last executing test programs:

8.916686548s ago: executing program 2 (id=283):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000220000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000021007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x20, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x23220e0, 0x0, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x1c0)
mount$overlay(0x0, &(0x7f0000000400)='./bus\x00', &(0x7f0000000b80), 0x200008, &(0x7f0000000380)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
syz_mount_image$fuse(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x4002, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000340)='./bus\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000200)={[{@upperdir={'upperdir', 0x3d, './file0/file0'}}, {@workdir={'workdir', 0x3d, './file1'}}]})
syz_mount_image$fuse(&(0x7f00000001c0), &(0x7f0000000040)='./bus\x00', 0x322020, &(0x7f0000000380)=ANY=[], 0x1, 0x0, 0x0)
symlinkat(&(0x7f0000000540)='./file0/file1\x00', 0xffffffffffffff9c, &(0x7f0000000580)='./file0/file2\x00')

8.768192161s ago: executing program 2 (id=287):
getsockopt$ARPT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x60, &(0x7f0000000000)={'filter\x00', 0x0, [0x0, 0xdd, 0x10001]}, &(0x7f0000000080)=0x44)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$MPTCP_PM_CMD_SET_FLAGS(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, 0x0, 0x101, 0x70bd27, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x40}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000080}, 0x4000000) (async)
r1 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(r1, &(0x7f00000001c0)={0x18, 0x2, {0x3, @empty}}, 0x1e)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/rcu_normal', 0x8400, 0x0) (async)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r0)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f00000003c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x54, r3, 0x400, 0x70bd25, 0x25dfdbff, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x120, 0x66}}}}, [@NL80211_ATTR_BSS_SELECT={0x18, 0xe3, 0x0, 0x1, {0x14, 0x0, [@NL80211_BSS_SELECT_ATTR_BAND_PREF={0x8, 0x2, 0xb41}, @NL80211_BSS_SELECT_ATTR_RSSI_ADJUST={0x6, 0x3, {0xa}}]}}, @NL80211_ATTR_USE_RRM={0x4}, @NL80211_ATTR_VHT_CAPABILITY={0x10, 0x9d, {0x10, {0x5, 0xfff9, 0x7}}}]}, 0x54}, 0x1, 0x0, 0x0, 0x20000004}, 0x20048000)
r5 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000680)=@bpf_ext={0x1c, 0xc, &(0x7f0000000400)=@raw=[@jmp={0x5, 0x0, 0x1, 0x2, 0x0, 0xfffffffffffffffe, 0xffffffffffffffff}, @printk={@lld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x9}}, @alu={0x7, 0x0, 0xa, 0x4, 0x6, 0xfffffffffffffff0, 0xfffffffffffffff0}, @map_val={0x18, 0x6, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x8}], &(0x7f0000000480)='syzkaller\x00', 0xa96, 0xb3, &(0x7f00000004c0)=""/179, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x9, 0x2}, 0x8, 0x10, &(0x7f00000005c0)={0x5, 0xe, 0x8}, 0x10, 0x130fe, r2, 0x7, 0x0, &(0x7f0000000600)=[{0x4, 0x5, 0xa, 0x5}, {0x1, 0x4, 0xf, 0x4}, {0x1, 0x4, 0x6, 0xb}, {0x2, 0x3, 0x6}, {0x5, 0x5, 0xb}, {0x5, 0x2, 0xe, 0x7}, {0x5, 0x1, 0x6, 0xc}], 0x10, 0xe}, 0x94)
ioctl$FS_IOC_GETFSSYSFSPATH(r5, 0x80811501, &(0x7f0000000740)={0x80}) (async)
recvmmsg(r0, &(0x7f0000003f00)=[{{&(0x7f0000000800)=@ieee802154={0x24, @short}, 0x80, &(0x7f0000000980)=[{&(0x7f0000000880)=""/197, 0xc5}], 0x1, &(0x7f00000009c0)=""/4096, 0x1000}, 0x3532}, {{&(0x7f00000019c0)=@pppol2tp={0x18, 0x1, {0x0, <r6=>0xffffffffffffffff, {0x2, 0x0, @initdev}}}, 0x80, &(0x7f0000002c00)=[{&(0x7f0000001a40)=""/153, 0x99}, {&(0x7f0000001b00)=""/4096, 0x1000}, {&(0x7f0000002b00)=""/252, 0xfc}], 0x3, &(0x7f0000002c40)=""/4096, 0x1000}}, {{&(0x7f0000003c40)=@l2tp={0x2, 0x0, @loopback}, 0x80, &(0x7f0000003e40)=[{&(0x7f0000003cc0)=""/186, 0xba}, {&(0x7f0000003d80)=""/132, 0x84}], 0x2, &(0x7f0000003e80)=""/107, 0x6b}, 0xe61}], 0x3, 0x0, &(0x7f0000003fc0)={0x0, 0x989680}) (async)
ioctl$KVM_GET_REG_LIST(r2, 0xc008aeb0, &(0x7f0000004000)={0x8, [0xffff, 0x0, 0x8, 0xb, 0x1, 0x8, 0x2, 0x9]})
r7 = syz_usb_connect$uac1(0x1, 0xc1, &(0x7f0000004080)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xaf, 0x3, 0x1, 0x2, 0xb0, 0x8, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x2, 0x5}, [@feature_unit={0xb, 0x24, 0x6, 0x2, 0x0, 0x2, [0x3, 0x6], 0x4}, @selector_unit={0x7, 0x24, 0x5, 0x1, 0x5, 'GN'}, @feature_unit={0x11, 0x24, 0x6, 0x4, 0x6, 0x5, [0xa, 0xa, 0x1, 0x3, 0xa], 0x8}, @selector_unit={0xa, 0x24, 0x5, 0x1, 0x4, "cfb02f217a"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xa, 0x24, 0x2, 0x1, 0xfe, 0x2, 0x4, 0xd6, 'oG'}]}, {{0x9, 0x5, 0x1, 0x9, 0x3ff, 0x0, 0xb, 0x2, {0x7, 0x25, 0x1, 0x80, 0x5, 0x3}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x4, 0x31, 0x1, "91d0df1f4aad"}, @format_type_i_discrete={0xa, 0x24, 0x2, 0x1, 0x8, 0x2, 0xeb, 0x8, "01ac"}]}, {{0x9, 0x5, 0x82, 0x9, 0xfde669183cbd5b27, 0x15, 0xc, 0x4, {0x7, 0x25, 0x1, 0x82, 0xa, 0x8}}}}}}}]}}, &(0x7f0000004640)={0xa, &(0x7f0000004180)={0xa, 0x6, 0x0, 0x2, 0x2, 0x23, 0x8, 0x5}, 0x55, &(0x7f00000041c0)={0x5, 0xf, 0x55, 0x5, [@wireless={0xb, 0x10, 0x1, 0x2, 0xe0, 0x9, 0x4, 0x4, 0x7f}, @ss_container_id={0x14, 0x10, 0x4, 0x7, "e8f400f1be80a49f060c05432110f742"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0xd, 0x7, 0xd7, 0x3}, @ext_cap={0x7, 0x10, 0x2, 0x8, 0x6, 0x4, 0x7}, @ssp_cap={0x20, 0x10, 0xa, 0x5, 0x5, 0x2, 0xf00, 0x1, [0x50, 0x3f00, 0xc000, 0x0, 0x3f00]}]}, 0x8, [{0xe8, &(0x7f0000004240)=@string={0xe8, 0x3, "620ce57970787143495e0a01f79a2cfba00545270ce73511bf95538c73384c126c5c8c78388adc8a5be2bebf46c7bfd8fbc2ff1478008abdc81f9d569fcd39baef9f052173d55ab03e6a11ac18abca150ba95b6e62ba33edf2cdc9f1f263df3263db3d3d5afa902c2bbb980de24cb731cd6d387ac0055e9be98032f479011ab20a548ba9f966b2784d431353790d259bc730837f7f217b61cc7cfb4561091f8afa759f902d714315b5c68e6536e26313eb2ae743d0db43bb4c0b49f2123f6efd3363d5c7419bcb549d833bf07dbeb19fa4dc78046f3ff58cfee86e7258ed9a5ea7f8b3431ce6"}}, {0x64, &(0x7f0000004340)=@string={0x64, 0x3, "fc09c3afc77ecd037e97b82dbf4a4fb2bda07c5d250ec3a68bd38584f91cba5ef06603c72d694df1c062d3d220bf3123dbbdca8b2c07c4146169e4028339696e0918280491b78a0569600a0869fbd40991edac6a63da2a5375905c5e9fbea042b539"}}, {0x39, &(0x7f00000043c0)=@string={0x39, 0x3, "3dd2ff4a78758257c85a9dacdebdf1fce575fa44cae77112881cf7daca4ac5388bcfcdabf5692a6951ac5f40cf32c35f8a49a8911e9187"}}, {0xf9, &(0x7f0000004400)=@string={0xf9, 0x3, "61a57c8a1b7acd3fbb80c4bf1ff59bb2345138fedb8821562473c9b589f478e36bbf6ef966a7ff7f723ba9713e77f2480e2b4782d3b18d3ded6fff892e4626f43ef303feefa2d26ae1cc85bcdc4bdf464467d237481f0cde023d30a908741a8c8ff30e36c6dc564fecfa5b090b763f0478f0354e0b70eb716e28bc1cc80df33d19e01697ae53939c57b5a57f80918bcbdf67724a8f154aaa0db320cf9f7b7394b1574f014c66a58521f7def217ec9c9b0308587a3c9b74fadc23e51046141b259b67fdbc44bbccbc97e381fe20d702edf11fec83b302224c6fc3eab8cbb5d35b95460bb891022a9c072cfff830a8dca96b13165c329417"}}, {0x4, &(0x7f0000004500)=@lang_id={0x4, 0x3, 0x410}}, {0xd, &(0x7f0000004540)=@string={0xd, 0x3, "a6088e0bbf228a5d2192a9"}}, {0x4c, &(0x7f0000004580)=@string={0x4c, 0x3, "be3c2fdf377aba7fefb391db75fd8a0748cadf1c4d0984e38fb9dea6b7a757bd69d5ce9ea05d41e43cd96ccbd69df910ff2a5ae3794f40ea07fdf2cd9b73af791a6d3f0db608432e7b64"}}, {0x4, &(0x7f0000004600)=@lang_id={0x4, 0x3, 0x400a}}]})
syz_usb_control_io(r7, &(0x7f0000004940)={0x2c, &(0x7f00000046c0)={0x20, 0x8, 0x6b, {0x6b, 0x21, "ee991299313b7be77c5e3d71bed104a43b5b54483935582e414a6c7768d456e64f594f14ca12285adef280f91c04cd7b489e1812ee6b8d4e194da8adcd88eae6ec9ef1ada9441ae8a2076909a4a0e9a65eb3d0d648401a0cb209e32f60f8d2bca1f88c0b80ea469f42"}}, &(0x7f0000004740)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x280a}}, &(0x7f0000004780)={0x0, 0xf, 0x134, {0x5, 0xf, 0x134, 0x3, [@ssp_cap={0x1c, 0x10, 0xa, 0x3, 0x4, 0x0, 0xf, 0x46, [0xf0, 0x101413f, 0xc000, 0x0]}, @generic={0xff, 0x10, 0x2, "3528495850ce5d1e420399e97b258f7ac772db4cdac0eaca2830d682eafc28079ef3a5d19385f74f68f61fcfc6ff27d94286ed68db1f5c92794031baee2326d07be8b11913d083dd27fac772459e41d49abe8fc894d953573eb69d7c092763af5c45fc4a11e21bd56031fb49908b4af6b121e8157adafbd4b889009307e2fe107480e3a562979302db4733b188356f25ac3d5335eb9cb8903b5e13879e54e79b5d2f444aa8cf6303db6b1b4fd038401183255c8342e77523be7a222b848b60fbc725fe3ab5fd29eae16a5c31d99a381ee5e2e3b4796414ccaf2402cf2ffd3a7f523ef280c0cd9cb833d89799298d52e0e0e811b4bcfa3340621b5d1b"}, @ssp_cap={0x14, 0x10, 0xa, 0x9, 0x2, 0x2, 0x0, 0x5, [0xc00f, 0xff00cf]}]}}, &(0x7f00000048c0)={0x20, 0x29, 0xf, {0xf, 0x29, 0x1, 0x18, 0xd5, 0x9, "eddaaf89", "81994357"}}, &(0x7f0000004900)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x4, 0x0, 0x7, 0x7, 0xf8, 0x90, 0xf9}}}, &(0x7f0000004e40)={0x84, &(0x7f0000004980)={0x0, 0x16, 0xd7, "63708ad4d9d387a7b444dc6c3692470313ec9406f305e81066206fcf458487e0bdecdc3b119f62f3d2a2e78e8093398545eccc5a4d876d6590d5e1b761fdbf9346e875f246f96a691de1eddf0c0f4370e0d923cc02950bcd8bf4699f680fa59968cd0033218469e4e37e687edeb49f5671f0204c9a6ba2114bdad838d2065b70791af289d99b1cb96c71fbc9cf79a1dbde6c47bd077ef19c900493fa2013113f2b4f1864fe69bac82264d1feac6035cc0fc3c59ef0fca8b08b3f36ce5db09549bd897596929c7a2d5d900adc5e4faf162343bb77d76c03"}, &(0x7f0000004a80)={0x0, 0xa, 0x1, 0x4}, &(0x7f0000004ac0)={0x0, 0x8, 0x1, 0x7}, &(0x7f0000004b00)={0x20, 0x0, 0x4, {0x2, 0x2}}, &(0x7f0000004b40)={0x20, 0x0, 0x8, {0x4, 0x1c, [0xff0]}}, &(0x7f0000004b80)={0x40, 0x7, 0x2, 0xfffe}, &(0x7f0000004bc0)={0x40, 0x9, 0x1, 0x1d}, &(0x7f0000004c00)={0x40, 0xb, 0x2, "5f98"}, &(0x7f0000004c40)={0x40, 0xf, 0x2, 0x3ff}, &(0x7f0000004c80)={0x40, 0x13, 0x6}, &(0x7f0000004cc0)={0x40, 0x17, 0x6, @broadcast}, &(0x7f0000004d00)={0x40, 0x19, 0x2, "d99c"}, &(0x7f0000004d40)={0x40, 0x1a, 0x2, 0xdb67}, &(0x7f0000004d80)={0x40, 0x1c, 0x1, 0xb4}, &(0x7f0000004dc0)={0x40, 0x1e, 0x1, 0x4}, &(0x7f0000004e00)={0x40, 0x21, 0x1, 0x7}}) (async)
r8 = geteuid()
quotactl_fd$Q_QUOTAOFF(r6, 0xffffffff80000301, r8, 0x0) (async)
syz_open_dev$tty20(0xc, 0x4, 0x0)
listen(0xffffffffffffffff, 0x4)
ioctl$sock_inet_SIOCGARP(r2, 0x8954, &(0x7f0000004f00)={{0x2, 0x4e23, @private=0xa010101}, {0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x20}}, 0x24, {0x2, 0x4e21, @local}, 'macsec0\x00'}) (async)
r9 = socket(0x25, 0x80000, 0x2)
ioctl$sock_SIOCOUTQNSD(r2, 0x894b, &(0x7f0000004f80))
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000004fc0)={<r10=>0x0}, &(0x7f0000005000)=0xc)
syz_pidfd_open(r10, 0x0) (async)
r11 = syz_open_dev$vcsu(&(0x7f0000005040), 0x948, 0x400)
getsockopt$netlink(r11, 0x10e, 0x4, &(0x7f0000005080)=""/80, &(0x7f0000005100)=0x50)
syz_usb_connect$cdc_ncm(0x0, 0xa8, &(0x7f0000005140)={{0x12, 0x1, 0x310, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x96, 0x2, 0x1, 0x5, 0xc0, 0x9, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xa, 0x24, 0x6, 0x0, 0x1, "ee86ddc87f"}, {0x5}, {0xd, 0x24, 0xf, 0x1, 0x101, 0x1, 0x5, 0x3}, {0x6, 0x24, 0x1a, 0xfffe, 0xa}, [@mdlm={0x15, 0x24, 0x12, 0x100}, @mbim={0xc, 0x24, 0x1b, 0x2, 0x3, 0x5, 0xc3, 0x9c00, 0x9}, @country_functional={0xc, 0x24, 0x7, 0x52, 0xfff, [0x9, 0x9, 0x80]}, @mbim_extended={0x8, 0x24, 0x1c, 0x5, 0x23, 0x10}]}, {{0x9, 0x5, 0x81, 0x3, 0x8, 0x25, 0x7, 0xc}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x20, 0x3, 0x2, 0xff}}, {{0x9, 0x5, 0x3, 0x2, 0x40, 0xff, 0x9, 0x5}}}}}}}]}}, &(0x7f0000005640)={0xa, &(0x7f0000005200)={0xa, 0x6, 0x200, 0x81, 0x8, 0x0, 0x20, 0x5}, 0x5, &(0x7f0000005240)={0x5, 0xf, 0x5}, 0x7, [{0xa0, &(0x7f0000005280)=@string={0xa0, 0x3, "451a411f575ae099b04594015f8fcd1dc6f4d0a060111cef339f9b0b1e32b13728b43c7f7f59fc0499b826ebbae5cc15fb05cbc2f4da670e77864370d6f333a5c0de39ab92ed0e076152c93de1a93eccc9fb867de1b5f5601e7382535e544397634fda0002534413df5f115cf15ccde007469ec8f62523ba863052f4209ac4f3dacb2cda50ad4139dc219c86b1b02514c8692fff0e923b09bdc54cb58188"}}, {0x4, &(0x7f0000005340)=@lang_id={0x4, 0x3, 0x425}}, {0x84, &(0x7f0000005380)=@string={0x84, 0x3, "23687437a5bf559fdfb06d9b2e9229183eeb415201df59428c1028b0b6f29e5b5be50670ff34ad7c5c432728ed1ce02b18b8d88c4a1c83db59f2416f6db8362fee5163ce06a3576da8d54beb71cfc8a9ae6f94e992d726b7101dac4f0709ae0711165cbcf347cb28e92851c6b4c5ad3b8c4fff5ced4c2a8d89d24db597cf3a0c3ee2"}}, {0x4b, &(0x7f0000005440)=@string={0x4b, 0x3, "82165c9aeccfa7e5aff0fe32b01688ff5629b3dbe39a8b44269ce4da92d09876f4ba11ddbde31fb20e6cb291b99e7a33ea360d7504be7e745c19577e00c767ee799e79d4afce37fa86"}}, {0x34, &(0x7f00000054c0)=@string={0x34, 0x3, "d1041e43d71e919835495790310e79d1506bf6e9069989beb72f67062a43409979ebf509a4c7aa479ed5eee6a1a82e8757b5"}}, {0xa6, &(0x7f0000005500)=@string={0xa6, 0x3, "d0fc31205a6dd7b18fb652dfd6c70e6ecc9755c67bb2b96fa9eddfe8b4f33b5c7855e6d038c52e59782949d351c6044e906fd32bb51ae1e5e18eeffb5a1d35a6ec890721acc751fab7518989e623dc8a5800beb3c03f91413f5867aa1307da432554fc7eddff555f261ba3cd065e340dcd46fd8aa12ef95bb422ba123c847e287a63d716b2bfbaf6906f56825d0fe057a8cf0bf19e03bd17e375355b8bb67f31ed1cc780"}}, {0x5c, &(0x7f00000055c0)=@string={0x5c, 0x3, "7edd9135d969379e7dcff7a26e122086bc4027bbd76e8721aeb114f82576b1b2ff8fa3b51df82dabd3d0b2acdd54e74c82cd0aea05ccf8f9a7adcf9b010701ad7710493094988698c6198231430cec7f6643e77b87857da0a7bd"}}]}) (async)
accept4$bt_l2cap(r11, 0x0, &(0x7f00000056c0), 0x80000)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r9, 0x8933, &(0x7f0000005700)={'batadv0\x00', <r12=>0x0})
ioctl$sock_inet6_SIOCSIFADDR(r9, 0x8916, &(0x7f0000005740)={@private0={0xfc, 0x0, '\x00', 0x1}, 0x1c, r12})

8.336760178s ago: executing program 3 (id=290):
io_setup(0x23, &(0x7f00000001c0)=<r0=>0x0)
r1 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
io_submit(r0, 0x1, &(0x7f0000000700)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}])
ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0)
syz_usb_connect(0x5, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x8d, 0x18, 0xc0, 0x8, 0x403, 0xda73, 0x8d0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x160, 0x0, [{{0x9, 0x4, 0xff, 0x0, 0x0, 0xa, 0xf5, 0xb}}]}}]}}, 0x0)
syz_usb_connect$uac1(0x0, 0x9f, &(0x7f0000000040)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x0, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x8d, 0x3, 0x1, 0x5, 0x20, 0x7, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x1000, 0x4}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xc, 0x24, 0x2, 0x1, 0x7f, 0x4, 0x3, 0x6, "f4d92d48"}, @format_type_i_discrete={0xf, 0x24, 0x2, 0x1, 0x8, 0x2, 0xfa, 0x3, "b52a61210f8efb"}, @format_type_ii_discrete={0xc, 0x24, 0x2, 0x2, 0x2, 0x59, 0x9, "faa8f4"}, @as_header={0x7, 0x24, 0x1, 0x2}]}, {{0x9, 0x5, 0x1, 0x9, 0x3ff, 0xa, 0xff, 0x99, {0x7, 0x25, 0x1, 0x3, 0xff, 0x1}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x400, 0xb, 0xcc, 0x1, {0x7, 0x25, 0x1, 0x0, 0x9, 0x5}}}}}}}]}}, &(0x7f0000000480)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x310, 0xf, 0xf6, 0x7, 0xff, 0x2}, 0x2c, &(0x7f0000000140)={0x5, 0xf, 0x2c, 0x4, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x6, 0x9, 0xc, 0xbf}, @ssp_cap={0xc, 0x10, 0xa, 0x62, 0x0, 0x0, 0xf00, 0x6}, @ext_cap={0x7, 0x10, 0x2, 0x18, 0x5, 0xb}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x8, 0x1, 0x9, 0x5}]}, 0x5, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x804}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x1a00}}, {0xb1, &(0x7f0000000200)=@string={0xb1, 0x3, "51027442c4ae11ee3034b190afdb8a44ba4133b5ce4ed4cb65778462e8b36874311dd31241f2ed6f4e367acf7ae4b2ab9830632b8651156cfaf4969ac72de4156f4a243fad31c000cb848a9593d2388eaf79d7d60fb46d9c580f7fd50ada8c2acdfe7339e2e76e9db712acd702d6e1a67af57af81cb2e43196595c96d4256d821546c1cebb8162dd01ab8999a8ce4b9d4cb7f7a08a9e9ab9d88d31bb615fbdf27d86f6ccd1619e0342aad169bbe60c"}}, {0xa6, &(0x7f0000000580)=ANY=[@ANYBLOB="a60374ff147edb930d12abee1d5bdf2fd3b4f2b5fee370819c1bcef4e06bf79fcb0677a524a18f6dba0deb06a5c82dde5fffd3e0d6ee88b317195c5d9ed05555de7f4ee5bdda290f52d7e457b363d59e26f0acd63c5f4f9d2357753e930004b011685938adb5645748280052d0c3c7189156c01fab0ee72c98d456aeadb2858aa57b2fed14db62fa65177b06892d80dd20a0c001cdfc8008288d79b078eb664cbf20c8da9a03ba0d0cf62c56caa03f"]}, {0xff, &(0x7f0000000380)=@string={0xff, 0x3, "c519d3d0ad25c1ac431e811f646629200d8c8b7a65583d580c5d746a7e26772e2119d20e12cb33904df341a606b2c2cde66ad5c9f99ab3ce4066f2aadcadc2fc73f0d2c9dac0b75b4934b78e545afc7b7db9ef35e66c69e9133bdae5955fcc7fb601d4d69d98e38f52d0a6fa7454f95847d6e39ae6b5a51f6f0120ce3354bab93c9bcc5beac64bfeaab65b1484506bda2c3092c78a5864bb9cd31f637257f9e4e8f2ae969400aa26c6daaf4e5b40bc8011b6e59c1d824146b67a0b7a91540b5e16b72b6965be226e69288cea27f6ea15124e40d577b9b08c98be16eb1327d8ce5fdca6026461fb62e74f26289bf9e27fcce558aef9e0486bff235b85e3"}}]})
syz_usb_connect$hid(0x6, 0x3f, &(0x7f0000000500)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x8, 0x56a, 0xc6, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x6, 0x80, 0xa, [{{0x9, 0x4, 0x0, 0x5, 0x2, 0x3, 0x1, 0x2, 0x7f, {0x9, 0x21, 0x7, 0x2, 0x1, {0x22, 0x746}}, {{{0x9, 0x5, 0x81, 0x3, 0xe30227d6f27d6c3d, 0x5, 0x8, 0xe}}, [{{0x9, 0x5, 0x2, 0x3, 0x8, 0x3, 0x6, 0x2}}]}}}]}}]}}, &(0x7f0000000b00)={0xa, &(0x7f0000000540)={0xa, 0x6, 0x300, 0xc, 0x4, 0x67, 0x20}, 0x146, &(0x7f0000000b80)={0x5, 0xf, 0x146, 0x3, [@generic={0xfd, 0x10, 0x1, "74a93a45b6435b6eecab9d6c951570d174f6449aea8d17ac23ff3f81afcbcc6b36c7930ab8faeafbd6c1049b0158efd4174f5dee13f56b610c95a988ecf9da48b8afc6bcee4c1847d01fde1c827b066e1edb6c03d46cee3c07d39ecdec9de481a18b9d30d162cb4a65b3d281366cea5a11a2cfe1261a16fa19b24b0fc206992875d2b463b7eb7b23c1c97e235dc659cb4ca54f6d5961d5da90eaeeca700c06ad55057b14f46c09e716198f1285ce1ae6cd1c8205af08d24d71625e138a4b05f12d374a72639322ec46e600000000ffffffff9a83bb346b8f968426038ab52a6eb219d810899a92e6c40f83b18d74f7df791ac97079d7a3c2440b"}, @ssp_cap={0x24, 0x10, 0xa, 0x9a, 0x6, 0xfff, 0xf00, 0x0, [0x30, 0x0, 0x0, 0xcf, 0xc000, 0xc0f0]}, @ssp_cap={0x20, 0x10, 0xa, 0x10, 0x5, 0x8000, 0x0, 0x2, [0xff00ff, 0x30, 0xffc000, 0x3f00, 0xc000]}]}, 0x8, [{0x4, &(0x7f00000006c0)=@lang_id={0x4, 0x3, 0x437}}, {0x4, &(0x7f0000000740)=@lang_id={0x4, 0x3, 0x40d}}, {0x4, &(0x7f0000000780)=@lang_id={0x4, 0x3, 0x404}}, {0x4, &(0x7f00000007c0)=@lang_id={0x4, 0x3, 0x1801}}, {0xda, &(0x7f0000000800)=@string={0xda, 0x3, "aa49288b36d1f4f7cb5542a32cd5e01d0f831ed5af6572df220d44a8b97c14d4f3213c7064e017bfd75a7800bfb3657b506d37dccce809ccbd77ea670f2b0a8b0c64ba801e0cf412f3bfeb2c52baafff72192344741477af80ac16000ea719c3d80b76fdb4d47998eef42017178ca4bd265e8f5d13e5c68e4ce2e19635c1738cfd6faa63313b3d7231fb31c0eade5b6a39828f3124e26b01440dd6657cfc206d219faf20e2da19e953384687625f44372a68ef6b0b6e2fa9c440b966b87981664e6bd92870723ef96f40059612e4f9d99f3a956bbd91ce83"}}, {0x4, &(0x7f0000000900)=@lang_id={0x4, 0x3, 0xc07}}, {0x8b, &(0x7f0000000940)=@string={0x8b, 0x3, "46833dea449874ce5d0e5de34a9d2b57c8283d6cf12361d0073c954e0337d52d163dd9b4c2f1c2387f26824e8cb197e70d0dd85c91289cb80ded9188b29f45f00830c10734e6bc36ba7b6ddfccbf6f45fd39e30474853026c4a60e21bedc2648c7c7bbb279d8c3253f6d8b3ffef7164cd09aad1f79e00da6b849d5bf5e08446694a7d22802fa869e44"}}, {0xf9, &(0x7f0000000a00)=@string={0xf9, 0x3, "faf8bde42d30286609663320b10f5ff191ed25e23ae85043765093af0ed1fd278f556f72b5edcae728daabdab44fd542dc45d43c0a7d8b5036f119a8372ca4f57634344822181b1dd8e47089bf2825fc36e6209b2535a98a036a51bb7eac03e754e7a43e6157365ed85ee768784394e57cd327ed26724c7134a86e5ac93368f9768f1c9913f00cc0eafa1ac154526ca2bcac514d97bcf6672eab5ddd047724c7f0742b5df3af0a3a7028fa78c1a0d956e8e94214fde310ba429512c34d098ac5f6f416a3176b680dd86987081d821f2aae4fcaba654a77f87325ebf4cb2a7470ecf5039f1ea9a04569aea0bb5b70ea4820a283a18ea5ea"}}]})

6.823826292s ago: executing program 3 (id=301):
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000000))
socket$nl_route(0x10, 0x3, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
ioctl$UFFDIO_CONTINUE(0xffffffffffffffff, 0xc020aa07, &(0x7f0000000140)={{&(0x7f0000145000/0x3000)=nil, 0x3000}})
r0 = socket(0x1d, 0x800, 0x0)
write(r0, &(0x7f0000000000)="240000001a005f0214f9f407000904000a000000fe0000000000000008000f00fd000000", 0x85)

6.764302143s ago: executing program 3 (id=303):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'tunl0\x00', <r4=>0x0})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000006280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=@newtaction={0x68, 0x30, 0x1, 0x3000000, 0x0, {0x0, 0x0, 0x6a00}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x0, 0x11000000}, 0x3, r4}}]}, {0x4, 0xa}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0)

6.763976983s ago: executing program 3 (id=304):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000002800)={0x94, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @loopback}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x94}, 0x1, 0x0, 0x0, 0x4}, 0x0)

6.342576659s ago: executing program 1 (id=309):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000220000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000021007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x20, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x23220e0, 0x0, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x1c0)
mount$overlay(0x0, &(0x7f0000000400)='./bus\x00', &(0x7f0000000b80), 0x200008, &(0x7f0000000380)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
syz_mount_image$fuse(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x4002, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000340)='./bus\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000200)={[{@lowerdir={'lowerdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file0/file0'}}, {@workdir={'workdir', 0x3d, './file1'}}]})
syz_mount_image$fuse(0x0, &(0x7f0000000040)='./bus\x00', 0x322020, &(0x7f0000000380)=ANY=[], 0x1, 0x0, 0x0)
symlinkat(&(0x7f0000000540)='./file0/file1\x00', 0xffffffffffffff9c, &(0x7f0000000580)='./file0/file2\x00')

6.185970652s ago: executing program 1 (id=310):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0xffffff7a, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000a40)=@base={0xa, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x4}, 0x50)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, 0x0, 0xb0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x4, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8}, [@call={0x85, 0x0, 0x0, 0x7}]}, &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r3}, 0x10)
mremap(&(0x7f0000000000/0x9000)=nil, 0x9000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000300)={0x0, <r4=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r4, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r5}, 0x10)
r6 = epoll_create1(0x0)
flistxattr(r6, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000012c0)={r1, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50)

6.103161763s ago: executing program 1 (id=311):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0x0, &(0x7f0000000000)={0xfffffffffffffffd, 0x9}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
bpf$MAP_CREATE(0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x200200, 0x0)
bind$inet(r1, &(0x7f00000010c0)={0x2, 0x4e22, @empty}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
gettid()
r5 = userfaultfd(0x80001)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r6, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x18)
readv(r5, &(0x7f0000002140)=[{&(0x7f00000000c0)=""/4096, 0x1000}], 0x1)
sendto$inet6(r4, 0x0, 0x0, 0x24008844, &(0x7f00000001c0)={0xa, 0x2, 0x398, @empty}, 0x1c)

5.778734458s ago: executing program 0 (id=312):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r4 = socket$inet_icmp(0x2, 0x2, 0x1)
r5 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r5, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000f0000000000000c00000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000200b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
getsockopt$IP_SET_OP_GET_BYNAME(r4, 0x1, 0x53, &(0x7f0000000000)={0x6, 0x7, 'syz1\x00'}, &(0x7f0000000040)=0x28)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r6}, 0x10)
syz_mount_image$erofs(&(0x7f00000001c0), &(0x7f0000000140)='./file1\x00', 0x1000801, &(0x7f0000001040)=ANY=[@ANYRES32=0x0, @ANYRESOCT, @ANYRES64, @ANYRES64, @ANYRESHEX, @ANYRES16, @ANYRES8, @ANYRES32], 0xfe, 0x1d1, &(0x7f0000000640)="$eJzsmb0L00AYxp+7pB8WEURwcHGwYEWbJqlKlw4VHAWhFXUsNpZq2koboS04FBcXRwfB1X/AwaGTg5ubqw4qCA52dBMid7k2Z/qB1SXg+4Nen7t77+69t82zBARB/Ld8+fzj09MrtdYFAEdRRE6NfzPiGK7Ff3z+8Pyz+tUXrz68fDs49miR3I8BCMNDMjiBNw0DgeqF4e+rQ0ULHEU1dgMc55S+CQYrkj+jyKjjgeG2irmn6eERJXzPujP0O3d7vmeLxhGNK5qqfr4JYDln6ADIq3yYNj+ezu63fd8bJUUmXJ2zMXWo2Fc9mV+Do67VS/xet548nou+qg1srX4OOBylq2BoKl1DDpZlxSXR7n/KjPc3/uT+aRDHy6lIg0S6BEuOiAd6PXJyuXi3ueprWpL/CyGNC8DG1PuC71/7h52zygS2xsT+xEzgrOZPJsy1f1SC/oPKeDor9/rtrtf1Bq5bvWxftO1LbkUaUdTu8b+89KeCtn9mR2yWZTFpB8HImQDByFn33ajVHLf5evhdruHS/zhKZ6I9xF9FXju3/QymPlx+C1UydiZPEARBEARBEARBEARBEARxEKfBVm/NmPYCLYl7XUb/CgAA//+BWndb")
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r8 = dup(r7)
ioctl$TIOCL_SETSEL(r8, 0x541c, &(0x7f0000000100)={0x2, {0x2, 0x13d, 0x0, 0xd6e}})
ioctl$TIOCL_SETSEL(r8, 0x541c, &(0x7f0000001900)={0x2, {0x2, 0x300, 0xfffe, 0x101}})
connect$pptp(r8, &(0x7f0000000280)={0x18, 0x2, {0x1, @remote}}, 0x1e)

5.708045599s ago: executing program 2 (id=313):
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
mmap(&(0x7f0000ff4000/0xc000)=nil, 0xc000, 0x1000003, 0x20031, 0xffffffffffffffff, 0xffffe000)
mremap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffd000/0x1000)=nil)
ioctl$UFFDIO_CONTINUE(0xffffffffffffffff, 0xc020aa07, &(0x7f00000002c0)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}})
r0 = syz_io_uring_setup(0xf00, &(0x7f0000000180)={0x0, 0x6496, 0x400, 0x0, 0x8010}, &(0x7f0000000240), &(0x7f0000000040))
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000280), 0xbc)
r1 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e27}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
recvmsg$can_bcm(0xffffffffffffffff, 0x0, 0x60)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
syslog(0x9, 0x0, 0x0)
r5 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r5, 0x89f0, 0x0)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f00000001c0), 0x2, 0x51a, &(0x7f0000001200)="$eJzs3U9sI1cZAPBvJsnam6ZNCj0AKnQphQWt1k68bVT1QjlVCFVC9MhhGxInimLHUeyUJuwhe+SORCVOcOLMAYkDUk/ckTjAjUs5IBVYgRokJFx5bGedP06sbGJv499PGvnNvLG/93Y071mfN/MCGFu3ImI/Im5ExLsRMds5nnS2eLO9tc775NGD5YNHD5aTaDbf+WeS1beORc97Wp7pfGY+In7wVsSPkmNB/xRR393bWKpUytudQ8VGdatY3927u15dWiuvlTdLpcWFxfnX771WurS+vlT9zcc3I+L3v/vyR3/c/9ZPWs2a6dT19uMytbs+dRinZTIivncVwUZgotOfGxd584XexGVKI+JzEfFydv/PxkR2NY86epm+PcTWAQBXodmcjeZs7z4AcN2lWQ4sSQudXMBMpGmh0M7hvRDTaaVWb9xZre1srrRzZXMxla6uV8rznVzhXEwlq+uT5YWs3N2vlEvH9u9FxPMR8bPczWy/sFyrrIzyiw8AjLFnjs3//8m1538A4JrLPy7mRtkOAGB48qNuAAAwdOZ/ABg/5n8AGD/mfwAYP+Z/ABg/5n8AGCvff/vt1tY86Dz/euW93Z2N2nt3V8r1jUJ1Z7mwXNveKqzVamvZM3uq531epVbbWng1dt4vNsr1RrG+u3e/WtvZbNzPnut9vzw1lF4BAGd5/qUP/5JExP4bN7Mtep73f+5c/eJVtw64SumoGwCMzMSoGwCMzMnVvoBxIR8P4+v/zWYzetbujYiHh6Weh4H2/S9CHwwUJrVuKDx9bn/xCfL/wGea/D+Mr4vl/32Xh+tA/h/GV7OZWPMfAMaMHD+QnFPf+/v/fLNnZ7Df/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBamsm2JC101gKfiTQtFCKejYi5mEpW1yvl+Yh4LiL+nJvKtfYXIsK6QQDwWZb+Pems/3V79pWZ47U3cv/NZa8R8eNfvPPz95caje2FiBvJvw6PNz7oHC+Nov0AwHm683R3Hu/65NGD5e42zPZ8/J324qKtuAedrV0zGZPZaz7LNUz/O+nst7W+r0xcQvz9hxHxhdP6n2S5kbnOyqfH47diPzvU+OmR+GlW135t/Vt8/hLaAuPmw9b48+Zp918at7LX0+//fDZCPbnu+HdwYvxLD8e/iT7j361BY7z6h++eONicbdc9jPjSZMRB98N7xp9u/KRP/FcGjP/XF7/ycr+65i8jbsdp/U+OxCo2qlvF+u7e3fXq0lp5rbxZKi0uLM6/fu+1UjHLURe7meqT/vHGnef6xW/1f7pP/Pw5/f/6gP3/1f/e/eFXz4j/za+dfv1fOCN+a078xoDxl6Z/m+9X14q/0qf/513/OwPG/+hveysDngoADEF9d29jqVIpbz95IX/mOellhBigkETsX3GIx4Xcr3/61vkn54bWngsWol/VxNPSwmtTyD0dzRigMOqRCbhqj2/6UbcEAAAAAAAAAAAAAADoZxh/TjTqPgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB9fRoAAP//j4/W2A==")
r6 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r7, 0x4068aea3, &(0x7f00000001c0)={0x79, 0x0, 0xc73})
ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, &(0x7f0000000040)=0x3)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, 0xffffffffffffffff, 0x0)
read(r6, 0x0, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f0000000080)=@x86={0x7c, 0x3, 0xfd, 0x0, 0x1, 0x7e, 0xcb, 0x10, 0x8, 0x5, 0xb, 0x8, 0x0, 0x10003, 0x9, 0xff, 0x6, 0x8, 0xc, '\x00', 0x1})

2.859749004s ago: executing program 0 (id=314):
syz_emit_ethernet(0x22, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x39}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x20}, @val={@void, {0x8100, 0x3, 0x0, 0x1}}, {@can={0xc, {{0x3, 0x0, 0x1}, 0x0, 0x1, 0x0, 0x0, "96baafdf46c9f2ad"}}}}, &(0x7f0000000040)={0x1, 0x2, [0x3a1, 0x281, 0x9fa, 0xb59]})
r0 = epoll_create(0x4)
epoll_pwait(r0, &(0x7f0000000080)=[{}, {}], 0x2, 0x5, &(0x7f00000000c0)={[0x6f8]}, 0x8)
r1 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
r2 = openat$cgroup_netprio_ifpriomap(r1, &(0x7f0000000140), 0x2, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{0xffffffffffffffff, <r3=>0xffffffffffffffff}, &(0x7f0000000180), &(0x7f00000001c0)}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{0x1, <r4=>0xffffffffffffffff}, &(0x7f0000000240), &(0x7f0000000280)}, 0x20)
getsockname$packet(0xffffffffffffffff, &(0x7f00000004c0)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000500)=0x14)
r6 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000540), 0x4)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000005c0)={0x4d1, <r7=>0x0}, 0x8)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x1b, 0x10, &(0x7f0000000300)=@raw=[@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}}, @generic={0x3, 0x8, 0x7, 0xff, 0xa}, @tail_call={{0x18, 0x2, 0x1, 0x0, r4}}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}], &(0x7f0000000380)='syzkaller\x00', 0x37, 0xf4, &(0x7f00000003c0)=""/244, 0x40f00, 0x10, '\x00', r5, @fallback=0x8, r6, 0x8, &(0x7f0000000580)={0x2, 0x2}, 0x8, 0x10, 0x0, 0x0, r7, r2, 0x1, &(0x7f0000000600)=[r2, 0xffffffffffffffff], &(0x7f0000000640)=[{0x2, 0x3, 0xd, 0xe}], 0x10, 0xb457}, 0x94)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000800)={r4, &(0x7f0000000740)="4af22ef57105502848231940e0ed941b18ea4c162af17378b3240c0375a87fc1f79bea2c870eebe5f7feef4acdbdf295a41e05c9073aa095291ce2a4ed8cf26cdd013f9e2f0db20813529a20845027237c66e456351c32acf2750aa3c70ac5055554a4c9", &(0x7f00000007c0)=""/34}, 0x20)
listen(0xffffffffffffffff, 0xfffffff9)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000980)={{0xffffffffffffffff, <r9=>0xffffffffffffffff}, &(0x7f0000000900), &(0x7f0000000940)='%-5lx  \x00'}, 0x20)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x9, 0x2, &(0x7f0000000840)=@raw=[@ldst={0x1, 0x2, 0x2, 0xb, 0x8, 0x20, 0x8}, @call={0x85, 0x0, 0x0, 0x8f}], &(0x7f0000000880)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x8, '\x00', r5, @cgroup_sock=0xc, r6, 0x8, 0x0, 0x0, 0x10, &(0x7f00000008c0)={0x3, 0x7, 0x9, 0x3}, 0x10, 0x0, r8, 0x4, &(0x7f00000009c0)=[r3, r9], &(0x7f0000000a00)=[{0x2, 0x4, 0x7, 0x9}, {0x4, 0x1, 0xf, 0xc}, {0x4, 0x5, 0xd, 0xc}, {0x0, 0x4, 0x6, 0x5}], 0x10, 0xb0}, 0x94)
syz_open_dev$tty1(0xc, 0x4, 0x2)
r11 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000b40), 0xffffffffffffffff)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000c40)={'gretap0\x00', &(0x7f0000000b80)={'tunl0\x00', <r12=>r5, 0x10, 0x10, 0x6, 0x7, {{0x1f, 0x4, 0x2, 0x3a, 0x7c, 0x64, 0x0, 0x1, 0x2f, 0x0, @rand_addr=0x64010101, @broadcast, {[@timestamp_prespec={0x44, 0x44, 0x3a, 0x3, 0x7, [{@loopback, 0x80}, {@dev={0xac, 0x14, 0x14, 0xc}}, {@empty, 0x4}, {@rand_addr=0x64010102, 0x95}, {@loopback, 0x4}, {@multicast2, 0x7}, {@loopback, 0x2}, {@broadcast, 0x7}]}, @lsrr={0x83, 0x23, 0xe, [@multicast1, @rand_addr=0x64010102, @rand_addr=0x64010102, @loopback, @local, @multicast2, @dev={0xac, 0x14, 0x14, 0x2a}, @private=0xa010102]}]}}}}})
sendmsg$MPTCP_PM_CMD_SET_FLAGS(0xffffffffffffffff, &(0x7f0000000d80)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000d40)={&(0x7f0000000c80)={0x8c, r11, 0x300, 0x70bd2b, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_ADDR_REMOTE={0x34, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r5}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x10}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}]}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x24, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r5}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0xf8}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e24}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}]}, @MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1}]}, @MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r12}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x41c84}, 0x410)
syz_extract_tcp_res(&(0x7f0000000dc0)={<r13=>0x41424344}, 0xfffffffc, 0x3)
syz_extract_tcp_res(&(0x7f0000000e00)={0x41424344, <r14=>0x41424344}, 0x1, 0xe0)
syz_emit_ethernet(0x17d, &(0x7f0000000e40)={@broadcast, @random="af20dae7e3a2", @val={@val={0x88a8, 0x6, 0x1, 0x1}, {0x8100, 0x5, 0x1}}, {@ipv4={0x800, @tcp={{0xb, 0x4, 0x2, 0x5, 0x167, 0x68, 0x0, 0x9, 0x6, 0x0, @broadcast, @multicast2, {[@lsrr={0x83, 0xf, 0xb0, [@empty, @private=0xa010101, @rand_addr=0x64010102]}, @ra={0x94, 0x4, 0x1}, @ra={0x94, 0x4}]}}, {{0x4e21, 0x4e23, r13, r14, 0x0, 0x0, 0xf, 0x4, 0x5, 0x0, 0xe9, {[@window={0x3, 0x3, 0x59}, @sack_perm={0x4, 0x2}, @md5sig={0x13, 0x12, "9b24f39da7b53109a6ba96f6983d1f9f"}, @exp_fastopen={0xfe, 0x11, 0xf989, "3f0101e2467bf447352963efbf"}]}}, {"6a907a532d95b15fc119a24b6bb3e795672767eab3730cd21604cf39a218525a244277692059f34aeeffc0d92055498be3c4ec7ae59f3eb74488ac82b4d1522097aee9c819427b0423c7c895c8e6addf7c5536ca10a1c38a77f729357a1c6e544c3c24f7190e46ceebe593245f3ae77a51cad07bf0cb88c173e3a5f8832e8716ecfe51b93769ea4300a2b68093d56a3f415414aaed3d0f866fa6647f9fe1eff69904172f9f292d9ddda0e9af7ae2be64e3d027fbe639b4e1ef963c9ea3ad881ac29701998821491a26ece84a06c40fc7d51729a29cd60304e94c806db01db26e19438dab389d51c4922dae90e481af97eb29c13c2da8e491f7700f175ef413"}}}}}}, &(0x7f0000000fc0)={0x1, 0x1, [0x414, 0xd63, 0xccd, 0xc2e]})
r15 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001000)='/proc/sysvipc/shm\x00', 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000001040), 0x1e5001, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000001180)={@cgroup=r1, 0x26, 0x0, 0x1, &(0x7f0000001080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7, 0x0, &(0x7f00000010c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001140)=[0x0, 0x0, 0x0], <r16=>0x0}, 0x40)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000011c0)={@map=r15, r8, 0x15, 0x10, 0x0, @void, @value=r10, @void, @void, r16}, 0x20)
r17 = openat$uinput(0xffffffffffffff9c, &(0x7f0000001200), 0x802, 0x0)
ioctl$UI_ABS_SETUP(r17, 0x401c5504, &(0x7f0000001240)={0x5, {0x401, 0x7fff, 0x2, 0xd, 0x7, 0x7}})
ioctl$sock_inet6_tcp_SIOCATMARK(r15, 0x8905, &(0x7f0000001280))
writev(0xffffffffffffffff, &(0x7f0000001640)=[{&(0x7f00000012c0)="d319d5bfca728060e85591ec4848ceb5a7a90daa70db4a02cc36c0fd0fbf9d86a6777ee43441419825dadc6b77495907dbbeb841191865939332110d1ad845ad556a1607b016c3f54622326779ce7b24b25c9a6c1c64a26fc7b69debb25e86f686e291bb86eef819d4eaa1dd689ccd5275c9f72c950afe194c662c575461e2d2df000e069146225f7ba14bf27c4fc66422bbb8950a78585a4ab587bf6cedf9ee173770cc573a94c655c0ea6307fb0bb2ebf8b926a40cae7fd5521c703ce8", 0xbe}, {&(0x7f0000001380)="8f464aeb7303120420891fd68a08a0c6", 0x10}, {&(0x7f00000013c0)="8729b6973c595640d1623beea9ae27b8b08999ce9efa0234ed7419bd59a63c1d41b86b3d35856aa92662636bad2467a769f4efdc45434e0000393d72585b3a1fd9f15e69abef19a0b31d5ff858437f10ae5927cb6f7d53726c28032a31de14cfa9c76ff0290a5c8c0363721b43", 0x6d}, {&(0x7f0000001440)}, {&(0x7f0000001480)="74abf22624f05e747dd7c32cc6a139db91d7d08f6f169bff89d82130684c8c978cf8dcd1a50590c5b80724282950e04aaa5b1c6f4d8fb9468164fc4c19f9eb7e9155cc21735d00b469a36abcdd945d2854d2161bafdc26aef569dd785c1ed7f4a4444fd27d1efb89290cc5ea48c0a2d6dc50e0ce62eee208b4502543d525fd7ef456e31c9a8d224d86", 0x89}, {&(0x7f0000001540)="48e39e6def8ca37d423751e5aa16e08104ff18dea3374ee5c7e589ae62bdb27be9564da9e09c93adb1047c68f868387d5ee62d695e1fbf47014ac8f702e66f4e67c7d6008c38dd03eb0b4f4580b8db9f6332b9ad24ea80813a878d1c20e2016c9904187882ecb4742f88", 0x6a}, {&(0x7f00000015c0)="3d2182ef9afc4e7a7914", 0xa}, {&(0x7f0000001600)="4716b04a37906bf573b6291523d89dca601d4796ad83f7382299c4e669bcd7", 0x1f}], 0x8)

2.54896462s ago: executing program 4 (id=315):
sched_setscheduler(0x0, 0x2, 0x0) (async)
r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
ioctl$int_in(r0, 0x5421, 0x0) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000780)=ANY=[@ANYRESOCT=r1, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r2}, 0x10) (async)
r3 = syz_clone(0xc00e4000, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000a00)=ANY=[@ANYBLOB="180000000074000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRESOCT=r0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x53, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x1, 0x7fff0000}]})
flistxattr(r5, 0x0, 0x0) (async)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095", @ANYRES64=r4, @ANYRESOCT=0x0, @ANYRES8=r4, @ANYRES8=r3, @ANYBLOB="7f097161abdb913a82a05efbcc6c004905a44606f80c3b131f92a15a1b048fd6255199cd2396c576ebf0849d33ef550f7bbf79af6a9f85b96524f3aead00c52b43920035aaf929196968d3e5d7e9f718de88e72ffce0ee969cb12414612aa2e5ec25563e71416961261b4935a23a4afc029518", @ANYRES16], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
process_vm_readv(0x0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) (async)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x2, 0x0, &(0x7f0000000140)={0x0, 0x0})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_mount_image$vfat(&(0x7f0000000400), &(0x7f0000000280)='./file1\x00', 0x2008000, &(0x7f0000000000)=ANY=[@ANYBLOB="6e6f6e756d7461696c2c6e66732c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d697865642c757466383d312c004845160000000000"], 0x1, 0x2bc, &(0x7f0000000440)="$eJzs3EFrE08Yx/Hn37RNmtImfxBBQX3Qi16WNr4ADdKCGFBqU9SDsLUbDVmTshsiEbG5iFdfR/HoTVDfQC/ixbu3IgheehBXupttk5rWbU2a2H4/UGa2M7/OLN2WZwud9TuvHpcKrlEwqzKUUBkSaciGSHqz1/Rfsx3y+6PSqiGXxr9/PnP77r0b2VxuZk51Njt/OaOqk+fePXn2+vyH6vjCm8m3cVlL31//lvmydnLt1PrP+UdFV4uulitVNXWxUqmai7alS0W3ZKjesi3TtbRYdi2nbbxgV5aX62qWlyaSy47lumqW61qy6lqtaNWpq/nQLJbVMAydSMrxNhxhTn51bs7M7jrsxbq6I3RfvP1yrNMcx8k2Og/mV3u1LwAAMLj2rv+DWn/3+j+3ELRdrv9FqP97pNF29Yf6H0eC42TNZPPntx31PwAAAAAAAAAAAAAAAAAAAAAA/4INz0t5npcK2/AjLiIJEQmv+71P9MYBv/9X+rRddFnLP+4lROyXtXwtH7TBeLYgRbHFkilJyQ//eWgK+rPXczNT6htpfsnN/EotH/PPJvDzoXSn/Nn/p4O8yvvNXK2ZH5Fk6/oZScmJzutntvPhcQgrtfyoXLzQkjckJR8fSEVsWfKf6+3882nVazdzO9Yf8+ftJsrpGgAAAAAADApDt6Tb33+Dsx8Nf0JCfh8P8vv4+8CO9+thOc1LNAAAAAAAh8KtPy2Ztm05B+jEReQv4ke1E5OB2MaOzlUROfRFRaTRn1tOiEjwGT1I/OtWPFLKizBnWEQG4kmI2On3byYAAAAA3bZd9O8j9OlFD3cEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDxE/U8sHB+yVuRtvPtwoE94i3LxQ79BgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAB8isAAP//0KwZYw==") (async)
r7 = inotify_init()
inotify_add_watch(r7, &(0x7f00000001c0)='.\x00', 0x4000423) (async)
open(&(0x7f0000000040)='./file1\x00', 0x80242, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) (async)
r8 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
sched_setscheduler(r8, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

2.49470868s ago: executing program 0 (id=316):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r1}, 0x18)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{}, 0x0, &(0x7f0000000280)}, 0x20)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x4, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x50)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0x13, &(0x7f00000009c0)=@framed={{}, [@printk={@li, {0x3, 0x3, 0x3, 0xa, 0x0, 0xfe00}, {0x5, 0x1, 0xb, 0x1, 0xa, 0x6}, {0x6, 0x0, 0x2}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, @printk={@p, {0x3, 0x0, 0x6, 0xa, 0x1, 0xfff8, 0xa1}, {}, {0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffe00}, {}, {}, {0x85, 0x0, 0x0, 0xca}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000900)={'bridge0\x00', @remote})
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1900000004000000040000000200000000000000", @ANYBLOB="100000000000030000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x89a1, &(0x7f0000000900)={'bridge0\x00', @broadcast})

2.338855272s ago: executing program 4 (id=317):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f00000700000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="ff7fffffffffffff00"/28], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESOCT=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r3}, 0x10)
r4 = socket$inet6(0xa, 0x80002, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f00000000c0)={'batadv_slave_0\x00', <r6=>0x0})
sendmsg$nl_route(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c0000001000010801000000fcdbdf2500000000", @ANYRES32=r6, @ANYBLOB="00000004911201001c001a8218001f80140001000000000000"], 0x3c}, 0x1, 0x0, 0x0, 0x20000080}, 0x50)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000400)={r7, 0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
setsockopt$bt_hci_HCI_FILTER(0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
openat$zero(0xffffffffffffff9c, &(0x7f00000000c0), 0x84000, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)

2.338030983s ago: executing program 2 (id=318):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffff58, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
write$selinux_load(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000640)=ANY=[], 0x0, 0x52}, 0x28)
r5 = socket(0x1e, 0x1, 0x0)
connect$tipc(r5, &(0x7f0000000000)=@name={0x1e, 0x2, 0x1, {{0x1, 0x1}}}, 0x10)
write$binfmt_misc(r5, &(0x7f0000000340), 0x2000011a)
sendmmsg$sock(r5, &(0x7f0000001600)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000000c0)="15", 0x1}], 0x1}}], 0x1, 0x40001)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r5)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xc, 0xc, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xaa9a}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r6}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x80000000}, {0x3, 0x3, 0x3, 0xa, 0x5}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x1e}}]}, &(0x7f0000000840)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

2.318530643s ago: executing program 1 (id=319):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
ioctl$TUNDETACHFILTER(r0, 0x401054d6, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r2, 0x0, 0x0}, 0x10)
eventfd(0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000007c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r5}, 0x18)
r6 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r6, &(0x7f0000000140)={0x28, 0x0, 0x0, @host}, 0x10)

1.677190363s ago: executing program 0 (id=320):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000220000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000021007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x20, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x23220e0, 0x0, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x1c0)
mount$overlay(0x0, &(0x7f0000000400)='./bus\x00', &(0x7f0000000b80), 0x200008, &(0x7f0000000380)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
syz_mount_image$fuse(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x4002, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000340)='./bus\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000200)={[{@lowerdir={'lowerdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file0/file0'}}, {@workdir={'workdir', 0x3d, './file1'}}]})
syz_mount_image$fuse(0x0, &(0x7f0000000040)='./bus\x00', 0x322020, &(0x7f0000000380)=ANY=[], 0x1, 0x0, 0x0)
symlinkat(&(0x7f0000000540)='./file0/file1\x00', 0xffffffffffffff9c, &(0x7f0000000580)='./file0/file2\x00')

1.671964673s ago: executing program 3 (id=321):
r0 = socket(0x10, 0x2, 0x0)
write(r0, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f00"/28, 0x1c)
recvmmsg(r0, &(0x7f0000002100)=[{{0x0, 0x0, &(0x7f0000001680)=[{&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000000180)=""/82, 0x52}, {&(0x7f0000001200)=""/221, 0xdd}, {&(0x7f0000001700)=""/254, 0xfe}, {&(0x7f0000001580)=""/57, 0x39}], 0x5}, 0xc}, {{0x0, 0x0, 0x0}, 0xfffffffb}], 0x2, 0x2, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000001300)=ANY=[@ANYBLOB="18050000000000000000000000000200b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="000000f9b7040000080485000000416600009500000000000000000000000000acd348cfe0b87ce311f37b6daadb01ecd99afac8d98a152aa6fe25551ba08c436562ed2601aef3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000300)={'pim6reg1\x00', 0x1})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x15, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000073"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @link_local})
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='qdisc_destroy\x00', r5}, 0x10)
close(r3)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r6}, 0x10)
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c6261636b67726f756e645f67633d6f6e2c6e6f757365725f78617474722c6e6f71756f74612c64697361626c655f726f6c6c5f666f72776172642c67635f6d657267652c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c646973636172645f756e69743d73656374696f6e2c636865636b706f696e743d64697361626c652c6e6f696e6c696e655f64656e7472792c00ec6da92d1c80a6c720380e3c2c55bf27596d2776ce408c4bb19b149757508e1c7e919c6c2047023baa412d14fa75c8cac6e5f103e13ea52708af0a7c5da8af4ecb6612"], 0x2, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
r7 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0)
ioctl$F2FS_IOC_SET_PIN_FILE(r7, 0x4004f50d, &(0x7f0000000180)=0xfffffff9)
syz_mount_image$ext4(&(0x7f0000000bc0)='ext4\x00', &(0x7f0000000240)='./file1\x00', 0x4000, &(0x7f0000000000), 0x2, 0xbb8, &(0x7f00000017c0)="$eJzs3M1rXFUbAPDn3kymaZv3nfTlRawbIyItiNOkkmKLYCsVNy4E3QoN6aSETD9IIjVpFhP9B0RdC24EtSgu7LobRbdutN0qLoQisVEQ0cidjyQ2mTS1M70x/f3gzD3nnpl5nmcuM/cemJkA7luD2U0asT8iTiURpeb+NCKK9V5fRK1xv6XF+bFfF+fHklhefumnJJKIuLk4P9Z6rqS53dsc9EXE188m8b831sednp2bHK1WK1PN8aGZsxcOTc/OPTFxdvRM5Uzl3PCRp0YOjxwZOjrSsVp/++74lV8eef6H2u8f/nH557ffT+J49Dfn1tbRKYMxuPKarFWIiNFOB8tJT7OetXUmhds8KO1yUgAAtJWuuYZ7IErRE6sXb6X4/JtckwMAAAA6YrknYhkAAADY4RLrfwAAANjhWt8DuLk4P9Zq+X4j4d66cSIiBhr1LzVbY6YQtfq2L3ojYs/NJNb+rDVpPOyuDUbE99ePfpK16NLvkDdTW4iIBzc6/km9/oH6r7jX159GxFAH4g/eMv431X+8A/Hzrh+A+9PVE40T2frzX7py/RMbnP8KG5y7/om8z3+t67+lddd/q/X3tLn+e3GLMS598O7FdnNZ/U9fee7jVsviZ9u7KuoO3FiIeKiwUf3JSv1Jm/pPbTFG6c+LlXZzede//F7Egdi4/pZk8/8nOjQ+Ua0MNW43jLHw1chH7eLnXX92/Pe0qb/1/0/tjv+FLcZ45eTJT9ftvL7a3bz+9Mdi8nK9V2zueW10ZmZqOKKYvLB+/+HNc2ndp/UcWf0HH938/b9R/dlnQq35OmRrgYXmNhu/fkvMZy5f+qxdPq31X57H/3Sb47+2/i8L64//m1uM8dgXbx1sN7d2/Zu1LH5rLQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALWlE9EeSllf6aVouR+yNiP/HnrR6fnrm8fHzr547nc1FDERvOj5RrQxFRKkxTrLxcL2/Oj58y/jJiNgXEe+UdtfH5bHz1dN5Fw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCKvRHRH0lajog0IpZKaVou550VAAAA0HEDeScAAAAAdJ31PwAAAOx81v8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB02b6Hr15LIqJ2bHe9ZYrNud5cMwO6Lc07ASA3PXknAOSmkHcCQG7ucI3vcgF2oOQ2831tZ3Z1PBcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtq8D+69eSyKidmx3vWWKzbneXDMDui3NOwEgNz2bTRbuXR7AvectDvcva3wguc183+p9an+f2dW1nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYfvrrLUnLEVFs7iuXI/4TEQPRm4xPVCtDEfHfiPi21LsrGw/nnDMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACdNz07NzlarVamsk4azc7KHp3VTtJ4xWrbJR+du+wUY1uksU07eX8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQh+nZucnRarUyNZ13JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDepmfnJker1cpUFzt51wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQH7+CgAA//9gfgp0")
r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x181242, 0x0)
r9 = accept4$unix(r8, &(0x7f00000001c0), &(0x7f0000000280)=0x6e, 0x0)
ftruncate(r9, 0x3)
renameat2(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xffffffffffffff9c, &(0x7f00000005c0)='./file3\x00', 0x2)
ioctl$FS_IOC_RESVSP(r7, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000003})
ioctl$sock_bt_hci(r1, 0x400448ca, 0x0)

1.646891544s ago: executing program 1 (id=322):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYRES8=0x0], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async, rerun: 64)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (rerun: 64)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r1}, 0x10) (async)
pipe2$9p(&(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff097b00000800395032303030"], 0x15)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0) (async)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x7a, 0x0, 0x0, 0x41000, 0x38, '\x00', 0x0, @lirc_mode2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffff00, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000540)='inet_sock_set_state\x00', r6}, 0x10)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000540)='inet_sock_set_state\x00', r7}, 0x18) (async, rerun: 64)
listen(r4, 0x3) (async, rerun: 64)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x200002, 0x0) (async)
r8 = dup(r3)
write$FUSE_BMAP(r8, &(0x7f0000000100)={0x18}, 0x18) (async)
mkdir(&(0x7f0000000300)='./file0\x00', 0xfffffffffffffffe)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r8])

1.299136149s ago: executing program 0 (id=323):
ioprio_set$pid(0x1, 0xffffffffffffffff, 0x0)
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000001400)=@base={0x9, 0x6, 0x4, 0x3a7, 0x2a05, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x50)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000001700)=0x4)
ioprio_get$pid(0x1, r1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xe, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f0000000180)={'fscrypt:', @desc2}, &(0x7f0000000300)={0x0, "c97329793a3d94f6c2531743a9a233d57bc012917be784fc79de6c4b1e711dc332c321de5353e84abd191dab6cea228843db7e7b74b0d518224db894dcbb465a", 0x18}, 0x48, 0xffffffffffffffff)
flock(0xffffffffffffffff, 0x1780f9c373410dea)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', <r5=>0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @empty}}}})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r4, 0x89f5, &(0x7f00000001c0)={'syztnl0\x00', &(0x7f0000000140)={'ip_vti0\x00', r5, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @dev={0xac, 0x14, 0x14, 0xd}, @multicast2}}}})
r6 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r6, 0x89f5, &(0x7f00000001c0)={'syztnl0\x00', &(0x7f0000000140)={'sit0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x4, 0x0, @dev={0xac, 0x14, 0x14, 0xd}, @loopback}}}})
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
ioctl$USBDEVFS_CONTROL(r7, 0xc0105500, &(0x7f0000000000)={0x80, 0x6, 0x301, 0x0, 0x2, 0x0, 0x0})
open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x800)
ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f00000002c0)={0x9, {0xfffffffa, 0x1, 0x1, 0x49, 0x1, 0x6}})

1.297754829s ago: executing program 4 (id=324):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000004000000ff0f000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYRES8=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock_addr=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000016"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r3 = syz_mount_image$erofs(&(0x7f0000000400), &(0x7f0000000140)='./file1\x00', 0x3000801, &(0x7f0000000840)=ANY=[], 0x1, 0x1f3, &(0x7f0000000500)="$eJzsmb/L00AYx7+XtHl/IIqLg4uDL6jgmyapyrt0qOAoiFXUwaHYWKppK22EtiC0uLj4BwiuLo4ODk4O/gWuOqggONjRTTi5yyW9pmlppWjhfT7Qu28ud8/z3FPyHCQgCOLQ8u3rry/PLx/cOA/gCPawpcZ/mFHPj03P//zi8Q5KV16++fTqQ+vok3dpe0ys4cv7twC8L5sIwXLK49TqHU3vqf4mDJxT+hYY7Ej+5pzzvJRD+GC4o+Y80HQ7Nhj49r12ULvfCHxHNK5oPNEUdf8iqPGIoQZgW0bHOdPud/uDh9Ug8Dtpkeexn5lbq4pF+ZPxlQ2UEGePcwPA7WdPR+Ja5QYOjCR/Lgy4ShfBUFH6AFuwbXuSEm3/J3MT++Yy+/+/4rUUx/f/lVORYMEm7F0Iho0IY90ivxY7LD0iHuhk5MQ4roH6nO8r+rrLsDF/gSxcyIjn424QXP1LyyJjVkaiEjGpT4IzWn3KJaNAIWw+KnT7g/1Gs1r3637L84qXnAuOc9EryEIUtQvq37asT7vJSHwGzGIxCz3xoLo9IOy48roahh0varWKW3nb/inXGNfr0eLTUcfUmZUclCmY+hmyF+qsmT1zOHdPBEEQBEEQBEEQBEEQBEEQ2ZwCk29Z1YcqPgfvmnxD+ScAAP//+tFdLw==")
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x400, 0x0)
fadvise64(r4, 0x8000, 0x4101, 0x3)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x200000, 0x29)
mount$overlay(0x0, &(0x7f0000000c00)='./file1\x00', 0x0, 0x10500c, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
linkat(r3, &(0x7f0000000240)='./file1\x00', r3, &(0x7f0000000280)='\x00', 0xc00)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000cc0)='mmap_lock_acquire_returned\x00', r5}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000cc0)='mmap_lock_acquire_returned\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
syz_emit_ethernet(0x82, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb86dd60"], 0x0)

1.164037211s ago: executing program 1 (id=325):
io_setup(0x23, &(0x7f00000001c0)=<r0=>0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x0, 0x0)
io_submit(r0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0)
syz_usb_connect(0x5, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x8d, 0x18, 0xc0, 0x8, 0x403, 0xda73, 0x8d0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x160, 0x0, [{{0x9, 0x4, 0xff, 0x0, 0x0, 0xa, 0xf5, 0xb}}]}}]}}, 0x0)
syz_usb_connect$uac1(0x0, 0x9f, &(0x7f0000000040)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x0, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x8d, 0x3, 0x1, 0x5, 0x20, 0x7, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x1000, 0x4}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xc, 0x24, 0x2, 0x1, 0x7f, 0x4, 0x3, 0x6, "f4d92d48"}, @format_type_i_discrete={0xf, 0x24, 0x2, 0x1, 0x8, 0x2, 0xfa, 0x3, "b52a61210f8efb"}, @format_type_ii_discrete={0xc, 0x24, 0x2, 0x2, 0x2, 0x59, 0x9, "faa8f4"}, @as_header={0x7, 0x24, 0x1, 0x2}]}, {{0x9, 0x5, 0x1, 0x9, 0x3ff, 0xa, 0xff, 0x99, {0x7, 0x25, 0x1, 0x3, 0xff, 0x1}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x400, 0xb, 0xcc, 0x1, {0x7, 0x25, 0x1, 0x0, 0x9, 0x5}}}}}}}]}}, &(0x7f0000000480)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x310, 0xf, 0xf6, 0x7, 0xff, 0x2}, 0x2c, &(0x7f0000000140)={0x5, 0xf, 0x2c, 0x4, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x6, 0x9, 0xc, 0xbf}, @ssp_cap={0xc, 0x10, 0xa, 0x62, 0x0, 0x0, 0xf00, 0x6}, @ext_cap={0x7, 0x10, 0x2, 0x18, 0x5, 0xb}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x8, 0x1, 0x9, 0x5}]}, 0x5, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x804}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x1a00}}, {0xb1, &(0x7f0000000200)=@string={0xb1, 0x3, "51027442c4ae11ee3034b190afdb8a44ba4133b5ce4ed4cb65778462e8b36874311dd31241f2ed6f4e367acf7ae4b2ab9830632b8651156cfaf4969ac72de4156f4a243fad31c000cb848a9593d2388eaf79d7d60fb46d9c580f7fd50ada8c2acdfe7339e2e76e9db712acd702d6e1a67af57af81cb2e43196595c96d4256d821546c1cebb8162dd01ab8999a8ce4b9d4cb7f7a08a9e9ab9d88d31bb615fbdf27d86f6ccd1619e0342aad169bbe60c"}}, {0xa6, &(0x7f0000000580)=ANY=[@ANYBLOB="a60374ff147edb930d12abee1d5bdf2fd3b4f2b5fee370819c1bcef4e06bf79fcb0677a524a18f6dba0deb06a5c82dde5fffd3e0d6ee88b317195c5d9ed05555de7f4ee5bdda290f52d7e457b363d59e26f0acd63c5f4f9d2357753e930004b011685938adb5645748280052d0c3c7189156c01fab0ee72c98d456aeadb2858aa57b2fed14db62fa65177b06892d80dd20a0c001cdfc8008288d79b078eb664cbf20c8da9a03ba0d0cf62c56caa03f"]}, {0xff, &(0x7f0000000380)=@string={0xff, 0x3, "c519d3d0ad25c1ac431e811f646629200d8c8b7a65583d580c5d746a7e26772e2119d20e12cb33904df341a606b2c2cde66ad5c9f99ab3ce4066f2aadcadc2fc73f0d2c9dac0b75b4934b78e545afc7b7db9ef35e66c69e9133bdae5955fcc7fb601d4d69d98e38f52d0a6fa7454f95847d6e39ae6b5a51f6f0120ce3354bab93c9bcc5beac64bfeaab65b1484506bda2c3092c78a5864bb9cd31f637257f9e4e8f2ae969400aa26c6daaf4e5b40bc8011b6e59c1d824146b67a0b7a91540b5e16b72b6965be226e69288cea27f6ea15124e40d577b9b08c98be16eb1327d8ce5fdca6026461fb62e74f26289bf9e27fcce558aef9e0486bff235b85e3"}}]})
syz_usb_connect$hid(0x6, 0x3f, &(0x7f0000000500)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x8, 0x56a, 0xc6, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x6, 0x80, 0xa, [{{0x9, 0x4, 0x0, 0x5, 0x2, 0x3, 0x1, 0x2, 0x7f, {0x9, 0x21, 0x7, 0x2, 0x1, {0x22, 0x746}}, {{{0x9, 0x5, 0x81, 0x3, 0xe30227d6f27d6c3d, 0x5, 0x8, 0xe}}, [{{0x9, 0x5, 0x2, 0x3, 0x8, 0x3, 0x6, 0x2}}]}}}]}}]}}, &(0x7f0000000b00)={0xa, &(0x7f0000000540)={0xa, 0x6, 0x300, 0xc, 0x4, 0x67, 0x20}, 0x146, &(0x7f0000000b80)={0x5, 0xf, 0x146, 0x3, [@generic={0xfd, 0x10, 0x1, "74a93a45b6435b6eecab9d6c951570d174f6449aea8d17ac23ff3f81afcbcc6b36c7930ab8faeafbd6c1049b0158efd4174f5dee13f56b610c95a988ecf9da48b8afc6bcee4c1847d01fde1c827b066e1edb6c03d46cee3c07d39ecdec9de481a18b9d30d162cb4a65b3d281366cea5a11a2cfe1261a16fa19b24b0fc206992875d2b463b7eb7b23c1c97e235dc659cb4ca54f6d5961d5da90eaeeca700c06ad55057b14f46c09e716198f1285ce1ae6cd1c8205af08d24d71625e138a4b05f12d374a72639322ec46e600000000ffffffff9a83bb346b8f968426038ab52a6eb219d810899a92e6c40f83b18d74f7df791ac97079d7a3c2440b"}, @ssp_cap={0x24, 0x10, 0xa, 0x9a, 0x6, 0xfff, 0xf00, 0x0, [0x30, 0x0, 0x0, 0xcf, 0xc000, 0xc0f0]}, @ssp_cap={0x20, 0x10, 0xa, 0x10, 0x5, 0x8000, 0x0, 0x2, [0xff00ff, 0x30, 0xffc000, 0x3f00, 0xc000]}]}, 0x8, [{0x4, &(0x7f00000006c0)=@lang_id={0x4, 0x3, 0x437}}, {0x4, &(0x7f0000000740)=@lang_id={0x4, 0x3, 0x40d}}, {0x4, &(0x7f0000000780)=@lang_id={0x4, 0x3, 0x404}}, {0x4, &(0x7f00000007c0)=@lang_id={0x4, 0x3, 0x1801}}, {0xda, &(0x7f0000000800)=@string={0xda, 0x3, "aa49288b36d1f4f7cb5542a32cd5e01d0f831ed5af6572df220d44a8b97c14d4f3213c7064e017bfd75a7800bfb3657b506d37dccce809ccbd77ea670f2b0a8b0c64ba801e0cf412f3bfeb2c52baafff72192344741477af80ac16000ea719c3d80b76fdb4d47998eef42017178ca4bd265e8f5d13e5c68e4ce2e19635c1738cfd6faa63313b3d7231fb31c0eade5b6a39828f3124e26b01440dd6657cfc206d219faf20e2da19e953384687625f44372a68ef6b0b6e2fa9c440b966b87981664e6bd92870723ef96f40059612e4f9d99f3a956bbd91ce83"}}, {0x4, &(0x7f0000000900)=@lang_id={0x4, 0x3, 0xc07}}, {0x8b, &(0x7f0000000940)=@string={0x8b, 0x3, "46833dea449874ce5d0e5de34a9d2b57c8283d6cf12361d0073c954e0337d52d163dd9b4c2f1c2387f26824e8cb197e70d0dd85c91289cb80ded9188b29f45f00830c10734e6bc36ba7b6ddfccbf6f45fd39e30474853026c4a60e21bedc2648c7c7bbb279d8c3253f6d8b3ffef7164cd09aad1f79e00da6b849d5bf5e08446694a7d22802fa869e44"}}, {0xf9, &(0x7f0000000a00)=@string={0xf9, 0x3, "faf8bde42d30286609663320b10f5ff191ed25e23ae85043765093af0ed1fd278f556f72b5edcae728daabdab44fd542dc45d43c0a7d8b5036f119a8372ca4f57634344822181b1dd8e47089bf2825fc36e6209b2535a98a036a51bb7eac03e754e7a43e6157365ed85ee768784394e57cd327ed26724c7134a86e5ac93368f9768f1c9913f00cc0eafa1ac154526ca2bcac514d97bcf6672eab5ddd047724c7f0742b5df3af0a3a7028fa78c1a0d956e8e94214fde310ba429512c34d098ac5f6f416a3176b680dd86987081d821f2aae4fcaba654a77f87325ebf4cb2a7470ecf5039f1ea9a04569aea0bb5b70ea4820a283a18ea5ea"}}]})

1.158254271s ago: executing program 2 (id=326):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1000400, &(0x7f00000000c0), 0x6, 0x588, &(0x7f0000000300)="$eJzs3U1sHFcdAPD/TOzsOnGaFHooCGgohYCirmOnjapeWi5IUFUgFU49pNZ6Y0VeZyPvutTGB+fEgSsSlTjBhQsnDpU4IPWEuHKDG5dyQCooAtVICE01491kd7ObbOOPie3fTxrte/P1f2/kfeN5szMvgBPrYkRsR8TpiHgnIs5HUsxPulO8vjvl631yd6u+c3ernkSWvfWvqe4etuq99XvORsRPR8Sq9KXbG5sri81mY62bn+us3p5rb2y+eHN1cbmx3Li1sHBt/tqVV66+vLBvdX1u9Xcff+fmGz/6w++//NGft7/1k7zMr3WX5XXrWzXJsmzvAV/rHZfpmO3OSiMiP3Jv7H3vT4RT3fqcLrsgPJb87/FzEfF8N31PtbwyAQAHK8vOR3a+P39fOpDLsmTEOgDA0ZNf889Gkta61/+zkaa1WtGHV30mzqTNVrtz+UZr/VbS6+KbTm/cbDauFH2FEZWYTvL8fERcKKbd/MJQ/mpEPB0RP6/MFPlavdVcKuU/HgDg7ND5/z+V/PxfmWRTdwgA4ChzJgeAk+fB8/90KeUAAA6P638AOHn6zv8T3fkHAI6+6tCz/yNlyaGUBQA4HCP7/98+dz/9bDL0ii8A4Khz/x8ATpQfvPlmPmU7WVK8/3rp3Y31lda7Ly412iu11fV6rd5au11bbrWWi3f2rI7YxZ3+TLPVuj3/Uqy/N9dptDtz7Y3N66ut9Vud68V7va83PFgAAOV7+rkP/5pExParM8UUvbEcHv2DAOCISyNmyi4DUI5TZRcAKM1U2QUASqM/HnjUj3tH/kRoJiLeH7+NjgV4sl36wpj+/+H/DQbvB/x/H0bHBkrW/VrrBoATaG/9/3oP4Ch7+Infg0FwnGVZYjx/ADhhJriC9xNBOOYe6/4/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnHCzxZSkte5Y4LORprVaxLmIuBDTyY2bzcaViHgqIv5Sma7k+fmyCw0A7FH6j6Q7/tel8y/MDi89nfy3UnxGxI9/+dYv3lvs9IYOvDe/834xv7O2MDJA5eDrAAD0mRqe0TtPF599F/Kf3N2q96bDLODH394dXDSPu3N3q35/POKpbuGrkc878+9koDLJPg1MvH0nIp4drn96b/mF7sinw/Hz2OcOLH4UNZwdiD/4b1RaLNv9zI/F52cmjLcPZYbj4sO8/Xl91PcvjYvFZ/f7NzXYmFbjZw82ro+h1/7tZLvt305f/Hz/3z9XLdqaUe3fxUljvPTH745ddudU9sWpiF7snb72Z1e1SI2K/8KE8f/2pa88P+5gZb+KuBQPi7+bmuus3p5rb2z+9nsf/Gm5sdy4tbBwbf7alVeuvrwwV/RRz/V6qh/0z1cvPzW+/hFnxsSvPqL+X5+w/r/+3ztvf/Uh8b/5tVHx03jmIfHzc+I3Ym2i+ItnPhg7fHcef2lM/acG4p8e2C6fd3l4Z2P+ID/6++bSRAUFAA5Fe2NzZbHZbKxNkkhjc2Wxd6E58VYDiZnH2mrCRBzYnkcnpgcOQvWgYp0ds+g3n3mH03Gox2ffEnc+w8qVcop6Kpq9/qhHrtxdb3svQbNsD2W+OME6JTVIwKG5/6UvuyQAAAAAAAAAAAAAAMA47R92X/m3zw9F9T8MV3YdAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOL4+DQAA//+T6cce")
open(&(0x7f00000000c0)='.\x00', 0x0, 0x194)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
pwritev(0xffffffffffffffff, 0x0, 0x0, 0x401, 0x3ff)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000000)={0x79})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)={0x1, 0x0, [{0x40000071, 0x0, 0xff000000000c0000}]})
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
prctl$PR_SET_MM(0x23, 0x3, &(0x7f0000ffe000/0x1000)=nil)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_emit_ethernet(0x83, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
sendmsg$nl_xfrm(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000dc020078000000000000000000000000ff02000000000000e26ea7250000000100000000000000000a"], 0xb8}}, 0x0)
sendmsg$nl_xfrm(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="650100001b"], 0x188}}, 0x0)

966.973424ms ago: executing program 4 (id=327):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240), 0xc0802, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000002400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000e00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1a"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='workqueue_queue_work\x00', r2}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000640)='workqueue_queue_work\x00', r3}, 0x18)
r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = socket(0x10, 0x803, 0x0)
r7 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
r9 = socket(0x10, 0x803, 0x0)
getsockname$packet(r9, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(r9, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000428bd700007000000a68cf81fdef14a96f873c1b242251a3a9bd8e4001700"/44], 0x30}, 0x1, 0x0, 0x0, 0x20000004}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=@newtfilter={0x54, 0x2c, 0xd27, 0x30bd29, 0x40000002, {0x0, 0x0, 0x0, r8, {0x0, 0x6}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_basic={{0xa}, {0x24, 0x2, [@TCA_BASIC_EMATCHES={0x20, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x1, 0x0, 0x0, {{0x7}, {0x7, 0xffffffffffffff5c}}}]}]}]}}]}, 0x54}}, 0x0)
close(r4)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f00000000c0))
ioctl$PPPIOCSMAXCID(r1, 0x40047451, &(0x7f0000000080)=0x4)
close_range(r0, 0xffffffffffffffff, 0x0)

428.192233ms ago: executing program 4 (id=328):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000040)={0x1, 0x3, 0x0, 0x1000, &(0x7f0000fe6000/0x1000)=nil})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x202, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x700, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0xd)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f00001ba000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x1a, 0x0, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_MSFILTER(r4, 0x0, 0x2a, 0x0, 0x190)
setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x2}, 0x94)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x100004c, &(0x7f0000000100), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x200088e, &(0x7f0000000d80), 0x3, 0x445, &(0x7f0000000800)="$eJzs3M9rHFUcAPDv7CZt06YmlvqjadVoFYM/kiattQcvioIHBUEP9RiTtMRuG2ki2BI0itSjFLyLR8G/wJNeRD0JXvUuhSK5tIqHldmdSXY3u2k2blzNfj4wyXszb3nvuzNv9715mQTQs0bTH0nEYET8EhFD1Wx9gdHqr9uryzN/rC7PJFEuv/57Uil3a3V5Ji+av+5AnumLKHycxNEm9S5euXphulSau5zlJ5YuvjOxeOXq0/MXp8/PnZ+7NHXmzKmTk8+ennqmI3Gmcd0aeX/h2JGX37z+6szZ62/98FWSx98QR4eMbnbwsXK5w9V118GadNLXxYbQlmK1m0Z/pf8PRTHWT95QvPRRVxsH7KhyuVy+t/XhlTKwiyXR7RYA3ZF/0afz33zbfMDQ0eFH1918vjoBSuO+nW3VI31RyMr0N8xvO2k0Is6u/Pl5usXO3IcAAKjzTTr+earZ+K8QtfeF7srWUIYj4u6IOBQRpyPicETcE1Epe19E3N9m/Y2LJBvHP4Ub2wpsi9Lx33PZ2lb9+C8f/cVwMcsdrMTfn5ybL82dyN6Tsejfm+YnN6nj2xd//rTVsdrxX7ql9edjwawdN/r21r9mdnpp+p/EXOvmhxEjfc3iT9ZWApKIOBIRI9usY/6JL4+1Onbn+JurvCUdWGcqfxHxePX8r0RD/Llk8/XJiX1RmjsxkV8VG/3407XXWtW/3fg7JT3/+5te/2vxDye167WL7ddx7ddPWs5ptnv970neqNv33vTS0uXJiD3JK9VG1+6faig3tV4+jX/sePP+fyjW34mjEZFexA9ExIMR8VDW9ocj4pGIOL5J/N+/8OjbdTvGBtuIf2el8c+2df7XE3uicU/zRPHCd1/XVTocbcSfnv9TldRYtmcrn39badf2rmYAAAD4/ylExGAkhfG1dKEwPl79G/7Dsb9QWlhcevLcwruXZqvPCAxHfyG/0zVUcz90MpvW5/mphvzJ7L7xZ8WBSn58ZqE02+3goccdaNH/U78Vu906YMd5Xgt6l/4PvUv/h96l/0PvatL/Bzbu+qvhkUFgN2j2/f9BF9oB/Psa+r9lP+gh5v/Qu/R/6F36P/SkxYG480PyEhIbElH4TzRj5xP7tvhvLnZZotufTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ3xdwAAAP//FX7vJg==")
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.stat\x00', 0x275a, 0x0)
write$binfmt_script(r5, &(0x7f0000000040), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0)
fdatasync(r5)
ftruncate(r5, 0x7)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x58)
r7 = open(&(0x7f0000000200)='./bus\x00', 0x14507e, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r8 = open(&(0x7f0000000400)='./bus\x00', 0xc40, 0x0)
ioctl$BLKROSET(r8, 0x125d, &(0x7f0000000080)=0x3f)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
fallocate(r9, 0x0, 0x0, 0x8000c62)
copy_file_range(r6, 0x0, r6, &(0x7f00000004c0)=0xae8, 0x863, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f00001b0000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000000)="f00fc7484d36f08266060266b9800000c00f326635000400000f308bc1de780066b9aa0200000f322e0f01cf66b9ab0900000f32f2f031b3e759dc2c", 0x3c}], 0x1, 0x9f6a364b3fac2a63, 0x0, 0x0)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000580)={0x3, 0xc, &(0x7f0000000500)=ANY=[@ANYRESOCT=r7, @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)

179.829537ms ago: executing program 2 (id=329):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, 0x0, 0x4004)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={0x0}}, 0x1c000001)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x2b, 0x800, 0x0)
sendmsg$BATADV_CMD_GET_MESH(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0}}, 0x20000804)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000bc0)=ANY=[@ANYBLOB="44000000100039042cbd7000fddbdf25000003e4f9345b796891513cbee4aa216cb07873f93893bf32b161d6cfde59479c75382985f62e08fd5ac3bc43bedaeeb41e65fa230b7a8dc10297d269bfc52a3143c24f878b2c40bc2e12b3f14ec73f27980c082e72c1faafbe37f54b014acbc4f21afb05462794e39276185bf022eff8724aeb762dd8ee54dce4bc138fec48101cf1c091d59014de5b75c716ea43d565", @ANYRES32, @ANYBLOB="83000400cf1607002400128009000100697069700000000014000280050004000400000008000300ac1414bb"], 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x4040)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000180)='./file2\x00', 0x6000, 0x1)
r5 = open(&(0x7f0000000040)='./file2\x00', 0x1, 0x104)
ioctl$BTRFS_IOC_DEFRAG(r5, 0x4c00, 0x3)
sendmsg$DEVLINK_CMD_RATE_GET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)
readv(0xffffffffffffffff, &(0x7f00000001c0), 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$WG_CMD_GET_DEVICE(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000100)={0x1c, r7, 0x301, 0x70bd2c, 0x25dfdbf7, {}, [@WGDEVICE_A_IFINDEX={0x8}]}, 0xfcc7}, 0x1, 0x0, 0x0, 0xc0}, 0x20044014)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="02000000040000000600bb0005", @ANYRES8=r0], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095", @ANYRES32=r8, @ANYBLOB="1800000001070000000000000000260018110000"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='block_bio_remap\x00', r9}, 0x10)

68.046078ms ago: executing program 0 (id=330):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mount(&(0x7f0000000000)=@loop={'/dev/loop', 0x0}, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x2100000, &(0x7f0000000180)='netlink_extack\x00')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='netlink_extack\x00'}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
getpid()
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000008002b000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r0}, 0x10)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001d40)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="2c00000010008100000000000080000000000000", @ANYRES32=0x0, @ANYBLOB="0a043cbf", @ANYRES32, @ANYBLOB="0a001b"], 0x2c}], 0x1}, 0x0)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000380), 0x4)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="1e000000030000000e0000008000000000800000", @ANYRES32=0x1, @ANYBLOB='\r\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="02000000010000000100000006001868da0464746e908e4823b8d46281000000000000", @ANYBLOB='\x00\x00\x00\x00'], 0x50)
r3 = socket$netlink(0x10, 0x3, 0x0)
syz_usb_connect$hid(0x2, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000003c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
close(r2)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
wait4(0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1}, {}, {0xe}}, [@TCA_INGRESS_BLOCK={0x8}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000d00000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r5, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r6}, 0x10)

42.436739ms ago: executing program 3 (id=331):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r1}, 0x18)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{}, 0x0, &(0x7f0000000280)}, 0x20)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x4, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x50)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0x13, &(0x7f00000009c0)=@framed={{}, [@printk={@li, {0x3, 0x3, 0x3, 0xa, 0x0, 0xfe00}, {0x5, 0x1, 0xb, 0x1, 0xa, 0x6}, {0x6, 0x0, 0x2}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, @printk={@p, {0x3, 0x0, 0x6, 0xa, 0x1, 0xfff8, 0xa1}, {}, {0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffe00}, {}, {}, {0x85, 0x0, 0x0, 0xca}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000900)={'bridge0\x00', @remote})
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYRES32=0x1, @ANYBLOB="100000000000030000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x89a1, &(0x7f0000000900)={'bridge0\x00', @broadcast})

0s ago: executing program 4 (id=332):
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x4080)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0xa0b41, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
close(r2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
write$cgroup_subtree(r1, &(0x7f0000000440)=ANY=[@ANYBLOB="8fedcb5d07081175f37538e486dd6372ce22c0b911"], 0xfdef)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x40f00}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r4}, 0x10)
preadv(r5, &(0x7f0000000380)=[{&(0x7f0000000280)=""/148, 0x94}], 0x1, 0x3, 0xfffffb98)
syz_open_dev$usbmon(&(0x7f0000000000), 0x1, 0x0)

kernel console output (not intermixed with test programs):

[   30.486819][  T361] loop2: detected capacity change from 0 to 128
[   30.604079][   T43] sd 1:0:0:0: [sdb] Media removed, stopped polling
[   30.610918][    T8] sd 1:0:0:1: [sdc] Media removed, stopped polling
[   30.631345][   T43] sd 1:0:0:0: [sdb] Attached SCSI removable disk
[   30.640602][    T8] sd 1:0:0:1: [sdc] Attached SCSI removable disk
[   30.649742][  T296] usb 4-1: USB disconnect, device number 2
[   30.783005][  T367] netlink: 8 bytes leftover after parsing attributes in process `syz.1.15'.
[   30.816329][   T39] usb 5-1: Using ep0 maxpacket: 8
[   30.823263][   T39] usb 5-1: config 0 has an invalid interface number: 255 but max is 0
[   31.466210][    C0] sched: RT throttling activated
[   32.004062][   T39] usb 5-1: config 0 has no interface number 0
[   32.012013][   T39] usb 5-1: New USB device found, idVendor=0403, idProduct=da73, bcdDevice= 8.d0
[   32.021212][   T39] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   32.033815][   T39] usb 5-1: config 0 descriptor??
[   32.054870][   T39] usb 5-1: can't set config #0, error -71
[   32.172553][   T39] usb 5-1: USB disconnect, device number 2
[   32.205057][  T375] sd 1:0:0:1: [sdc] Test Unit Ready failed: Result: hostbyte=0x01 driverbyte=DRIVER_OK
[   32.583948][  T378] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   33.081532][  T368] loop1: detected capacity change from 0 to 131072
[   33.119169][   T28] kauditd_printk_skb: 21 callbacks suppressed
[   33.119184][   T28] audit: type=1400 audit(1753014333.171:149): avc:  denied  { read } for  pid=372 comm="syz.4.18" dev="nsfs" ino=4026532386 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   33.147503][  T368] F2FS-fs (loop1): invalid crc value
[   33.156391][  T312] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   33.170392][   T28] audit: type=1400 audit(1753014333.181:150): avc:  denied  { open } for  pid=372 comm="syz.4.18" path="net:[4026532386]" dev="nsfs" ino=4026532386 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   33.197883][   T28] audit: type=1400 audit(1753014333.251:151): avc:  denied  { bind } for  pid=372 comm="syz.4.18" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   33.225025][  T368] F2FS-fs (loop1): Found nat_bits in checkpoint
[   33.225999][   T28] audit: type=1400 audit(1753014333.961:152): avc:  denied  { set_context_mgr } for  pid=384 comm="syz.2.19" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[   33.282075][  T385] input: syz0 as /devices/virtual/input/input5
[   33.293263][  T368] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[   33.295488][  T385] binder: 384:385 ioctl 4068aea3 2000000004c0 returned -22
[   33.319749][   T28] audit: type=1400 audit(1753014334.021:153): avc:  denied  { map } for  pid=384 comm="syz.2.19" path="/dev/binderfs/binder0" dev="binder" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[   33.363670][   T28] audit: type=1400 audit(1753014334.021:154): avc:  denied  { call } for  pid=384 comm="syz.2.19" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[   33.395691][   T28] audit: type=1400 audit(1753014334.031:155): avc:  denied  { read } for  pid=87 comm="acpid" name="event3" dev="devtmpfs" ino=599 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   33.418592][   T28] audit: type=1400 audit(1753014334.031:156): avc:  denied  { open } for  pid=87 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=599 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   33.442119][   T28] audit: type=1400 audit(1753014334.031:157): avc:  denied  { ioctl } for  pid=87 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=599 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   33.467199][   T28] audit: type=1400 audit(1753014334.051:158): avc:  denied  { create } for  pid=387 comm="syz.4.20" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   33.489400][  T312] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   33.563005][  T367] syz.1.15 (367) used greatest stack depth: 21248 bytes left
[   34.011275][  T296] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[   34.199904][  T312] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   34.209885][  T312] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[   34.219166][  T312] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   34.245626][  T312] usb 1-1: config 0 descriptor??
[   34.827900][  T312] cp2112 0003:10C4:EA90.0001: unknown main item tag 0x0
[   34.834925][  T312] cp2112 0003:10C4:EA90.0001: unknown main item tag 0x2
[   34.843116][  T312] cp2112 0003:10C4:EA90.0001: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.0-1/input0
[   34.917030][  T312] cp2112 0003:10C4:EA90.0001: Part Number: 0x00 Device Version: 0x00
[   34.986362][   T19] usb 3-1: new full-speed USB device number 2 using dummy_hcd
[   35.054445][  T429] capability: warning: `syz.1.34' uses deprecated v2 capabilities in a way that may be insecure
[   35.189440][   T19] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   35.200340][   T19] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[   35.217834][   T19] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   35.236303][   T19] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   35.244461][   T19] usb 3-1: Product: syz
[   35.248867][   T19] usb 3-1: Manufacturer: syz
[   35.256351][   T19] usb 3-1: SerialNumber: syz
[   35.354352][  T439] loop4: detected capacity change from 0 to 512
[   35.379312][  T439] =======================================================
[   35.379312][  T439] WARNING: The mand mount option has been deprecated and
[   35.379312][  T439]          and is ignored by this kernel. Remove the mand
[   35.379312][  T439]          option from the mount to silence this warning.
[   35.379312][  T439] =======================================================
[   35.440921][  T296] usb 4-1: new full-speed USB device number 4 using dummy_hcd
[   35.464384][  T439] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   35.659861][  T439] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[   35.688317][  T296] usb 4-1: config 17 has an invalid descriptor of length 0, skipping remainder of the config
[   35.713068][  T296] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[   35.759700][  T439] ext4 filesystem being mounted at /11/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   35.834557][  T296] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   35.838180][  T371] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   35.852706][  T296] aiptek 4-1:17.0: interface has no int in endpoints, but must have minimum 1
[   35.894819][  T371] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   35.959737][  T375] udevd[375]: inotify_add_watch(7, /dev/sdc, 10) failed: No such file or directory
[   35.963413][  T331] udevd[331]: inotify_add_watch(7, /dev/sdb, 10) failed: No such file or directory
[   36.085994][    T6] usb 4-1: USB disconnect, device number 4
[   36.112260][  T375] udevd[375]: inotify_add_watch(7, /dev/sdc, 10) failed: No such file or directory
[   36.129405][  T459] overlayfs: missing 'workdir'
[   36.231594][  T461] device syzkaller0 entered promiscuous mode
[   36.633726][  T470] loop3: detected capacity change from 0 to 512
[   36.686090][  T470] EXT4-fs: Ignoring removed nomblk_io_submit option
[   36.706750][  T470] EXT4-fs (loop3): Test dummy encryption mode enabled
[   36.715701][  T470] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities
[   36.801697][  T312] usb 1-1: USB disconnect, device number 2
[   36.879782][  T477] netlink: 4 bytes leftover after parsing attributes in process `syz.0.46'.
[   37.116275][  T380] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[   37.316276][  T380] usb 4-1: Using ep0 maxpacket: 8
[   37.322584][  T380] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   37.469206][  T380] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   37.490033][  T380] usb 4-1: New USB device found, idVendor=056a, idProduct=0000, bcdDevice= 0.00
[   37.510541][  T380] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   37.704576][  T481] loop1: detected capacity change from 0 to 256
[   38.273919][   T28] kauditd_printk_skb: 25 callbacks suppressed
[   38.273938][   T28] audit: type=1400 audit(1753014338.371:184): avc:  denied  { name_bind } for  pid=478 comm="syz.1.47" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[   38.332393][  T481] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[   38.388437][  T380] usb 4-1: config 0 descriptor??
[   38.456433][   T28] audit: type=1400 audit(1753014338.371:185): avc:  denied  { node_bind } for  pid=478 comm="syz.1.47" saddr=::ffff:172.20.20.170 src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   38.491366][   T28] audit: type=1400 audit(1753014339.141:186): avc:  denied  { read append open } for  pid=478 comm="syz.1.47" path="/13/file0/cpu.stat" dev="loop1" ino=1048601 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   38.589164][  T488] loop1: detected capacity change from 0 to 256
[   38.645544][   T19] usb 3-1: 0:2 : does not exist
[   38.658867][   T19] usb 3-1: 5:0: failed to get current value for ch 0 (-22)
[   38.684480][   T19] usb 3-1: USB disconnect, device number 2
[   38.708047][  T331] udevd[331]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[   38.735222][   T28] audit: type=1400 audit(1753014852.467:187): avc:  denied  { ioctl } for  pid=491 comm="syz.1.52" path="socket:[16947]" dev="sockfs" ino=16947 ioctlcmd=0x8922 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   38.808891][  T470] loop3: detected capacity change from 0 to 2048
[   38.825033][  T284] EXT4-fs (loop4): unmounting filesystem.
[   38.832181][  T470] EXT4-fs: Ignoring removed mblk_io_submit option
[   38.848637][  T470] ext4: Unknown parameter 'nouser_xattr'
[   38.929245][  T380] wacom 0003:056A:0000.0002: unknown main item tag 0x0
[   38.936505][  T380] wacom 0003:056A:0000.0002: unknown main item tag 0x0
[   38.944492][  T380] wacom 0003:056A:0000.0002: unknown main item tag 0x0
[   38.951784][  T380] wacom 0003:056A:0000.0002: unknown main item tag 0x0
[   38.958888][  T380] wacom 0003:056A:0000.0002: unknown main item tag 0x0
[   38.965893][  T380] wacom 0003:056A:0000.0002: unknown main item tag 0x0
[   38.973824][  T380] wacom 0003:056A:0000.0002: unknown main item tag 0x0
[   38.991173][  T380] wacom 0003:056A:0000.0002: unknown main item tag 0x0
[   39.015719][  T380] wacom 0003:056A:0000.0002: unknown main item tag 0x0
[   39.025804][  T380] wacom 0003:056A:0000.0002: unknown main item tag 0x0
[   39.043038][  T380] wacom 0003:056A:0000.0002: unknown main item tag 0x0
[   39.053448][  T380] wacom 0003:056A:0000.0002: Unknown device_type for 'HID 056a:0000'. Assuming pen.
[   39.079586][  T380] wacom 0003:056A:0000.0002: hidraw0: USB HID v0.00 Device [HID 056a:0000] on usb-dummy_hcd.3-1/input0
[   39.104183][  T380] input: Wacom Penpartner Pen as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:056A:0000.0002/input/input7
[   39.132186][  T502] loop4: detected capacity change from 0 to 2048
[   39.152666][  T470] loop3: detected capacity change from 0 to 256
[   39.172943][  T502] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[   39.183017][   T28] audit: type=1400 audit(1753014852.927:188): avc:  denied  { read } for  pid=498 comm="syz.4.55" path="/12/file0/bus" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   39.196134][  T380] usb 4-1: USB disconnect, device number 5
[   39.211967][  T499] FAULT_INJECTION: forcing a failure.
[   39.211967][  T499] name failslab, interval 1, probability 0, space 0, times 0
[   39.224913][  T499] CPU: 1 PID: 499 Comm: syz.4.55 Not tainted 6.1.141-syzkaller-00039-g145c7fad733f #0
[   39.234481][  T499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   39.244550][  T499] Call Trace:
[   39.247829][  T499]  <TASK>
[   39.250767][  T499]  __dump_stack+0x21/0x24
[   39.255111][  T499]  dump_stack_lvl+0xee/0x150
[   39.259727][  T499]  ? __cfi_dump_stack_lvl+0x8/0x8
[   39.264770][  T499]  ? unwind_get_return_address+0x4d/0x90
[   39.270581][  T499]  ? __cfi_stack_trace_consume_entry+0x10/0x10
[   39.276739][  T499]  ? arch_stack_walk+0xfc/0x150
[   39.281602][  T499]  dump_stack+0x15/0x24
[   39.285769][  T499]  should_fail_ex+0x3d4/0x520
[   39.290457][  T499]  __should_failslab+0xac/0xf0
[   39.295234][  T499]  ? alloc_pipe_info+0xe7/0x4b0
[   39.300090][  T499]  should_failslab+0x9/0x20
[   39.304620][  T499]  __kmem_cache_alloc_node+0x3d/0x2c0
[   39.310003][  T499]  ? alloc_pipe_info+0xe7/0x4b0
[   39.315914][  T499]  kmalloc_trace+0x29/0xb0
[   39.320354][  T499]  alloc_pipe_info+0xe7/0x4b0
[   39.325044][  T499]  splice_direct_to_actor+0x956/0xb10
[   39.330436][  T499]  ? kstrtouint+0x74/0xe0
[   39.334777][  T499]  ? selinux_file_permission+0x2a5/0x510
[   39.340411][  T499]  ? fsnotify_perm+0x67/0x5b0
[   39.345091][  T499]  ? security_file_permission+0x8a/0xb0
[   39.350635][  T499]  ? __cfi_direct_splice_actor+0x10/0x10
[   39.356268][  T499]  ? __cfi_splice_direct_to_actor+0x10/0x10
[   39.362171][  T499]  ? security_file_permission+0x94/0xb0
[   39.367726][  T499]  ? rw_verify_area+0xa7/0x1c0
[   39.372501][  T499]  do_splice_direct+0x1b3/0x2c0
[   39.377376][  T499]  ? avc_policy_seqno+0x1b/0x70
[   39.382235][  T499]  ? __cfi_do_splice_direct+0x10/0x10
[   39.387612][  T499]  ? security_file_permission+0x94/0xb0
[   39.393179][  T499]  do_sendfile+0x5c6/0xeb0
[   39.397600][  T499]  ? __cfi_vfs_write+0x10/0x10
[   39.402373][  T499]  ? do_preadv+0x330/0x330
[   39.406822][  T499]  ? __kasan_check_write+0x14/0x20
[   39.412040][  T499]  ? fput+0x154/0x1a0
[   39.416059][  T499]  __x64_sys_sendfile64+0x18f/0x1f0
[   39.421293][  T499]  ? __cfi_ksys_write+0x10/0x10
[   39.426178][  T499]  ? __cfi___x64_sys_sendfile64+0x10/0x10
[   39.431907][  T499]  ? fpregs_assert_state_consistent+0xb1/0xe0
[   39.437981][  T499]  x64_sys_call+0x62c/0x9a0
[   39.442505][  T499]  do_syscall_64+0x4c/0xa0
[   39.446931][  T499]  ? clear_bhb_loop+0x30/0x80
[   39.451611][  T499]  ? clear_bhb_loop+0x30/0x80
[   39.456293][  T499]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   39.462213][  T499] RIP: 0033:0x7f5cdcd8e9a9
[   39.466634][  T499] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   39.486334][  T499] RSP: 002b:00007f5cddb9c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[   39.494764][  T499] RAX: ffffffffffffffda RBX: 00007f5cdcfb5fa0 RCX: 00007f5cdcd8e9a9
[   39.502745][  T499] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 000000000000000a
[   39.510729][  T499] RBP: 00007f5cddb9c090 R08: 0000000000000000 R09: 0000000000000000
[   39.518730][  T499] R10: 000000000003ffff R11: 0000000000000246 R12: 0000000000000001
[   39.526706][  T499] R13: 0000000000000000 R14: 00007f5cdcfb5fa0 R15: 00007fff81de9f08
[   39.534689][  T499]  </TASK>
[   39.576873][  T284] EXT4-fs (loop4): unmounting filesystem.
[   39.591062][   T28] audit: type=1400 audit(1753014853.327:189): avc:  denied  { connect } for  pid=493 comm="syz.0.53" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   39.658083][  T508] loop0: detected capacity change from 0 to 2048
[   39.667587][  T509] fido_id[509]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[   39.690303][  T508] EXT4-fs: quotafile must be on filesystem root
[   40.195967][  T521] netlink: 4 bytes leftover after parsing attributes in process `syz.1.59'.
[   42.976110][  T546] loop4: detected capacity change from 0 to 512
[   43.506451][  T548] netlink: 12 bytes leftover after parsing attributes in process `syz.0.65'.
[   43.721906][  T548] loop0: detected capacity change from 0 to 512
[   44.283936][  T546] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   44.295451][  T546] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   44.494402][  T548] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2818: Unable to expand inode 17. Delete some EAs or run e2fsck.
[   44.507709][  T548] EXT4-fs (loop0): 1 truncate cleaned up
[   44.513412][  T548] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   44.523071][  T546] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.66: invalid indirect mapped block 4294967295 (level 1)
[   44.538347][  T546] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.66: invalid indirect mapped block 4294967295 (level 1)
[   44.605152][  T546] EXT4-fs (loop4): 2 truncates cleaned up
[   44.611222][  T546] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[   44.984659][  T546] netlink: 28 bytes leftover after parsing attributes in process `syz.4.66'.
[   44.993559][  T546] netlink: 28 bytes leftover after parsing attributes in process `syz.4.66'.
[   45.017583][  T283] EXT4-fs (loop0): unmounting filesystem.
[   45.156885][  T557] loop2: detected capacity change from 0 to 512
[   45.163964][  T557] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   45.175693][  T557] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   45.216869][  T557] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.67: invalid indirect mapped block 4294967295 (level 1)
[   45.230996][  T557] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.67: invalid indirect mapped block 4294967295 (level 1)
[   45.245438][  T557] EXT4-fs (loop2): 2 truncates cleaned up
[   45.251519][  T557] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[   45.264784][  T557] netlink: 28 bytes leftover after parsing attributes in process `syz.2.67'.
[   45.273677][  T557] netlink: 28 bytes leftover after parsing attributes in process `syz.2.67'.
[   45.283035][   T28] audit: type=1400 audit(1753014859.007:190): avc:  denied  { lock } for  pid=552 comm="syz.2.67" path="/8/file0/file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   45.353477][  T284] EXT4-fs (loop4): unmounting filesystem.
[   45.414271][  T567] syz.0.71[567] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   45.414356][  T567] syz.0.71[567] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   45.454766][  T569] netlink: 'syz.3.72': attribute type 27 has an invalid length.
[   45.476331][  T543] loop1: detected capacity change from 0 to 256
[   45.548994][  T543] FAT-fs (loop1): Directory bread(block 64) failed
[   45.595060][  T543] FAT-fs (loop1): Directory bread(block 65) failed
[   45.605512][   T28] audit: type=1326 audit(1753014859.337:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=568 comm="syz.3.72" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f839978e9a9 code=0x7ffc0000
[   45.619056][  T543] FAT-fs (loop1): Directory bread(block 66) failed
[   45.629047][   T28] audit: type=1326 audit(1753014859.357:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=568 comm="syz.3.72" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f839978e9a9 code=0x7ffc0000
[   45.646314][  T543] FAT-fs (loop1): Directory bread(block 67) failed
[   45.658396][   T28] audit: type=1326 audit(1753014859.357:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=568 comm="syz.3.72" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f839978e9a9 code=0x7ffc0000
[   45.686325][  T543] FAT-fs (loop1): Directory bread(block 68) failed
[   45.696280][  T549] usb 5-1: new full-speed USB device number 3 using dummy_hcd
[   45.706423][  T543] FAT-fs (loop1): Directory bread(block 69) failed
[   45.740576][  T543] FAT-fs (loop1): Directory bread(block 70) failed
[   45.776969][  T543] FAT-fs (loop1): Directory bread(block 71) failed
[   45.855466][  T543] FAT-fs (loop1): Directory bread(block 72) failed
[   45.878267][  T549] usb 5-1: config 17 has an invalid descriptor of length 0, skipping remainder of the config
[   45.906631][  T569] bridge0: port 2(bridge_slave_1) entered disabled state
[   45.914203][  T569] bridge0: port 1(bridge_slave_0) entered disabled state
[   45.929783][  T549] usb 5-1: config 17 has 0 interfaces, different from the descriptor's value: 1
[   45.940688][  T543] FAT-fs (loop1): Directory bread(block 73) failed
[   45.957028][   T28] audit: type=1326 audit(1753014859.357:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=568 comm="syz.3.72" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f839978e9a9 code=0x7ffc0000
[   46.010874][  T549] usb 5-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[   46.164199][  T549] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   46.389724][   T28] audit: type=1326 audit(1753014859.357:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=568 comm="syz.3.72" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f839978e9a9 code=0x7ffc0000
[   46.412896][   T28] audit: type=1326 audit(1753014859.357:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=568 comm="syz.3.72" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f839978e9a9 code=0x7ffc0000
[   46.436031][   T28] audit: type=1326 audit(1753014859.357:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=568 comm="syz.3.72" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f839978e9a9 code=0x7ffc0000
[   46.460328][   T28] audit: type=1326 audit(1753014859.357:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=568 comm="syz.3.72" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f839978e9a9 code=0x7ffc0000
[   46.497833][   T28] audit: type=1326 audit(1753014859.357:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=568 comm="syz.3.72" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f839978e9a9 code=0x7ffc0000
[   46.582409][  T570] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   46.596403][  T579] SELinux:  Context system_u:object_r:dpkg_exec_t:s0 is not valid (left unmapped).
[   46.637973][  T570] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.645112][  T570] bridge0: port 1(bridge_slave_0) entered forwarding state
[   46.722245][  T362] usb 5-1: USB disconnect, device number 3
[   46.735241][  T570] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.742552][  T570] bridge0: port 2(bridge_slave_1) entered forwarding state
[   46.761884][  T570] device veth0_vlan left promiscuous mode
[   46.768458][  T570] device veth0_vlan entered promiscuous mode
[   46.818194][  T570] device veth1_macvtap left promiscuous mode
[   46.827219][  T583] netlink: 4 bytes leftover after parsing attributes in process `syz.1.74'.
[   46.854966][  T570] device veth1_macvtap entered promiscuous mode
[   46.876296][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   46.888074][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   46.907606][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   46.925808][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   46.944310][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   46.962935][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   46.980804][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   46.998339][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   47.015839][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   47.034198][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   47.051565][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   47.070199][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[   47.087101][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   47.105018][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[   47.122431][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   47.140311][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   47.157232][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   47.174655][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   47.191606][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   47.415098][  T570] syz.3.72 (570) used greatest stack depth: 20640 bytes left
[   47.598913][  T596] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   47.608265][  T596] FAT-fs (loop7): unable to read boot sector
[   48.490920][  T553] EXT4-fs error (device loop2): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 5: invalid block bitmap
[   48.681423][  T286] EXT4-fs (loop2): unmounting filesystem.
[   49.016292][  T380] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   49.175895][  T610] netlink: 'syz.4.85': attribute type 27 has an invalid length.
[   49.216264][  T380] usb 1-1: Using ep0 maxpacket: 16
[   49.225403][  T380] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   49.247897][  T380] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   49.259317][  T380] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2c2e, bcdDevice=1a.00
[   49.269162][  T380] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   49.282141][  T380] usb 1-1: config 0 descriptor??
[   49.345969][  T610] bridge0: port 2(bridge_slave_1) entered disabled state
[   49.353878][  T610] bridge0: port 1(bridge_slave_0) entered disabled state
[   49.420921][  T614] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   49.775605][  T614] device veth0_vlan left promiscuous mode
[   49.782198][  T614] device veth0_vlan entered promiscuous mode
[   49.789840][  T614] device veth1_macvtap left promiscuous mode
[   49.797053][  T614] device veth1_macvtap entered promiscuous mode
[   49.803902][  T614] IPv6: ADDRCONF(NETDEV_CHANGE): vcan1: link becomes ready
[   49.853362][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   49.866687][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   49.884422][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   49.893995][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[   49.901184][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[   49.939962][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   49.948543][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   49.956986][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   49.964046][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   49.977127][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   49.985822][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[   49.994299][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   50.002991][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[   50.011312][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   50.019911][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   50.036011][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   50.044778][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   50.053152][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   50.061516][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   50.070173][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   50.078592][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   50.087049][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   50.095582][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   50.103921][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   50.112378][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   50.121312][  T637] netlink: 4 bytes leftover after parsing attributes in process `syz.1.90'.
[   50.121455][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   50.138564][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   50.147460][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   50.155864][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   50.164227][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   50.172312][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   50.180013][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   50.187650][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   50.196060][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   50.204405][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   50.212250][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   50.226946][  T632] netlink: 'syz.3.89': attribute type 27 has an invalid length.
[   50.244682][  T632] bridge0: port 2(bridge_slave_1) entered disabled state
[   50.251946][  T632] bridge0: port 1(bridge_slave_0) entered disabled state
[   50.295818][  T635] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   50.313391][  T635] bridge0: port 1(bridge_slave_0) entered blocking state
[   50.320524][  T635] bridge0: port 1(bridge_slave_0) entered forwarding state
[   50.329140][  T635] bridge0: port 2(bridge_slave_1) entered blocking state
[   50.336284][  T635] bridge0: port 2(bridge_slave_1) entered forwarding state
[   50.355977][  T635] device veth0_vlan left promiscuous mode
[   50.366026][  T635] device veth0_vlan entered promiscuous mode
[   50.375431][  T640] loop2: detected capacity change from 0 to 512
[   50.375438][  T635] device veth1_macvtap left promiscuous mode
[   50.377420][  T635] device veth1_macvtap entered promiscuous mode
[   50.397852][   T28] kauditd_printk_skb: 57 callbacks suppressed
[   50.397865][   T28] audit: type=1326 audit(1753014864.137:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=631 comm="syz.3.89" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f839978e9a9 code=0x7ffc0000
[   50.400543][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   50.410186][   T28] audit: type=1326 audit(1753014864.137:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=631 comm="syz.3.89" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f839978e9a9 code=0x7ffc0000
[   50.433690][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   50.440323][  T640] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[   50.459671][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   50.473042][  T640] ext4 filesystem being mounted at /10/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   50.479093][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   50.505976][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   50.515647][  T286] EXT4-fs (loop2): unmounting filesystem.
[   50.523907][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   50.536806][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   50.548082][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   50.556985][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   50.565663][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   50.575152][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   50.583945][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   50.592621][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   50.601517][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   50.610521][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   51.027814][  T380] usbhid 1-1:0.0: can't add hid device: -71
[   51.035108][  T380] usbhid: probe of 1-1:0.0 failed with error -71
[   51.042954][  T380] usb 1-1: USB disconnect, device number 3
[   51.200369][  T655] 9pnet_fd: Insufficient options for proto=fd
[   51.562696][   T28] audit: type=1400 audit(1753014865.297:259): avc:  denied  { write } for  pid=661 comm="syz.2.97" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   51.660850][   T28] audit: type=1400 audit(1753014865.337:260): avc:  denied  { read append } for  pid=656 comm="syz.3.95" name="file0" dev="tmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[   51.721377][  T380] kernel write not supported for file bpf-prog (pid: 380 comm: kworker/0:4)
[   51.730340][   T28] audit: type=1400 audit(1753014865.337:261): avc:  denied  { open } for  pid=656 comm="syz.3.95" path="/13/file0" dev="tmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[   51.756151][   T28] audit: type=1400 audit(1753014865.347:262): avc:  denied  { ioctl } for  pid=661 comm="syz.2.97" path="socket:[18457]" dev="sockfs" ino=18457 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   51.827263][   T28] audit: type=1400 audit(1753014865.567:263): avc:  denied  { read } for  pid=678 comm="syz.2.103" name="rtc0" dev="devtmpfs" ino=263 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[   51.853329][   T28] audit: type=1400 audit(1753014865.587:264): avc:  denied  { open } for  pid=678 comm="syz.2.103" path="/dev/rtc0" dev="devtmpfs" ino=263 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[   51.919888][   T28] audit: type=1400 audit(1753014865.647:265): avc:  denied  { ioctl } for  pid=678 comm="syz.2.103" path="/dev/rtc0" dev="devtmpfs" ino=263 ioctlcmd=0x7008 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[   51.953244][   T28] audit: type=1400 audit(1753014865.687:266): avc:  denied  { create } for  pid=685 comm="syz.1.104" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   52.044823][  T690] loop2: detected capacity change from 0 to 2048
[   52.063005][  T690] ext4: Unknown parameter 'noacl'
[   52.121401][  T683] kvm: pic: non byte write
[   52.125924][  T683] kvm: pic: non byte write
[   52.130810][  T683] kvm: pic: non byte write
[   52.135425][  T683] kvm: pic: non byte write
[   52.140341][  T683] kvm: pic: non byte write
[   52.144901][  T683] kvm: pic: non byte write
[   52.150384][  T683] kvm: pic: non byte write
[   52.154889][  T683] kvm: pic: non byte write
[   52.159787][  T683] kvm: pic: non byte write
[   52.164400][  T683] kvm: pic: non byte write
[   52.416324][  T362] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   52.541380][  T457] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[   52.637518][  T362] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   52.656377][  T362] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   52.700961][  T707] SELinux: failed to load policy
[   52.716155][  T362] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   52.735608][  T362] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   52.746238][  T457] usb 5-1: Using ep0 maxpacket: 16
[   52.752637][  T457] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 8
[   52.756260][  T362] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   52.780580][  T457] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[   52.800309][  T362] usb 2-1: config 0 descriptor??
[   52.804130][  T711] loop0: detected capacity change from 0 to 2048
[   52.816236][  T457] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   52.829998][  T711] ext4: Unknown parameter 'noacl'
[   52.835149][  T457] usb 5-1: Product: syz
[   52.840170][  T457] usb 5-1: Manufacturer: syz
[   52.845237][  T457] usb 5-1: SerialNumber: syz
[   52.858983][  T457] usb 5-1: config 0 descriptor??
[   52.865088][  T457] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected
[   52.878262][  T457] usb 5-1: Detected FT232R
[   52.917339][  T718] FAULT_INJECTION: forcing a failure.
[   52.917339][  T718] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   52.931236][  T718] CPU: 0 PID: 718 Comm: syz.2.114 Not tainted 6.1.141-syzkaller-00039-g145c7fad733f #0
[   52.940913][  T718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   52.950988][  T718] Call Trace:
[   52.954280][  T718]  <TASK>
[   52.957223][  T718]  __dump_stack+0x21/0x24
[   52.961571][  T718]  dump_stack_lvl+0xee/0x150
[   52.966193][  T718]  ? __cfi_dump_stack_lvl+0x8/0x8
[   52.971242][  T718]  dump_stack+0x15/0x24
[   52.975416][  T718]  should_fail_ex+0x3d4/0x520
[   52.980108][  T718]  should_fail+0xb/0x10
[   52.984283][  T718]  should_fail_usercopy+0x1a/0x20
[   52.989317][  T718]  _copy_to_user+0x1e/0x90
[   52.993744][  T718]  simple_read_from_buffer+0xe9/0x160
[   52.999156][  T718]  proc_fail_nth_read+0x19a/0x210
[   53.004197][  T718]  ? __cfi_proc_fail_nth_read+0x10/0x10
[   53.009763][  T718]  ? security_file_permission+0x94/0xb0
[   53.015426][  T718]  ? __cfi_proc_fail_nth_read+0x10/0x10
[   53.021002][  T718]  vfs_read+0x26e/0x8c0
[   53.025208][  T718]  ? __cfi_vfs_read+0x10/0x10
[   53.029905][  T718]  ? __kasan_check_write+0x14/0x20
[   53.035036][  T718]  ? mutex_lock+0x8d/0x1a0
[   53.039463][  T718]  ? __cfi_mutex_lock+0x10/0x10
[   53.044323][  T718]  ? __fdget_pos+0x2cd/0x380
[   53.048954][  T718]  ? ksys_read+0x71/0x240
[   53.053301][  T718]  ksys_read+0x140/0x240
[   53.057563][  T718]  ? __cfi_ksys_read+0x10/0x10
[   53.062366][  T718]  ? fput+0x154/0x1a0
[   53.066370][  T718]  ? debug_smp_processor_id+0x17/0x20
[   53.071757][  T718]  __x64_sys_read+0x7b/0x90
[   53.076278][  T718]  x64_sys_call+0x2f/0x9a0
[   53.080707][  T718]  do_syscall_64+0x4c/0xa0
[   53.085138][  T718]  ? clear_bhb_loop+0x30/0x80
[   53.089829][  T718]  ? clear_bhb_loop+0x30/0x80
[   53.094610][  T718]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   53.100535][  T718] RIP: 0033:0x7ffbbb18d3bc
[   53.104972][  T718] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   53.124588][  T718] RSP: 002b:00007ffbbc031030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   53.133110][  T718] RAX: ffffffffffffffda RBX: 00007ffbbb3b5fa0 RCX: 00007ffbbb18d3bc
[   53.141093][  T718] RDX: 000000000000000f RSI: 00007ffbbc0310a0 RDI: 0000000000000004
[   53.149118][  T718] RBP: 00007ffbbc031090 R08: 0000000000000000 R09: 0000000000000000
[   53.157096][  T718] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   53.165171][  T718] R13: 0000000000000000 R14: 00007ffbbb3b5fa0 R15: 00007ffeb9b0d1c8
[   53.173160][  T718]  </TASK>
[   53.245185][  T457] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[   53.391416][  T730] 9pnet_fd: Insufficient options for proto=fd
[   53.412003][  T362] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[   53.431589][  T362] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[   53.464603][  T362] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[   53.500156][  T732] cgroup: No subsys list or none specified
[   53.506388][  T362] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[   53.526989][  T362] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[   53.564996][  T362] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[   53.604540][  T362] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[   53.673676][  T457] ftdi_sio 5-1:0.0: GPIO initialisation failed: -5
[   53.680943][  T457] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0
[   53.687039][  T362] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[   53.707840][  T362] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[   53.715350][  T362] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[   53.728240][  T362] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving
[   53.743344][  T549] usb 5-1: USB disconnect, device number 4
[   53.750820][  T362] plantronics 0003:047F:FFFF.0003: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[   53.763712][  T549] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[   53.773730][  T549] ftdi_sio 5-1:0.0: device disconnected
[   53.852286][  T732] loop0: detected capacity change from 0 to 40427
[   53.862361][  T732] F2FS-fs (loop0): Found nat_bits in checkpoint
[   53.891742][  T732] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[   53.904161][  T732] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   53.934408][  T732] netlink: 4 bytes leftover after parsing attributes in process `syz.0.118'.
[   53.970526][  T401] usb 2-1: USB disconnect, device number 2
[   54.207556][  T746] loop2: detected capacity change from 0 to 2048
[   54.215657][  T746] ext4: Unknown parameter 'noacl'
[   54.537149][  T331] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   54.715457][  T283] syz-executor: attempt to access beyond end of device
[   54.715457][  T283] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   54.910730][  T777] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[   54.925078][  T777] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[   54.940009][  T777] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[   55.136333][  T401] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   55.146622][  T774] kvm [773]: vcpu4, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc0010005 data 0x3
[   55.170568][  T786] loop4: detected capacity change from 0 to 512
[   55.201345][  T786] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[   55.243937][  T284] EXT4-fs (loop4): unmounting filesystem.
[   55.268854][  T789] loop4: detected capacity change from 0 to 256
[   55.277043][  T789] exfat: Deprecated parameter 'utf8'
[   55.301573][  T789] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[   55.346542][  T401] usb 2-1: Using ep0 maxpacket: 16
[   55.366937][  T401] usb 2-1: config 1 interface 0 has no altsetting 0
[   55.386122][  T401] usb 2-1: New USB device found, idVendor=0b05, idProduct=18c6, bcdDevice= 0.40
[   55.406699][  T401] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   55.425800][  T401] usb 2-1: Product: syz
[   55.430262][  T401] usb 2-1: Manufacturer: 褂䯯戮蟄몶埐喦騟뻝抖ϊ䱀Ћ⩛玸㈗喺橕꙽ຣ盱韡峡蓮빵徙鑰㣋嘏疁圶鸢嵪⮹ഝ扬ј垠㣚⊆侠俎럟袛䆞╔佫䊖฽준刳
[   55.507853][  T401] usb 2-1: SerialNumber: syz
[   55.622614][  T799] fuse: Bad value for 'fd'
[   55.628812][  T799] serio: Serial port ptm0
[   55.682352][   T28] kauditd_printk_skb: 22 callbacks suppressed
[   55.682453][   T28] audit: type=1326 audit(1753014869.417:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=796 comm="syz.0.137" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f250bd8e9a9 code=0x0
[   55.700814][  T794] loop2: detected capacity change from 0 to 40427
[   55.724997][  T794] F2FS-fs (loop2): invalid crc value
[   55.729710][  T401] usbhid 2-1:1.0: can't add hid device: -71
[   55.733686][  T794] F2FS-fs (loop2): Found nat_bits in checkpoint
[   55.759857][  T401] usbhid: probe of 2-1:1.0 failed with error -71
[   55.803533][  T401] usb 2-1: USB disconnect, device number 3
[   55.825258][  T794] F2FS-fs (loop2): Start checkpoint disabled!
[   55.835680][  T794] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[   55.851191][   T28] audit: type=1400 audit(1753014869.587:290): avc:  denied  { ioctl } for  pid=793 comm="syz.2.136" path="/24/file0/file0" dev="loop2" ino=10 ioctlcmd=0x6619 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   55.876679][  T794] fuse: Bad value for 'fd'
[   55.944833][   T28] audit: type=1400 audit(1753014869.617:291): avc:  denied  { mounton } for  pid=793 comm="syz.2.136" path="/24/file0/file0" dev="loop2" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   56.019620][    T8] kworker/u4:0: attempt to access beyond end of device
[   56.019620][    T8] loop2: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[   56.020045][  T808] loop3: detected capacity change from 0 to 512
[   56.040526][   T28] audit: type=1400 audit(1753014869.727:292): avc:  denied  { setopt } for  pid=807 comm="syz.3.139" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   56.066788][   T28] audit: type=1400 audit(1753014869.727:293): avc:  denied  { read } for  pid=807 comm="syz.3.139" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   56.134380][  T808] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[   56.155654][  T808] ext4 filesystem being mounted at /19/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   56.424439][  T285] EXT4-fs (loop3): unmounting filesystem.
[   56.473395][  T822] loop2: detected capacity change from 0 to 2048
[   56.489081][  T822] ext4: Unknown parameter 'noacl'
[   56.610472][  T832] cgroup: No subsys list or none specified
[   57.677589][  T838] loop1: detected capacity change from 0 to 40427
[   57.705424][  T838] F2FS-fs (loop1): Found nat_bits in checkpoint
[   57.748911][   T28] audit: type=1400 audit(1753014871.487:294): avc:  denied  { read } for  pid=847 comm="syz.2.149" name="loop-control" dev="devtmpfs" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[   57.774370][   T28] audit: type=1400 audit(1753014871.517:295): avc:  denied  { open } for  pid=847 comm="syz.2.149" path="/dev/loop-control" dev="devtmpfs" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[   57.799727][   T28] audit: type=1400 audit(1753014871.517:296): avc:  denied  { ioctl } for  pid=847 comm="syz.2.149" path="/dev/loop-control" dev="devtmpfs" ino=117 ioctlcmd=0x4c80 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[   57.861975][  T838] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[   57.880292][  T838] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   57.891266][   T28] audit: type=1400 audit(1753014871.637:297): avc:  denied  { lock } for  pid=854 comm="syz.2.151" path="socket:[19086]" dev="sockfs" ino=19086 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[   57.972910][  T857] 9pnet_fd: Insufficient options for proto=fd
[   58.023109][  T832] netlink: 4 bytes leftover after parsing attributes in process `syz.1.146'.
[   58.361161][  T858] loop2: detected capacity change from 0 to 32768
[   58.416311][  T858]  loop2: p1 p3 < p5 p6 >
[   58.570323][  T863] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   58.581174][  T863] IPv6: ADDRCONF(NETDEV_CHANGE): vcan1: link becomes ready
[   59.208266][  T282] syz-executor: attempt to access beyond end of device
[   59.208266][  T282] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   59.222548][   T28] audit: type=1400 audit(1753014872.937:298): avc:  denied  { write } for  pid=862 comm="syz.4.153" path="socket:[19095]" dev="sockfs" ino=19095 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   59.428512][  T879] syz.2.159[879] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   59.428592][  T879] syz.2.159[879] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   59.458381][  T881] loop0: detected capacity change from 0 to 2048
[   59.509813][  T881] ext4: Unknown parameter 'noacl'
[   59.596839][  T331] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   60.554087][  T885] loop2: detected capacity change from 0 to 40427
[   60.564991][  T885] F2FS-fs (loop2): fault_injection options not supported
[   60.572169][  T885] F2FS-fs (loop2): heap/no_heap options were deprecated
[   60.579506][  T885] F2FS-fs (loop2): Image doesn't support compression
[   60.587115][  T885] F2FS-fs (loop2): invalid crc value
[   60.588216][  T871] loop4: detected capacity change from 0 to 40427
[   60.614875][  T885] F2FS-fs (loop2): Found nat_bits in checkpoint
[   60.620873][  T871] F2FS-fs (loop4): Unrecognized mount option "whint_mode=user-based" or missing value
[   60.666265][  T885] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   60.863446][  T904] loop4: detected capacity change from 0 to 4096
[   60.949650][  T906] 9pnet_fd: Insufficient options for proto=fd
[   61.193971][  T904] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[   61.267095][  T913] loop2: detected capacity change from 0 to 512
[   61.349256][  T913] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[   61.366351][  T913] ext4 filesystem being mounted at /30/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   61.586722][  T920] incfs: ino conflict with backing FS 1
[   61.676595][  T920] incfs: Unexpected inode type
[   62.019359][  T924] overlayfs: filesystem on './file0' not supported as upperdir
[   63.386479][   T28] audit: type=1400 audit(1753014875.317:299): avc:  denied  { mounton } for  pid=903 comm="syz.4.166" path="/33/file0/file0" dev="loop4" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   63.569472][  T930] loop1: detected capacity change from 0 to 256
[   63.611366][  T930] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   63.641259][   T28] audit: type=1400 audit(1753014875.317:300): avc:  denied  { mount } for  pid=903 comm="syz.4.166" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[   63.684874][  T930] exFAT-fs (loop1): Medium has reported failures. Some data may be lost.
[   63.734505][  T930] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[   63.749580][   T28] audit: type=1400 audit(1753014875.327:301): avc:  denied  { mounton } for  pid=903 comm="syz.4.166" path="/33/file0/file0" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=dir permissive=1
[   63.814962][  T930] Illegal XDP return value 4294967294 on prog  (id 129) dev N/A, expect packet loss!
[   63.872334][   T28] audit: type=1400 audit(1753014875.377:302): avc:  denied  { mounton } for  pid=903 comm="syz.4.166" path="/33/file0/file0" dev="incremental-fs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   63.940514][  T939] loop0: detected capacity change from 0 to 512
[   63.956262][   T28] audit: type=1400 audit(1753014875.377:303): avc:  denied  { getattr } for  pid=903 comm="syz.4.166" name="/" dev="incremental-fs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[   64.016076][  T939] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[   64.035346][  T939] ext4 filesystem being mounted at /44/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   64.046051][   T28] audit: type=1400 audit(1753014875.757:304): avc:  denied  { mounton } for  pid=903 comm="syz.4.166" path="/33/file0/file0" dev="overlay" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   64.070883][  T286] EXT4-fs (loop2): unmounting filesystem.
[   64.078098][   T28] audit: type=1326 audit(1753014877.317:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=929 comm="syz.0.169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f250bd8e9a9 code=0x7ffc0000
[   64.127759][  T946] loop2: detected capacity change from 0 to 2048
[   64.134511][  T946] ext4: Unknown parameter 'noacl'
[   64.139773][   T28] audit: type=1326 audit(1753014877.317:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=929 comm="syz.0.169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f250bd8e9a9 code=0x7ffc0000
[   64.166268][   T28] audit: type=1326 audit(1753014877.317:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=929 comm="syz.0.169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f250bd8e9a9 code=0x7ffc0000
[   64.194512][   T28] audit: type=1326 audit(1753014877.317:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=929 comm="syz.0.169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f250bd8e9a9 code=0x7ffc0000
[   64.214441][  T944] overlayfs: filesystem on './file0' not supported as upperdir
[   64.226803][  T284] EXT4-fs (loop4): unmounting filesystem.
[   64.229709][  T375] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   64.455988][  T959] FAULT_INJECTION: forcing a failure.
[   64.455988][  T959] name failslab, interval 1, probability 0, space 0, times 0
[   64.468769][  T959] CPU: 0 PID: 959 Comm: syz.4.176 Not tainted 6.1.141-syzkaller-00039-g145c7fad733f #0
[   64.478444][  T959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   64.488613][  T959] Call Trace:
[   64.491904][  T959]  <TASK>
[   64.494847][  T959]  __dump_stack+0x21/0x24
[   64.499226][  T959]  dump_stack_lvl+0xee/0x150
[   64.503860][  T959]  ? __cfi_dump_stack_lvl+0x8/0x8
[   64.508917][  T959]  dump_stack+0x15/0x24
[   64.513165][  T959]  should_fail_ex+0x3d4/0x520
[   64.517852][  T959]  ? security_inode_alloc+0x33/0x120
[   64.523150][  T959]  __should_failslab+0xac/0xf0
[   64.527922][  T959]  should_failslab+0x9/0x20
[   64.532441][  T959]  kmem_cache_alloc+0x3b/0x330
[   64.537295][  T959]  ? slab_pre_alloc_hook+0x30/0x1e0
[   64.542508][  T959]  security_inode_alloc+0x33/0x120
[   64.547690][  T959]  inode_init_always+0x6fc/0x960
[   64.552662][  T959]  new_inode_pseudo+0xa2/0x1f0
[   64.557442][  T959]  new_inode+0x28/0x1e0
[   64.561607][  T959]  ? _raw_spin_lock+0x8e/0xe0
[   64.566397][  T959]  shmem_get_inode+0x349/0xc20
[   64.571177][  T959]  __shmem_file_setup+0x113/0x2b0
[   64.576222][  T959]  shmem_file_setup+0x2f/0x40
[   64.581069][  T959]  __se_sys_memfd_create+0x1e6/0x3b0
[   64.586384][  T959]  __x64_sys_memfd_create+0x5b/0x70
[   64.591633][  T959]  x64_sys_call+0x235/0x9a0
[   64.596144][  T959]  do_syscall_64+0x4c/0xa0
[   64.600579][  T959]  ? clear_bhb_loop+0x30/0x80
[   64.605276][  T959]  ? clear_bhb_loop+0x30/0x80
[   64.609977][  T959]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   64.615893][  T959] RIP: 0033:0x7f5cdcd8e9a9
[   64.620312][  T959] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   64.639929][  T959] RSP: 002b:00007f5cddb59e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[   64.648538][  T959] RAX: ffffffffffffffda RBX: 0000000000005505 RCX: 00007f5cdcd8e9a9
[   64.657223][  T959] RDX: 00007f5cddb59ef0 RSI: 0000000000000000 RDI: 00007f5cdce116fc
[   64.665209][  T959] RBP: 0000200000002480 R08: 00007f5cddb59bb7 R09: 00007f5cddb59e40
[   64.673305][  T959] R10: 000000000000000a R11: 0000000000000202 R12: 00002000000000c0
[   64.681291][  T959] R13: 00007f5cddb59ef0 R14: 00007f5cddb59eb0 R15: 0000200000000480
[   64.689274][  T959]  </TASK>
[   66.024994][  T283] EXT4-fs (loop0): unmounting filesystem.
[   66.357500][  T968] overlayfs: missing 'lowerdir'
[   67.233084][  T985] 9pnet_fd: Insufficient options for proto=fd
[   67.246631][  T972] loop2: detected capacity change from 0 to 256
[   67.527783][  T987] loop4: detected capacity change from 0 to 2048
[   67.924448][  T972] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[   68.175940][  T987] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[   68.192681][  T987] FAULT_INJECTION: forcing a failure.
[   68.192681][  T987] name failslab, interval 1, probability 0, space 0, times 0
[   68.205510][  T987] CPU: 1 PID: 987 Comm: syz.4.184 Not tainted 6.1.141-syzkaller-00039-g145c7fad733f #0
[   68.215162][  T987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   68.225237][  T987] Call Trace:
[   68.228529][  T987]  <TASK>
[   68.231475][  T987]  __dump_stack+0x21/0x24
[   68.235835][  T987]  dump_stack_lvl+0xee/0x150
[   68.240453][  T987]  ? __cfi_dump_stack_lvl+0x8/0x8
[   68.245505][  T987]  dump_stack+0x15/0x24
[   68.249684][  T987]  should_fail_ex+0x3d4/0x520
[   68.254388][  T987]  __should_failslab+0xac/0xf0
[   68.259172][  T987]  ? alloc_pipe_info+0xe7/0x4b0
[   68.264045][  T987]  should_failslab+0x9/0x20
[   68.268750][  T987]  __kmem_cache_alloc_node+0x3d/0x2c0
[   68.274160][  T987]  ? _raw_spin_unlock+0x4c/0x70
[   68.279045][  T987]  ? alloc_pipe_info+0xe7/0x4b0
[   68.284003][  T987]  kmalloc_trace+0x29/0xb0
[   68.288659][  T987]  alloc_pipe_info+0xe7/0x4b0
[   68.294019][  T987]  splice_direct_to_actor+0x956/0xb10
[   68.301624][  T987]  ? selinux_file_permission+0x2a5/0x510
[   68.308561][  T987]  ? fsnotify_perm+0x67/0x5b0
[   68.314691][  T987]  ? security_file_permission+0x8a/0xb0
[   68.320449][  T987]  ? __cfi_direct_splice_actor+0x10/0x10
[   68.326161][  T987]  ? __cfi_splice_direct_to_actor+0x10/0x10
[   68.332541][  T987]  ? security_file_permission+0x94/0xb0
[   68.338142][  T987]  ? rw_verify_area+0xa7/0x1c0
[   68.343398][  T987]  do_splice_direct+0x1b3/0x2c0
[   68.348534][  T987]  ? raw_irqentry_exit_cond_resched+0x29/0x30
[   68.354623][  T987]  ? irqentry_exit+0x37/0x40
[   68.359240][  T987]  ? __cfi_do_splice_direct+0x10/0x10
[   68.364669][  T987]  do_sendfile+0x5c6/0xeb0
[   68.369108][  T987]  ? __cfi_vfs_write+0x10/0x10
[   68.373910][  T987]  ? do_preadv+0x330/0x330
[   68.378339][  T987]  ? __kasan_check_write+0x14/0x20
[   68.383478][  T987]  ? fput+0x154/0x1a0
[   68.387462][  T987]  __x64_sys_sendfile64+0x18f/0x1f0
[   68.392682][  T987]  ? __cfi___x64_sys_sendfile64+0x10/0x10
[   68.398420][  T987]  ? fpregs_restore_userregs+0x128/0x260
[   68.404072][  T987]  ? switch_fpu_return+0xe/0x10
[   68.408939][  T987]  x64_sys_call+0x62c/0x9a0
[   68.413479][  T987]  do_syscall_64+0x4c/0xa0
[   68.417899][  T987]  ? clear_bhb_loop+0x30/0x80
[   68.422579][  T987]  ? clear_bhb_loop+0x30/0x80
[   68.427261][  T987]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   68.433156][  T987] RIP: 0033:0x7f5cdcd8e9a9
[   68.437587][  T987] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   68.457215][  T987] RSP: 002b:00007f5cddb5a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[   68.465651][  T987] RAX: ffffffffffffffda RBX: 00007f5cdcfb6160 RCX: 00007f5cdcd8e9a9
[   68.473759][  T987] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 000000000000000a
[   68.481752][  T987] RBP: 00007f5cddb5a090 R08: 0000000000000000 R09: 0000000000000000
[   68.489736][  T987] R10: 000000000003ffff R11: 0000000000000246 R12: 0000000000000001
[   68.498255][  T987] R13: 0000000000000000 R14: 00007f5cdcfb6160 R15: 00007fff81de9f08
[   68.506355][  T987]  </TASK>
[   69.511170][  T999] loop3: detected capacity change from 0 to 512
[   69.606505][  T999] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   69.619934][  T999] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   69.638700][  T284] EXT4-fs (loop4): unmounting filesystem.
[   69.644889][  T999] EXT4-fs (loop3): 1 truncate cleaned up
[   69.651096][  T999] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[   70.197415][ T1004] netlink: 16 bytes leftover after parsing attributes in process `syz.3.185'.
[   70.278581][ T1003] loop2: detected capacity change from 0 to 2048
[   70.334393][ T1003] ext4: Unknown parameter 'noacl'
[   71.234194][  T306] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   71.364904][ T1018] netlink: 4 bytes leftover after parsing attributes in process `syz.0.191'.
[   71.406706][  T457] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[   71.442984][  T285] EXT4-fs (loop3): unmounting filesystem.
[   71.466048][ T1023] overlayfs: empty lowerdir
[   71.471638][   T28] kauditd_printk_skb: 45 callbacks suppressed
[   71.471653][   T28] audit: type=1400 audit(1753014885.217:354): avc:  denied  { load_policy } for  pid=1021 comm="syz.3.193" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[   71.586267][  T457] usb 5-1: device descriptor read/64, error -71
[   71.635634][ T1029] loop1: detected capacity change from 0 to 16
[   71.645242][ T1029] erofs: (device loop1): mounted with root inode @ nid 36.
[   71.764535][ T1033] SELinux:  policydb magic number 0x6572666b does not match expected magic number 0xf97cff8c
[   71.785203][ T1033] SELinux: failed to load policy
[   71.867932][ T1036] 9pnet_fd: Insufficient options for proto=fd
[   72.119487][  T457] usb 5-1: device descriptor read/64, error -71
[   72.361108][ T1040] loop0: detected capacity change from 0 to 256
[   72.451196][ T1040] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[   72.646778][ T1042] netlink: 16 bytes leftover after parsing attributes in process `syz.2.197'.
[   72.672009][ T1042] loop2: detected capacity change from 0 to 2048
[   72.678708][  T457] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[   72.746960][ T1042]  loop2: p1 < > p3
[   72.751951][ T1042] loop2: p3 size 134217728 extends beyond EOD, truncated
[   72.842042][   T28] audit: type=1400 audit(1753014886.577:355): avc:  denied  { mount } for  pid=1046 comm="syz.1.199" name="/" dev="ramfs" ino=19886 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[   72.897046][   T28] audit: type=1400 audit(1753014886.587:356): avc:  denied  { unmount } for  pid=282 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[   73.180899][ T1050] netlink: 'syz.1.200': attribute type 27 has an invalid length.
[   73.203096][  T457] usb 5-1: device descriptor read/64, error -71
[   73.261676][   T28] audit: type=1326 audit(1753014886.997:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1049 comm="syz.1.200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3666f8e9a9 code=0x7ffc0000
[   73.320378][ T1050] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.327761][ T1050] bridge0: port 1(bridge_slave_0) entered disabled state
[   74.200072][ T1064] loop0: detected capacity change from 0 to 40427
[   74.211652][ T1064] F2FS-fs (loop0): Unrecognized mount option "jqfmt=vfsolT" or missing value
[   74.296748][  T457] usb 5-1: device descriptor read/64, error -71
[   74.338706][  T331] I/O error, dev loop0, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   74.446506][  T457] usb usb5-port1: attempt power cycle
[   74.470009][   T28] audit: type=1326 audit(1753014887.027:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1049 comm="syz.1.200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3666f8e9a9 code=0x7ffc0000
[   74.493523][   T28] audit: type=1326 audit(1753014887.027:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1049 comm="syz.1.200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f3666f8e9a9 code=0x7ffc0000
[   74.632257][   T28] audit: type=1326 audit(1753014887.027:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1049 comm="syz.1.200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3666f8e9a9 code=0x7ffc0000
[   74.727510][   T28] audit: type=1326 audit(1753014887.027:361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1049 comm="syz.1.200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3666f8e9a9 code=0x7ffc0000
[   74.750892][   T28] audit: type=1326 audit(1753014887.037:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1049 comm="syz.1.200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3666f8e9a9 code=0x7ffc0000
[   74.774436][   T28] audit: type=1326 audit(1753014887.037:363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1049 comm="syz.1.200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3666f8e9a9 code=0x7ffc0000
[   74.801568][ T1072] loop4: detected capacity change from 0 to 2048
[   74.809015][ T1072] ext4: Unknown parameter 'noacl'
[   74.947844][ T1076] loop3: detected capacity change from 0 to 2048
[   75.177523][ T1076] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[   75.601242][ T1076] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.204: bg 0: block 234: padding at end of block bitmap is not set
[   75.618713][ T1076] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28
[   75.631292][ T1076] EXT4-fs (loop3): This should not happen!! Data will be lost
[   75.631292][ T1076] 
[   75.641179][ T1076] EXT4-fs (loop3): Total free blocks count 0
[   75.746292][ T1076] EXT4-fs (loop3): Free/Dirty block details
[   75.752339][ T1076] EXT4-fs (loop3): free_blocks=0
[   75.757397][ T1076] EXT4-fs (loop3): dirty_blocks=16
[   75.762604][ T1076] EXT4-fs (loop3): Block reservation details
[   75.768773][ T1076] EXT4-fs (loop3): i_reserved_data_blocks=1
[   77.311374][ T1056] IPv6: ADDRCONF(NETDEV_CHANGE): syz_tun: link becomes ready
[   77.330788][ T1087] overlayfs: workdir and upperdir must be separate subtrees
[   77.336057][ T1056] device veth0_vlan left promiscuous mode
[   77.344495][ T1056] device veth0_vlan entered promiscuous mode
[   77.352672][ T1056] device veth1_macvtap left promiscuous mode
[   77.362475][ T1056] device veth1_macvtap entered promiscuous mode
[   77.376291][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   77.386003][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   77.414910][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   77.423241][  T311] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.430349][  T311] bridge0: port 1(bridge_slave_0) entered forwarding state
[   77.438187][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   77.446643][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   77.454977][  T311] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.462098][  T311] bridge0: port 2(bridge_slave_1) entered forwarding state
[   77.475254][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   77.483938][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[   77.492341][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   77.508490][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[   77.517329][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   77.525702][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   77.534169][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   77.543627][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   77.551964][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   77.560468][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   77.624751][ T1097] loop4: detected capacity change from 0 to 16
[   77.632606][ T1097] erofs: (device loop4): mounted with root inode @ nid 36.
[   77.672256][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   77.775985][ T1098] 9pnet_fd: Insufficient options for proto=fd
[   78.612403][  T285] EXT4-fs (loop3): unmounting filesystem.
[   78.628688][   T28] kauditd_printk_skb: 13 callbacks suppressed
[   78.628707][   T28] audit: type=1400 audit(1753014892.367:377): avc:  denied  { ioctl } for  pid=1099 comm="syz.1.210" path="socket:[20011]" dev="sockfs" ino=20011 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   78.660340][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   78.668970][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   78.677563][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   78.685687][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   78.693952][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   78.702064][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   78.710197][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   78.718618][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   78.737698][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   78.754680][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   78.841103][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   78.934086][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   78.949847][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   78.966563][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   79.118276][ T1106] loop3: detected capacity change from 0 to 256
[   79.262757][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   79.270571][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   79.365268][ T1106] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[   79.426717][  T457] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   79.598385][ T1111] Zero length message leads to an empty skb
[   79.624494][ T1111] loop4: detected capacity change from 0 to 512
[   79.667410][   T28] audit: type=1400 audit(1753014893.327:378): avc:  denied  { write } for  pid=1108 comm="syz.4.212" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   79.820250][ T1111] EXT4-fs (loop4): 1 orphan inode deleted
[   79.826321][ T1111] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[   79.841385][ T1111] ext4 filesystem being mounted at /41/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   82.361690][ T1118] netlink: 20 bytes leftover after parsing attributes in process `syz.1.214'.
[   82.373219][  T284] EXT4-fs (loop4): unmounting filesystem.
[   82.416293][ T1118] tipc: Invalid UDP bearer configuration
[   82.416327][ T1118] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[   82.496682][ T1123] FAULT_INJECTION: forcing a failure.
[   82.496682][ T1123] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   82.509992][ T1123] CPU: 0 PID: 1123 Comm: syz.3.213 Not tainted 6.1.141-syzkaller-00039-g145c7fad733f #0
[   82.519829][ T1123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   82.530357][ T1123] Call Trace:
[   82.533676][ T1123]  <TASK>
[   82.537247][ T1123]  __dump_stack+0x21/0x24
[   82.541712][ T1123]  dump_stack_lvl+0xee/0x150
[   82.546524][ T1123]  ? __cfi_dump_stack_lvl+0x8/0x8
[   82.551605][ T1123]  ? finish_task_switch+0x16b/0x7b0
[   82.556828][ T1123]  ? __switch_to_asm+0x3a/0x60
[   82.561963][ T1123]  dump_stack+0x15/0x24
[   82.566175][ T1123]  should_fail_ex+0x3d4/0x520
[   82.570889][ T1123]  should_fail_alloc_page+0x61/0x90
[   82.576197][ T1123]  prepare_alloc_pages+0x148/0x5f0
[   82.581342][ T1123]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   82.586601][ T1123]  ? __kasan_check_read+0x11/0x20
[   82.591652][ T1123]  ? preempt_schedule_irq+0xbb/0x110
[   82.596985][ T1123]  __alloc_pages+0x115/0x3a0
[   82.601596][ T1123]  ? __cfi___alloc_pages+0x10/0x10
[   82.606800][ T1123]  ? shmem_alloc_and_acct_folio+0x19e/0x870
[   82.612815][ T1123]  __folio_alloc+0x12/0x40
[   82.617347][ T1123]  shmem_alloc_and_acct_folio+0x650/0x870
[   82.623085][ T1123]  ? shmem_replace_folio+0x590/0x590
[   82.628390][ T1123]  ? xas_load+0x390/0x3b0
[   82.632740][ T1123]  ? __filemap_get_folio+0x93e/0x980
[   82.638042][ T1123]  ? __cfi___filemap_get_folio+0x10/0x10
[   82.643692][ T1123]  ? release_firmware_map_entry+0x194/0x194
[   82.649687][ T1123]  shmem_get_folio_gfp+0x119f/0x2230
[   82.655015][ T1123]  ? preempt_schedule_irq+0xbb/0x110
[   82.660311][ T1123]  shmem_write_begin+0xea/0x2c0
[   82.665172][ T1123]  generic_perform_write+0x2f6/0x6d0
[   82.670462][ T1123]  ? __cfi_generic_perform_write+0x10/0x10
[   82.676274][ T1123]  ? __cfi_file_update_time+0x10/0x10
[   82.681648][ T1123]  ? release_firmware_map_entry+0x194/0x194
[   82.687554][ T1123]  __generic_file_write_iter+0x227/0x580
[   82.693193][ T1123]  ? __kasan_check_read+0x11/0x20
[   82.698233][ T1123]  ? preempt_schedule_irq+0xbb/0x110
[   82.703521][ T1123]  ? __cfi___generic_file_write_iter+0x10/0x10
[   82.709711][ T1123]  ? raw_irqentry_exit_cond_resched+0x29/0x30
[   82.715783][ T1123]  ? irqentry_exit+0x37/0x40
[   82.720401][ T1123]  ? sysvec_reschedule_ipi+0x78/0x80
[   82.725691][ T1123]  ? asm_sysvec_reschedule_ipi+0x1b/0x20
[   82.731333][ T1123]  generic_file_write_iter+0xae/0x310
[   82.736714][ T1123]  vfs_write+0x5db/0xca0
[   82.740967][ T1123]  ? __cfi_vfs_write+0x10/0x10
[   82.745739][ T1123]  ? __sanitizer_cov_trace_pc+0x1/0x60
[   82.751222][ T1123]  ? __fdget_pos+0x1f2/0x380
[   82.755853][ T1123]  ? ksys_write+0x71/0x240
[   82.760292][ T1123]  ksys_write+0x140/0x240
[   82.764661][ T1123]  ? __cfi_ksys_write+0x10/0x10
[   82.769541][ T1123]  ? __kasan_check_write+0x14/0x20
[   82.774704][ T1123]  ? fpregs_restore_userregs+0x128/0x260
[   82.780353][ T1123]  __x64_sys_write+0x7b/0x90
[   82.784957][ T1123]  x64_sys_call+0x27b/0x9a0
[   82.789560][ T1123]  do_syscall_64+0x4c/0xa0
[   82.793982][ T1123]  ? clear_bhb_loop+0x30/0x80
[   82.798679][ T1123]  ? clear_bhb_loop+0x30/0x80
[   82.803381][ T1123]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   82.809288][ T1123] RIP: 0033:0x7f839978d45f
[   82.813714][ T1123] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   82.833333][ T1123] RSP: 002b:00007f83995bcdf0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   82.841780][ T1123] RAX: ffffffffffffffda RBX: 0000000000002000 RCX: 00007f839978d45f
[   82.849857][ T1123] RDX: 0000000000002000 RSI: 00007f838f7f8000 RDI: 0000000000000007
[   82.857828][ T1123] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000200
[   82.865801][ T1123] R10: 00000000000001c8 R11: 0000000000000293 R12: 0000000000000007
[   82.873779][ T1123] R13: 00007f83995bcef0 R14: 00007f83995bceb0 R15: 00007f838f7f8000
[   82.881765][ T1123]  </TASK>
[   82.889023][   T28] audit: type=1400 audit(1753014896.227:379): avc:  denied  { bind } for  pid=1116 comm="syz.3.213" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   83.116057][   T28] audit: type=1400 audit(1753014896.227:380): avc:  denied  { listen } for  pid=1116 comm="syz.3.213" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   83.136783][  T457] usb 2-1: device not accepting address 4, error -71
[   83.621951][ T1135] loop4: detected capacity change from 0 to 1024
[   83.656904][ T1135] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   83.666138][ T1135] EXT4-fs (loop4): INFO: recovery required on readonly filesystem
[   83.674173][ T1135] EXT4-fs (loop4): write access will be enabled during recovery
[   83.746643][ T1135] JBD2: no valid journal superblock found
[   83.752473][ T1135] EXT4-fs (loop4): error loading journal
[   83.790205][ T1137] loop2: detected capacity change from 0 to 2048
[   83.812310][ T1137] ext4: Unknown parameter 'noacl'
[   84.033587][ T1141] 9pnet_fd: Insufficient options for proto=fd
[   84.336582][ T1115] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[   84.372689][ T1146] loop1: detected capacity change from 0 to 256
[   84.386756][ T1146] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[   84.409246][   T28] audit: type=1400 audit(1753014898.147:381): avc:  denied  { remove_name } for  pid=1143 comm="syz.1.221" name="file2" dev="loop1" ino=1048608 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   84.433532][   T28] audit: type=1400 audit(1753014898.147:382): avc:  denied  { rmdir } for  pid=1143 comm="syz.1.221" name="file2" dev="loop1" ino=1048608 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   84.458183][ T1146] netlink: 24 bytes leftover after parsing attributes in process `syz.1.221'.
[   84.512357][ T1152] loop2: detected capacity change from 0 to 512
[   84.530581][ T1152] EXT4-fs: Ignoring removed mblk_io_submit option
[   84.546493][ T1152] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[   84.556116][ T1152] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem
[   84.565529][ T1152] EXT4-fs (loop2): warning: checktime reached, running e2fsck is recommended
[   84.574997][ T1152] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a043c01c, mo2=0102]
[   84.583156][ T1115] usb 4-1: Using ep0 maxpacket: 32
[   84.588477][ T1152] System zones: 0-2, 18-18, 34-34
[   84.594736][ T1115] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   84.605671][ T1152] EXT4-fs warning (device loop2): ext4_update_dynamic_rev:1087: updating to rev 1 because of new feature flag, running e2fsck is recommended
[   84.605943][ T1115] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   84.621053][ T1152] EXT4-fs (loop2): 1 truncate cleaned up
[   84.630363][ T1115] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[   84.636071][ T1152] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[   84.644848][ T1115] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   84.662688][ T1115] usb 4-1: config 0 descriptor??
[   84.675656][ T1115] hub 4-1:0.0: USB hub found
[   85.408505][ T1115] hub 4-1:0.0: 2 ports detected
[   85.498108][  T286] EXT4-fs (loop2): unmounting filesystem.
[   85.540176][ T1115] hub 4-1:0.0: config failed, can't get hub status (err -5)
[   85.717820][ T1174] netlink: 4 bytes leftover after parsing attributes in process `syz.0.225'.
[   85.730718][ T1170] loop3: detected capacity change from 0 to 128
[   86.132930][ T1179] incfs: Options parsing error. -22
[   86.175149][ T1179] incfs: mount failed -22
[   86.276197][ T1115] usbhid 4-1:0.0: can't add hid device: -71
[   86.486447][ T1115] usbhid: probe of 4-1:0.0 failed with error -71
[   86.636435][ T1115] usb 4-1: USB disconnect, device number 6
[   86.664170][ T1182] xt_l2tp: invalid flags combination: c
[   86.939185][ T1191] loop3: detected capacity change from 0 to 256
[   86.945810][ T1191] exfat: Unknown parameter 'discarB'
[   86.960654][ T1192] loop0: detected capacity change from 0 to 256
[   86.970544][ T1192] FAT-fs (loop0): Unrecognized mount option "shor�name=mixed" or missing value
[   87.474464][  T331] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   88.194349][ T1191] FAULT_INJECTION: forcing a failure.
[   88.194349][ T1191] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   88.207812][ T1191] CPU: 0 PID: 1191 Comm: syz.3.233 Not tainted 6.1.141-syzkaller-00039-g145c7fad733f #0
[   88.217557][ T1191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   88.227635][ T1191] Call Trace:
[   88.230923][ T1191]  <TASK>
[   88.233859][ T1191]  __dump_stack+0x21/0x24
[   88.238207][ T1191]  dump_stack_lvl+0xee/0x150
[   88.242815][ T1191]  ? __cfi_dump_stack_lvl+0x8/0x8
[   88.247859][ T1191]  dump_stack+0x15/0x24
[   88.252028][ T1191]  should_fail_ex+0x3d4/0x520
[   88.256717][ T1191]  should_fail_alloc_page+0x61/0x90
[   88.261921][ T1191]  prepare_alloc_pages+0x148/0x5f0
[   88.267040][ T1191]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   88.272248][ T1191]  ? cgroup_rstat_updated+0xf5/0x370
[   88.277536][ T1191]  __alloc_pages+0x115/0x3a0
[   88.282153][ T1191]  ? __this_cpu_preempt_check+0x13/0x20
[   88.287706][ T1191]  ? __cfi___alloc_pages+0x10/0x10
[   88.292826][ T1191]  __folio_alloc+0x12/0x40
[   88.297252][ T1191]  handle_mm_fault+0x18ef/0x2640
[   88.302212][ T1191]  ? __cfi_handle_mm_fault+0x10/0x10
[   88.307519][ T1191]  ? lock_vma_under_rcu+0x3eb/0x4d0
[   88.312836][ T1191]  do_user_addr_fault+0x905/0x1050
[   88.317999][ T1191]  exc_page_fault+0x51/0xb0
[   88.322534][ T1191]  asm_exc_page_fault+0x27/0x30
[   88.327403][ T1191] RIP: 0033:0x7f8399650ca3
[   88.331831][ T1191] Code: 1f 84 00 00 00 00 00 3d 00 01 00 00 75 29 45 31 f6 48 83 c4 18 44 89 f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 40 00 49 8b 0f <44> 88 34 01 49 83 47 10 01 eb 92 66 90 8d 90 ff fe ff ff 83 fa 1c
[   88.351455][ T1191] RSP: 002b:00007f83995bc4a0 EFLAGS: 00010206
[   88.357530][ T1191] RAX: 0000000000002000 RBX: 00007f83995bc540 RCX: 00007f838f7f8000
[   88.365504][ T1191] RDX: 00007f83995bc6e0 RSI: 0000000000000057 RDI: 00007f83995bc5e0
[   88.373478][ T1191] RBP: 000000000000000c R08: 0000000000000009 R09: 00000000000001b0
[   88.381483][ T1191] R10: 00000000000001ba R11: 00007f83995bc540 R12: 0000000000000001
[   88.389460][ T1191] R13: 00007f839982c7c0 R14: 00000000000000ed R15: 00007f83995bc5e0
[   88.397443][ T1191]  </TASK>
[   88.400734][ T1191] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   88.412466][ T1191] loop3: detected capacity change from 0 to 1024
[   88.419230][ T1191] EXT4-fs: Ignoring removed nobh option
[   88.424803][ T1191] EXT4-fs: Ignoring removed bh option
[   88.539092][ T1201] loop0: detected capacity change from 0 to 512
[   88.610515][ T1191] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[   88.642615][ T1201] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   88.670701][ T1201] EXT4-fs (loop0): orphan cleanup on readonly fs
[   88.686019][ T1201] EXT4-fs error (device loop0): ext4_orphan_get:1426: comm syz.0.234: bad orphan inode 458763
[   88.698513][ T1211] loop1: detected capacity change from 0 to 256
[   88.765750][ T1212] loop2: detected capacity change from 0 to 128
[   88.975194][ T1211] exfat: Unknown parameter 'iocharse'
[   88.993112][ T1201] EXT4-fs (loop0): Remounting filesystem read-only
[   89.000395][ T1201] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   89.026808][ T1201] bridge0: port 2(bridge_slave_1) entered disabled state
[   89.034215][ T1201] bridge0: port 1(bridge_slave_0) entered disabled state
[   89.045087][  T285] EXT4-fs (loop3): unmounting filesystem.
[   89.050944][  T375] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   89.061448][ T1211] loop1: detected capacity change from 0 to 512
[   89.095788][ T1211] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[   89.127275][ T1211] EXT4-fs error (device loop1): ext4_orphan_get:1400: inode #15: comm syz.1.237: casefold flag without casefold feature
[   89.141671][  T283] EXT4-fs (loop0): unmounting filesystem.
[   89.171533][ T1211] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.237: couldn't read orphan inode 15 (err -117)
[   89.187207][ T1211] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   89.286236][   T28] audit: type=1400 audit(1753014903.017:383): avc:  denied  { create } for  pid=1219 comm="syz.3.240" name="#13" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[   89.352104][   T28] audit: type=1400 audit(1753014903.017:384): avc:  denied  { link } for  pid=1219 comm="syz.3.240" name="#13" dev="tmpfs" ino=244 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[   89.382291][   T28] audit: type=1400 audit(1753014903.017:385): avc:  denied  { rename } for  pid=1219 comm="syz.3.240" name="#14" dev="tmpfs" ino=244 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[   89.434772][ T1221] netlink: 4 bytes leftover after parsing attributes in process `syz.0.239'.
[   89.450357][   T28] audit: type=1400 audit(1753014903.147:386): avc:  denied  { write } for  pid=1219 comm="syz.3.240" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[   89.475439][   T28] audit: type=1400 audit(1753014903.147:387): avc:  denied  { open } for  pid=1219 comm="syz.3.240" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[   89.503947][ T1224] syz.1.237[1224] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   89.504397][ T1224] syz.1.237[1224] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   90.250982][  T282] EXT4-fs (loop1): unmounting filesystem.
[   90.314120][ T1226] loop2: detected capacity change from 0 to 40427
[   90.383506][ T1226] F2FS-fs (loop2): Insane cp_payload (553648128 >= 504)
[   90.402192][ T1226] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[   90.424821][ T1226] F2FS-fs (loop2): fault_injection options not supported
[   90.437378][ T1233] netlink: 'syz.1.244': attribute type 27 has an invalid length.
[   90.498753][ T1234] netlink: 4 bytes leftover after parsing attributes in process `syz.0.242'.
[   90.570531][ T1226] F2FS-fs (loop2): fault_type options not supported
[   90.616836][ T1236] netlink: 4 bytes leftover after parsing attributes in process `syz.3.243'.
[   90.771116][ T1226] F2FS-fs (loop2): fault_type options not supported
[   90.909173][ T1226] F2FS-fs (loop2): invalid crc value
[   91.091725][ T1226] F2FS-fs (loop2): Found nat_bits in checkpoint
[   91.117484][   T28] audit: type=1326 audit(1753014904.717:388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1232 comm="syz.1.244" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3666f8e9a9 code=0x7ffc0000
[   91.158248][ T1233] bridge0: port 2(bridge_slave_1) entered disabled state
[   91.165530][ T1233] bridge0: port 1(bridge_slave_0) entered disabled state
[   91.223200][   T28] audit: type=1326 audit(1753014904.887:389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1232 comm="syz.1.244" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3666f8e9a9 code=0x7ffc0000
[   91.370520][   T28] audit: type=1326 audit(1753014905.107:390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1232 comm="syz.1.244" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3666f8e9a9 code=0x7ffc0000
[   91.450816][ T1249] loop3: detected capacity change from 0 to 512
[   91.458494][ T1249] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   91.482912][ T1226] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[   91.491100][ T1249] EXT4-fs (loop3): 1 truncate cleaned up
[   91.496858][ T1249] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[   91.515266][ T1226] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   92.065634][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): syz_tun: link becomes ready
[   92.116321][   T28] audit: type=1326 audit(1753014905.127:391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1232 comm="syz.1.244" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3666f8e9a9 code=0x7ffc0000
[   92.268464][ T1226] syz.2.241: attempt to access beyond end of device
[   92.268464][ T1226] loop2: rw=2049, sector=45096, nr_sectors = 24 limit=40427
[   92.297341][ T1235] device veth0_vlan left promiscuous mode
[   92.316558][ T1235] device veth0_vlan entered promiscuous mode
[   92.344792][ T1235] device veth1_macvtap left promiscuous mode
[   92.351290][   T28] audit: type=1326 audit(1753014905.127:392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1232 comm="syz.1.244" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3666f8e9a9 code=0x7ffc0000
[   92.383994][ T1235] device veth1_macvtap entered promiscuous mode
[   92.392760][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   92.400659][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   92.408193][   T28] audit: type=1326 audit(1753014905.177:393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1232 comm="syz.1.244" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3666f8e9a9 code=0x7ffc0000
[   92.439877][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   92.456885][  T360] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.464005][  T360] bridge0: port 1(bridge_slave_0) entered forwarding state
[   92.480918][   T28] audit: type=1326 audit(1753014905.177:394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1232 comm="syz.1.244" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3666f8e9a9 code=0x7ffc0000
[   92.504710][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   92.513218][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   92.521796][  T360] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.528915][  T360] bridge0: port 2(bridge_slave_1) entered forwarding state
[   92.536739][   T28] audit: type=1326 audit(1753014905.177:395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1232 comm="syz.1.244" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3666f8e9a9 code=0x7ffc0000
[   92.568374][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   92.578163][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[   92.587165][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   92.595422][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[   92.604169][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   92.626747][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   92.636669][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   92.666166][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   92.684437][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   92.694699][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   92.714936][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   92.735122][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   92.755361][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   92.769735][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   92.778211][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   92.800462][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   92.810930][ T1265] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[   92.825502][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   92.834550][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   92.853074][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   92.876764][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   92.920312][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   92.928486][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   92.936556][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   92.944076][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   92.956799][  T285] EXT4-fs (loop3): unmounting filesystem.
[   92.962748][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   92.963024][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   92.963320][  T360] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   93.001066][ T1272] netlink: 'syz.3.251': attribute type 27 has an invalid length.
[   93.362159][ T1272] bridge0: port 2(bridge_slave_1) entered disabled state
[   93.369530][ T1272] bridge0: port 1(bridge_slave_0) entered disabled state
[   93.715769][ T1288] netlink: 4 bytes leftover after parsing attributes in process `syz.4.253'.
[   93.726561][ T1256] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   93.928369][ T1256] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   93.977894][ T1256] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a2, bcdDevice= 0.40
[   94.053455][ T1256] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   94.120281][ T1256] usb 3-1: Product: syz
[   94.134877][ T1274] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   94.153814][ T1256] usb 3-1: Manufacturer: syz
[   94.178782][ T1256] usb 3-1: SerialNumber: syz
[   94.272754][ T1274] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.280401][ T1274] bridge0: port 1(bridge_slave_0) entered forwarding state
[   94.410403][ T1274] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.417549][ T1274] bridge0: port 2(bridge_slave_1) entered forwarding state
[   94.456780][ T1274] device veth0_vlan left promiscuous mode
[   94.463405][ T1274] device veth0_vlan entered promiscuous mode
[   94.474247][ T1256] cdc_subset: probe of 3-1:1.0 failed with error -22
[   94.481284][ T1256] cdc_ncm 3-1:1.0: NCM or ECM functional descriptors missing
[   94.489869][ T1256] cdc_ncm 3-1:1.0: bind() failure
[   94.497462][ T1256] cdc_subset: probe of 3-1:1.1 failed with error -22
[   94.504359][ T1256] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[   94.511397][ T1256] cdc_ncm 3-1:1.1: bind() failure
[   94.518786][ T1274] device veth1_macvtap left promiscuous mode
[   94.540456][ T1274] device veth1_macvtap entered promiscuous mode
[   94.556150][ T1259] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   94.564383][   T28] kauditd_printk_skb: 28 callbacks suppressed
[   94.564398][   T28] audit: type=1326 audit(1753014908.297:424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1271 comm="syz.3.251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f839978e9a9 code=0x7ffc0000
[   94.599218][   T28] audit: type=1326 audit(1753014908.337:425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1271 comm="syz.3.251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f839978e9a9 code=0x7ffc0000
[   94.613287][ T1259] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   94.631926][ T1259] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   94.660468][ T1259] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   94.686811][ T1259] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   94.695466][ T1259] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   94.716684][ T1259] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   94.729429][ T1259] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   94.745722][ T1259] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   94.754681][ T1259] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   94.763425][ T1259] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   94.772062][ T1259] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   94.783164][ T1259] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   94.791907][ T1259] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   94.800577][ T1259] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   95.631797][ T1308] loop1: detected capacity change from 0 to 256
[   95.641021][ T1308] exfat: Deprecated parameter 'utf8'
[   95.646626][ T1308] exfat: Deprecated parameter 'utf8'
[   95.710207][   T28] audit: type=1400 audit(1753014909.277:426): avc:  denied  { bind } for  pid=1304 comm="syz.1.257" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   95.733465][ T1308] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x23a77120, utbl_chksum : 0xe619d30d)
[   95.961612][  T359] usb 3-1: USB disconnect, device number 3
[   96.031272][ T1318] 9pnet_fd: Insufficient options for proto=fd
[   96.302776][ T1320] loop2: detected capacity change from 0 to 512
[   96.310126][ T1320] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   96.320472][  T401] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[   96.342755][ T1320] EXT4-fs (loop2): 1 truncate cleaned up
[   96.348605][ T1320] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[   97.046815][  T401] usb 4-1: Using ep0 maxpacket: 16
[   97.053632][  T401] usb 4-1: config 1 has an invalid interface number: 105 but max is 0
[   97.074035][  T401] usb 4-1: config 1 has no interface number 0
[   97.081395][  T401] usb 4-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[   97.092346][  T401] usb 4-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[   97.102689][  T401] usb 4-1: config 1 interface 105 has no altsetting 0
[   97.116898][  T401] usb 4-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[   97.576258][   T19] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   97.656247][  T457] usb 2-1: new full-speed USB device number 6 using dummy_hcd
[   97.776275][   T19] usb 1-1: Using ep0 maxpacket: 16
[   97.782618][   T19] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 64, changing to 7
[   97.793822][   T19] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[   97.805382][   T19] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   97.814726][   T19] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   97.822967][   T19] usb 1-1: Product: syz
[   97.827555][   T19] usb 1-1: Manufacturer: syz
[   97.832166][   T19] usb 1-1: SerialNumber: syz
[   97.867475][  T457] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   97.877819][  T457] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[   97.884122][  T401] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   97.899197][  T401] usb 4-1: Product: syz
[   97.899905][  T286] EXT4-fs (loop2): unmounting filesystem.
[   97.903557][  T401] usb 4-1: Manufacturer: syz
[   97.913845][  T401] usb 4-1: SerialNumber: syz
[   97.916800][  T457] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   97.921723][ T1313] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[   97.936393][  T457] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[   97.946156][ T1313] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[   97.963056][   T28] audit: type=1326 audit(1753014911.697:427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1331 comm="syz.4.264" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5cdcd8e9a9 code=0x0
[   97.985901][  T457] usb 2-1: SerialNumber: syz
[   98.046961][   T19] usb 1-1: 2:1 : UAC_AS_GENERAL descriptor not found
[   98.056808][   T19] usb 1-1: 5:0: failed to get current value for ch 0 (-22)
[   98.071045][   T19] usb 1-1: USB disconnect, device number 4
[   98.082677][  T331] udevd[331]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[   98.158299][ T1313] loop3: detected capacity change from 0 to 256
[   98.167942][ T1313] exFAT-fs (loop3): Invalid boot checksum (boot checksum : 0xff19abd0, checksum : 0x1119abd0)
[   98.178425][ T1313] exFAT-fs (loop3): invalid boot region
[   98.184015][ T1313] exFAT-fs (loop3): failed to recognize exfat type
[   98.194000][   T28] audit: type=1400 audit(1753014911.937:428): avc:  denied  { write } for  pid=1322 comm="syz.1.262" name="rtc0" dev="devtmpfs" ino=263 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[   98.246492][  T457] usb 2-1: USB disconnect, device number 6
[   98.438509][ T1313] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[   98.446450][ T1313] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[   98.564456][ T1339] 9pnet_fd: Insufficient options for proto=fd
[   98.619145][ T1341] loop0: detected capacity change from 0 to 256
[   98.628837][ T1341] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3ec, utbl_chksum : 0xe619d30d)
[   98.647518][   T28] audit: type=1400 audit(1753014912.387:429): avc:  denied  { bind } for  pid=1340 comm="syz.0.266" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   98.667154][   T28] audit: type=1400 audit(1753014912.387:430): avc:  denied  { name_bind } for  pid=1340 comm="syz.0.266" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1
[   98.688190][   T28] audit: type=1400 audit(1753014912.387:431): avc:  denied  { node_bind } for  pid=1340 comm="syz.0.266" saddr=::ffff:224.0.0.2 src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1
[   98.751841][   T28] audit: type=1400 audit(1753014912.487:432): avc:  denied  { mounton } for  pid=1340 comm="syz.0.266" path="/65/file1/file1" dev="loop0" ino=1048613 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   99.263724][ T1355] loop1: detected capacity change from 0 to 256
[   99.415048][ T1360] loop4: detected capacity change from 0 to 1024
[   99.429074][ T1360] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   99.441074][ T1360] EXT4-fs (loop4): INFO: recovery required on readonly filesystem
[   99.449023][ T1360] EXT4-fs (loop4): write access will be enabled during recovery
[   99.459667][ T1360] JBD2: no valid journal superblock found
[   99.465517][ T1360] EXT4-fs (loop4): error loading journal
[   99.500417][ T1355] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d)
[   99.625920][ T1361] af_packet: tpacket_rcv: packet too big, clamped from 122 to 4294967286. macoff=82
[  100.266768][ T1364] loop1: detected capacity change from 0 to 2048
[  100.319305][ T1364] ext4: Unknown parameter 'noacl'
[  101.419630][ T1376] FAULT_INJECTION: forcing a failure.
[  101.419630][ T1376] name failslab, interval 1, probability 0, space 0, times 0
[  101.438605][ T1376] CPU: 1 PID: 1376 Comm: syz.4.277 Not tainted 6.1.141-syzkaller-00039-g145c7fad733f #0
[  101.448401][ T1376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  101.458467][ T1376] Call Trace:
[  101.461778][ T1376]  <TASK>
[  101.464712][ T1376]  __dump_stack+0x21/0x24
[  101.469057][ T1376]  dump_stack_lvl+0xee/0x150
[  101.473666][ T1376]  ? __cfi_dump_stack_lvl+0x8/0x8
[  101.478748][ T1376]  dump_stack+0x15/0x24
[  101.482938][ T1376]  should_fail_ex+0x3d4/0x520
[  101.487691][ T1376]  __should_failslab+0xac/0xf0
[  101.492560][ T1376]  ? legacy_init_fs_context+0x51/0xb0
[  101.497955][ T1376]  should_failslab+0x9/0x20
[  101.502478][ T1376]  __kmem_cache_alloc_node+0x3d/0x2c0
[  101.507867][ T1376]  ? alloc_fs_context+0x64/0x7b0
[  101.512816][ T1376]  ? legacy_init_fs_context+0x51/0xb0
[  101.518198][ T1376]  kmalloc_trace+0x29/0xb0
[  101.522638][ T1376]  legacy_init_fs_context+0x51/0xb0
[  101.527845][ T1376]  alloc_fs_context+0x631/0x7b0
[  101.532702][ T1376]  fs_context_for_mount+0x22/0x30
[  101.537734][ T1376]  do_new_mount+0x122/0xa20
[  101.542244][ T1376]  path_mount+0x675/0x1010
[  101.546696][ T1376]  ? user_path_at_empty+0x161/0x1c0
[  101.551896][ T1376]  __se_sys_mount+0x318/0x380
[  101.556580][ T1376]  ? __x64_sys_mount+0xd0/0xd0
[  101.561353][ T1376]  ? __cfi_ksys_write+0x10/0x10
[  101.566221][ T1376]  __x64_sys_mount+0xbf/0xd0
[  101.570832][ T1376]  x64_sys_call+0x65d/0x9a0
[  101.575352][ T1376]  do_syscall_64+0x4c/0xa0
[  101.579775][ T1376]  ? clear_bhb_loop+0x30/0x80
[  101.584459][ T1376]  ? clear_bhb_loop+0x30/0x80
[  101.589143][ T1376]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  101.595043][ T1376] RIP: 0033:0x7f5cdcd8e9a9
[  101.599460][ T1376] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  101.619070][ T1376] RSP: 002b:00007f5cddb9c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  101.627496][ T1376] RAX: ffffffffffffffda RBX: 00007f5cdcfb5fa0 RCX: 00007f5cdcd8e9a9
[  101.635472][ T1376] RDX: 0000200000000b80 RSI: 0000200000000040 RDI: 0000000000000000
[  101.643535][ T1376] RBP: 00007f5cddb9c090 R08: 0000200000000580 R09: 0000000000000000
[  101.651691][ T1376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  101.660552][ T1376] R13: 0000000000000000 R14: 00007f5cdcfb5fa0 R15: 00007fff81de9f08
[  101.668538][ T1376]  </TASK>
[  101.673718][ T1379] loop2: detected capacity change from 0 to 256
[  101.680432][ T1379] exfat: Unknown parameter 'discarB'
[  101.683094][  T401] aqc111 4-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71
[  101.726493][  T331] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  101.736508][ T1379] FAULT_INJECTION: forcing a failure.
[  101.736508][ T1379] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  101.738109][  T401] aqc111 4-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71
[  101.749814][ T1379] CPU: 0 PID: 1379 Comm: syz.2.273 Not tainted 6.1.141-syzkaller-00039-g145c7fad733f #0
[  101.749851][ T1379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  101.749864][ T1379] Call Trace:
[  101.749870][ T1379]  <TASK>
[  101.749879][ T1379]  __dump_stack+0x21/0x24
[  101.749913][ T1379]  dump_stack_lvl+0xee/0x150
[  101.749942][ T1379]  ? __cfi_dump_stack_lvl+0x8/0x8
[  101.749972][ T1379]  ? folio_add_lru+0x260/0x390
[  101.776365][  T401] aqc111 4-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71
[  101.780429][ T1379]  dump_stack+0x15/0x24
[  101.780466][ T1379]  should_fail_ex+0x3d4/0x520
[  101.780490][ T1379]  should_fail_alloc_page+0x61/0x90
[  101.780513][ T1379]  prepare_alloc_pages+0x148/0x5f0
[  101.780539][ T1379]  ? __alloc_pages_bulk+0x9c0/0x9c0
[  101.780565][ T1379]  __alloc_pages+0x115/0x3a0
[  101.780589][ T1379]  ? __cfi___alloc_pages+0x10/0x10
[  101.780616][ T1379]  __folio_alloc+0x12/0x40
[  101.854499][ T1379]  handle_mm_fault+0x18ef/0x2640
[  101.859466][ T1379]  ? __cfi_handle_mm_fault+0x10/0x10
[  101.864767][ T1379]  ? lock_vma_under_rcu+0x3eb/0x4d0
[  101.869983][ T1379]  do_user_addr_fault+0x905/0x1050
[  101.875108][ T1379]  exc_page_fault+0x51/0xb0
[  101.879619][ T1379]  asm_exc_page_fault+0x27/0x30
[  101.884480][ T1379] RIP: 0033:0x7ffbbb050d50
[  101.888899][ T1379] Code: 39 4f 08 72 4c 8d 4d ff 85 ed 74 33 66 0f 1f 44 00 00 48 39 f0 72 1b 4d 8b 07 49 89 c1 49 29 f1 47 0f b6 0c 08 45 84 c9 74 08 <45> 88 0c 00 49 8b 47 10 48 83 c0 01 49 89 47 10 83 e9 01 73 d3 41
[  101.908608][ T1379] RSP: 002b:00007ffbbc00f4a0 EFLAGS: 00010286
[  101.914683][ T1379] RAX: 0000000000001000 RBX: 00007ffbbc00f540 RCX: 0000000000000001
[  101.922655][ T1379] RDX: 0000000000000001 RSI: 0000000000000001 RDI: 00007ffbbc00f5e0
[  101.930628][ T1379] RBP: 00000000000000f7 R08: 00007ffbb11f8000 R09: 00000000000000ff
[  101.938603][ T1379] R10: 0000000000000000 R11: 00007ffbbc00f550 R12: 0000000000000001
[  101.946588][ T1379] R13: 00007ffbbb22c7c0 R14: 0000000000000000 R15: 00007ffbbc00f5e0
[  101.954566][ T1379]  </TASK>
[  101.957951][ T1379] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  101.969449][ T1379] loop2: detected capacity change from 0 to 1024
[  101.976152][ T1379] EXT4-fs: Ignoring removed nobh option
[  101.981393][  T401] aqc111 4-1:1.105 eth1: register 'aqc111' at usb-dummy_hcd.3-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, 8a:b5:c9:1f:1a:b2
[  101.981917][ T1379] EXT4-fs: Ignoring removed bh option
[  101.998413][  T401] usb 4-1: USB disconnect, device number 7
[  102.062723][ T1382] device bridge_slave_1 left promiscuous mode
[  102.069031][ T1382] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.077262][ T1382] device bridge_slave_0 left promiscuous mode
[  102.083735][ T1382] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.084189][   T28] audit: type=1400 audit(1753014915.817:433): avc:  denied  { read } for  pid=141 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1
[  102.115620][  T401] aqc111 4-1:1.105 eth1: unregister 'aqc111' usb-dummy_hcd.3-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter
[  102.129642][ T1379] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  103.265220][  T401] aqc111 4-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  103.276860][  T401] aqc111 4-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  103.277414][  T286] EXT4-fs (loop2): unmounting filesystem.
[  103.286324][  T401] aqc111 4-1:1.105 eth1 (unregistered): Failed to write(0x61) reg index 0x0000: -19
[  103.323642][   T28] audit: type=1400 audit(1753014917.057:434): avc:  denied  { create } for  pid=1400 comm="syz.1.282" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1
[  103.346881][ T1402] serio: Serial port ttyS3
[  103.384847][ T1405] overlayfs: missing 'lowerdir'
[  103.428701][   T28] audit: type=1400 audit(1753014917.167:435): avc:  denied  { bind } for  pid=1411 comm="syz.2.287" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  103.510573][ T1419] netlink: 4 bytes leftover after parsing attributes in process `syz.3.289'.
[  103.530613][   T28] audit: type=1400 audit(1753014917.247:436): avc:  denied  { read } for  pid=1417 comm="syz.3.289" name="usbmon0" dev="devtmpfs" ino=159 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  103.554296][   T28] audit: type=1400 audit(1753014917.247:437): avc:  denied  { open } for  pid=1417 comm="syz.3.289" path="/dev/usbmon0" dev="devtmpfs" ino=159 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  103.924144][  T380] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  103.996280][   T19] usb 3-1: new low-speed USB device number 4 using dummy_hcd
[  104.106249][  T380] usb 1-1: Using ep0 maxpacket: 32
[  104.112683][  T380] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  104.124145][  T380] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  104.134043][  T380] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  104.149378][  T380] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  104.161777][  T380] usb 1-1: config 0 descriptor??
[  104.168357][  T380] hub 1-1:0.0: USB hub found
[  104.176431][   T19] usb 3-1: Invalid ep0 maxpacket: 16
[  104.216544][ T1085] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  104.329439][   T19] usb 3-1: new low-speed USB device number 5 using dummy_hcd
[  104.370161][  T380] hub 1-1:0.0: config failed, can't read hub descriptor (err -22)
[  104.396841][  T380] usbhid 1-1:0.0: can't add hid device: -71
[  104.402830][  T380] usbhid: probe of 1-1:0.0 failed with error -71
[  104.436297][ T1085] usb 4-1: Using ep0 maxpacket: 8
[  104.442779][ T1085] usb 4-1: config 0 has an invalid interface number: 255 but max is 0
[  104.451801][  T380] usb 1-1: USB disconnect, device number 5
[  104.458437][ T1085] usb 4-1: config 0 has no interface number 0
[  104.465197][ T1085] usb 4-1: New USB device found, idVendor=0403, idProduct=da73, bcdDevice= 8.d0
[  104.476805][ T1085] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  104.487807][ T1085] usb 4-1: config 0 descriptor??
[  104.494469][ T1085] usb 4-1: NDI device with a latency value of 1
[  104.508979][ T1432] loop1: detected capacity change from 0 to 40427
[  104.516021][ T1432] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  104.524070][ T1432] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  104.536241][   T19] usb 3-1: Invalid ep0 maxpacket: 16
[  104.551929][   T19] usb usb3-port1: attempt power cycle
[  104.599241][ T1432] F2FS-fs (loop1): Found nat_bits in checkpoint
[  104.633972][ T1432] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  104.641174][ T1432] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  104.694990][ T1425] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  104.706995][   T28] audit: type=1400 audit(1753014918.447:438): avc:  denied  { write } for  pid=1431 comm="syz.1.293" path="/64/file0/bus" dev="loop1" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  104.731008][ T1425] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  104.739123][ T1432] syz.1.293: attempt to access beyond end of device
[  104.739123][ T1432] loop1: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  104.754768][ T1085] ftdi_sio 4-1:0.255: FTDI USB Serial Device converter detected
[  104.758939][ T1440] loop4: detected capacity change from 0 to 1024
[  104.763315][ T1085] ftdi_sio ttyUSB0: unknown device type: 0x8d0
[  104.771089][   T28] audit: type=1400 audit(1753014918.487:439): avc:  denied  { ioctl } for  pid=1431 comm="syz.1.293" path="/64/file0/bus" dev="loop1" ino=10 ioctlcmd=0xf50d scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  104.779809][ T1085] usb 4-1: USB disconnect, device number 8
[  104.819819][ T1440] SELinux: security_context_str_to_sid (root) failed with errno=-22
[  104.825449][ T1085] ftdi_sio 4-1:0.255: device disconnected
[  104.936066][   T28] audit: type=1400 audit(1753014918.667:440): avc:  denied  { listen } for  pid=1442 comm="syz.0.295" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  104.966240][   T19] usb 3-1: new low-speed USB device number 6 using dummy_hcd
[  104.969375][   T28] audit: type=1400 audit(1753014918.697:441): avc:  denied  { accept } for  pid=1442 comm="syz.0.295" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  105.006795][   T19] usb 3-1: Invalid ep0 maxpacket: 16
[  105.023856][ T1445] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  105.144545][ T1450] loop0: detected capacity change from 0 to 256
[  105.156439][   T19] usb 3-1: new low-speed USB device number 7 using dummy_hcd
[  105.167548][ T1450] exfat: Deprecated parameter 'utf8'
[  105.177362][ T1450] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xbe649ead, utbl_chksum : 0xe619d30d)
[  105.197840][   T19] usb 3-1: Invalid ep0 maxpacket: 16
[  105.208505][   T19] usb usb3-port1: unable to enumerate USB device
[  105.220193][   T28] audit: type=1400 audit(1753014918.957:442): avc:  denied  { map } for  pid=1449 comm="syz.0.299" path="/74/file1/cpu.stat" dev="loop0" ino=1048614 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  105.322605][ T1452] tmpfs: Unknown parameter 'qu'
[  105.403189][ T1456] loop1: detected capacity change from 0 to 2048
[  105.449607][ T1456]  loop1: p1 < > p3
[  105.458667][ T1456] loop1: p3 size 134217728 extends beyond EOD, truncated
[  105.504363][  T102]  loop1: p1 < > p3
[  105.509027][  T102] loop1: p3 size 134217728 extends beyond EOD, truncated
[  105.713136][ T1475] 9pnet_fd: Insufficient options for proto=fd
[  105.746336][  T401] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  105.973151][ T1478] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  105.996358][  T401] usb 5-1: Using ep0 maxpacket: 8
[  106.012550][  T401] usb 5-1: config 0 has an invalid interface number: 255 but max is 0
[  106.023955][  T401] usb 5-1: config 0 has no interface number 0
[  106.043649][  T401] usb 5-1: New USB device found, idVendor=0403, idProduct=da73, bcdDevice= 8.d0
[  106.053640][  T401] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  106.072258][  T401] usb 5-1: config 0 descriptor??
[  106.087955][  T401] usb 5-1: NDI device with a latency value of 1
[  106.287799][ T1465] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  106.296405][ T1465] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  106.305649][  T401] ftdi_sio 5-1:0.255: FTDI USB Serial Device converter detected
[  106.315287][  T401] ftdi_sio ttyUSB0: unknown device type: 0x8d0
[  106.330132][  T401] usb 5-1: USB disconnect, device number 8
[  106.367821][  T401] ftdi_sio 5-1:0.255: device disconnected
[  106.777481][ T1489] loop0: detected capacity change from 0 to 16
[  108.619547][ T1491] loop2: detected capacity change from 0 to 512
[  108.646295][   T28] audit: type=1400 audit(1753014920.497:443): avc:  denied  { getopt } for  pid=1484 comm="syz.0.312" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  108.669433][ T1489] erofs: (device loop0): mounted with root inode @ nid 36.
[  109.393100][ T1491] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  109.402410][ T1491] ext4 filesystem being mounted at /56/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  109.731426][  T286] EXT4-fs (loop2): unmounting filesystem.
[  110.534968][ T1516] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  110.621417][   T28] audit: type=1400 audit(1753014924.357:444): avc:  denied  { connect } for  pid=1509 comm="syz.2.318" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  110.895222][ T1526] Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored.
[  110.900399][ T1527] loop4: detected capacity change from 0 to 16
[  110.946337][ T1527] erofs: (device loop4): mounted with root inode @ nid 36.
[  111.032228][ T1533] loop2: detected capacity change from 0 to 512
[  111.036718][ T1527] erofs: (device loop4): z_erofs_readahead: readahead error at page 12 @ nid 36
[  111.057435][ T1527] erofs: (device loop4): z_erofs_readahead: readahead error at page 9 @ nid 36
[  111.066673][ T1533] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended
[  111.075862][ T1527] erofs: (device loop4): z_erofs_readahead: readahead error at page 8 @ nid 36
[  111.085715][ T1527] erofs: (device loop4): z_erofs_pcluster_readmore: readmore error at page 8 @ nid 36
[  111.095401][ T1533] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006]
[  111.103785][ T1533] System zones: 0-2, 18-18, 34-35
[  111.109632][ T1533] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  111.118380][ T1527] syz.4.324: attempt to access beyond end of device
[  111.118380][ T1527] loop4: rw=524288, sector=67108872, nr_sectors = 16 limit=16
[  111.132918][ T1527] syz.4.324: attempt to access beyond end of device
[  111.132918][ T1527] loop4: rw=524288, sector=720, nr_sectors = 8 limit=16
[  111.148108][ T1539] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -32 in[46, 4050] out[4096]
[  111.234939][ T1530] loop3: detected capacity change from 0 to 40427
[  111.248077][   T28] audit: type=1400 audit(1753014924.987:445): avc:  denied  { write } for  pid=1541 comm="syz.4.327" name="ppp" dev="devtmpfs" ino=158 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  111.277553][ T1542] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=1542 comm=syz.4.327
[  111.292657][   T28] audit: type=1400 audit(1753014925.027:446): avc:  denied  { ioctl } for  pid=1541 comm="syz.4.327" path="/dev/ppp" dev="devtmpfs" ino=158 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  111.317783][   T19] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  111.329935][ T1530] F2FS-fs (loop3): invalid crc value
[  111.356776][ T1530] F2FS-fs (loop3): Found nat_bits in checkpoint
[  111.473076][ T1546] netlink: 165 bytes leftover after parsing attributes in process `syz.2.326'.
[  111.530450][ T1530] F2FS-fs (loop3): Start checkpoint disabled!
[  111.606137][ T1530] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  111.714500][   T19] usb 2-1: Using ep0 maxpacket: 8
[  111.726444][   T19] usb 2-1: config 0 has an invalid interface number: 255 but max is 0
[  111.734708][   T19] usb 2-1: config 0 has no interface number 0
[  111.752884][   T19] usb 2-1: New USB device found, idVendor=0403, idProduct=da73, bcdDevice= 8.d0
[  111.772654][   T19] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  111.789304][ T1549] loop4: detected capacity change from 0 to 1024
[  111.803530][   T19] usb 2-1: config 0 descriptor??
[  111.820365][   T19] usb 2-1: NDI device with a latency value of 1
[  111.820724][ T1549] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  111.922576][ T1549] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3841: comm syz.4.328: Allocating blocks 497-513 which overlap fs metadata
[  111.956877][ T1549] EXT4-fs (loop4): pa ffff888112d983f0: logic 256, phys. 385, len 8
[  111.965009][ T1549] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
[  111.985248][ T1517] F2FS-fs (loop3): ino:10, start:0, end:8192, need to trigger GC to reclaim enough free segment when checkpoint is enabled
[  111.999693][  T286] EXT4-fs (loop2): unmounting filesystem.
[  112.020213][ T1534] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  112.036764][ T1534] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  112.040841][   T28] audit: type=1400 audit(1753014925.777:447): avc:  denied  { map } for  pid=1548 comm="syz.4.328" path="/61/file1/memory.stat" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  112.056768][   T19] ftdi_sio 2-1:0.255: FTDI USB Serial Device converter detected
[  112.075946][   T19] ftdi_sio ttyUSB0: unknown device type: 0x8d0
[  112.090161][   T19] usb 2-1: USB disconnect, device number 7
[  112.096638][   T19] ftdi_sio 2-1:0.255: device disconnected
[  112.097734][ T1554] netlink: 36 bytes leftover after parsing attributes in process `syz.2.329'.
[  112.126732][ T1557] netlink: 'syz.0.330': attribute type 27 has an invalid length.
[  112.136375][   T28] audit: type=1400 audit(1753014925.837:448): avc:  denied  { create } for  pid=1553 comm="syz.2.329" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  112.137869][  T311] kworker/u4:4: attempt to access beyond end of device
[  112.137869][  T311] loop3: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  112.155902][   T28] audit: type=1400 audit(1753014925.857:449): avc:  denied  { mounton } for  pid=1548 comm="syz.4.328" path="/61/file1/bus" dev="loop4" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  112.188073][  T284] ==================================================================
[  112.196606][   T28] audit: type=1400 audit(1753014925.857:450): avc:  denied  { append } for  pid=1548 comm="syz.4.328" name="loop4" dev="devtmpfs" ino=122 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  112.200396][  T284] BUG: KASAN: use-after-free in ext4_ext_remove_space+0x2f43/0x3fb0
[  112.224122][   T28] audit: type=1400 audit(1753014925.917:451): avc:  denied  { write } for  pid=1553 comm="syz.2.329" name="file2" dev="tmpfs" ino=419 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  112.231801][  T284] Read of size 4 at addr ffff88814664ddb8 by task syz-executor/284
[  112.231820][  T284] 
[  112.231827][  T284] CPU: 1 PID: 284 Comm: syz-executor Not tainted 6.1.141-syzkaller-00039-g145c7fad733f #0
[  112.254307][   T28] audit: type=1400 audit(1753014925.917:452): avc:  denied  { ioctl } for  pid=1553 comm="syz.2.329" path="/59/file2" dev="tmpfs" ino=419 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  112.261834][  T284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  112.261848][  T284] Call Trace:
[  112.261854][  T284]  <TASK>
[  112.261861][  T284]  __dump_stack+0x21/0x24
[  112.261895][  T284]  dump_stack_lvl+0xee/0x150
[  112.261923][  T284]  ? __cfi_dump_stack_lvl+0x8/0x8
[  112.328167][  T284]  ? ext4_inode_block_valid+0x2d7/0x3f0
[  112.333744][  T284]  ? ext4_ext_remove_space+0x2f43/0x3fb0
[  112.339391][  T284]  print_address_description+0x71/0x210
[  112.344955][  T284]  print_report+0x4a/0x60
[  112.349306][  T284]  kasan_report+0x122/0x150
[  112.353819][  T284]  ? ext4_ext_remove_space+0x2f43/0x3fb0
[  112.359461][  T284]  __asan_report_load4_noabort+0x14/0x20
[  112.365103][  T284]  ext4_ext_remove_space+0x2f43/0x3fb0
[  112.370576][  T284]  ? ext4_es_free_extent+0x3de/0x4c0
[  112.375882][  T284]  ? ext4_es_insert_extent+0x2d70/0x2d70
[  112.381533][  T284]  ? ext4_da_release_space+0x1d6/0x480
[  112.386995][  T284]  ? __cfi_ext4_ext_remove_space+0x10/0x10
[  112.392816][  T284]  ? ext4_es_remove_extent+0x1d9/0x330
[  112.398281][  T284]  ext4_ext_truncate+0x200/0x320
[  112.403226][  T284]  ext4_truncate+0x9a6/0xf90
[  112.407817][  T284]  ? __cfi_ext4_truncate+0x10/0x10
[  112.413375][  T284]  ext4_evict_inode+0xcc3/0x1460
[  112.418335][  T284]  ? _raw_spin_unlock+0x4c/0x70
[  112.423219][  T284]  ? __cfi_ext4_evict_inode+0x10/0x10
[  112.428620][  T284]  ? _raw_spin_unlock+0x4c/0x70
[  112.433498][  T284]  ? inode_io_list_del+0x19b/0x1b0
[  112.438617][  T284]  ? __cfi_ext4_evict_inode+0x10/0x10
[  112.444003][  T284]  evict+0x493/0x890
[  112.447931][  T284]  ? __kasan_check_write+0x14/0x20
[  112.453079][  T284]  ? proc_nr_inodes+0x2f0/0x2f0
[  112.457944][  T284]  ? lockref_put_return+0x152/0x1c0
[  112.463253][  T284]  ? __cfi_lockref_put_return+0x10/0x10
[  112.468816][  T284]  ? __kasan_check_write+0x14/0x20
[  112.473949][  T284]  iput+0x620/0x670
[  112.477774][  T284]  do_unlinkat+0x375/0x6b0
[  112.482208][  T284]  ? __cfi_do_unlinkat+0x10/0x10
[  112.487252][  T284]  ? getname_flags+0x206/0x500
[  112.492045][  T284]  __x64_sys_unlink+0x49/0x50
[  112.496745][  T284]  x64_sys_call+0x958/0x9a0
[  112.501271][  T284]  do_syscall_64+0x4c/0xa0
[  112.505702][  T284]  ? clear_bhb_loop+0x30/0x80
[  112.510569][  T284]  ? clear_bhb_loop+0x30/0x80
[  112.515528][  T284]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  112.521467][  T284] RIP: 0033:0x7f5cdcd8df57
[  112.525907][  T284] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  112.545721][  T284] RSP: 002b:00007fff81de80a8 EFLAGS: 00000206 ORIG_RAX: 0000000000000057
[  112.554153][  T284] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5cdcd8df57
[  112.562227][  T284] RDX: 00007fff81de80d0 RSI: 00007fff81de8160 RDI: 00007fff81de8160
[  112.570303][  T284] RBP: 00007fff81de8160 R08: 0000000000000000 R09: 0000000000000000
[  112.578280][  T284] R10: 0000000000000100 R11: 0000000000000206 R12: 00007fff81de9250
[  112.586254][  T284] R13: 00007f5cdce10b55 R14: 000000000001b5f6 R15: 00007fff81dea320
[  112.594233][  T284]  </TASK>
[  112.597251][  T284] 
[  112.599576][  T284] The buggy address belongs to the physical page:
[  112.605978][  T284] page:ffffea0005199340 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x14664d
[  112.616218][  T284] flags: 0x4000000000000000(zone=1)
[  112.621483][  T284] raw: 4000000000000000 dead000000000100 dead000000000122 0000000000000000
[  112.630170][  T284] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[  112.638851][  T284] page dumped because: kasan: bad access detected
[  112.645275][  T284] page_owner tracks the page as freed
[  112.650643][  T284] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 1325, tgid 1322 (syz.1.262), ts 98535430352, free_ts 98944626125
[  112.668145][  T284]  post_alloc_hook+0x1f5/0x210
[  112.672926][  T284]  prep_new_page+0x1c/0x110
[  112.677429][  T284]  get_page_from_freelist+0x2c7b/0x2cf0
[  112.682977][  T284]  __alloc_pages+0x19e/0x3a0
[  112.687571][  T284]  __folio_alloc+0x12/0x40
[  112.691995][  T284]  shmem_alloc_and_acct_folio+0x650/0x870
[  112.697732][  T284]  shmem_get_folio_gfp+0x119f/0x2230
[  112.703024][  T284]  shmem_write_begin+0xea/0x2c0
[  112.707883][  T284]  generic_perform_write+0x2f6/0x6d0
[  112.713174][  T284]  __generic_file_write_iter+0x227/0x580
[  112.718808][  T284]  generic_file_write_iter+0xae/0x310
[  112.724184][  T284]  __kernel_write_iter+0x27e/0x640
[  112.729303][  T284]  dump_user_range+0x3da/0x600
[  112.734079][  T284]  elf_core_dump+0x29e7/0x2ef0
[  112.738839][  T284]  do_coredump+0x1557/0x21b0
[  112.743430][  T284]  get_signal+0x11db/0x1520
[  112.747936][  T284] page last free stack trace:
[  112.752603][  T284]  free_unref_page_prepare+0x742/0x750
[  112.758078][  T284]  free_unref_page_list+0xba/0x7c0
[  112.763193][  T284]  release_pages+0xad1/0xb20
[  112.767788][  T284]  __pagevec_release+0x71/0xe0
[  112.772570][  T284]  shmem_undo_range+0x51a/0x1470
[  112.777512][  T284]  shmem_evict_inode+0x242/0xa10
[  112.782454][  T284]  evict+0x493/0x890
[  112.786354][  T284]  iput+0x620/0x670
[  112.790162][  T284]  do_unlinkat+0x375/0x6b0
[  112.794582][  T284]  __x64_sys_unlink+0x49/0x50
[  112.799257][  T284]  x64_sys_call+0x958/0x9a0
[  112.803768][  T284]  do_syscall_64+0x4c/0xa0
[  112.808182][  T284]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  112.814083][  T284] 
[  112.816406][  T284] Memory state around the buggy address:
[  112.822121][  T284]  ffff88814664dc80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  112.830207][  T284]  ffff88814664dd00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  112.838290][  T284] >ffff88814664dd80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  112.846376][  T284]                                         ^
[  112.852283][  T284]  ffff88814664de00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  112.860341][  T284]  ffff88814664de80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  112.868395][  T284] ==================================================================
[  112.878312][  T284] Disabling lock debugging due to kernel taint
[  112.884747][  T284] EXT4-fs error (device loop4): ext4_free_blocks:6210: comm syz-executor: Freeing blocks not in datazone - block = 281472856764345, count = 32767
[  112.899792][  T284] EXT4-fs error (device loop4): ext4_free_blocks:6210: comm syz-executor: Freeing blocks not in datazone - block = 281472856312000, count = 16
[  112.914926][  T284] EXT4-fs error (device loop4): ext4_free_blocks:6210: comm syz-executor: Freeing blocks not in datazone - block = 281472856279245, count = 32767
[  112.930082][  T284] EXT4-fs error (device loop4): ext4_free_blocks:6210: comm syz-executor: Freeing blocks not in datazone - block = 281472856656077, count = 32767
[  112.944981][  T284] EXT4-fs error (device loop4): ext4_free_blocks:6210: comm syz-executor: Freeing blocks not in datazone - block = 281472856178416, count = 16
[  112.960942][  T284] EXT4-fs error (device loop4): ext4_free_blocks:6210: comm syz-executor: Freeing blocks not in datazone - block = 281472856145663, count = 32767
[  112.975874][  T284] EXT4-fs error (device loop4): ext4_free_blocks:6210: comm syz-executor: Freeing blocks not in datazone - block = 281472856324016, count = 16
[  112.990528][  T284] EXT4-fs error (device loop4): ext4_free_blocks:6210: comm syz-executor: Freeing blocks not in datazone - block = 281472856291255, count = 32767
[  113.020912][  T284] Trying to write to read-only block-device loop4
[  113.037111][  T284] Trying to write to read-only block-device loop4
[  113.043719][  T284] Trying to write to read-only block-device loop4
[  113.054463][  T284] Trying to write to read-only block-device loop4
[  113.062244][  T284] Trying to write to read-only block-device loop4
[  113.069008][  T284] Trying to write to read-only block-device loop4
[  113.075568][  T284] Trying to write to read-only block-device loop4
[  113.082506][  T284] Trying to write to read-only block-device loop4
[  113.089384][  T284] Trying to write to read-only block-device loop4
[  113.096919][  T284] EXT4-fs (loop4): unmounting filesystem.
[  113.103584][  T284] Trying to write to read-only block-device loop4
[  113.183714][ T1559] device veth0_vlan left promiscuous mode
[  113.210402][ T1559] device veth0_vlan entered promiscuous mode
[  113.218938][ T1559] device veth1_macvtap left promiscuous mode
[  113.226046][ T1559] device veth1_macvtap entered promiscuous mode
[  113.234537][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  113.242533][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  113.275338][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  113.292721][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  113.303251][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  113.316354][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  113.324868][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  113.333455][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  113.342671][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  113.352682][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  113.361469][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[  113.380049][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  113.388433][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[  113.396671][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  113.404881][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  113.413103][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  113.421392][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  113.429592][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  113.437816][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth3: link becomes ready
[  113.445275][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth2: link becomes ready