] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock
[  240.639345][ T9473] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 1 overlaps superblock
[  240.670364][   T63] usb 3-1: language id specifier not provided by device, defaulting to English
[  240.681057][ T9473] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  240.688791][ T9473] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c040e118, mo2=0000]
[  240.698877][ T9473] EXT4-fs (loop1): orphan cleanup on readonly fs
[  240.708425][ T9473] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor.1: bg 0: block 34: padding at end of block bitmap is not set
[  240.723697][ T9473] Quota error (device loop1): write_blk: dquota write failed
[  240.731094][ T9473] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[  240.743008][ T9473] EXT4-fs (loop1): 1 truncate cleaned up
[  240.771399][ T9473] EXT4-fs (loop1): mounted filesystem without journal. Opts: noload,discard,nogrpid,noblock_validity,,errors=continue. Quota mode: writeback.
[  240.979492][ T9480] loop3: detected capacity change from 0 to 512
[  241.041027][ T9480] EXT4-fs (loop3): 1 orphan inode deleted
[  241.046750][ T9480] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  241.057807][ T9480] ext4 filesystem being mounted at /root/syzkaller-testdir1053385955/syzkaller.EzYSh8/149/file1 supports timestamps until 2038 (0x7fffffff)
[  241.137442][   T63] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:256C:006D.0022/input/input36
[  241.150407][   T63] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:256C:006D.0022/input/input37
[  241.163066][   T63] uclogic 0003:256C:006D.0022: input,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.2-1/input0
[  241.190079][  T500] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  241.360926][   T63] usb 3-1: USB disconnect, device number 25
[  241.369856][ T9496] loop1: detected capacity change from 0 to 256
[  241.460922][  T500] usb 5-1: Using ep0 maxpacket: 32
[  241.501277][   T30] audit: type=1400 audit(2000000190.904:1596): avc:  denied  { read } for  pid=9511 comm="syz-executor.1" name="loop-control" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  349.868198][    C0] rcu: INFO: rcu_preempt self-detected stall on CPU
[  349.874623][    C0] rcu: 	0-...!: (1 GPs behind) idle=6fb/1/0x4000000000000000 softirq=36421/36427 fqs=0 last_accelerate: e6a2/0dbb dyntick_enabled: 1
[  349.888067][    C0] 	(t=10002 jiffies g=36709 q=109)
[  349.893008][    C0] rcu: rcu_preempt kthread timer wakeup didn't happen for 10002 jiffies! g36709 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
[  349.905247][    C0] rcu: 	Possible timer handling issue on cpu=1 timer-softirq=10034
[  349.912974][    C0] rcu: rcu_preempt kthread starved for 10005 jiffies! g36709 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1
[  349.924168][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  349.933978][    C0] rcu: RCU grace-period kthread stack dump:
[  349.939703][    C0] task:rcu_preempt     state:I stack:28288 pid:   14 ppid:     2 flags:0x00004000
[  349.948738][    C0] Call Trace:
[  349.951856][    C0]  <TASK>
[  349.954639][    C0]  __schedule+0xccc/0x1590
[  349.958887][    C0]  ? __sched_text_start+0x8/0x8
[  349.963573][    C0]  ? __kasan_check_write+0x14/0x20
[  349.968519][    C0]  schedule+0x11f/0x1e0
[  349.972515][    C0]  schedule_timeout+0x18c/0x370
[  349.977201][    C0]  ? _raw_spin_unlock_irq+0x4e/0x70
[  349.982233][    C0]  ? console_conditional_schedule+0x30/0x30
[  349.987964][    C0]  ? update_process_times+0x200/0x200
[  349.993190][    C0]  ? prepare_to_swait_event+0x308/0x320
[  349.998553][    C0]  rcu_gp_fqs_loop+0x2af/0xf80
[  350.003325][    C0]  ? debug_smp_processor_id+0x17/0x20
[  350.008618][    C0]  ? __note_gp_changes+0x4ab/0x920
[  350.013566][    C0]  ? rcu_gp_init+0xc30/0xc30
[  350.018000][    C0]  ? _raw_spin_unlock_irq+0x4e/0x70
[  350.023027][    C0]  ? rcu_gp_init+0x9cf/0xc30
[  350.027455][    C0]  rcu_gp_kthread+0xa4/0x350
[  350.031880][    C0]  ? _raw_spin_lock+0x1b0/0x1b0
[  350.036573][    C0]  ? wake_nocb_gp+0x1e0/0x1e0
[  350.041082][    C0]  ? __kasan_check_read+0x11/0x20
[  350.045940][    C0]  ? __kthread_parkme+0xb2/0x200
[  350.050719][    C0]  kthread+0x421/0x510
[  350.054624][    C0]  ? wake_nocb_gp+0x1e0/0x1e0
[  350.059145][    C0]  ? kthread_blkcg+0xd0/0xd0
[  350.063560][    C0]  ret_from_fork+0x1f/0x30
[  350.067813][    C0]  </TASK>
[  350.070675][    C0] rcu: Stack dump where RCU GP kthread last ran:
[  350.076853][    C0] Sending NMI from CPU 0 to CPUs 1:
[  350.081895][    C1] NMI backtrace for cpu 1
[  350.081906][    C1] CPU: 1 PID: 9512 Comm: syz-executor.1 Tainted: G        W         5.15.149-syzkaller-00131-g79bd336c7a94 #0
[  350.081924][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  350.081933][    C1] RIP: 0010:kvm_wait+0x147/0x180
[  350.081959][    C1] Code: 4c 89 e8 48 c1 e8 03 42 0f b6 04 20 84 c0 44 8b 74 24 1c 75 34 41 0f b6 45 00 44 38 f0 75 10 66 90 0f 00 2d cb 03 f3 03 fb f4 <e9> 24 ff ff ff fb e9 1e ff ff ff 44 89 e9 80 e1 07 38 c1 7c a3 4c
[  350.081972][    C1] RSP: 0018:ffffc90000dc6e80 EFLAGS: 00000246
[  350.081986][    C1] RAX: 0000000000000001 RBX: 1ffff920001b8dd4 RCX: 1ffffffff0d1aa9c
[  350.081998][    C1] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffff8881f7138ad4
[  350.082008][    C1] RBP: ffffc90000dc6f30 R08: dffffc0000000000 R09: ffffed103ee2715b
[  350.082020][    C1] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[  350.082031][    C1] R13: ffff8881f7138ad4 R14: 0000000000000001 R15: 1ffff920001b8dd8
[  350.082042][    C1] FS:  00007f5bd7d0e6c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[  350.082056][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  350.082067][    C1] CR2: 0000001b3112a000 CR3: 0000000128b4b000 CR4: 00000000003506a0
[  350.082081][    C1] DR0: 0000000000002800 DR1: 0000000000000000 DR2: 0000000000000000
[  350.082091][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  350.082101][    C1] Call Trace:
[  350.082106][    C1]  <NMI>
[  350.082112][    C1]  ? show_regs+0x58/0x60
[  350.082128][    C1]  ? nmi_cpu_backtrace+0x29f/0x300
[  350.082146][    C1]  ? nmi_trigger_cpumask_backtrace+0x270/0x270
[  350.082165][    C1]  ? kvm_wait+0x147/0x180
[  350.082178][    C1]  ? kvm_wait+0x147/0x180
[  350.082192][    C1]  ? nmi_cpu_backtrace_handler+0xc/0x20
[  350.082208][    C1]  ? nmi_handle+0xa8/0x280
[  350.082223][    C1]  ? kvm_wait+0x147/0x180
[  350.082236][    C1]  ? default_do_nmi+0x69/0x160
[  350.082252][    C1]  ? exc_nmi+0xaf/0x120
[  350.082266][    C1]  ? end_repeat_nmi+0x16/0x31
[  350.082286][    C1]  ? kvm_wait+0x147/0x180
[  350.082299][    C1]  ? kvm_wait+0x147/0x180
[  350.082313][    C1]  ? kvm_wait+0x147/0x180
[  350.082327][    C1]  </NMI>
[  350.082331][    C1]  <TASK>
[  350.082336][    C1]  ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[  350.082351][    C1]  ? kvm_arch_para_hints+0x30/0x30
[  350.082368][    C1]  __pv_queued_spin_lock_slowpath+0x41b/0xc40
[  350.082387][    C1]  ? get_page_from_freelist+0x3550/0x35d0
[  350.082405][    C1]  ? __pv_queued_spin_unlock_slowpath+0x310/0x310
[  350.082424][    C1]  _raw_spin_lock_bh+0x139/0x1b0
[  350.082441][    C1]  ? _raw_spin_lock_irq+0x1b0/0x1b0
[  350.082459][    C1]  ? sock_hash_bucket_hash+0x31c/0x7e0
[  350.082478][    C1]  sock_hash_delete_elem+0xb1/0x2f0
[  350.082496][    C1]  bpf_prog_2c29ac5cdc6b1842+0x3a/0x738
[  350.082515][    C1]  bpf_trace_run4+0x13f/0x270
[  350.082532][    C1]  ? bpf_trace_run3+0x250/0x250
[  350.082551][    C1]  __bpf_trace_mm_page_alloc+0xbf/0xf0
[  350.082569][    C1]  __alloc_pages+0x3cb/0x8f0
[  350.082584][    C1]  ? prep_new_page+0x110/0x110
[  350.082602][    C1]  ? stack_trace_save+0x113/0x1c0
[  350.082623][    C1]  ? __se_sys_ioctl+0x53/0x190
[  350.082636][    C1]  ? __x64_sys_ioctl+0x7b/0x90
[  350.082650][    C1]  __stack_depot_save+0x38d/0x470
[  350.082670][    C1]  stack_depot_save+0xe/0x10
[  350.082682][    C1]  save_stack+0x104/0x1e0
[  350.082697][    C1]  ? __reset_page_owner+0x190/0x190
[  350.082711][    C1]  ? post_alloc_hook+0x1a3/0x1b0
[  350.082726][    C1]  ? prep_new_page+0x1b/0x110
[  350.082741][    C1]  ? get_page_from_freelist+0x3550/0x35d0
[  350.082757][    C1]  ? __alloc_pages+0x27e/0x8f0
[  350.082771][    C1]  ? __stack_depot_save+0x38d/0x470
[  350.082787][    C1]  ? ____kasan_kmalloc+0xed/0x110
[  350.082802][    C1]  ? __kasan_kmalloc+0x9/0x10
[  350.082816][    C1]  ? kmem_cache_alloc_trace+0x115/0x210
[  350.082831][    C1]  ? loop_add+0x57/0x920
[  350.082845][    C1]  ? loop_control_ioctl+0x109/0x6f0
[  350.082859][    C1]  ? __se_sys_ioctl+0x114/0x190
[  350.082872][    C1]  ? __x64_sys_ioctl+0x7b/0x90
[  350.082885][    C1]  ? do_syscall_64+0x3d/0xb0
[  350.082899][    C1]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  350.082914][    C1]  ? kasan_quarantine_put+0x34/0x1a0
[  350.082930][    C1]  ? kmem_cache_free+0x116/0x2e0
[  350.082946][    C1]  ? ____kasan_slab_free+0x131/0x160
[  350.082961][    C1]  __set_page_owner+0x28/0x2e0
[  350.082975][    C1]  ? kernel_init_free_pages+0xda/0xf0
[  350.082991][    C1]  post_alloc_hook+0x1a3/0x1b0
[  350.083007][    C1]  prep_new_page+0x1b/0x110
[  350.083023][    C1]  get_page_from_freelist+0x3550/0x35d0
[  350.083039][    C1]  ? audit_log_end+0x1c8/0x230
[  350.083053][    C1]  ? avc_audit_pre_callback+0x2b0/0x2b0
[  350.083071][    C1]  ? common_lsm_audit+0x149e/0x18b0
[  350.083087][    C1]  ? call_rcu+0x5ed/0x1310
[  350.083105][    C1]  ? _raw_spin_lock+0x1b0/0x1b0
[  350.083122][    C1]  ? lruvec_init+0x150/0x150
[  350.083139][    C1]  ? __alloc_pages+0x8f0/0x8f0
[  350.083156][    C1]  ? __alloc_pages_bulk+0xe40/0xe40
[  350.083171][    C1]  ? stack_trace_save+0x1c0/0x1c0
[  350.083188][    C1]  __alloc_pages+0x27e/0x8f0
[  350.083203][    C1]  ? prep_new_page+0x110/0x110
[  350.083220][    C1]  ? stack_trace_save+0x113/0x1c0
[  350.083235][    C1]  ? stack_trace_snprint+0xf0/0xf0
[  350.083251][    C1]  __stack_depot_save+0x38d/0x470
[  350.083269][    C1]  ____kasan_kmalloc+0xed/0x110
[  350.083283][    C1]  ? ____kasan_kmalloc+0xdb/0x110
[  350.083297][    C1]  ? __kasan_kmalloc+0x9/0x10
[  350.083310][    C1]  ? kmem_cache_alloc_trace+0x115/0x210
[  350.083326][    C1]  ? loop_add+0x57/0x920
[  350.083339][    C1]  ? loop_control_ioctl+0x109/0x6f0
[  350.083353][    C1]  ? __se_sys_ioctl+0x114/0x190
[  350.083365][    C1]  ? __x64_sys_ioctl+0x7b/0x90
[  350.083378][    C1]  ? do_syscall_64+0x3d/0xb0
[  350.083392][    C1]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  350.083416][    C1]  __kasan_kmalloc+0x9/0x10
[  350.083429][    C1]  kmem_cache_alloc_trace+0x115/0x210
[  350.083445][    C1]  ? loop_add+0x57/0x920
[  350.083460][    C1]  loop_add+0x57/0x920
[  350.083474][    C1]  loop_control_ioctl+0x109/0x6f0
[  350.083489][    C1]  ? xor_init+0x70/0x70
[  350.083503][    C1]  ? security_file_ioctl+0x84/0xb0
[  350.083519][    C1]  ? xor_init+0x70/0x70
[  350.083532][    C1]  __se_sys_ioctl+0x114/0x190
[  350.083546][    C1]  __x64_sys_ioctl+0x7b/0x90
[  350.083560][    C1]  do_syscall_64+0x3d/0xb0
[  350.083574][    C1]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  350.083589][    C1] RIP: 0033:0x7f5bd8993ea9
[  350.083604][    C1] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  350.083622][    C1] RSP: 002b:00007f5bd7d0e0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  350.083637][    C1] RAX: ffffffffffffffda RBX: 00007f5bd8acaf80 RCX: 00007f5bd8993ea9
[  350.083648][    C1] RDX: ffffffffffffffb6 RSI: 0000000000004c80 RDI: 0000000000000008
[  350.083658][    C1] RBP: 00007f5bd8a02ff4 R08: 0000000000000000 R09: 0000000000000000
[  350.083668][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  350.083678][    C1] R13: 000000000000000b R14: 00007f5bd8acaf80 R15: 00007ffd13afeff8
[  350.083692][    C1]  </TASK>
[  350.083898][    C0] NMI backtrace for cpu 0
[  350.756617][    C0] CPU: 0 PID: 9510 Comm: syz-executor.0 Tainted: G        W         5.15.149-syzkaller-00131-g79bd336c7a94 #0
[  350.768060][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  350.778045][    C0] Call Trace:
[  350.781167][    C0]  <IRQ>
[  350.783861][    C0]  dump_stack_lvl+0x151/0x1b7
[  350.788373][    C0]  ? io_uring_drop_tctx_refs+0x190/0x190
[  350.793839][    C0]  ? ttwu_do_wakeup+0x187/0x430
[  350.798526][    C0]  dump_stack+0x15/0x17
[  350.802517][    C0]  nmi_cpu_backtrace+0x2f7/0x300
[  350.807295][    C0]  ? nmi_trigger_cpumask_backtrace+0x270/0x270
[  350.813280][    C0]  ? _raw_spin_lock_irqsave+0xf9/0x210
[  350.818573][    C0]  ? _raw_spin_lock+0x1b0/0x1b0
[  350.823439][    C0]  ? arch_trigger_cpumask_backtrace+0x20/0x20
[  350.829337][    C0]  nmi_trigger_cpumask_backtrace+0x15d/0x270
[  350.835154][    C0]  ? arch_trigger_cpumask_backtrace+0x20/0x20
[  350.841052][    C0]  arch_trigger_cpumask_backtrace+0x10/0x20
[  350.846791][    C0]  rcu_dump_cpu_stacks+0x1d8/0x330
[  350.851730][    C0]  print_cpu_stall+0x315/0x5f0
[  350.856331][    C0]  rcu_sched_clock_irq+0x989/0x12f0
[  350.861363][    C0]  ? rcu_boost_kthread_setaffinity+0x340/0x340
[  350.867352][    C0]  ? hrtimer_run_queues+0x15f/0x440
[  350.872385][    C0]  update_process_times+0x198/0x200
[  350.877422][    C0]  tick_sched_timer+0x188/0x240
[  350.882106][    C0]  ? tick_setup_sched_timer+0x480/0x480
[  350.887492][    C0]  __hrtimer_run_queues+0x41a/0xad0
[  350.892532][    C0]  ? hrtimer_interrupt+0xaa0/0xaa0
[  350.897471][    C0]  ? clockevents_program_event+0x22f/0x300
[  350.903110][    C0]  ? ktime_get_update_offsets_now+0x2ba/0x2d0
[  350.909021][    C0]  hrtimer_interrupt+0x40c/0xaa0
[  350.913902][    C0]  __sysvec_apic_timer_interrupt+0xfd/0x3c0
[  350.919630][    C0]  sysvec_apic_timer_interrupt+0x95/0xc0
[  350.925096][    C0]  </IRQ>
[  350.927871][    C0]  <TASK>
[  350.930653][    C0]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[  350.936469][    C0] RIP: 0010:__pv_queued_spin_lock_slowpath+0x5be/0xc40
[  350.943149][    C0] Code: dc c6 03 00 48 8b 44 24 10 0f b6 04 10 84 c0 0f 85 48 01 00 00 48 8b 44 24 08 c6 00 01 bb 00 80 ff ff eb 06 f3 90 ff c3 74 5e <41> 0f b6 44 15 00 84 c0 75 36 41 80 3f 00 75 ea 4c 89 ff be 02 00
[  350.962688][    C0] RSP: 0018:ffffc90000a865c0 EFLAGS: 00000286
[  350.968583][    C0] RAX: 0000000000000000 RBX: 00000000ffff871b RCX: ffffffff8154fa3f
[  350.976402][    C0] RDX: dffffc0000000000 RSI: 0000000000000003 RDI: ffff8881153488d8
[  350.984203][    C0] RBP: ffffc90000a866b0 R08: dffffc0000000000 R09: ffffed1022a6911c
[  350.992012][    C0] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881f7038ad4
[  350.999825][    C0] R13: 1ffff11022a6911b R14: 1ffff1103ee00001 R15: ffff8881153488d8
[  351.007642][    C0]  ? __pv_queued_spin_lock_slowpath+0x65f/0xc40
[  351.013717][    C0]  ? __pv_queued_spin_unlock_slowpath+0x310/0x310
[  351.019962][    C0]  _raw_spin_lock_bh+0x139/0x1b0
[  351.024742][    C0]  ? _raw_spin_lock_irq+0x1b0/0x1b0
[  351.029768][    C0]  ? sock_hash_bucket_hash+0x31c/0x7e0
[  351.035063][    C0]  sock_hash_delete_elem+0xb1/0x2f0
[  351.040100][    C0]  bpf_prog_2c29ac5cdc6b1842+0x3a/0x738
[  351.045510][    C0]  bpf_trace_run4+0x13f/0x270
[  351.049993][    C0]  ? bpf_trace_run3+0x250/0x250
[  351.054695][    C0]  __bpf_trace_mm_page_alloc+0xbf/0xf0
[  351.060062][    C0]  __alloc_pages+0x3cb/0x8f0
[  351.064487][    C0]  ? prep_new_page+0x110/0x110
[  351.069177][    C0]  ? __bpf_trace_mm_page_alloc+0xbf/0xf0
[  351.074641][    C0]  ? stack_trace_save+0x113/0x1c0
[  351.079502][    C0]  __stack_depot_save+0x38d/0x470
[  351.084363][    C0]  stack_depot_save+0xe/0x10
[  351.088788][    C0]  save_stack+0x104/0x1e0
[  351.092956][    C0]  ? __kasan_check_write+0x14/0x20
[  351.097903][    C0]  ? __reset_page_owner+0x190/0x190
[  351.102935][    C0]  ? post_alloc_hook+0x1a3/0x1b0
[  351.107708][    C0]  ? prep_new_page+0x1b/0x110
[  351.112744][    C0]  ? get_page_from_freelist+0x3550/0x35d0
[  351.118307][    C0]  ? __alloc_pages+0x27e/0x8f0
[  351.122898][    C0]  ? __stack_depot_save+0x38d/0x470
[  351.127932][    C0]  ? kasan_set_track+0x5d/0x70
[  351.132533][    C0]  ? kasan_set_free_info+0x23/0x40
[  351.137482][    C0]  ? ____kasan_slab_free+0x126/0x160
[  351.142607][    C0]  ? __kasan_slab_free+0x11/0x20
[  351.147376][    C0]  ? slab_free_freelist_hook+0xbd/0x190
[  351.152757][    C0]  ? kfree+0xc8/0x220
[  351.156572][    C0]  ? sock_map_unref+0x352/0x4d0
[  351.161262][    C0]  ? sock_hash_delete_elem+0x274/0x2f0
[  351.166560][    C0]  ? bpf_prog_2c29ac5cdc6b1842+0x3a/0x738
[  351.172111][    C0]  ? bpf_trace_run4+0x13f/0x270
[  351.176797][    C0]  ? __bpf_trace_mm_page_alloc+0xbf/0xf0
[  351.182351][    C0]  ? sched_clock_cpu+0x18/0x3b0
[  351.187038][    C0]  __set_page_owner+0x28/0x2e0
[  351.191640][    C0]  ? kernel_init_free_pages+0xda/0xf0
[  351.196846][    C0]  post_alloc_hook+0x1a3/0x1b0
[  351.201450][    C0]  prep_new_page+0x1b/0x110
[  351.205785][    C0]  get_page_from_freelist+0x3550/0x35d0
[  351.211181][    C0]  ? __kernel_text_address+0x9b/0x110
[  351.216376][    C0]  ? unwind_get_return_address+0x4d/0x90
[  351.221845][    C0]  ? lruvec_init+0x150/0x150
[  351.226271][    C0]  ? __alloc_pages+0x8f0/0x8f0
[  351.230870][    C0]  ? __alloc_pages_bulk+0xe40/0xe40
[  351.235917][    C0]  ? stack_trace_save+0x1c0/0x1c0
[  351.240940][    C0]  __alloc_pages+0x27e/0x8f0
[  351.245365][    C0]  ? prep_new_page+0x110/0x110
[  351.249963][    C0]  ? stack_trace_save+0x113/0x1c0
[  351.254825][    C0]  ? stack_trace_snprint+0xf0/0xf0
[  351.259773][    C0]  __stack_depot_save+0x38d/0x470
[  351.264631][    C0]  ? kfree+0xc8/0x220
[  351.268456][    C0]  kasan_set_track+0x5d/0x70
[  351.272877][    C0]  ? kasan_set_track+0x4b/0x70
[  351.277477][    C0]  ? kasan_set_free_info+0x23/0x40
[  351.282425][    C0]  ? ____kasan_slab_free+0x126/0x160
[  351.287722][    C0]  ? __kasan_slab_free+0x11/0x20
[  351.292499][    C0]  ? slab_free_freelist_hook+0xbd/0x190
[  351.297962][    C0]  ? kfree+0xc8/0x220
[  351.301779][    C0]  ? sock_map_unref+0x352/0x4d0
[  351.306470][    C0]  ? sock_hash_delete_elem+0x274/0x2f0
[  351.311762][    C0]  ? bpf_prog_2c29ac5cdc6b1842+0x3a/0x738
[  351.317322][    C0]  ? bpf_trace_run4+0x13f/0x270
[  351.322002][    C0]  ? __bpf_trace_mm_page_alloc+0xbf/0xf0
[  351.327474][    C0]  ? __alloc_pages+0x3cb/0x8f0
[  351.332338][    C0]  ? handle_pte_fault+0xea0/0x24d0
[  351.337294][    C0]  ? do_handle_mm_fault+0x1ea9/0x23a0
[  351.342517][    C0]  ? __get_user_pages+0x379/0xee0
[  351.347370][    C0]  ? __mm_populate+0x38d/0x560
[  351.351947][    C0]  ? __se_sys_mlockall+0x397/0x450
[  351.356895][    C0]  ? __x64_sys_mlockall+0x38/0x40
[  351.361760][    C0]  ? do_syscall_64+0x3d/0xb0
[  351.366182][    C0]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  351.372090][    C0]  ? post_alloc_hook+0x1a3/0x1b0
[  351.376865][    C0]  kasan_set_free_info+0x23/0x40
[  351.381653][    C0]  ____kasan_slab_free+0x126/0x160
[  351.386579][    C0]  __kasan_slab_free+0x11/0x20
[  351.391185][    C0]  slab_free_freelist_hook+0xbd/0x190
[  351.396387][    C0]  ? sock_map_unref+0x352/0x4d0
[  351.401083][    C0]  kfree+0xc8/0x220
[  351.404720][    C0]  sock_map_unref+0x352/0x4d0
[  351.409232][    C0]  sock_hash_delete_elem+0x274/0x2f0
[  351.414356][    C0]  bpf_prog_2c29ac5cdc6b1842+0x3a/0x738
[  351.419733][    C0]  bpf_trace_run4+0x13f/0x270
[  351.424246][    C0]  ? bpf_trace_run3+0x250/0x250
[  351.428936][    C0]  __bpf_trace_mm_page_alloc+0xbf/0xf0
[  351.434236][    C0]  __alloc_pages+0x3cb/0x8f0
[  351.438655][    C0]  ? prep_new_page+0x110/0x110
[  351.443258][    C0]  handle_pte_fault+0xea0/0x24d0
[  351.448027][    C0]  ? fault_around_bytes_set+0xc0/0xc0
[  351.453244][    C0]  do_handle_mm_fault+0x1ea9/0x23a0
[  351.458273][    C0]  ? numa_migrate_prep+0xe0/0xe0
[  351.463046][    C0]  ? follow_page_mask+0x900/0x10e0
[  351.467991][    C0]  ? asm_sysvec_call_function_single+0x1b/0x20
[  351.473978][    C0]  ? follow_page+0x230/0x230
[  351.478404][    C0]  ? vmacache_update+0xb7/0x120
[  351.483096][    C0]  __get_user_pages+0x379/0xee0
[  351.487782][    C0]  ? populate_vma_page_range+0xf0/0xf0
[  351.493077][    C0]  __mm_populate+0x38d/0x560
[  351.497500][    C0]  ? check_vma_flags+0x2d0/0x2d0
[  351.502275][    C0]  __se_sys_mlockall+0x397/0x450
[  351.507048][    C0]  __x64_sys_mlockall+0x38/0x40
[  351.511735][    C0]  do_syscall_64+0x3d/0xb0
[  351.515986][    C0]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  351.521714][    C0] RIP: 0033:0x7f6e3a84cea9
[  351.525974][    C0] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  351.545844][    C0] RSP: 002b:00007f6e39bc70c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000097
[  351.554087][    C0] RAX: ffffffffffffffda RBX: 00007f6e3a983f80 RCX: 00007f6e3a84cea9
[  351.561906][    C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  351.569720][    C0] RBP: 00007f6e3a8bbff4 R08: 0000000000000000 R09: 0000000000000000
[  351.577956][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  351.585769][    C0] R13: 000000000000000b R14: 00007f6e3a983f80 R15: 00007ffc117c7f88
[  351.593584][    C0]  </TASK>
[  487.594922][    C1] watchdog: BUG: soft lockup - CPU#1 stuck for 245s! [syz-executor.1:9512]
[  487.603335][    C1] Modules linked in:
[  487.607072][    C1] CPU: 1 PID: 9512 Comm: syz-executor.1 Tainted: G        W         5.15.149-syzkaller-00131-g79bd336c7a94 #0
[  487.618521][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  487.628417][    C1] RIP: 0010:__pv_queued_spin_lock_slowpath+0x38b/0xc40
[  487.635100][    C1] Code: 00 00 00 00 00 fc ff df 41 0f b6 04 16 84 c0 0f 85 ac 00 00 00 48 8b 44 24 08 83 38 00 0f 85 15 01 00 00 45 84 e4 74 09 f3 90 <41> ff cc 75 d9 eb 1b 48 8b 44 24 20 0f b6 04 10 84 c0 0f 85 cd 00
[  487.655156][    C1] RSP: 0018:ffffc90000dc6f40 EFLAGS: 00000286
[  487.661050][    C1] RAX: ffff8881f7138ac8 RBX: ffff8881f7138ad4 RCX: 0000000000000000
[  487.668864][    C1] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffff8881f7138ad4
[  487.676681][    C1] RBP: ffffc90000dc7030 R08: dffffc0000000000 R09: ffffed103ee2715b
[  487.684483][    C1] R10: 0000000000000000 R11: dffffc0000000001 R12: 00000000000068fc
[  487.692296][    C1] R13: 1ffff11022a6911b R14: 1ffff1103ee27159 R15: ffff8881153488d8
[  487.700107][    C1] FS:  00007f5bd7d0e6c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[  487.708874][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  487.715294][    C1] CR2: 0000001b3112a000 CR3: 0000000128b4b000 CR4: 00000000003506a0
[  487.723111][    C1] DR0: 0000000000002800 DR1: 0000000000000000 DR2: 0000000000000000
[  487.730923][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  487.738737][    C1] Call Trace:
[  487.741858][    C1]  <IRQ>
[  487.744563][    C1]  ? show_regs+0x58/0x60
[  487.748628][    C1]  ? watchdog_timer_fn+0x4b1/0x5f0
[  487.753572][    C1]  ? proc_watchdog_cpumask+0xd0/0xd0
[  487.758694][    C1]  ? __hrtimer_run_queues+0x41a/0xad0
[  487.763902][    C1]  ? hrtimer_interrupt+0xaa0/0xaa0
[  487.768848][    C1]  ? clockevents_program_event+0x22f/0x300
[  487.774489][    C1]  ? ktime_get_update_offsets_now+0x2ba/0x2d0
[  487.780393][    C1]  ? hrtimer_interrupt+0x40c/0xaa0
[  487.785340][    C1]  ? __sysvec_apic_timer_interrupt+0xfd/0x3c0
[  487.791241][    C1]  ? sysvec_apic_timer_interrupt+0x95/0xc0
[  487.796882][    C1]  </IRQ>
[  487.799661][    C1]  <TASK>
[  487.802438][    C1]  ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[  487.808428][    C1]  ? __pv_queued_spin_lock_slowpath+0x38b/0xc40
[  487.814502][    C1]  ? get_page_from_freelist+0x3550/0x35d0
[  487.820059][    C1]  ? __pv_queued_spin_unlock_slowpath+0x310/0x310
[  487.826308][    C1]  _raw_spin_lock_bh+0x139/0x1b0
[  487.831079][    C1]  ? _raw_spin_lock_irq+0x1b0/0x1b0
[  487.836112][    C1]  ? sock_hash_bucket_hash+0x31c/0x7e0
[  487.841410][    C1]  sock_hash_delete_elem+0xb1/0x2f0
[  487.846446][    C1]  bpf_prog_2c29ac5cdc6b1842+0x3a/0x738
[  487.851822][    C1]  bpf_trace_run4+0x13f/0x270
[  487.856336][    C1]  ? bpf_trace_run3+0x250/0x250
[  487.861024][    C1]  __bpf_trace_mm_page_alloc+0xbf/0xf0
[  487.866404][    C1]  __alloc_pages+0x3cb/0x8f0
[  487.870835][    C1]  ? prep_new_page+0x110/0x110
[  487.875439][    C1]  ? stack_trace_save+0x113/0x1c0
[  487.880470][    C1]  ? __se_sys_ioctl+0x53/0x190
[  487.885071][    C1]  ? __x64_sys_ioctl+0x7b/0x90
[  487.889664][    C1]  __stack_depot_save+0x38d/0x470
[  487.894526][    C1]  stack_depot_save+0xe/0x10
[  487.898951][    C1]  save_stack+0x104/0x1e0
[  487.903116][    C1]  ? __reset_page_owner+0x190/0x190
[  487.908151][    C1]  ? post_alloc_hook+0x1a3/0x1b0
[  487.912932][    C1]  ? prep_new_page+0x1b/0x110
[  487.917445][    C1]  ? get_page_from_freelist+0x3550/0x35d0
[  487.922995][    C1]  ? __alloc_pages+0x27e/0x8f0
[  487.927591][    C1]  ? __stack_depot_save+0x38d/0x470
[  487.932629][    C1]  ? ____kasan_kmalloc+0xed/0x110
[  487.937492][    C1]  ? __kasan_kmalloc+0x9/0x10
[  487.942001][    C1]  ? kmem_cache_alloc_trace+0x115/0x210
[  487.947380][    C1]  ? loop_add+0x57/0x920
[  487.951461][    C1]  ? loop_control_ioctl+0x109/0x6f0
[  487.956495][    C1]  ? __se_sys_ioctl+0x114/0x190
[  487.961181][    C1]  ? __x64_sys_ioctl+0x7b/0x90
[  487.965781][    C1]  ? do_syscall_64+0x3d/0xb0
[  487.970208][    C1]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  487.976112][    C1]  ? kasan_quarantine_put+0x34/0x1a0
[  487.981230][    C1]  ? kmem_cache_free+0x116/0x2e0
[  487.986006][    C1]  ? ____kasan_slab_free+0x131/0x160
[  487.991128][    C1]  __set_page_owner+0x28/0x2e0
[  487.995727][    C1]  ? kernel_init_free_pages+0xda/0xf0
[  488.000934][    C1]  post_alloc_hook+0x1a3/0x1b0
[  488.005534][    C1]  prep_new_page+0x1b/0x110
[  488.009873][    C1]  get_page_from_freelist+0x3550/0x35d0
[  488.015265][    C1]  ? audit_log_end+0x1c8/0x230
[  488.019861][    C1]  ? avc_audit_pre_callback+0x2b0/0x2b0
[  488.025238][    C1]  ? common_lsm_audit+0x149e/0x18b0
[  488.030270][    C1]  ? call_rcu+0x5ed/0x1310
[  488.034543][    C1]  ? _raw_spin_lock+0x1b0/0x1b0
[  488.039213][    C1]  ? lruvec_init+0x150/0x150
[  488.043640][    C1]  ? __alloc_pages+0x8f0/0x8f0
[  488.048240][    C1]  ? __alloc_pages_bulk+0xe40/0xe40
[  488.053271][    C1]  ? stack_trace_save+0x1c0/0x1c0
[  488.058133][    C1]  __alloc_pages+0x27e/0x8f0
[  488.062561][    C1]  ? prep_new_page+0x110/0x110
[  488.067166][    C1]  ? stack_trace_save+0x113/0x1c0
[  488.072018][    C1]  ? stack_trace_snprint+0xf0/0xf0
[  488.076980][    C1]  __stack_depot_save+0x38d/0x470
[  488.081826][    C1]  ____kasan_kmalloc+0xed/0x110
[  488.086511][    C1]  ? ____kasan_kmalloc+0xdb/0x110
[  488.091373][    C1]  ? __kasan_kmalloc+0x9/0x10
[  488.095886][    C1]  ? kmem_cache_alloc_trace+0x115/0x210
[  488.101355][    C1]  ? loop_add+0x57/0x920
[  488.105442][    C1]  ? loop_control_ioctl+0x109/0x6f0
[  488.110469][    C1]  ? __se_sys_ioctl+0x114/0x190
[  488.115152][    C1]  ? __x64_sys_ioctl+0x7b/0x90
[  488.119753][    C1]  ? do_syscall_64+0x3d/0xb0
[  488.124180][    C1]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  488.130106][    C1]  __kasan_kmalloc+0x9/0x10
[  488.134426][    C1]  kmem_cache_alloc_trace+0x115/0x210
[  488.139631][    C1]  ? loop_add+0x57/0x920
[  488.143711][    C1]  loop_add+0x57/0x920
[  488.147615][    C1]  loop_control_ioctl+0x109/0x6f0
[  488.152475][    C1]  ? xor_init+0x70/0x70
[  488.156478][    C1]  ? security_file_ioctl+0x84/0xb0
[  488.161420][    C1]  ? xor_init+0x70/0x70
[  488.165408][    C1]  __se_sys_ioctl+0x114/0x190
[  488.169921][    C1]  __x64_sys_ioctl+0x7b/0x90
[  488.174348][    C1]  do_syscall_64+0x3d/0xb0
[  488.178601][    C1]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  488.184328][    C1] RIP: 0033:0x7f5bd8993ea9
[  488.188587][    C1] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  488.208024][    C1] RSP: 002b:00007f5bd7d0e0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  488.216276][    C1] RAX: ffffffffffffffda RBX: 00007f5bd8acaf80 RCX: 00007f5bd8993ea9
[  488.224080][    C1] RDX: ffffffffffffffb6 RSI: 0000000000004c80 RDI: 0000000000000008
[  488.231893][    C1] RBP: 00007f5bd8a02ff4 R08: 0000000000000000 R09: 0000000000000000
[  488.239703][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  488.247515][    C1] R13: 000000000000000b R14: 00007f5bd8acaf80 R15: 00007ffd13afeff8
[  488.255334][    C1]  </TASK>
[  488.258190][    C1] Sending NMI from CPU 1 to CPUs 0:
[  488.263248][    C0] NMI backtrace for cpu 0
[  488.263258][    C0] CPU: 0 PID: 9510 Comm: syz-executor.0 Tainted: G        W         5.15.149-syzkaller-00131-g79bd336c7a94 #0
[  488.263276][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  488.263285][    C0] RIP: 0010:kvm_wait+0x147/0x180
[  488.263306][    C0] Code: 4c 89 e8 48 c1 e8 03 42 0f b6 04 20 84 c0 44 8b 74 24 1c 75 34 41 0f b6 45 00 44 38 f0 75 10 66 90 0f 00 2d cb 03 f3 03 fb f4 <e9> 24 ff ff ff fb e9 1e ff ff ff 44 89 e9 80 e1 07 38 c1 7c a3 4c
[  488.263319][    C0] RSP: 0018:ffffc90000a86500 EFLAGS: 00000246
[  488.263333][    C0] RAX: 0000000000000003 RBX: 1ffff92000150ca4 RCX: ffffffff8154fa3f
[  488.263345][    C0] RDX: dffffc0000000000 RSI: 0000000000000003 RDI: ffff8881153488d8
[  488.263356][    C0] RBP: ffffc90000a865b0 R08: dffffc0000000000 R09: ffffed1022a6911c
[  488.263368][    C0] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[  488.263379][    C0] R13: ffff8881153488d8 R14: 0000000000000003 R15: 1ffff92000150ca8
[  488.263389][    C0] FS:  00007f6e39bc76c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[  488.263403][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  488.263414][    C0] CR2: 0000001b31e30000 CR3: 00000001137b0000 CR4: 00000000003506b0
[  488.263429][    C0] DR0: 0000000000002800 DR1: 0000000000000000 DR2: 0000000000000000
[  488.263439][    C0] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  488.263449][    C0] Call Trace:
[  488.263455][    C0]  <NMI>
[  488.263460][    C0]  ? show_regs+0x58/0x60
[  488.263476][    C0]  ? nmi_cpu_backtrace+0x29f/0x300
[  488.263496][    C0]  ? nmi_trigger_cpumask_backtrace+0x270/0x270
[  488.263519][    C0]  ? kvm_wait+0x147/0x180
[  488.263532][    C0]  ? kvm_wait+0x147/0x180
[  488.263546][    C0]  ? nmi_cpu_backtrace_handler+0xc/0x20
[  488.263562][    C0]  ? nmi_handle+0xa8/0x280
[  488.263578][    C0]  ? kvm_wait+0x147/0x180
[  488.263592][    C0]  ? default_do_nmi+0x69/0x160
[  488.263609][    C0]  ? exc_nmi+0xaf/0x120
[  488.263623][    C0]  ? end_repeat_nmi+0x16/0x31
[  488.263640][    C0]  ? __pv_queued_spin_lock_slowpath+0x65f/0xc40
[  488.263659][    C0]  ? kvm_wait+0x147/0x180
[  488.263673][    C0]  ? kvm_wait+0x147/0x180
[  488.263688][    C0]  ? kvm_wait+0x147/0x180
[  488.263701][    C0]  </NMI>
[  488.263706][    C0]  <TASK>
[  488.263711][    C0]  ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[  488.263727][    C0]  ? kvm_arch_para_hints+0x30/0x30
[  488.263742][    C0]  ? __pv_queued_spin_lock_slowpath+0x65f/0xc40
[  488.263759][    C0]  __pv_queued_spin_lock_slowpath+0x6bc/0xc40
[  488.263779][    C0]  ? __pv_queued_spin_unlock_slowpath+0x310/0x310
[  488.263798][    C0]  _raw_spin_lock_bh+0x139/0x1b0
[  488.263818][    C0]  ? _raw_spin_lock_irq+0x1b0/0x1b0
[  488.263835][    C0]  ? sock_hash_bucket_hash+0x31c/0x7e0
[  488.263855][    C0]  sock_hash_delete_elem+0xb1/0x2f0
[  488.263873][    C0]  bpf_prog_2c29ac5cdc6b1842+0x3a/0x738
[  488.263886][    C0]  bpf_trace_run4+0x13f/0x270
[  488.263904][    C0]  ? bpf_trace_run3+0x250/0x250
[  488.263923][    C0]  __bpf_trace_mm_page_alloc+0xbf/0xf0
[  488.263940][    C0]  __alloc_pages+0x3cb/0x8f0
[  488.263957][    C0]  ? prep_new_page+0x110/0x110
[  488.263973][    C0]  ? __bpf_trace_mm_page_alloc+0xbf/0xf0
[  488.263989][    C0]  ? stack_trace_save+0x113/0x1c0
[  488.264007][    C0]  __stack_depot_save+0x38d/0x470
[  488.264026][    C0]  stack_depot_save+0xe/0x10
[  488.264039][    C0]  save_stack+0x104/0x1e0
[  488.264053][    C0]  ? __kasan_check_write+0x14/0x20
[  488.264069][    C0]  ? __reset_page_owner+0x190/0x190
[  488.264083][    C0]  ? post_alloc_hook+0x1a3/0x1b0
[  488.264098][    C0]  ? prep_new_page+0x1b/0x110
[  488.264113][    C0]  ? get_page_from_freelist+0x3550/0x35d0
[  488.264128][    C0]  ? __alloc_pages+0x27e/0x8f0
[  488.264144][    C0]  ? __stack_depot_save+0x38d/0x470
[  488.264160][    C0]  ? kasan_set_track+0x5d/0x70
[  488.264173][    C0]  ? kasan_set_free_info+0x23/0x40
[  488.264188][    C0]  ? ____kasan_slab_free+0x126/0x160
[  488.264203][    C0]  ? __kasan_slab_free+0x11/0x20
[  488.264216][    C0]  ? slab_free_freelist_hook+0xbd/0x190
[  488.264233][    C0]  ? kfree+0xc8/0x220
[  488.264247][    C0]  ? sock_map_unref+0x352/0x4d0
[  488.264262][    C0]  ? sock_hash_delete_elem+0x274/0x2f0
[  488.264278][    C0]  ? bpf_prog_2c29ac5cdc6b1842+0x3a/0x738
[  488.264290][    C0]  ? bpf_trace_run4+0x13f/0x270
[  488.264305][    C0]  ? __bpf_trace_mm_page_alloc+0xbf/0xf0
[  488.264320][    C0]  ? sched_clock_cpu+0x18/0x3b0
[  488.264336][    C0]  __set_page_owner+0x28/0x2e0
[  488.264350][    C0]  ? kernel_init_free_pages+0xda/0xf0
[  488.264367][    C0]  post_alloc_hook+0x1a3/0x1b0
[  488.264383][    C0]  prep_new_page+0x1b/0x110
[  488.264398][    C0]  get_page_from_freelist+0x3550/0x35d0
[  488.264419][    C0]  ? __kernel_text_address+0x9b/0x110
[  488.264434][    C0]  ? unwind_get_return_address+0x4d/0x90
[  488.264453][    C0]  ? lruvec_init+0x150/0x150
[  488.264470][    C0]  ? __alloc_pages+0x8f0/0x8f0
[  488.264487][    C0]  ? __alloc_pages_bulk+0xe40/0xe40
[  488.264502][    C0]  ? stack_trace_save+0x1c0/0x1c0
[  488.264523][    C0]  __alloc_pages+0x27e/0x8f0
[  488.264539][    C0]  ? prep_new_page+0x110/0x110
[  488.264556][    C0]  ? stack_trace_save+0x113/0x1c0
[  488.264571][    C0]  ? stack_trace_snprint+0xf0/0xf0
[  488.264587][    C0]  __stack_depot_save+0x38d/0x470
[  488.264605][    C0]  ? kfree+0xc8/0x220
[  488.264619][    C0]  kasan_set_track+0x5d/0x70
[  488.264633][    C0]  ? kasan_set_track+0x4b/0x70
[  488.264645][    C0]  ? kasan_set_free_info+0x23/0x40
[  488.264660][    C0]  ? ____kasan_slab_free+0x126/0x160
[  488.264673][    C0]  ? __kasan_slab_free+0x11/0x20
[  488.264687][    C0]  ? slab_free_freelist_hook+0xbd/0x190
[  488.264704][    C0]  ? kfree+0xc8/0x220
[  488.264718][    C0]  ? sock_map_unref+0x352/0x4d0
[  488.264733][    C0]  ? sock_hash_delete_elem+0x274/0x2f0
[  488.264748][    C0]  ? bpf_prog_2c29ac5cdc6b1842+0x3a/0x738
[  488.264760][    C0]  ? bpf_trace_run4+0x13f/0x270
[  488.264775][    C0]  ? __bpf_trace_mm_page_alloc+0xbf/0xf0
[  488.264790][    C0]  ? __alloc_pages+0x3cb/0x8f0
[  488.264805][    C0]  ? handle_pte_fault+0xea0/0x24d0
[  488.264819][    C0]  ? do_handle_mm_fault+0x1ea9/0x23a0
[  488.264834][    C0]  ? __get_user_pages+0x379/0xee0
[  488.264850][    C0]  ? __mm_populate+0x38d/0x560
[  488.264866][    C0]  ? __se_sys_mlockall+0x397/0x450
[  488.264881][    C0]  ? __x64_sys_mlockall+0x38/0x40
[  488.264895][    C0]  ? do_syscall_64+0x3d/0xb0
[  488.264909][    C0]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  488.264931][    C0]  ? post_alloc_hook+0x1a3/0x1b0
[  488.264947][    C0]  kasan_set_free_info+0x23/0x40
[  488.264962][    C0]  ____kasan_slab_free+0x126/0x160
[  488.264977][    C0]  __kasan_slab_free+0x11/0x20
[  488.264991][    C0]  slab_free_freelist_hook+0xbd/0x190
[  488.265009][    C0]  ? sock_map_unref+0x352/0x4d0
[  488.265024][    C0]  kfree+0xc8/0x220
[  488.265040][    C0]  sock_map_unref+0x352/0x4d0
[  488.265057][    C0]  sock_hash_delete_elem+0x274/0x2f0
[  488.265075][    C0]  bpf_prog_2c29ac5cdc6b1842+0x3a/0x738
[  488.265087][    C0]  bpf_trace_run4+0x13f/0x270
[  488.265103][    C0]  ? bpf_trace_run3+0x250/0x250
[  488.265122][    C0]  __bpf_trace_mm_page_alloc+0xbf/0xf0
[  488.265137][    C0]  __alloc_pages+0x3cb/0x8f0
[  488.265153][    C0]  ? prep_new_page+0x110/0x110
[  488.265172][    C0]  handle_pte_fault+0xea0/0x24d0
[  488.265189][    C0]  ? fault_around_bytes_set+0xc0/0xc0
[  488.265207][    C0]  do_handle_mm_fault+0x1ea9/0x23a0
[  488.265226][    C0]  ? numa_migrate_prep+0xe0/0xe0
[  488.265246][    C0]  ? follow_page_mask+0x900/0x10e0
[  488.265264][    C0]  ? asm_sysvec_call_function_single+0x1b/0x20
[  488.265280][    C0]  ? follow_page+0x230/0x230
[  488.265296][    C0]  ? vmacache_update+0xb7/0x120
[  488.265313][    C0]  __get_user_pages+0x379/0xee0
[  488.265333][    C0]  ? populate_vma_page_range+0xf0/0xf0
[  488.265352][    C0]  __mm_populate+0x38d/0x560
[  488.265369][    C0]  ? check_vma_flags+0x2d0/0x2d0
[  488.265388][    C0]  __se_sys_mlockall+0x397/0x450
[  488.265405][    C0]  __x64_sys_mlockall+0x38/0x40
[  488.265420][    C0]  do_syscall_64+0x3d/0xb0
[  488.265435][    C0]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  488.265450][    C0] RIP: 0033:0x7f6e3a84cea9
[  488.265464][    C0] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  488.265477][    C0] RSP: 002b:00007f6e39bc70c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000097
[  488.265493][    C0] RAX: ffffffffffffffda RBX: 00007f6e3a983f80 RCX: 00007f6e3a84cea9
[  488.265509][    C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  488.265519][    C0] RBP: 00007f6e3a8bbff4 R08: 0000000000000000 R09: 0000000000000000
[  488.265529][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  488.265538][    C0] R13: 000000000000000b R14: 00007f6e3a983f80 R15: 00007ffc117c7f88
[  488.265552][    C0]  </TASK>