last executing test programs:

1m45.144026303s ago: executing program 32 (id=79):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0b00000005000000010001000900000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000340)={r0, &(0x7f0000000080), &(0x7f0000001540)=""/155}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10)
rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8)

1m18.168348804s ago: executing program 5 (id=1006):
r0 = socket(0x10, 0x803, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x1, &(0x7f0000000200)=@raw=[@call={0x85, 0x0, 0x0, 0x88}], 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket(0x1, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x40, 0x0, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @loopback}, @IFA_FLAGS={0x8, 0x8, 0x34c}]}, 0x34}}, 0x0)

1m18.143305504s ago: executing program 5 (id=1007):
r0 = syz_open_dev$usbfs(&(0x7f0000000080), 0x75, 0x109301)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x2, 0x2172, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000008000/0x11000)=nil, 0x11000, 0x100000c)
ioctl$USBDEVFS_SETINTERFACE(r0, 0x80085504, &(0x7f0000000140)={0x0, 0x6})
openat(0xffffffffffffff9c, 0x0, 0x1a37c1, 0x1e6)

1m18.048837514s ago: executing program 5 (id=1008):
unshare(0x62040200)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000180)={'lo\x00', {0x2, 0x4e21, @empty=0x7f000000}})

1m17.944435814s ago: executing program 5 (id=1009):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0xe, &(0x7f00000004c0)={[{@resuid}, {@init_itable}, {@minixdf}, {@noblock_validity}]}, 0x3, 0x451, &(0x7f0000000f80)="$eJzs3M2PU1UbAPDn3k6HlxdwRsQPPtRRNE78mGEAlYULNZq4wMREF7qczAwEKYxhxkQIUTAGV8aYuDcu/Rdc6cYYVyZudW9IiGEDuKq57b1MW9rCdFqq098vuXDOvedyztNzT3vuPS0BjKyp7I8kYntE/B4RE/Vsc4Gp+l/Xr55fuHH1/EIS1erbfyW1cteunl8oihbnbcsz02lE+lkSe9vUu3L23Mn5SmXpTJ6fXT31wezK2XPPnTg1f3zp+NLpg0eOHD409+ILB5/vS5xZm67t+Xh53+433vvqzaNfNMXfEkefTHU7+GS12ufqhmtHQzoZG2JDWJdSRGTdVa6N/4koxVrnTcTrnw61ccBAVavV6rbOhy9UgU0siea8IQ+jovigz+5/i611EvDy4KYfQ3fllfoNUBb39XyrHxmLNC9Tbrm/7aepiHj3wt/fZFsM5jkEAECTH7L5z7Pt5n9pPNBQ7p58bWgyIu6NiJ0RcV9E7IqI+yNqZR+MiIfWWX/rIsmt85/0ck+B3aFs/vdSvrbVPP8rZn8xWcpzO2rxl5NjJypLB/LXZDrKW7L8XJc6fnztty87HWuc/2VbVn8xF8zbcXlsS/M5i/Or8xuJudGVixF7xtrFn9xcCUgiYndE7OmxjhNPf7ev07Hbx99FH9aZqt9GPFXv/wvREn8h6b4+Ofu/qCwdmC2uilv98uultzrVv6H4+yDr//+3vf5vxj+ZNK7Xrqy/jkt/fN7xnqbX6388eaeWHs/3fTS/unpmLmI8OVpvdOP+g2vnFvmifBb/9P72439nrL0SeyMiu4gfjohHIuLRvO2PRcTjEbG/S/w/v/rE+73HP1hZ/Ivr6v+1xHi07mmfKJ386fumSidvif9G9/4/XEtN53vu5P3vTtrV29UMAAAA/z1pRGyPJJ25mU7TmZn69+V3RaSV5ZXVZ44tf3h6sf4bgckop8WTromG56Fz+W19PX8xIupfLSiOH8qfG39d2lrLzywsVxaHHTyMuG0dxn/mz9KwWwcMnN9rwegy/mF0Gf8wuox/GF1txv/WYbQDuPvaff5/MoR2AHdfy/i37AcjxP0/jK6O438z/88/QI3PfxhJK1vj9j+S75oo/qUeT9+0iSj/K5qx8UQ1adu5kQ67YRKDTAz3fQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBf/gkAAP//qmHgTw==")
open(&(0x7f0000000140)='./bus\x00', 0x143142, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x8000000000000002, 0x0, 0x0, 0x0, 0x1d, 0x4, "ef359f413bb90152f7d6d1ce5d29c3ee5e5ca9000f7c41499dc2aac63a01000000000000004faa2ad9c084a003ea00", "0347c67808200400000000000000335263bdbcef549ba197fce47ddfdd753abd950100002a12ffffffffffffffe000000000e8f20000000200", "b90000cd1a0900000000000000000002000000000200", [0x1]})

1m17.816884644s ago: executing program 5 (id=1017):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="10000000040000000400000002"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000a80)={{r2}, &(0x7f0000000a00), &(0x7f0000000a40)=r1}, 0x20)

1m17.688919204s ago: executing program 5 (id=1018):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2f00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000006000000850000000700000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r0}, 0x10)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x64, 0x0, 0x0)
syz_read_part_table(0x601, &(0x7f0000000000)="$eJzs1M9rXFUUAODz5veIIaEWBBEMBLoa24W4CDi0odTSTRpKLS7cCYJQN4WAXciEtkuR4kZEiJsKIQbyD+hGwiQQsskqZBmCILhJECFEuDLvTSaJZCFkMCrft3j3vnPvfec+zuUG/2mlqHdSyprROYpUY7zovFI0tUgppcGC5x8+flj0xiPeW5xYipiZunc/4qW5D3rB11+O+OX7wbcGaqfzptHDFOs39xfHNiY2V8u9UNZ7VCJiLiI+2XlR+ctWy9EY4o/zv7Dc/vSnyM9Nu5kfuG8iJr8rxjoPXn3n/VKWHZ/C7Mbw83dH84Mb9dg6TrQ3P3K1cj0i1vqBVm/Sz0W/+1WxmemTHyoVTfmsJM1h75ph6dX/6bNHtS+L22r328s7208Opq8szF5rXdpe6TzPiuK9EZFfX1l+zZXOrjMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMA5LLe7o7V+f+v2Z7tvffTmrev1U1N6b70pjeI1i2ZEyrtzw8n/dP3zZtTbH28dpJTSjUjp7t78yNXqajXuzvfztrI89cDXD/Kmdv4dcJHy+j97dPuLx+3fl4pQ48nB9JWF2WutS9srnaMC/1ZrdC7PRkT55OrKBewYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPi3u/XunfGZqXv3IyKrNCKiNPai2x/7NSJSinjtx7cXHq5NTR6v+qN2p14/TOs39xfHNiY2V8sxUy9GfihFpGxyJCqVIrCcP6v/9H/x9/wZAAD//4qTcdA=")
utimes(0x0, 0x0)

1m17.688719644s ago: executing program 33 (id=1018):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2f00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000006000000850000000700000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r0}, 0x10)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x64, 0x0, 0x0)
syz_read_part_table(0x601, &(0x7f0000000000)="$eJzs1M9rXFUUAODz5veIIaEWBBEMBLoa24W4CDi0odTSTRpKLS7cCYJQN4WAXciEtkuR4kZEiJsKIQbyD+hGwiQQsskqZBmCILhJECFEuDLvTSaJZCFkMCrft3j3vnPvfec+zuUG/2mlqHdSyprROYpUY7zovFI0tUgppcGC5x8+flj0xiPeW5xYipiZunc/4qW5D3rB11+O+OX7wbcGaqfzptHDFOs39xfHNiY2V8u9UNZ7VCJiLiI+2XlR+ctWy9EY4o/zv7Dc/vSnyM9Nu5kfuG8iJr8rxjoPXn3n/VKWHZ/C7Mbw83dH84Mb9dg6TrQ3P3K1cj0i1vqBVm/Sz0W/+1WxmemTHyoVTfmsJM1h75ph6dX/6bNHtS+L22r328s7208Opq8szF5rXdpe6TzPiuK9EZFfX1l+zZXOrjMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMA5LLe7o7V+f+v2Z7tvffTmrev1U1N6b70pjeI1i2ZEyrtzw8n/dP3zZtTbH28dpJTSjUjp7t78yNXqajXuzvfztrI89cDXD/Kmdv4dcJHy+j97dPuLx+3fl4pQ48nB9JWF2WutS9srnaMC/1ZrdC7PRkT55OrKBewYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPi3u/XunfGZqXv3IyKrNCKiNPai2x/7NSJSinjtx7cXHq5NTR6v+qN2p14/TOs39xfHNiY2V8sxUy9GfihFpGxyJCqVIrCcP6v/9H/x9/wZAAD//4qTcdA=")
utimes(0x0, 0x0)

1m11.099244485s ago: executing program 6 (id=1226):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ec0)=ANY=[@ANYBLOB="18000000000080000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000a3850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001440), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000000240)={0x2c, r2, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4004014}, 0x0)

1m11.074575805s ago: executing program 6 (id=1227):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000b80)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b40)={&(0x7f0000000600)='kfree\x00', r0}, 0x10)
mkdir(&(0x7f00000001c0)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@version_u}]}})

1m11.027606855s ago: executing program 6 (id=1228):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x1ff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10)
linkat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0)

1m10.988108995s ago: executing program 6 (id=1230):
syz_mount_image$vfat(&(0x7f0000000400), &(0x7f0000000100)='./file0\x00', 0x3000400, &(0x7f0000000000)=ANY=[], 0x1, 0x2bb, &(0x7f0000000440)="$eJzs3UFrE1sYxvGnTW+TprTJhcuFe0E96EY3oY0fQIO0IAaU2hR1IUztREPGpMyESkRsNuLWD+Gq6M6doC7ddCNu3LsrguCmC3HETNImbVrTNklj+/9BmTd5z8OcttPyptDJ2o1n9/NZL5G1ShqMGA1KFa1L8V9VzUDtOFith9WoonOj3z6duH7z1pVUOj01Y8x0avZ80hgzfurNg0cvTr8rjc69Gn8d1mr89trX5OfVf1f/W/sxey/nmZxnCsWSscx8sViy5h3bLOS8fMKYa45tebbJFTzbbepnneLiYtlYhYWx6KJre56xCmWTt8umVDQlt2ysu1auYBKJhBmL6ngbamNNZmVmxkrt2PZDHd0Rum6k1ZOum6q0bmZWerAnAADQZ3af/4NZf+f5Pz0XHNua/18+l9qb/6VOzv8DPf2C9rlK06PfzP84Elw3ZUVrP7/NmP8BAAAAAAAAAAAAAAAAAAAAAPgTrPt+zPf9WP1Y/whLikiqPz7sfaI79vn9v3BI20WHNfzjXkRyni5lljLBMeinssrJka0JxfS9ej3UBPX05fTUhKmK662zXMsvL2VCCtfzdfFW+ZN/TwZ505z/S9HG8ycV0z+tz59smR/W2TMN+YRi+nBHRTlaqF7Xm/nHk8Zcuprekh+prgMAAAAA4ChImA3bXr9X+9UFEW3vB/k9/H1gy+vrIf3fzi0qAQAAAADAgXnlh3nLcWx3H0VY0gHieyj8ga6fonNFSH2xjS3FRUl9sI1eFRFJwTNmP/EvG/G2Un4ba4YkHfTzivTw0jrs30wAAAAAOm1z6N9D6OOTLu4IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDjp937gdXXb2vVG7vEG04X0vuNtwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjp2fAQAA//91iCZA")
mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x0, 0x0)
syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x20, &(0x7f0000000b00)=ANY=[], 0x1, 0x0, 0x0)
creat(&(0x7f0000000040)='./file0\x00', 0x58)
creat(&(0x7f0000000200)='./file0\x00', 0x0)

1m10.826472546s ago: executing program 6 (id=1236):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002ac0)={0x1a, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x20c9, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000440)={0x0, r2}, 0x10)

1m10.722095825s ago: executing program 6 (id=1240):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r1}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

1m10.643859625s ago: executing program 34 (id=1240):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r1}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

53.422479895s ago: executing program 7 (id=1783):
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x2a, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f0000000400000004000000"], 0x48)

53.373054545s ago: executing program 7 (id=1784):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x100)
pwrite64(r2, 0x0, 0x0, 0x8080c67)

53.282448315s ago: executing program 7 (id=1787):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r1, 0x400455c8, 0x0)
ioctl$sock_bt_hci(r0, 0x400448dd, &(0x7f00000003c0))

51.168956352s ago: executing program 7 (id=1859):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0x1010e, &(0x7f0000000600)={[{@errors_remount}, {@data_journal}, {@data_err_ignore}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x20}}, {@resuid}, {@block_validity}]}, 0x1, 0x450, &(0x7f0000000bc0)="$eJzs28tvG8UfAPDvrpP219cvoZRHH0CgICIeSZMW6IELCCQOICFxKceQpFWp26AmSLSqICBUjqgSd8QRib+AE1wQcELiCndUqUK9UDgZrb1bP2rn6WQBfz7SJjM7Y898PTv27K4dwMAay/4kEXsj4peIGGlk2yuMNf7dunll9s+bV2aTqNXe+D2p1/vj5pXZomrxuD15ZjyNSD9O4nCXdhcvXT43U63OX8zzk0vn35lcvHT56bPnZ87Mn5m/MH3y5InjU889O/1MX+K8K+vrofcXjhx85c1rr82euvbWD18lRfwdcfTJ2EqFj9VqfW6uXPta0slQiR1hXSoRkQ3XcH3+j0QlmoM3Ei9/VGrngC1Vy/UoXq4B/2FJlN0DoBzFB312/lts27f6KN+NFxonQFnct/KtUTIUaV5nuOP8tp/GIuLU8l+fZ1useh3CiTUAsHnfZOufp7qt/9K4t6Xe//N7Q6P5vZT9EXF3RByIiHsi6nXvi4j719l+502SO9c/6fUNBbZG2frv+fzeVvv6r1j9xWglz+2rxz+cnD5bnT+WvybjMbwzy0+t0Ma3L/38aa+y1vVftmXtF2vBvB/Xh3a2P2ZuZmlmMzG3uvFhxKGhbvEnt1ebSUQcjIhDG2zj7BNfHulVtnr8K+jDcrj2RcTjjfFfjo74C8nK9ycn/xfV+WOTxVFxpx9/uvp6r/Y3FX8fZOO/u+vxfzv+0aT1fu3i+tu4+usnPc9pJjZ0/Dd37Mj/vzeztHRxKmJH8mqj0637p5uPLfJF/Sz+8aPd5//+aL4ShyMiO4gfiIgHI+KhfOwejohHIuLoCvF//+Kjb/cq+yeM/1zH+I+2V+kY/2ZiR3Tu6Z6onPvu6/ZnbCbX9v53op4az/es5f1vLf3a2NEMAAAA/z5pROyNJJ24nU7TiYnGd/gPxO60urC49OTphXcvzDV+IzAaw2lxpWuk5XroVH5aX+SnO/LH8+vGn1V21fMTswvVubKDhwG3p8f8z/xWKbt3wJbztTIYXOY/DC7zHwaX+Q+Dq8v831VGP4Dt1+3z/4MS+gFsv47577YfDBDn/zC4zH8YXK3zPymxH8C2WtwVq/9IXkLijkSkW91EcYxuQzjJFs+CvVvS53wKtxcly43d63nCWpeikt6QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+uzvAAAA///dTt9J")
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0)
mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x887008, 0x0)

51.070586252s ago: executing program 7 (id=1860):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
pipe2(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RGETLOCK(r1, 0x0, 0xffffff6a)
pipe2(&(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
tee(r0, r2, 0x60000000000, 0x1000000000000000)

50.888917082s ago: executing program 7 (id=1864):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
readv(r1, &(0x7f0000000240)=[{&(0x7f0000000480)=""/123, 0x7b}], 0x1)

50.868208162s ago: executing program 35 (id=1864):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
readv(r1, &(0x7f0000000240)=[{&(0x7f0000000480)=""/123, 0x7b}], 0x1)

31.795759723s ago: executing program 8 (id=2398):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10)
add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x52ba, 0xffffffffffffffff)

31.795074633s ago: executing program 8 (id=2399):
socket$packet(0x11, 0xa, 0x300)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000280)=0x2, 0x4)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
syz_emit_ethernet(0x7e, &(0x7f0000000140)={@link_local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x10}, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010700", 0x48, 0x11, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, @mcast2, {[], {0xffff, 0xe22, 0x48, 0x0, @wg=@cookie={0x3, 0x4, "6fc9b68afdd885950b27335ac274f67fada255be7e15f72f", "23e523c172dc39cf9b7dcfeb166c9338b5e7150a1dfb048ae4320ed54ea887c7"}}}}}}}, 0x0)

31.783490972s ago: executing program 8 (id=2400):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000110000002"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000003fffffe218110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f9ffffffb703000000080000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10)
add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x52ba, 0xffffffffffffffff)

31.771119233s ago: executing program 8 (id=2401):
syz_mount_image$vfat(&(0x7f0000000340), &(0x7f0000000980)='./file1\x00', 0x280809a, &(0x7f0000000f40)=ANY=[], 0xd, 0x2b2, &(0x7f00000006c0)="$eJzs3U9rY1UUAPDz0jR9OosUcaMIPtCFqzJ166ZRRhC7UiKoCw3ODEgSBqYQmArGruYTuPR7+BHcuPEbDLgV3E0XlSfvX/7ga402VXR+v9Xh3nfuPXm3TbLJeZ+/Mh3ffZDE2dMnkaZJdI7iKM6T2I9ONL6JbgAA/x/neR6/5mWY5JUNM7udGy0MALgx1ef/X/rgBwD+4z78+JP3B8fHdz7IsjRe6j+eDZOImD6eDav5wf34MiZxL25HPy4i8oUqfve94zvRzQr78fp0PhsWmdPPfqzXH/wSUeYfRj/22/MPs8pK/nw23I3nI4vB/d2m1H682J7/Zkt+DHvxxmsr9R9EP376Ih7EJO5GkbvM//owy97Jv3361afFNkV+0onhXnldKfcFCQAAAAAAAAAAAAAAAAAAAACA7TrIsqRq31P27ymG6v47Oxfl/EHW2F/vz1PlJ81CVX+gvOmWM8/ju6a/zu0sy/L6wmV+N17uerAAAAAAAAAAAAAAAAAAAAAAFE4ePbk1mkzuPTx5dDq+dtB0A2h+1v931zlaGXk1TsejncsX3Nt8r9VuA0WtV14c3W5s6ba0B2eLkeeKera+xV4sRj6KKmgOZqt7vfB2tejpeJTVU81NHo+SP9srbQ7u+9WpXly3sLz8k7jI1880XZS6ntXb0t3o3Wqd+i3P883Weevn6ozqkaRssbHZ7rt10PoCiyAtziJd/OMXUz9cvuClbxk7137TAQAAAAAAAAAAAAAAAAAAWi1/9NsyeXZlaufGigIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf9jy+f9NkEbE+sgfgnmdfNU1ddCLhyf/8ksEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgGfB7AAAA//8rlFqg")
syz_mount_image$ext4(0x0, &(0x7f0000000440)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
creat(&(0x7f0000000000)='./file0/file0\x00', 0x0)
mount$incfs(&(0x7f0000000240)='./file0\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140), 0x0, 0x0)
unlink(&(0x7f0000000080)='./file0/file0\x00')

31.711187143s ago: executing program 8 (id=2403):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000006000000a600000009"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10)
unshare(0x24020400)
syz_clone(0x63008000, 0x0, 0x0, 0x0, 0x0, 0x0)

31.552596532s ago: executing program 8 (id=2404):
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x0)
r1 = openat$incfs(r0, &(0x7f0000000080)='.log\x00', 0x0, 0x0)
preadv(r1, &(0x7f0000000340)=[{0x0}, {&(0x7f0000000200)=""/54, 0x36}], 0x2, 0x0, 0x0)

31.529419923s ago: executing program 36 (id=2404):
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x0)
r1 = openat$incfs(r0, &(0x7f0000000080)='.log\x00', 0x0, 0x0)
preadv(r1, &(0x7f0000000340)=[{0x0}, {&(0x7f0000000200)=""/54, 0x36}], 0x2, 0x0, 0x0)

17.106690278s ago: executing program 4 (id=2863):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x1, 0xc, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='block_plug\x00', r1}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)

17.075574148s ago: executing program 4 (id=2866):
r0 = socket(0x2, 0x3, 0xff)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000180)=0x69b, 0x4)
connect$inet(r0, &(0x7f00000000c0)={0x2, 0xfffd, @local}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[], 0x58)

17.065227258s ago: executing program 4 (id=2868):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000047c0)=ANY=[@ANYBLOB="140000003a00010100000000000204000a"], 0x14}}, 0x0)
recvmmsg(r0, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000280)=""/4085, 0xff5}], 0x1}}], 0x1, 0x140, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x14, 0x4, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_LOOKUP_ELEM(0x4, &(0x7f0000000700)={r1, &(0x7f0000000340), 0x0}, 0x20)

17.015621137s ago: executing program 4 (id=2870):
syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000640)='./bus\x00', 0x0, &(0x7f0000000080)=ANY=[], 0x1, 0x1268, &(0x7f0000002500)="$eJzs3U9rI2UcB/Bf2vTv2qbquroL4oNeFCFue/DkpcguiAWl2gUVhFmbamialCYUIuLWkyfBlyHq0ZsgvoFevHgWBJFePO5BHGmT1aZJu7ptU5HP5zIPzzzfeWYyzMCE+TF7L32+sb7WLK9lrRgpFKK4ORbFuylSjMRodOzEc7d+/OnJN956+9XFpaUbyyndXHxz/sWU0uxT373z0ddPf9+6dOub2W8nYnfu3b3fFn7evbJ7de+Pr6LaTNVmqjdaKUu3G41WdrtWSavV5no5pddrlaxZSdV6s7LVs36t1tjcbKesvjozvblVaTZTVm+n9Uo7tQqptdVO2ftZtZ7K5XKamQ5OY+XLu3meR+T5WIxHnuf5VEzHpXgoZmI2SjEXD8cj8WhcjsfiSjweT8TVg1EXvd8AAAAAAAAAAAAAAAAAAADw/3Kf+v+C+n8AAAAAAAAAAAAAAAAAAAA4f0fr/4sRvv8PAAAAAAAAAAAAAAAAAAAAQ3af7/8fqf9/Xv0/AAAAAAAAAAAAAAAAAAAAnIfJzmI5pcmIjU+3V7ZXOstO/+JaVKMWlbgepfg9Dqr/Ozrtm68s3bieDszFCxt3uvk72yujvfn5sVLMFQbm5zv51JufiOnD+YUoxeXB8y8MzE/Gs8/s5z/p5MtRih/ei0bUYjWi0D36g/zH8ym9/NrSVG/+2v64Y42e82kBAACAs1ROf+l/ft/pDhq4vrOq+3yeuiMLJ/w/cOT5vBjXihd11NzTbH+4ntVqla0HbIwfv53x0225r1GIiCwO98xO/7K8P/mZTfGgjdGhTjp28phTnNMo/gd+zDNo/PrFoZ7JGO7sI91LIqvt3z//WSp28vxcd2zgxThxUur4e0ZhCPclhuPvk37RewIAAAAAAAAAAMC/MfDtv6mI6Hsf8IO+nnuvh/fG+7d8/OyfDeEIAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/mQHjgUAAAAAhPlbp9GxAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFcBAAD///ME0UM=")
open(&(0x7f0000000140)='./bus\x00', 0x143142, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fallocate(r0, 0x100000011, 0x0, 0x28000000)

16.856134388s ago: executing program 4 (id=2878):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x5, 0x8, 0x40, 0x42, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000580), 0x1000, r2}, 0x38)

16.726389967s ago: executing program 4 (id=2887):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x10000, &(0x7f00000001c0)={[{@min_batch_time={'min_batch_time', 0x3d, 0x1}}, {}, {@nojournal_checksum}, {@norecovery}, {@nombcache}, {@i_version}, {@nodelalloc}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x3}}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x800343}}]}, 0xfd, 0x587, &(0x7f0000001240)="$eJzs3V9rU+cfAPDvSVP/1Z+tIPLbLobgxRxiatv9cTDQXY5NJsx7F9pYpKmRJhXbCdOLebObIYMxJoy9gN17KXsDexXCJohI2S7GoOOkJzW2Sf+Zmmg+Hzj6PDkn+T5Pn/M8eZ5zEhJA3zqW/pOLeCMivksihpv25SPbeWzluKWnNyfTLYnl5S+eJHF2zWsl2f9DWeb/EfHbNxEnc+vjVhcWZ4rlcmkuy4/WZq+NVhcWT12ZLU6XpktXxycmzrw3Mf7hB+93rK7vXPj7x88ffHLm2+NLP/z66PDdJM7FwWxfWq8OhLjVnDlW/DdLDca5NQeOdSBYL0m6XQB2ZCDr54ORjgHDMZD1euD193VELAN9KtH/oU815gGNtX2H1sGvjMcfryyA1tc/v3JtJPbV10YHlpLnVkbpenekA/HTGPf/vHc33WLj6xD7N8kDbMut2xFxOp9fP/4l2fi3c6frF483tjZG0/i37wXDA5t4kM5/klsR6/p/bnX+Ey3mP0Mt+u5ObND/o3oxnZ/mHnUgTFvp/O+jlvPf1aFrZCDL/a8+5xtMLl8pl05HxKGIOBGDe9P8Rvdzziw9XG63r3n+l25p/MZcMCvHo/ze558zVawVX6TOzR7fjniz5fw3WW3/pEX7p3+PC1uMcbR07612+zav/+5a/iXi7Zbt/+yOVrLx/cnR+vkw2jgr1vvrztHf28Xvdv3T9j+wcf1Hkub7tdXtx/h53z+ldvt2ev7vSS7W03uyx24Ua7W5sYg9yWf5obWPjz97biPfOD6t/4njrfv/Rud/uvj6cov1v3PkTttDe6H9p7bV/ttPPPz0q5/axd9a+79bT53IHtnK+LfVAr7I3w4AAAAAAAB6TS4iDkaSK6ymc7lCYeXzHUfiQK5cqdZOXq7MX52K+ndlR2Iw17jTPdz0eYix7POwjfz4mvxERByOiO8H9tfzhclKearblQcAAAAAAAAAAAAAAAAAAIAeMdTm+/+pPwa6XTpg19V/2GBvt0sBdEPLn/xvfvPvxC89AT2pZf8H+sL2+78rA/C68P4P/Uv/h/6l/0P/2mr/Hxze5YIAL10+4kmu24UAusL8HwAAAAAAAAAAAAAAAAAAAAAAAAAAADrqwvnz6ba89PTmZJqfur4wP1O5fmqqVJ0pzM5PFiYrc9cK05XKdLlUmKzMbvZ65Url2th4zN8YrZWqtdHqwuKl2cr81dqlK7PF6dKl0uBLqRUAAAAAAAAAAAAAAAAAAAC8WqoLizPFcrk0J9E2cTZ26ZXvH4rojQqu2NHT873STBIdTXR5YAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAJv8FAAD//4ieNi8=")
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x200, &(0x7f0000000140)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x2, 0x1, 0x0, r0, &(0x7f0000000000), 0x4000}])

16.679009737s ago: executing program 37 (id=2887):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x10000, &(0x7f00000001c0)={[{@min_batch_time={'min_batch_time', 0x3d, 0x1}}, {}, {@nojournal_checksum}, {@norecovery}, {@nombcache}, {@i_version}, {@nodelalloc}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x3}}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x800343}}]}, 0xfd, 0x587, &(0x7f0000001240)="$eJzs3V9rU+cfAPDvSVP/1Z+tIPLbLobgxRxiatv9cTDQXY5NJsx7F9pYpKmRJhXbCdOLebObIYMxJoy9gN17KXsDexXCJohI2S7GoOOkJzW2Sf+Zmmg+Hzj6PDkn+T5Pn/M8eZ5zEhJA3zqW/pOLeCMivksihpv25SPbeWzluKWnNyfTLYnl5S+eJHF2zWsl2f9DWeb/EfHbNxEnc+vjVhcWZ4rlcmkuy4/WZq+NVhcWT12ZLU6XpktXxycmzrw3Mf7hB+93rK7vXPj7x88ffHLm2+NLP/z66PDdJM7FwWxfWq8OhLjVnDlW/DdLDca5NQeOdSBYL0m6XQB2ZCDr54ORjgHDMZD1euD193VELAN9KtH/oU815gGNtX2H1sGvjMcfryyA1tc/v3JtJPbV10YHlpLnVkbpenekA/HTGPf/vHc33WLj6xD7N8kDbMut2xFxOp9fP/4l2fi3c6frF483tjZG0/i37wXDA5t4kM5/klsR6/p/bnX+Ey3mP0Mt+u5ObND/o3oxnZ/mHnUgTFvp/O+jlvPf1aFrZCDL/a8+5xtMLl8pl05HxKGIOBGDe9P8Rvdzziw9XG63r3n+l25p/MZcMCvHo/ze558zVawVX6TOzR7fjniz5fw3WW3/pEX7p3+PC1uMcbR07612+zav/+5a/iXi7Zbt/+yOVrLx/cnR+vkw2jgr1vvrztHf28Xvdv3T9j+wcf1Hkub7tdXtx/h53z+ldvt2ev7vSS7W03uyx24Ua7W5sYg9yWf5obWPjz97biPfOD6t/4njrfv/Rud/uvj6cov1v3PkTttDe6H9p7bV/ttPPPz0q5/axd9a+79bT53IHtnK+LfVAr7I3w4AAAAAAAB6TS4iDkaSK6ymc7lCYeXzHUfiQK5cqdZOXq7MX52K+ndlR2Iw17jTPdz0eYix7POwjfz4mvxERByOiO8H9tfzhclKearblQcAAAAAAAAAAAAAAAAAAIAeMdTm+/+pPwa6XTpg19V/2GBvt0sBdEPLn/xvfvPvxC89AT2pZf8H+sL2+78rA/C68P4P/Uv/h/6l/0P/2mr/Hxze5YIAL10+4kmu24UAusL8HwAAAAAAAAAAAAAAAAAAAAAAAAAAADrqwvnz6ba89PTmZJqfur4wP1O5fmqqVJ0pzM5PFiYrc9cK05XKdLlUmKzMbvZ65Url2th4zN8YrZWqtdHqwuKl2cr81dqlK7PF6dKl0uBLqRUAAAAAAAAAAAAAAAAAAAC8WqoLizPFcrk0J9E2cTZ26ZXvH4rojQqu2NHT873STBIdTXR5YAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAJv8FAAD//4ieNi8=")
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x200, &(0x7f0000000140)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x2, 0x1, 0x0, r0, &(0x7f0000000000), 0x4000}])

4.255386685s ago: executing program 1 (id=3257):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmmsg$unix(r0, &(0x7f00000bd000), 0x318, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
pselect6(0x40, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, &(0x7f0000000800)={0x7f, 0x0, 0x0, 0x0, 0x1ff}, 0x0, 0x0, 0x0)

3.365938604s ago: executing program 1 (id=3282):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r1}, 0x10)
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000b00)=@base={0x6, 0x4, 0x70be, 0x5c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x48)

3.233269414s ago: executing program 1 (id=3289):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text16={0x10, &(0x7f0000000240)="0f8400700f20e10f73d0fbea0070350066b9810900000f32360f78d30f23b566b9800000c00f336635000100000f3066b80f0000000f23c00f21f86635020004000f23f8f3af", 0x46}], 0x1, 0x30, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2.946155953s ago: executing program 1 (id=3305):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$selinux_user(r2, &(0x7f0000000100)={'system_u:object_r:net_conf_t:s0', 0x20, 'user_u\x00'}, 0x27)

2.945266683s ago: executing program 1 (id=3306):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff}, 0x6)
setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000240)={0xfff5, [0x1000003, 0x3], 0x7fff}, 0x10)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r1, 0x400455c8, 0x0)

2.207793933s ago: executing program 0 (id=3341):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x1000}, 0x4)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x1000}, 0x4)
close_range(r0, 0xffffffffffffffff, 0x0)

2.207574333s ago: executing program 0 (id=3342):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x11)
ioctl$UI_SET_LEDBIT(r0, 0x40045569, 0x5)
ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000d80)={{0x5, 0x2, 0xf1f8, 0xe}, 'syz1\x00', 0x22})
ioctl$UI_DEV_CREATE(r0, 0x5501)
ioctl$UI_DEV_DESTROY(r0, 0x5502)

2.198940523s ago: executing program 0 (id=3343):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f00000001c0), 0x1, 0x4c6, &(0x7f00000012c0)="$eJzs3c1rHGUYAPB3dps0SaP9UKStYAsV6gfN5gNpol48qYeCWPCiUGOyjTWbbMhuahN6SPXWgwdRFMSDd/8CL/ZkEcSz3sWDVLRGUEFYmdndNl+7LprutJnfDyb7zsfu875Znndn3p3ZCUBmHY//RCEMhhC+DSHsr89u3OB4/WHt5uWpeIpCrXb2lyjZLp5vbtp83r4QwmoIoS+E8PLzIbwRbY1bWV6ZnSyViouN+UJ1bqFQWV45dWFucqY4U5wfGT89MTE+PDY6sWNtvfreW1fPfPFi7+d/vHvj+vtffRlXa7Cxbn07dlK96T3h4Lple0IIz96JYCnIN9rTn3ZF+E/i9++BEMKJJP/3h3zybgJZUKvVan/X9rZavVoDdq1csg8c5YZCCPVyLjc0VN+HfzAM5ErlSvXJ8+Wl+en6vvKB0JM7f6FUHG4cKxwIPVE8P5KUb8+PbpofCyHZB/4g35/MD02VS9Pd7eqATfZtyv/f8/X8BzLCIT9kl/yH7JL/kF3yH7JL/kN2yX/Irvb539O1egDd5/Mfskv+Q3bJf8gu+Q+Z9NKZM/FUa17/Pn1xeWm2fPHUdLEyOzS3NDU0VV5cGJopl2eSa3bm/u31SuXywshTYelSoVqsVAuV5ZVzc+Wl+eq55Lr+c0WDiXD3OHjs2vdRCGH16f5kivU21slV2N1qtSikfQ0ykI582h0QkBpDf5BdjvGBzT/Ru3m/oK/VExdujxcC95Zc2hUAUnPyiO//IKuM/0N2Gf+H7LKPD2xzi74N2o3/A/emDsb/B7tRD6D7Blvc/+u+5N5d16Pmvb7uDyF8l+/Z27zXF7Ab5H6KGvv/J/c/uuWzvjf6M/mKoDeE8PYnZz+6NFmtLo7Ey3+9tbz6cWP56LontjxgANLSzNNmHgMA2bV28/JUc+pm3J+fq5+EsDX+nsbYZF/yHeXAWrThXIVoh85dWL0SQji8Xfyocb/z+oHMwFp+S/xDjceo/hJJffck903vTvwj6+I/si7+0f/9X4FsuBb3P8Pb5V8uyelwK/829j+DO3TuROv+L3er/8u36P+OdRjjzU/f+bFl/CshHN02fjNeXxJrc/y4bic7jH/jtVcearWu9ln9dbaL3xSXCtW5hUJleeVU8jtyM8X5kfHTExPjw2OjE4VkjLrQHKne6pnD31xv1/6BFvHbtT9e9niH7f/r4a9fPd4m/mMntn//D7WJ3x9CeKLD+L+N/vB6q3Vx/OkW7c+1iR8vG+swfuXDF/Z2uCkA0AWV5ZXZyVKpuJhSoS+kGV1BIf3ClbujGpsKafdMwJ1WWY4PzeOkT7smAAAAAAAAAAAAQKe6cTpx2m0EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgN/gkAAP//wPPUxg==")
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00', 0x141842, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
ftruncate(r1, 0x2007ff3)
copy_file_range(r1, 0x0, r0, 0x0, 0xffffffffa003e459, 0x700000000000000)

1.956540313s ago: executing program 0 (id=3345):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000fa540000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4(r2, 0x0, 0x8, 0x0)

1.864592383s ago: executing program 3 (id=3351):
r0 = gettid()
futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, 0x0, &(0x7f0000048000), 0x0)
futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0)
futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0)
tkill(r0, 0x11)

1.689247503s ago: executing program 0 (id=3352):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000f00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000b40)='neigh_create\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000002e00)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000008009500f10100000000487591731cba12c07d57d995b61e89a4530f92344f242b416ae9eeefc0e9c6f203cb1276bfdbb4ddffffff7f82dc2b938189a7ca02f732e4c2eab72bf40c0682fd0a0c4ac106b29e220dc2880072599456d4c4e6f3fe684ab8373bb4df9d72876ef3834293812e927c01c7da1322da44c7f2ed1084a12f56d1cb39df9858037458a4ca037604007600b6be484e4c9517af216bd8ed42f7dd01008e49f4a94608c9a20819e02fc22e6be45574d4ed88b37ab8d7674c644dca2f1b4d745fd95c41f9dfc1adafd1e5a3e7f2e898961cb43e438c4e41ae43ea118e14ffffffffe4b8a80366ce5401ec61921a1b529cc8b99bffffb1ac006c67767b03b95151aeb89e6d4a43c625aa228504e4afd8c1cc3eb215ba22f43115f4d39dc7beedb130d9f2be90133a4500000058b8c9370634060105baa664953514605fba3973aa021945b985a8a66e0200000057033815717b4fdbe55b37cb8d7f41aacfbd4089ea1bd22440f64909a09b5a759a703e71f358e11ac8e13db15d792e604a4f279b3bd6621bdf2c17bc0400001000000000ff8d81006200607a9a76e5d9656a7154c75773902a1bdf399df3925130312d095e9c1f973d091c198c1a11edb6b3cc425fe203d2f2655a76865c2c34e2470fcfb1248c0add5431a7fbcb0ef4f66a09af93a09fab1daae4b518d7a5d95a017864010067d6bab101446ebfe3fdeed7ee7bb0749cacf56cf27409c60fca2e0004000000000000a9cb6f4a78444986f9b1ab61f9dab53038010000004abbfc59d6d1b18fe380df4bf024f120bd755d82033f2fb7d8fc9e0de834f7646c8dd27da1297d0c77b294e097e293db7f002c0024ab2fb4d32972cba6f49051cec1ff5d16231bbb90a2d201a500000000000000007700b06fa191ebd3a0c2ef0058ffebd7cc4cf80f74a7cdac01d998c24f34a5ba9a4a2039d0416e3f8107671141ffffffe0c7d8e94a27a06a4e3d9acee835fd0571e5bbb3e6d2b5eba505000000968983811f832dc5390f83e817c602c4f1f0d0504255c22ee8674053d0e160e5255366139bbe5863e23c3dd42d21f542816edf56a93d0a7e6f08f9ffffff64875fea6ff57ba6ae25c5e8ca4f78d5a01308243b08f1caa46be5244d64f8e875857f083144c642f71cdc8e5634c1360c056430fe77ee7ed7ac1f9743786b2fb8e0fcfcc3d36c93230b7b1da97c971c8c84a427edc3492b97e73d2060acfd8145e4a5851bc4d6fdc5ad939d7795f3879baa88bd194d48e50c84892c97c800d156b059a718f6b10274b077a710f27ab8ee953de70ea860b74a0f3c3dc11177b11cc2e62a95f1ecf607a8dc38e525f415a1bd46b38845ebca04061bacbf627f7975fe599678fee48f83b5989543729e3600000000bc86cd51704f309130f534741377ea7b7bea3c46c0c4c4b7c27c5d057d95ac85a41cdcee8e6fa31f7d2137ed1fb4b21c13b9a2c5e3f7c9ef9e45a35adbf0b9312be929863f000000000000004a82bc080de1f87808d0711dd76f2977ca7f2684bfa5c14a0cd6f1f561e34e4e8e51e81d4a355a7d00d917c16a2bb0cfb2b5f59dfead7ac6e7fa84746e2e425769b9ee2c8ff10e934847604d930f62924d0562ce17f6dadf5053ed8f33092a41bb46e1878c5295fecc27f9c6d1f62da58c0002ea00000000009aa38a05e70591d5cdab1c488ef3c1984c7c0a566cfc2a080000009ec206a54fb49056a555414178ef00d8b8f3c59f01eb5d83415994efcc6ec4b3c275cd6b1b5ff82ef7d7abb1d218e7a1d0afa285706841aac9ccc89df41c39dd58dd70569dde45f8adeaad7d3328fbb6e279f745d2872f0208635e465ca443c3a64c7803760880af23fb3f430a0311fffc96dd13b951642f1433f65b4e170a62a5f7b7d0f9d5cef0d17289c43d4aee0001f7a343899434594cc23e1c864164e130754b337e560f285dc670a31241bf657babf0615b85dc200a10294b7d5885b43ac62fc7f97a85586168483427072a535f2c7481ec261c00f725de74e48d9a86f7d4a5d28da3f099ca3e6472b9d7c86d961f525f799b4517141f018af0673b8296f867eca1ec07be11bc497a6f7d2b752bcf77c2908b64630e7fa0c2261bc2d5de32ab6bbcf296d36807544aa7c3d3301fe227b713a371414c98695e559f9cbf6b046184064a5f24a4cc6f41f21fc24a3ad7d20a89e00a9dc99a40f890869d35fba3ce6f297661d3f8ba21c65badf55d1859581f9e7ef3e2693b46a8fc85be061ce79a08002c04dc04de8b6536123b24be2ef80eb06b2db900fb30596c1574b2a31f81d61ccfd58080d2330b9c7b87b5d17d48c32daffead3414b91603e250eeedc7d601000000037426f643797be3e93da96b5643d3feed0b7c885d06006b830d7cbf3152f27522f5142dcc84a9e48a07518f0142167abf5d6685d09945cbc778bcc3e7dcfaee5d9c1689a3bafc0d3b51b5a3bfd6007954c36d532960964183842601e5364ecb6ad9168040388c7640bfa2f88643de7eebf4da8d1c3e76daace5217761d933d06bbe9609fcf5971aa1e77c3123910e63daaadd8878ad468eabaf78a96012a4ada1a9cd217fb2a0da2d521454ea9e8fcd3b5badfd6f00003a73345b841d04a02bf441955b932c59608a555bc44873272812e0fb874618a0b56b4cf44990f60000000000000000000000b20000da0ca6797590ed13b0bccf71a39e05e877893646d185a77882f866785af6b0149e336c31fb177e3e85f4c60cd4de4ce6ea73a95f434328620fa493937386ad2e2a0d60eb815aa05c33e02c32276dab36d14c63af66a31409ab2a403ec3c7a4e07bd745efa2835a8c932f22aa6da40af9bcdf808b916bc8deb37d5b8c422b65c42d17e61751c561ce775a31b52703d398d52694cfbb7d2b3791b030093b321d9f16b2f06676cf94d75cbba6491ae0b5a16ce92320321314d8d2e88d1cd7e7b1216bdaecba309a38e107103e649d46958cc6ba2d660dd41b78d832beb7206ae01508377273ea96e40760410aeed1866971e04f578e9d856d01000000045aea928f5f669be0636dc3f34f90c34531735f271527412d1ae755a9243da523d713071f9370b509a34eeb46415b2f0d271a7072cbd17e293f20132e6c15756e92776c6a0d7c3a9f512ce17edf3f1ea190853bbf93e220a6ce968b79d504c057000e7d8f8249a8158e68a90bbea8bfab2bd3c067c28e185fe62ce7020f5282cf045b9c790984c6fb65fd3187bd8bfcbe663df6b7770000f58fbad41e6eee5c9595950c4172b9c925403b2f99bbf3cb1981bb0d14bded8eae35e08278020a1ec7f508628056fd3d408a02a1cf8594bcbb21a88f477673442804f714212d000045b9f563b5352fe460a30489b1b6a6d37daead86151492f7fd4b5c64007b68a1b04027eac124478a2ef7f59fe472795785de83578cb96334e0f7c1370dc397d3aa42d937b5718b7610cdcdfe104db7801ec74980b8b111a2748321f81512e4204eb2b024b9fc9e0f257f8c6037b93b2caa236d4354b32434d5a6b01e00000000ee2ea723ea2e1accb97a200609c77e0000000000000000d3a54ccd6e13a966801e9341260d6cbce5fe03999214462cbaa297448677ab659102d0f430fbeae119a7ef2e962d2829d4dd2201c4b30d491269594c88252fbd09aced90609851bd9e5c307e7e0d39e73579c1f3563eff1a6237d3699d61acdc8e36010d76093ddd237df1c4181b0a0c4543b4249e9ff2f5e8b5e0ba2048d542de40f643fda4036124b8feb2dd45d0fa52300518c8052cc09ad73f89734fce82cc627356aa2c651ed2644f34cfbc32e8b29cf29e895e43b473ddb9a43421b4b25f8bbce8e2d7cb8547d156d5972021ae4c9e30f85413276ddebde55999d2ec3c524632b74d703147ba09e0dcb26c4b89636d28428b67e955f53bfd0c9eeb7a9d17000000000096cd8ecf1c511eea07aefa1c5cae1841efa9329d80eafefe00000000000000009111274a44c722ff9f5151aa7cb99ea3e8b2c51eadbd2d0ba1a25b08cc3e67cd186c12ea62a55ff905388bb30d1a63d42593c9aea3a84f5a6fc470d8aaaafeccb373ca26c3685679e6a048af19fca3fc5315a33687"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x222, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xe28, 0xfffffffffffffff5, &(0x7f0000000980)="b0ff04c66b0d698cb89e2fe086dd1f74ffff06000000fe80000000000000ac14140746647b7954c4c06b580febc28eb143d0f6c0bad62c67a04402ba4125c7024f63fdb0b6c8ee826b4dfe6042a2f057c66cad677d850ea9928bcfcb47e585e427746ed3b27c40060cbd030a6d675c9926af53cd3085b24f9b7a486775c4f284f8c5a572ca115bce90c0ee9d4e7a07f5f1518092cb1f156694036f6618a59196631e6303fd5307d1112601d3641c9492f7dc3503416836b14590c53b1fc1ac149b70cc1142d6bc57fc3a76839fa2f96878b520fedfb9f64d81584a2e85ab4f6ec718b02d78f2ebf04e6b3b94610a21616181629a03c3dc0bf05e0a71f887833b81db7a10bc53259cb80716f6804934a411d424c1db98d454be1adb2776fdbb92b299d3b80af6987a871b4549fdb4c8297ee31ad925c8b0fb1a9d2589b08ed52602cbc26b56df71201bc4ea8621c56f33d251c1d4589af2dcd78fbb4e34bde02cb3920a30cee9489ee72c3e19304c16c2110e1839712d484b80abe77786a7e2ba834874a4e16b93dd07297554a06c2ad2c906f8ebb1db8730df096709184728d48f0a806696bd0d4b12d0064b933d9675353dae77fe8419451f85da63be78b70ca2a84a77f572d9f289d4313e6f6039fe756ac13a5d08838315dff44cda433cc7bc6b77449f8c", 0x0, 0x2f, 0xe8034000, 0xf000, 0xfffffffffffffe2a, &(0x7f0000000000), &(0x7f00000000c0)="c6769e45b7c61302926682c7f9e9bb5ba2b3cdf023e8da0392a4cd62e2370f25ae5ba0dab896bcf5b774cd28bebbde39f796ae27d04582bb7c03e9fe830ea22c9fd03f6d2779515fdad3f5d0de07b7b70996102fdb67b1e77a34a5b7136a212fa2c0ea502588309dc3e42c55a6f93e6ba5e1b492f9db48f0fdd2f9fb937b3e8a63dcf9dd855837433998ba579da27559", 0x5dc}, 0x28)

1.620698112s ago: executing program 0 (id=3353):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f00000001c0)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd, 0x24, 0xf, 0x1, 0x3, 0xfd, 0x0, 0x4}, {0x6, 0x24, 0x1a, 0x7ff, 0x8}}, {{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x4}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200, 0x3}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000001280)={0x20, 0x80, 0x1c, {0x0, 0x870, 0x0, 0xfbfc, 0x6, 0xa, 0x6, 0xe4d, 0x800, 0x0, 0xfffe, 0xfc}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000100)={0x14, 0x0, &(0x7f00000000c0)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)

1.066227412s ago: executing program 3 (id=3361):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0)
syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_connect$cdc_ecm(0x0, 0x0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="00222200000096231306e53f070c0000002a9000070d00be0083"], 0x0}, 0x0)

1.064440132s ago: executing program 9 (id=3371):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x2, 0x4, 0x4, 0x8, 0x10, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000000)={r0, 0x0, 0x0}, 0x20)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x2, 0x4, 0x4, 0x8, 0x1014, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x4, 0x4, 0x9, 0x0, r1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_DELETE_ELEM(0x2, &(0x7f00000003c0)={r2, &(0x7f0000000300), 0x20000000}, 0x20)

1.048453792s ago: executing program 9 (id=3363):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000380)='sys_enter\x00', r1}, 0x10)
timer_gettime(0x0, 0x0)

1.014855762s ago: executing program 9 (id=3365):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1, 0x4, 0x4, 0x5, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff00000006"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000002000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b703000000000000850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000300)='tlb_flush\x00', r1}, 0x10)

993.705611ms ago: executing program 9 (id=3368):
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x25c, &(0x7f0000000440)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002064070000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000850000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
timer_create(0x0, 0x0, &(0x7f0000000000))
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r0}, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

974.076241ms ago: executing program 9 (id=3370):
r0 = io_uring_setup(0x2a2c, &(0x7f0000000000)={0x0, 0x0, 0x2, 0xfffffffc})
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = socket$inet(0x2, 0xa, 0x0)
setsockopt$sock_int(r1, 0x1, 0x2e, &(0x7f0000000180)=0x7b, 0x4)
recvmmsg(r1, &(0x7f00000066c0), 0xa0d, 0x0, 0x0)

876.739082ms ago: executing program 2 (id=3374):
r0 = socket$inet(0x2, 0x2, 0x1)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000000040000"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f00000000c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f00000001c0)='kfree\x00', r2}, 0x10)
setsockopt$inet_opts(r0, 0x0, 0x4, 0x0, 0x0)

876.349502ms ago: executing program 2 (id=3375):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r2, &(0x7f0000000280)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x2, 0xfffffffe, 0x0, 0x1, {0xa, 0x4e23, 0xd06, @local, 0x7}}}, 0x3a)

876.111012ms ago: executing program 2 (id=3376):
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0)
clock_gettime(0x7, &(0x7f0000000200)={<r1=>0x0, <r2=>0x0})
ppoll(&(0x7f0000000040)=[{r0, 0x1002}, {r0, 0xd400}], 0x2, &(0x7f0000000240)={r1, r2+60000000}, 0x0, 0x0)
write$vga_arbiter(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="6c6f636b20696f2b65656d2baa24036a8900"], 0xc)
write$vga_arbiter(r0, &(0x7f0000000080)=@other={'decodes', ' ', 'none'}, 0xd)

875.901661ms ago: executing program 1 (id=3377):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000001540)={0x24, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00220f000000"], 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f0000000180), 0x0, 0x80200)
ioctl$HIDIOCGUSAGE(r1, 0xc018480b, &(0x7f0000000040)={0x3, 0x200, 0x0, 0x0, 0x0, 0x7ff})

553.163871ms ago: executing program 3 (id=3378):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x29)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000005000000850000008200000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r2}, 0x10)
epoll_pwait(0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0, 0x0)

540.823891ms ago: executing program 3 (id=3379):
r0 = memfd_create(&(0x7f0000000100)='+\x88\xc7s\x00\x00\x942nodev\x00\x00\x8cZ_Pv\x03\xa7\xc1\b\xec\x90Q\x85\x83\xcd\x16\xdcw\'\x8a\xe5N\x8c\x17\xfd\xc5\xad\xd5y\x15\x1fx\x17\f\xbc\xd1.\x8cA\x17\x86\xb7-j!Y\x92\xd9\xc4\r8\xd0\xc9X\xa7\x11\xa3\xf0\x8a*\xbc\x87\xcd\x1fl\xfc\xf3]\xb8\xbd\x02\v<\fl\xa6]\xa5\xfb\x05\xcb\x9c\xe2\xc8\x05\xa5\xa5\xeb\xa9\xef\xe3\xf1b\x81\xec\xac\xb6\x80\xd5\xf5S\x85\x06O\x05\xb8\xa1\x15\xcc\x17\xe8s\x95\x95B\xee_\x98\x91)\xe7\xa8+\x8c\xee\x83@q\x16\xcf3\x0f\x81\xa8\xa9`i\x01m:\xcc\x1c\xed<\xcfA3n\xfd\n>\x03\xae\f \xdbH\'\x05\x82\xdbLE\x14\xcdq\x1abcf\xdb8\xe9a\xa8\x00'/201, 0x2)
fcntl$addseals(r0, 0x409, 0x12)
mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1008, 0x0, 0x13, r0, 0x0)

525.213371ms ago: executing program 3 (id=3380):
socket$igmp6(0xa, 0x3, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x11, 0x3c}, [@ldst={0x6}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x47, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000005c0)='./file1\x00', 0x8205, &(0x7f0000000940)={[{@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x15}}, {@stripe}, {@grpid}, {@errors_remount}, {@data_err_ignore}, {@noblock_validity}, {@sysvgroups}, {@quota}]}, 0x1, 0x60a, &(0x7f0000001c40)="$eJzs3c9rHNcdAPDvzEqqZKuVXYqpTUsFPdhQrB+uqduebF/qg6GG+lBKDxaW5AqvbGHJULuGytBDCy2UkGsIvuQfyD2YXHMLgSS3nANOCA45JMEbZnbHXla78lrR7qw9nw/s6s2b2X3vu09P896u3k4AlTWb3aURRyPiShIx07ZvOpo7Z1vHPf7i3tXslkSj8afPk0haecXxT1o/D2Z3ScRkRLx/PuLHtZ3lbt65e32p3mj6Z8T81vrG/OaduyfX1peurVxbubF46renzyz8bvH04r7EWcR14eIff/a/f/3tN6sf1E8mcTYuj/9jOTri2C+zMRtPWiG2549FxJks0eV1edkUISQl14O9qbV+H8cj4kjMRC3fapqJtf+WWjlgoBq1iAZQUYn+DxVVjAOKuf0g5sGj7NG55gRoZ/xjzfdGYjKfGx14nLTNjJrz3UP7UH5Wxrf3jr2R3aLH+xBj+1BOL9v3I+Kn3eJP8rodyt/FyeJPI217XJZeiIiJ1mux1/n/bMf2sH//XiT+9nbI4j/b+pnln99j+WXHD0A1PTzXOpFvZ1vPzn/ZyLAY/0SX8c90l3PXXpR9/us9/ivO95P5e+RpxzgsG+9c6v6U450Zn/znwmu9ym8f/2W3rPxiLDgMj+5HHOuI/9/5QC952v5Jl/bPDrnSZxl/+PCzC732lR1/40HE8a7zn2cj2iw1v7W+UeR1fD45v7pWX1lo3nct4533/vpWr/LLjj9r/+gR/27tn+Vt9FnG25cerPfaN/3c+NNPJ5LLeWqilfP3pa2tW4sRE8nF1iFt+ad2r0txTPEcWfwnftm9/+8Sf97Q233Gv/Hn64+bqZ2zpL7bf8dfldyTRp916CWLf3mP7f//Psv46i+3f96RNVUkdot/audTJf2+5gAAAAAAAFBFaf4ZbJLOPU2n6dxccw3vT+JAWr+5ufWr1Zu3byxHnMj/H3I8LT7pnmluJ9n2Yuv/YYvtUx3bv46IwxHxem0q3567erO+XHbwAAAAAAAAAAAAAAAAAAAAMCIOttb/F9ep/rLWXP/fl60jA64dMHCDvMAcMNr0f6iuvP+nZdcCKIPzP1SX/g/Vpf9Dden/UF36P1SX/g/Vpf9Dden/AAAAAPBKOvyLhx8nEbH9+6n8lplo7RsvtWbAoL14H58dSD2A4asN9WHAKHn60b/l/1A5fY3/v259OeDgqwOUIOmWmQ8OGrt3/oddHwkAAAAAAAAAAAAADMDxo9b/Q1Wl8W7ZVQBK8j0W8vsOAHjJ+ep/qC5zfOB5q/gne+2w/h8AAAAAAAAAAAAAhmY6vyXpXOsSoNORpnNzET+MiEMxnqyu1VcWIuJHEfFRbfwH2fZi2ZUGAAAAAAAAAAAAAAAAAACAV8zmnbvXl+r1lVvtiW925LzaieIqqKNSn/ZEJMMvdCoiRiH2wSTG2nKSiO2s5UeiYrc2YySqkebVKPkPEwAAAAAAAAAAAAAAAAAAVFDb2uPujr055BoBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwPA9u/7/3hPJc56n7BgBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgJfTdwEAAP//wbQ5Jw==")
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
syz_usb_connect$uac1(0x3, 0xa4, &(0x7f0000000240)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2405000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r0, @ANYBLOB="05958682"], 0x0)

88.419811ms ago: executing program 9 (id=3381):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000001540)={0x24, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0xf, {[@main=@item_4={0x3, 0x0, 0xb, "08405af3"}, @local=@item_4, @global=@item_4={0x3, 0x1, 0xa, "fecd6795"}]}}, 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0)
ioctl$HIDIOCGCOLLECTIONINDEX(r1, 0x40184810, &(0x7f0000000240)={0x3, 0x200, 0x100008, 0xffbffe01, 0x10001, 0x400007fc})

34.718871ms ago: executing program 2 (id=3382):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000005000000020000000010"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000009000000000000000020000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r2}, 0x18)
close(r0)

22.824771ms ago: executing program 2 (id=3383):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)
ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000940)={{}, 'syz1\x00'})
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x12)
ioctl$UI_DEV_CREATE(r0, 0x5501)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_GETSHIFTSTATE(r1, 0x4b2f, 0x0)

1.012291ms ago: executing program 3 (id=3384):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001c00)=@base={0xb, 0x5, 0x7, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000008c0)='sys_enter\x00', r1}, 0x10)
exit(0x6)

0s ago: executing program 2 (id=3385):
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000100)='./file1\x00', 0x101880a, &(0x7f0000000400)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c61636c2c6673796e635f6d6f64653d7374726963742c696e6c696e655f78617474722c6673796e635f6d6f64653d706f7369782c646973636172645f756e69743d7365676d656e742c6261636b67726f756e645f67633d6f6e2c6e6f696e6c696e655f78617474722c646973636172645f756e69743d626c6f636b2c6673796e635f6d6f64653d7374726963742c617467632c657874656e745f63616368652c6661756c745f696e6a656374696f6e3d30303030303030303030303030303031343033302c00271d57a599b8b169a579679e220c689eaaec4fa6229021e75c68a687d319b615573b0b0ceefba8e2e2419434463974ef8174b66469344931de0ccad650792761"], 0x1, 0x550b, &(0x7f00000079c0)="$eJzs3M1rI2UYAPAn/dhv1yIevO3AIrSwiU0/Fr1V3cUP7FJWPXjSNElDdpNMadK09uTBo3jwPxEFTx79Gzx49iYeFG+Ckpmpbv0AoWlj298PJs+8b94887xhWXhmSgK4sOaSX34qxc24GhHTEXEjIjsvFUdmLQ/PRcStiJh64igV839MXIqIaxFxc5Q8z1kq3vrszvD26o9v/vz1t5dnrn/+1XeT2zUwac9HRHc7P9/r5jFt5fFRMV8btrPYXRkWMX+j+7gYp3nca25mGfZqh+tqWVxu5evT7d3+KG51avVRbLW3svntXn7B/rB1mCf7wKPaTjZuNDez2O6nWWwd5HXtH+T/tx30B3meRpHvwyx9DAaHMZ9v7jfz/Ww/zmK9Nyjm87xpo7k/isMiFpeLetppZHVsHueb/n97q93b3U+GzZ1+O+0lq5Xqi5Xq3XJ1J200B82Vcq3buLuSzLc6o2XlQbPWXWulaavTrNTT7kIy36rXy9VqMn+vudmu9ZJqtbJcWSyvLhRnd5LXHrybdBrJ/Ci+0u7tDtqdfrKV7iT5JxaSpcrySwvJ7Wry9vpGsvHw/v31jXfev/feg5fX33i1WPS3spL5pcWlpXJ1sbxUXbhA+/+4KHqM+4djKU26AICzR/8PTMLJ9f87DyNOvv8P/f9YnKn+9/z1/3svREx0/3As+n8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAvr+9kvXs9O5vLx9WL+qWLqmWJcioipiPjtH0zHpSM5p4s8s/+yfvYvNXxTiizD6BqXi+NaRKwVx69Pn/S3AAAAAOfXlx/d+jTv1vOXuUkXxGnKb9pM3fhgTPlKETE798OYsk2NXp4dU7Ls3/dM7I8pW3YD68qYkuW33GbGle0/mT4SrjwRSnmYOtVyAACAU3G0EzjdLgQAAIDT9MmkC2AySnH4KPPwWXD2l/d/PhC8emQEAAAAnEGlSRcAAAAAnLis//f7fwAAAHC+5b//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAv7NzP7eJA1EcgJ8NXth/WrTa+7ayNyhjS9jjHiMKSBMUkANpIQ1QA7mlhAgiPA6BiEMkj20l+j7JmYxlfrxBcJgZaQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAu3Vfrxe3V7+u2Obt9O3lGAwAAAFyyrdaL+p9Z6n9t7n9vbv1s+kVElBFxae4+ik9nmaMmp3p5/ub0+epVDXcRdcLhPSbN9SUi/jTX44+uPwUAAAD4uDbL1TzN1tOf2dAF0ae0aFN++5spr4iIavaQKa085P3KFFZ/v8fxP1NavYA1zRSWltzGudLepP65H1ftpidNkZry4suORWYbOwAA0KPRWdPvLAQAAIA+/Ru6AIZRxPNW5nErcJKaZnvv81kPAAAAeIeKoQsAAAAAOlfP/3s6/2/v/D8AAAAYRjr/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC5tq/Vis1zN2+bs9u3kGQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyxP+8oEAJhEAZ713cmc//DSoOmpiZVIHz8jcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMX+vKRACARBFMwZ/zvp+x9WEvQMIkRAw6OKWjQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBFv/vl/8TUOJPMnTaWjkeStavG1lVj70Hj6MF4+zcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMXO/bzGUcUBAP/OzM7WtooxSg4RUfCgF5tua2tv4kEJHvwThJBua+zWH20QW4qYizfJuRfRo4igxFv/h55b6KXeethDBc/KzM5kp23A9dfMNvl84M377jDM+75ZCPnOewkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtfFb0zgrDguTOK3O3bp/bb3obz/UF25s31kuWhEnbSb9eHih+SFZioij3SUDAADAwZDV9X1E3M13Vos+XSjr/7y+pqj5v31qElf1/Gd1yfpw/V/X/kX75ed7z+0OtDAZp7jpuY3R8PijqfT+rznOu6f/8ope+eTLdy9Z+YWk7249O87L55l8ffPm2/0yPNRGtgDAP3Gs7qug/n2o6AddJgbAgdFrFN51/Z8tdJsTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQBvGW3G0jpOIWO5N48Lt+9fW9+pvbN9Zrtvp69e348vpPYtb5BFxbmM0PN7qbObb5StXL6yNRsNL7QcvRkRXo79ZTf/C+zNcHNHJ8xH8R0Fafdnzks/jEXT4QwkAgH0pr1pR19/Nd1aLc8lixB/fPVj/v9KIY8b6/94Hp281x2rW/4PWZjj/VjYvfrJy+crV1zYurp0fnh9+9PqJwRuDk2dOnTqzUr4rWfHGBAAAgH+nX7Vm/Z8uPrr+f6QRx4z1/6ffDL5ojpWp//c0XfTrOhMAAICD7ZmXfv8t2eN80u/H52ubm5cGk+Pu5xOTYwep/m2Hqtas/7PFrrMCAAAA2jDeSh5Y/z/biGPG9f8nv3/+x+Y9s4g4XK3/H1v/eHS2venMtTb+nLjrOQIAANCtw1Vrrv/n5f7/dHfLQxoRr748iat/AzhT/Z+989UPzbGa+/9PtjfFuZQuTZ5H2S9F9Ja6zggAAID97ImqFcX+r/nO6oc/HXmvb/8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQNv+DAAA///fxzxy")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
pwritev2(r0, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5412, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0)
pwritev2(r1, &(0x7f00000001c0)=[{&(0x7f0000000080)="ff", 0xfdef}], 0x1, 0xe7b, 0x0, 0x0)
truncate(&(0x7f00000000c0)='./file1\x00', 0xefff)

kernel console output (not intermixed with test programs):

FFFF.000F: unknown main item tag 0x0
[   85.162805][  T314] plantronics 0003:047F:FFFF.000F: unknown main item tag 0x0
[   85.187248][  T314] plantronics 0003:047F:FFFF.000F: unknown main item tag 0x0
[   85.195063][  T314] plantronics 0003:047F:FFFF.000F: unknown main item tag 0x0
[   85.202904][  T314] plantronics 0003:047F:FFFF.000F: unknown main item tag 0x0
[   85.210921][  T314] plantronics 0003:047F:FFFF.000F: unknown main item tag 0x0
[   85.219162][  T314] plantronics 0003:047F:FFFF.000F: unknown main item tag 0x0
[   85.226417][  T314] plantronics 0003:047F:FFFF.000F: unknown main item tag 0x0
[   85.233982][  T314] plantronics 0003:047F:FFFF.000F: unknown main item tag 0x0
[   85.243850][  T314] plantronics 0003:047F:FFFF.000F: No inputs registered, leaving
[   85.260855][  T314] plantronics 0003:047F:FFFF.000F: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[   85.296184][  T314] usb 2-1: USB disconnect, device number 10
[   85.366251][ T4963] loop4: detected capacity change from 0 to 512
[   85.412939][ T4963] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[   85.431853][ T4963] ext4 filesystem being mounted at /367/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   85.520031][  T289] EXT4-fs (loop4): unmounting filesystem.
[   85.539831][ T4959] loop2: detected capacity change from 0 to 40427
[   85.555928][ T4959] F2FS-fs (loop2): fault_injection options not supported
[   85.572969][ T4959] F2FS-fs (loop2): invalid crc value
[   85.606392][ T4959] F2FS-fs (loop2): Found nat_bits in checkpoint
[   85.711557][ T4959] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   85.796023][  T292] syz-executor: attempt to access beyond end of device
[   85.796023][  T292] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   86.100116][ T4987] loop4: detected capacity change from 0 to 40427
[   86.119297][ T4987] F2FS-fs (loop4): Unrecognized mount option "fault_injection=08" or missing value
[   86.328468][ T5012] syz.3.2001[5012] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   86.328552][ T5012] syz.3.2001[5012] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   86.346505][ T5014] loop2: detected capacity change from 0 to 512
[   86.402331][ T5014] EXT4-fs: Ignoring removed nobh option
[   86.423622][ T5014] EXT4-fs: Ignoring removed mblk_io_submit option
[   86.444121][ T5022] loop4: detected capacity change from 0 to 512
[   86.456972][ T5014] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[   86.502518][  T292] EXT4-fs (loop2): unmounting filesystem.
[   86.548448][ T5022] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[   86.577938][ T5022] ext4 filesystem being mounted at /373/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   86.649377][  T289] EXT4-fs (loop4): unmounting filesystem.
[   86.705080][ T5046] futex_wake_op: syz.4.2013 tries to shift op by -1; fix this program
[   86.807651][ T5059] loop2: detected capacity change from 0 to 1024
[   86.820590][ T5063] loop8: detected capacity change from 0 to 512
[   86.846194][ T5059] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (1764!=20869)
[   86.872505][ T5059] EXT4-fs (loop2): invalid journal inode
[   86.885173][ T5063] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[   86.911692][ T5063] ext4 filesystem being mounted at /25/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   86.912595][ T5059] EXT4-fs (loop2): can't get journal size
[   86.936582][ T5076] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[   86.955777][ T5059] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[   86.979774][ T5059] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:511: comm syz.2.2022: Block bitmap for bg 0 marked uninitialized
[   86.998431][ T4687] EXT4-fs (loop8): unmounting filesystem.
[   87.029418][  T292] EXT4-fs (loop2): unmounting filesystem.
[   87.124508][ T5090] netlink: 28 bytes leftover after parsing attributes in process `syz.8.2034'.
[   87.323187][ T4996] loop1: detected capacity change from 0 to 131072
[   87.356293][ T5108] loop8: detected capacity change from 0 to 512
[   87.373659][ T4996] F2FS-fs (loop1): Segment count (31) mismatch with total segments from devices (0)
[   87.393219][ T4996] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[   87.434055][ T4996] F2FS-fs (loop1): invalid crc value
[   87.441309][ T5108] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[   87.468173][ T5108] ext4 filesystem being mounted at /32/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   87.480498][ T5119] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2046'.
[   87.514977][ T4996] F2FS-fs (loop1): Found nat_bits in checkpoint
[   87.600940][ T4996] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[   87.607807][ T4996] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[   87.640955][   T28] kauditd_printk_skb: 1 callbacks suppressed
[   87.640971][   T28] audit: type=1400 audit(2000000059.272:2012): avc:  denied  { setattr } for  pid=4995 comm="syz.1.1995" path="/391/file0/bus" dev="loop1" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   87.712780][ T4687] EXT4-fs (loop8): unmounting filesystem.
[   87.916918][ T5162] netlink: 'syz.2.2066': attribute type 2 has an invalid length.
[   88.077532][ T5182] loop8: detected capacity change from 0 to 256
[   88.089986][ T5182] exfat: Unknown parameter '0xffffffffffffffff��'
[   88.143075][ T5190] SELinux:  Context system_u:object_r:ssh_exec_t:s0 is not valid (left unmapped).
[   88.152727][   T28] audit: type=1400 audit(2000000059.792:2013): avc:  denied  { relabelto } for  pid=5189 comm="syz.4.2077" name="NETLINK" dev="sockfs" ino=35054 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=netlink_netfilter_socket permissive=1 trawcon="system_u:object_r:ssh_exec_t:s0"
[   88.517929][  T497] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[   88.596989][ T5250] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2102'.
[   88.657377][ T5254] loop1: detected capacity change from 0 to 512
[   88.697906][  T497] usb 9-1: Using ep0 maxpacket: 32
[   88.704254][ T5254] ext4 filesystem being mounted at /399/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[   88.718768][  T497] usb 9-1: config 0 interface 0 altsetting 30 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   88.738303][  T497] usb 9-1: config 0 interface 0 altsetting 30 endpoint 0x81 has invalid wMaxPacketSize 0
[   88.749010][ T5264] 9pnet_fd: Insufficient options for proto=fd
[   88.758343][  T497] usb 9-1: config 0 interface 0 has no altsetting 0
[   88.764776][  T497] usb 9-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00
[   88.773716][  T497] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   88.785882][  T497] usb 9-1: config 0 descriptor??
[   88.855956][ T5270] overlayfs: maximum fs stacking depth exceeded
[   89.019396][ T5294] loop1: detected capacity change from 0 to 512
[   89.069233][ T5294] ext4 filesystem being mounted at /401/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   89.088223][   T28] audit: type=1326 audit(2000000060.722:2014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5303 comm="syz.2.2125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb64f85d29 code=0x7ffc0000
[   89.132313][   T28] audit: type=1326 audit(2000000060.752:2015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5303 comm="syz.2.2125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb64f85d29 code=0x7ffc0000
[   89.162763][   T28] audit: type=1326 audit(2000000060.752:2016): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5303 comm="syz.2.2125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=232 compat=0 ip=0x7fdb64f85d29 code=0x7ffc0000
[   89.204512][ T5312] loop1: detected capacity change from 0 to 128
[   89.215798][  T497] hkems 0003:2006:0118.0010: item fetching failed at offset 1/5
[   89.230925][  T497] hkems 0003:2006:0118.0010: parse failed
[   89.238023][  T497] hkems: probe of 0003:2006:0118.0010 failed with error -22
[   89.242732][   T28] audit: type=1326 audit(2000000060.802:2017): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5303 comm="syz.2.2125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb64f85d29 code=0x7ffc0000
[   89.256954][  T497] hid-generic 0000:0003:0000.0011: unknown main item tag 0x0
[   89.276116][  T497] hid-generic 0000:0003:0000.0011: unknown main item tag 0x0
[   89.284205][  T497] hid-generic 0000:0003:0000.0011: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   89.287130][ T5312] ext4 filesystem being mounted at /402/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   89.295145][   T28] audit: type=1326 audit(2000000060.802:2018): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5303 comm="syz.2.2125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb64f85d29 code=0x7ffc0000
[   89.393030][   T28] audit: type=1400 audit(2000000061.022:2019): avc:  denied  { mounton } for  pid=5318 comm="syz.1.2141" path="/proc/854/task" dev="proc" ino=36266 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[   89.430455][ T1556] usb 9-1: USB disconnect, device number 2
[   89.799802][ T5351] loop4: detected capacity change from 0 to 512
[   89.823404][ T5351] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   89.836707][   T28] audit: type=1400 audit(2000000061.462:2020): avc:  denied  { map } for  pid=5354 comm="syz.3.2148" path="socket:[35380]" dev="sockfs" ino=35380 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[   89.844594][ T5351] EXT4-fs (loop4): 1 truncate cleaned up
[   89.881469][   T28] audit: type=1400 audit(2000000061.492:2021): avc:  denied  { read accept } for  pid=5354 comm="syz.3.2148" path="socket:[35380]" dev="sockfs" ino=35380 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[   89.961284][ T5368] 9pnet: p9_errstr2errno: server reported unknown error 
[   90.013485][  T497] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0
[   90.028068][  T497] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0
[   90.029903][ T5382] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2161'.
[   90.044745][  T497] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0
[   90.062223][  T497] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0
[   90.069748][  T497] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0
[   90.077043][  T497] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0
[   90.084386][  T497] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0
[   90.091849][  T497] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0
[   90.100497][  T497] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0
[   90.108513][  T497] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0
[   90.120033][  T497] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0
[   90.129100][  T497] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0
[   90.137704][  T497] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0
[   90.145692][  T497] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0
[   90.153444][  T497] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0
[   90.160770][  T497] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0
[   90.180921][  T497] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0
[   90.196939][  T497] hid-generic 0000:0000:0000.0012: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[   90.229629][ T5372] loop4: detected capacity change from 0 to 40427
[   90.240906][ T5372] F2FS-fs (loop4): Found nat_bits in checkpoint
[   90.292054][ T5372] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   90.373410][  T289] syz-executor: attempt to access beyond end of device
[   90.373410][  T289] loop4: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[   90.535519][ T5451] loop1: detected capacity change from 0 to 2048
[   90.548453][ T5451] EXT4-fs: Ignoring removed mblk_io_submit option
[   90.821319][ T5451] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.2190: bg 0: block 234: padding at end of block bitmap is not set
[   90.835674][ T5451] EXT4-fs (loop1): Remounting filesystem read-only
[   90.908414][ T5492] netlink: 24 bytes leftover after parsing attributes in process `syz.8.2206'.
[   91.038002][ T5502] loop1: detected capacity change from 0 to 512
[   91.064190][ T5502] ext4 filesystem being mounted at /422/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   91.208802][ T5526] loop8: detected capacity change from 0 to 16
[   91.215484][ T5526] erofs: (device loop8): mounted with root inode @ nid 36.
[   91.224829][   T46] erofs: (device loop8): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[9000]
[   91.236262][ T5526] erofs: (device loop8): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[   91.293014][ T5535] bridge: RTM_DELNEIGH with unconfigured vlan 1792 on bridge0
[   91.413166][ T5537] loop8: detected capacity change from 0 to 40427
[   91.421162][ T5537] F2FS-fs (loop8): invalid crc value
[   91.429159][ T5537] F2FS-fs (loop8): Found nat_bits in checkpoint
[   91.475574][ T5537] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[   91.497056][ T5553] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2233'.
[   91.506896][ T5553] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2233'.
[   91.528003][ T4687] syz-executor: attempt to access beyond end of device
[   91.528003][ T4687] loop8: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   91.588128][   T24] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[   91.706728][ T5578] device vlan2 entered promiscuous mode
[   92.053905][ T5587] loop4: detected capacity change from 0 to 2048
[   93.058985][   T24] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11
[   93.070086][   T24] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024
[   94.028431][   T24] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[   94.037424][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   94.046080][ T5541] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[   95.055439][   T24] aiptek 3-1:17.0: Aiptek using 400 ms programming speed
[   95.063698][   T24] input: Aiptek as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:17.0/input/input15
[   95.076686][   T24] usb 3-1: USB disconnect, device number 11
[   95.076729][    C1] aiptek 3-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[   95.099852][  T290] EXT4-fs unmount: 11 callbacks suppressed
[   95.099871][  T290] EXT4-fs (loop1): unmounting filesystem.
[   95.114188][ T5600] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=515 sclass=netlink_route_socket pid=5600 comm=syz.3.2253
[   95.147620][ T5605] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2249'.
[   95.189091][ T5614] loop2: detected capacity change from 0 to 1024
[   95.208769][ T5620] loop1: detected capacity change from 0 to 512
[   95.209351][ T5614] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:477: comm syz.2.2260: Invalid block bitmap block 0 in block_group 0
[   95.228325][ T5620] EXT4-fs (loop1): unsupported inode size: 143
[   95.228504][ T5614] __quota_error: 2 callbacks suppressed
[   95.228520][ T5614] Quota error (device loop2): write_blk: dquota write failed
[   95.235064][ T5620] EXT4-fs (loop1): blocksize: 1024
[   95.239742][ T5614] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[   95.239784][ T5614] EXT4-fs error (device loop2): ext4_acquire_dquot:6788: comm syz.2.2260: Failed to acquire dquot type 0
[   95.240038][ T5614] EXT4-fs error (device loop2): ext4_free_blocks:6210: comm syz.2.2260: Freeing blocks not in datazone - block = 0, count = 4096
[   95.286671][ T5614] EXT4-fs error (device loop2): ext4_read_inode_bitmap:140: comm syz.2.2260: Invalid inode bitmap blk 0 in block_group 0
[   95.299327][ T4456] Quota error (device loop2): do_check_range: Getting block 0 out of range 1-8
[   95.308328][ T5614] EXT4-fs error (device loop2) in ext4_free_inode:362: Corrupt filesystem
[   95.311404][ T4456] EXT4-fs error (device loop2): ext4_release_dquot:6811: comm kworker/u4:18: Failed to release dquot type 0
[   95.328076][ T5614] EXT4-fs (loop2): 1 orphan inode deleted
[   95.336885][ T5614] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[   95.388733][ T4506] Quota error (device loop2): do_check_range: Getting block 0 out of range 1-8
[   95.407694][ T4506] EXT4-fs error (device loop2): ext4_release_dquot:6811: comm kworker/u4:37: Failed to release dquot type 0
[   95.430333][ T5614] EXT4-fs (loop2): re-mounted. Quota mode: writeback.
[   95.475038][  T292] EXT4-fs (loop2): unmounting filesystem.
[   95.579106][ T5642] tmpfs: Bad value for 'nr_inodes'
[   95.611719][ T5645] loop8: detected capacity change from 0 to 128
[   95.686678][   T28] audit: type=1400 audit(2000000067.374:2024): avc:  denied  { compute_member } for  pid=5649 comm="syz.4.2272" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[   96.030320][ T5661] loop1: detected capacity change from 0 to 512
[   96.044053][ T5661] EXT4-fs (loop1): Test dummy encryption mode enabled
[   96.058362][ T5661] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   96.082662][ T5661] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00cc018, mo2=0002]
[   96.095999][ T5661] System zones: 1-12
[   96.106940][ T5656] loop8: detected capacity change from 0 to 40427
[   96.115893][ T5661] EXT4-fs (loop1): 1 truncate cleaned up
[   96.121577][ T5661] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   96.130686][ T5656] F2FS-fs (loop8): fault_injection options not supported
[   96.139919][ T5656] F2FS-fs (loop8): invalid crc value
[   96.158954][ T5656] F2FS-fs (loop8): Found nat_bits in checkpoint
[   96.237538][  T290] EXT4-fs (loop1): unmounting filesystem.
[   96.271168][ T5656] F2FS-fs (loop8): Start checkpoint disabled!
[   96.297939][ T5656] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e6
[   96.320573][ T5677] tmpfs: Bad value for 'nr_inodes'
[   96.389414][ T5686] xt_TCPMSS: Only works on TCP SYN packets
[   96.404358][ T5656] syz.8.2274: attempt to access beyond end of device
[   96.404358][ T5656] loop8: rw=2049, sector=45096, nr_sectors = 128 limit=40427
[   96.487994][ T4506] kworker/u4:37: attempt to access beyond end of device
[   96.487994][ T4506] loop8: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[   96.832346][ T5727] loop8: detected capacity change from 0 to 512
[   96.839169][ T5727] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[   96.850870][ T5727] EXT4-fs (loop8): 1 truncate cleaned up
[   96.856610][ T5727] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[   96.871953][ T5730] loop1: detected capacity change from 0 to 2048
[   96.885100][ T5732] loop4: detected capacity change from 0 to 128
[   96.893206][ T4687] EXT4-fs (loop8): unmounting filesystem.
[   96.898633][ T5732] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[   96.908055][ T5730] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[   96.913954][ T5732] ext4 filesystem being mounted at /432/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   96.922345][ T5730] EXT4-fs (loop1): Online resizing not supported with bigalloc
[   96.929581][   T28] audit: type=1400 audit(2000000068.624:2025): avc:  denied  { setattr } for  pid=5736 comm="syz.8.2306" name="maps" dev="proc" ino=38066 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=file permissive=1
[   96.958363][  T290] EXT4-fs (loop1): unmounting filesystem.
[   96.963035][   T28] audit: type=1400 audit(2000000068.624:2026): avc:  denied  { read } for  pid=5731 comm="syz.4.2305" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop4" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1
[   97.022740][  T289] EXT4-fs (loop4): unmounting filesystem.
[   97.025003][ T5741] loop1: detected capacity change from 0 to 512
[   97.038708][ T5741] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[   97.057042][ T5743] loop8: detected capacity change from 0 to 4096
[   97.065731][ T5743] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[   97.085283][ T5741] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   97.094643][ T4687] EXT4-fs (loop8): unmounting filesystem.
[   97.096906][ T5741] ext4 filesystem being mounted at /438/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   97.115511][ T5755] loop4: detected capacity change from 0 to 512
[   97.126954][ T5755] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[   97.136073][ T5741] EXT4-fs error (device loop1): ext4_xattr_block_get:546: inode #15: comm syz.1.2307: corrupted xattr block 32
[   97.148591][ T5741] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=15
[   97.158053][ T5741] EXT4-fs error (device loop1): ext4_xattr_block_get:546: inode #15: comm syz.1.2307: corrupted xattr block 32
[   97.170229][ T5741] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=15
[   97.181072][ T5755] EXT4-fs error (device loop4): ext4_orphan_get:1400: inode #15: comm syz.4.2314: iget: bad extended attribute block 19
[   97.196983][ T5764] EXT4-fs error (device loop1): __ext4_new_inode:1285: comm syz.1.2307: failed to insert inode 16: doubly allocated?
[   97.207501][  T314] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0
[   97.216647][ T5755] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.2314: couldn't read orphan inode 15 (err -117)
[   97.222171][ T5768] loop2: detected capacity change from 0 to 1024
[   97.237479][  T314] hid-generic 0000:0000:0000.0013: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[   97.240605][ T5768] EXT4-fs: Ignoring removed nomblk_io_submit option
[   97.249126][ T5755] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[   97.263580][ T5768] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   97.276569][  T290] EXT4-fs (loop1): unmounting filesystem.
[   97.287870][ T5768] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[   97.302110][  T289] EXT4-fs (loop4): unmounting filesystem.
[   97.312152][ T5768] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[   97.340108][ T1556] kernel write not supported for file /uhid (pid: 1556 comm: kworker/1:4)
[   97.365368][  T292] EXT4-fs (loop2): unmounting filesystem.
[   97.577622][ T5779] loop4: detected capacity change from 0 to 40427
[   97.596544][ T5779] F2FS-fs (loop4): fault_injection options not supported
[   97.614119][ T5779] F2FS-fs (loop4): invalid crc value
[   97.629305][ T5779] F2FS-fs (loop4): Found nat_bits in checkpoint
[   97.640913][ T5781] loop1: detected capacity change from 0 to 40427
[   97.695262][ T5781] F2FS-fs (loop1): Found nat_bits in checkpoint
[   97.710253][ T5779] F2FS-fs (loop4): Start checkpoint disabled!
[   97.727940][ T5779] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[   97.747936][ T5826] loop8: detected capacity change from 0 to 256
[   97.754251][ T5826] exfat: Deprecated parameter 'utf8'
[   97.776801][ T5826] exfat: Deprecated parameter 'utf8'
[   97.787785][ T5781] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   97.796081][ T5826] exFAT-fs (loop8): failed to load upcase table (idx : 0x00010000, chksum : 0x23a77120, utbl_chksum : 0xe619d30d)
[   97.799379][ T5779] syz.4.2321: attempt to access beyond end of device
[   97.799379][ T5779] loop4: rw=2049, sector=45096, nr_sectors = 128 limit=40427
[   97.864961][ T5781] syz.1.2324: attempt to access beyond end of device
[   97.864961][ T5781] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   97.902328][   T28] audit: type=1400 audit(2000000069.594:2027): avc:  denied  { load_policy } for  pid=5836 comm="syz.8.2344" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[   97.923493][ T5837] SELinux:  policydb version 0 does not match my version range 15-33
[   97.923633][ T4498] kworker/u4:35: attempt to access beyond end of device
[   97.923633][ T4498] loop4: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[   97.931768][  T290] syz-executor: attempt to access beyond end of device
[   97.931768][  T290] loop1: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[   97.959576][ T5837] SELinux: failed to load policy
[   97.985253][ T5839] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2348'.
[   97.997458][ T5841] TCP: tcp_parse_options: Illegal window scaling value 249 > 14 received
[   98.270455][ T4456] Bluetooth: hci0: Frame reassembly failed (-84)
[   98.427930][  T314] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[   98.607933][  T314] usb 9-1: Using ep0 maxpacket: 16
[   98.614764][  T314] usb 9-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   98.625644][  T314] usb 9-1: config 0 interface 0 has no altsetting 0
[   98.632251][  T314] usb 9-1: New USB device found, idVendor=046d, idProduct=c517, bcdDevice= 0.00
[   98.641225][  T314] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   98.649740][  T314] usb 9-1: config 0 descriptor??
[   99.067520][ T5922] input: syz0 as /devices/virtual/input/input16
[   99.138346][ T5933] loop1: detected capacity change from 0 to 128
[   99.144827][ T5933] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem
[   99.154138][ T5933] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[   99.162673][ T5933] ext2 filesystem being mounted at /451/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   99.200832][   T28] audit: type=1400 audit(2000000070.891:2028): avc:  denied  { link } for  pid=5932 comm="syz.1.2388" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop1" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   99.243504][    T6] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[   99.244550][  T290] EXT4-fs (loop1): unmounting filesystem.
[   99.285115][ T5941] loop1: detected capacity change from 0 to 1024
[   99.293362][  T497] usb 9-1: USB disconnect, device number 3
[   99.309505][ T5941] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[   99.326862][  T290] EXT4-fs (loop1): unmounting filesystem.
[   99.339967][ T5947] loop1: detected capacity change from 0 to 512
[   99.346157][ T5947] EXT4-fs: Ignoring removed orlov option
[   99.351982][ T5947] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   99.362788][ T5947] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c028, mo2=0002]
[   99.370748][ T5947] System zones: 1-12
[   99.375142][ T5947] EXT4-fs (loop1): 1 truncate cleaned up
[   99.380655][ T5947] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[   99.394987][ T5947] EXT4-fs error (device loop1): ext4_search_dir:1549: inode #12: block 7: comm syz.1.2393: bad entry in directory: inode out of bounds - offset=0, inode=16777215, rec_len=16, size=56 fake=0
[   99.413886][ T5947] EXT4-fs (loop1): Remounting filesystem read-only
[   99.447966][    T6] usb 3-1: Using ep0 maxpacket: 16
[   99.454074][    T6] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   99.464804][    T6] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   99.474313][    T6] usb 3-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[   99.483164][    T6] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   99.491499][    T6] usb 3-1: config 0 descriptor??
[   99.898959][    T6] appleir 0003:05AC:8241.0015: unknown main item tag 0x0
[   99.901465][ T5965] loop8: detected capacity change from 0 to 256
[   99.905940][    T6] appleir 0003:05AC:8241.0015: unknown main item tag 0x0
[   99.918956][    T6] appleir 0003:05AC:8241.0015: unknown main item tag 0x0
[   99.925877][    T6] appleir 0003:05AC:8241.0015: unknown main item tag 0x0
[   99.933700][    T6] appleir 0003:05AC:8241.0015: unknown main item tag 0x0
[   99.941232][  T290] EXT4-fs (loop1): unmounting filesystem.
[   99.947182][ T4687] FAT-fs (loop8): error, corrupted directory (invalid entries)
[   99.947473][    T6] appleir 0003:05AC:8241.0015: No inputs registered, leaving
[   99.954942][ T4687] FAT-fs (loop8): Filesystem has been set read-only
[   99.968677][    T6] appleir 0003:05AC:8241.0015: hiddev96,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.2-1/input0
[   99.970136][ T4687] FAT-fs (loop8): error, corrupted directory (invalid entries)
[  100.188553][  T497] usb 3-1: USB disconnect, device number 12
[  100.287223][ T5976] SELinux:  Context @ is not valid (left unmapped).
[  100.315938][   T28] audit: type=1400 audit(2000000071.991:2029): avc:  denied  { relabelto } for  pid=5975 comm="syz.3.2407" name="rdma.current" dev="tmpfs" ino=3681 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="@"
[  100.338152][ T2805] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  100.343126][ T4508] Bluetooth: hci0: command 0x1003 tx timeout
[  100.346703][   T28] audit: type=1400 audit(2000000071.991:2030): avc:  denied  { associate } for  pid=5975 comm="syz.3.2407" name="rdma.current" dev="tmpfs" ino=3681 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="@"
[  100.384849][   T28] audit: type=1400 audit(2000000072.001:2031): avc:  denied  { unlink } for  pid=293 comm="syz-executor" name="rdma.current" dev="tmpfs" ino=3681 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="@"
[  100.425772][   T28] audit: type=1400 audit(2000000072.111:2032): avc:  denied  { connect } for  pid=5985 comm="syz.4.2410" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  100.482690][ T5977] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.519465][ T5977] bridge0: port 1(bridge_slave_0) entered disabled state
[  100.526852][ T5977] device bridge_slave_0 entered promiscuous mode
[  100.553983][  T497] hid-generic 0000:3000000:0000.0016: unknown main item tag 0x4
[  100.564362][  T497] hid-generic 0000:3000000:0000.0016: unknown main item tag 0x2
[  100.572514][ T5977] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.582582][  T497] hid-generic 0000:3000000:0000.0016: unknown main item tag 0x0
[  100.582662][ T5977] bridge0: port 2(bridge_slave_1) entered disabled state
[  100.600322][  T497] hid-generic 0000:3000000:0000.0016: unknown main item tag 0x0
[  100.605082][ T5977] device bridge_slave_1 entered promiscuous mode
[  100.614175][  T497] hid-generic 0000:3000000:0000.0016: unknown main item tag 0x0
[  100.632667][  T497] hid-generic 0000:3000000:0000.0016: unknown main item tag 0x0
[  100.647795][  T497] hid-generic 0000:3000000:0000.0016: unknown main item tag 0x0
[  100.656933][  T497] hid-generic 0000:3000000:0000.0016: unknown main item tag 0x0
[  100.664480][  T497] hid-generic 0000:3000000:0000.0016: unknown main item tag 0x0
[  100.671973][  T497] hid-generic 0000:3000000:0000.0016: unknown main item tag 0x0
[  100.679900][  T497] hid-generic 0000:3000000:0000.0016: unknown main item tag 0x0
[  100.687440][  T497] hid-generic 0000:3000000:0000.0016: unknown main item tag 0x0
[  100.701779][  T497] hid-generic 0000:3000000:0000.0016: unknown main item tag 0x0
[  100.714755][  T497] hid-generic 0000:3000000:0000.0016: unknown main item tag 0x0
[  100.722334][  T497] hid-generic 0000:3000000:0000.0016: unknown main item tag 0x0
[  100.729874][  T497] hid-generic 0000:3000000:0000.0016: unknown main item tag 0x0
[  100.753697][  T497] hid-generic 0000:3000000:0000.0016: hidraw0: <UNKNOWN> HID v0.00 Device [sy

] on syz0
[  100.826840][ T5977] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.833864][ T5977] bridge0: port 2(bridge_slave_1) entered forwarding state
[  100.840966][ T5977] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.847726][ T5977] bridge0: port 1(bridge_slave_0) entered forwarding state
[  100.879281][ T4456] device bridge_slave_1 left promiscuous mode
[  100.885350][ T4456] bridge0: port 2(bridge_slave_1) entered disabled state
[  100.898364][ T4456] device bridge_slave_0 left promiscuous mode
[  100.908215][ T4456] bridge0: port 1(bridge_slave_0) entered disabled state
[  100.940060][ T4456] device veth1_macvtap left promiscuous mode
[  100.945936][ T4456] device veth0_vlan left promiscuous mode
[  101.058416][ T4506] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.065644][ T4506] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.082337][ T4506] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  101.093653][ T4506] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  101.107766][ T4506] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  101.116451][ T4506] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  101.124480][ T4506] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.131347][ T4506] bridge0: port 1(bridge_slave_0) entered forwarding state
[  101.139068][ T4506] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  101.147216][ T4506] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  101.155291][ T4506] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.162152][ T4506] bridge0: port 2(bridge_slave_1) entered forwarding state
[  101.178381][ T4506] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  101.186350][ T4506] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  101.194503][ T4506] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  101.204046][ T4506] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  101.211458][  T497] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  101.219894][ T4506] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  101.229029][ T4506] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  101.238598][ T5977] device veth0_vlan entered promiscuous mode
[  101.250688][ T4506] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  101.258780][ T4506] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  101.267354][ T4506] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  101.274954][ T4506] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  101.286092][ T5977] device veth1_macvtap entered promiscuous mode
[  101.292894][ T4506] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  101.301456][ T4506] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  101.309476][ T4506] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  101.329242][ T4506] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  101.339002][ T4506] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  101.347323][ T4506] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  101.357703][ T4506] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  101.375657][   T28] audit: type=1400 audit(2000000073.061:2033): avc:  denied  { mount } for  pid=5977 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  101.399745][  T497] usb 3-1: Using ep0 maxpacket: 16
[  101.412162][  T497] usb 3-1: config 0 has an invalid interface number: 41 but max is 0
[  101.431668][  T497] usb 3-1: config 0 has no interface number 0
[  101.444645][  T497] usb 3-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  101.464454][  T497] usb 3-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  101.474428][  T497] usb 3-1: config 0 interface 41 has no altsetting 0
[  101.477974][ T2598] usb 5-1: new full-speed USB device number 10 using dummy_hcd
[  101.492148][  T497] usb 3-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  101.511159][  T497] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  101.527859][  T497] usb 3-1: Product: syz
[  101.531888][  T497] usb 3-1: Manufacturer: syz
[  101.536636][  T497] usb 3-1: SerialNumber: syz
[  101.545066][  T497] usb 3-1: config 0 descriptor??
[  101.551117][   T28] audit: type=1400 audit(2000000073.241:2034): avc:  denied  { setattr } for  pid=6030 comm="syz.3.2432" name="/" dev="configfs" ino=14085 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  101.558277][ T6008] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  101.580485][ T6008] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  101.687909][    T6] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  101.697286][ T2598] usb 5-1: unable to get BOS descriptor or descriptor too short
[  101.706077][ T2598] usb 5-1: unable to read config index 0 descriptor/start: -71
[  101.713522][ T2598] usb 5-1: can't read configurations, error -71
[  101.825617][ T6008] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  101.832890][ T6008] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  101.878951][    T6] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  101.890037][    T6] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  101.901959][    T6] usb 10-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00
[  101.911099][    T6] usb 10-1: New USB device strings: Mfr=255, Product=221, SerialNumber=0
[  101.919404][    T6] usb 10-1: Product: syz
[  101.923475][    T6] usb 10-1: Manufacturer: syz
[  101.928602][    T6] usb 10-1: config 0 descriptor??
[  102.137908][  T314] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  102.327927][  T314] usb 2-1: Using ep0 maxpacket: 32
[  102.334056][  T314] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  102.345471][  T314] usb 2-1: config 0 has no interfaces?
[  102.352284][    T6] arvo 0003:1E7D:30D4.0017: unknown main item tag 0x0
[  102.359229][  T314] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  102.368401][    T6] arvo 0003:1E7D:30D4.0017: unknown main item tag 0x0
[  102.375305][    T6] arvo 0003:1E7D:30D4.0017: unknown main item tag 0x0
[  102.381897][  T314] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  102.389880][    T6] arvo 0003:1E7D:30D4.0017: unknown main item tag 0x0
[  102.398419][  T314] usb 2-1: config 0 descriptor??
[  102.403306][    T6] arvo 0003:1E7D:30D4.0017: hidraw0: USB HID v0.00 Device [syz syz] on usb-dummy_hcd.9-1/input0
[  102.444922][  T497] CoreChips 3-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffb9
[  102.457185][  T497] CoreChips: probe of 3-1:0.41 failed with error -71
[  102.476119][  T497] usb 3-1: USB disconnect, device number 13
[  102.611593][ T6066] loop4: detected capacity change from 0 to 40427
[  102.664950][ T6066] F2FS-fs (loop4): Found nat_bits in checkpoint
[  102.733437][ T6066] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  102.757378][  T497] usb 10-1: USB disconnect, device number 2
[  102.797182][ T6066] syz.4.2448: attempt to access beyond end of device
[  102.797182][ T6066] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  102.827293][  T289] syz-executor: attempt to access beyond end of device
[  102.827293][  T289] loop4: rw=2049, sector=45104, nr_sectors = 16 limit=40427
[  102.980295][ T6084] device veth1_macvtap left promiscuous mode
[  102.997864][ T6084] device macsec0 entered promiscuous mode
[  103.115134][ T6088] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.122190][ T6088] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.131623][ T6088] device dummy0 left promiscuous mode
[  103.272468][ T6094] usb 2-1: USB disconnect, device number 11
[  103.669773][ T6119] kvm: MWAIT instruction emulated as NOP!
[  103.711198][ T6129] netlink: 96 bytes leftover after parsing attributes in process `syz.3.2472'.
[  103.787921][ T6142] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2478'.
[  103.896618][ T6160] syz.9.2477[6160] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  103.896692][ T6160] syz.9.2477[6160] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  103.903975][ T6162] loop2: detected capacity change from 0 to 7
[  103.913381][ T6159] loop4: detected capacity change from 0 to 1024
[  103.986569][ T6159] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  104.058453][  T289] EXT4-fs (loop4): unmounting filesystem.
[  104.130932][ T6179] loop2: detected capacity change from 0 to 512
[  104.178461][ T6179] EXT4-fs error (device loop2): ext4_orphan_get:1400: inode #15: comm syz.2.2493: casefold flag without casefold feature
[  104.206796][ T6179] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.2493: couldn't read orphan inode 15 (err -117)
[  104.228016][ T6179] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  104.268497][  T292] EXT4-fs (loop2): unmounting filesystem.
[  104.462177][ T6212] loop4: detected capacity change from 0 to 128
[  104.475516][ T6212] FAT-fs (loop4): Directory bread(block 162) failed
[  104.491740][ T6212] FAT-fs (loop4): Directory bread(block 163) failed
[  104.511688][ T6212] FAT-fs (loop4): Directory bread(block 164) failed
[  104.530257][ T6212] FAT-fs (loop4): Directory bread(block 165) failed
[  104.543314][ T6147] TCP: TCP_TX_DELAY enabled
[  104.545502][ T6212] FAT-fs (loop4): Directory bread(block 166) failed
[  104.574628][ T6212] FAT-fs (loop4): Directory bread(block 167) failed
[  104.591233][ T6212] FAT-fs (loop4): Directory bread(block 168) failed
[  104.597663][ T6212] FAT-fs (loop4): Directory bread(block 169) failed
[  104.631357][ T6212] FAT-fs (loop4): Directory bread(block 162) failed
[  104.637803][ T6212] FAT-fs (loop4): Directory bread(block 163) failed
[  104.678297][ T6212] syz.4.2507: attempt to access beyond end of device
[  104.678297][ T6212] loop4: rw=3, sector=226, nr_sectors = 6 limit=128
[  104.708207][ T6212] syz.4.2507: attempt to access beyond end of device
[  104.708207][ T6212] loop4: rw=2051, sector=232, nr_sectors = 2 limit=128
[  104.937965][ T1556] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  104.970514][   T28] audit: type=1400 audit(2000000076.661:2035): avc:  denied  { write } for  pid=6239 comm="syz.4.2520" path="socket:[38974]" dev="sockfs" ino=38974 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  105.127889][ T1556] usb 3-1: Using ep0 maxpacket: 32
[  105.134017][ T1556] usb 3-1: config 254 has an invalid interface number: 205 but max is 0
[  105.153064][ T1556] usb 3-1: config 254 has no interface number 0
[  105.167171][ T1556] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=52.c6
[  105.193011][ T1556] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  105.212910][ T1556] usb 3-1: Product: syz
[  105.221135][ T1556] usb 3-1: Manufacturer: syz
[  105.229904][ T1556] usb 3-1: SerialNumber: syz
[  105.245379][ T6196] loop1: detected capacity change from 0 to 131072
[  105.248718][ T6255] bridge0: port 2(bridge_slave_1) entered disabled state
[  105.259180][ T6196] F2FS-fs (loop1): Wrong CP boundary, start(512) end(1536) blocks(0)
[  105.272920][ T6196] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  105.332332][ T6196] F2FS-fs (loop1): Found nat_bits in checkpoint
[  105.445031][   T24] usb 3-1: USB disconnect, device number 14
[  105.503799][ T6196] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  105.518000][ T6196] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  105.541210][ T6279] loop4: detected capacity change from 0 to 512
[  105.549956][ T6279] EXT4-fs (loop4): Test dummy encryption mode enabled
[  105.577360][ T6279] EXT4-fs error (device loop4): ext4_find_inline_data_nolock:164: inode #12: comm syz.4.2534: inline data xattr refers to an external xattr inode
[  105.592420][ T6279] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.2534: couldn't read orphan inode 12 (err -117)
[  105.604466][ T6279] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  105.631245][ T6279] EXT4-fs (loop4): shut down requested (1)
[  105.644215][  T289] EXT4-fs (loop4): unmounting filesystem.
[  106.046169][ T6327] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2555'.
[  106.068034][ T6327] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2555'.
[  106.111418][   T28] audit: type=1400 audit(2000000078.800:2036): avc:  denied  { unmount } for  pid=292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  106.132996][ T6337] loop1: detected capacity change from 0 to 512
[  106.140973][ T6337] EXT4-fs: Ignoring removed nobh option
[  106.147453][ T6337] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  106.158827][ T6095] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  106.201644][ T6337] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  106.210627][ T6337] ext4 filesystem being mounted at /469/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  106.215131][ T6354] device batadv_slave_1 entered promiscuous mode
[  106.238411][ T6337] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.2559: bg 0: block 224: padding at end of block bitmap is not set
[  106.257294][ T6337] EXT4-fs (loop1): Remounting filesystem read-only
[  106.264090][ T6351] device batadv_slave_1 left promiscuous mode
[  106.284767][  T290] EXT4-fs (loop1): unmounting filesystem.
[  106.304129][ T6364] netlink: 'syz.2.2571': attribute type 322 has an invalid length.
[  106.329570][ T6368] loop2: detected capacity change from 0 to 256
[  106.333486][ T6370] syz.3.2574[6370] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  106.336549][ T6370] syz.3.2574[6370] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  106.342300][ T6368] FAT-fs (loop2): Directory bread(block 64) failed
[  106.367630][ T6368] FAT-fs (loop2): Directory bread(block 65) failed
[  106.367923][ T6095] usb 5-1: Using ep0 maxpacket: 16
[  106.379585][ T6368] FAT-fs (loop2): Directory bread(block 66) failed
[  106.387340][ T6368] FAT-fs (loop2): Directory bread(block 67) failed
[  106.393450][ T6095] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  106.394787][ T6368] FAT-fs (loop2): Directory bread(block 68) failed
[  106.410713][ T6095] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  106.410742][ T6095] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  106.410776][ T6095] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  106.410802][ T6095] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  106.411496][ T6095] usb 5-1: config 0 descriptor??
[  106.420771][ T6368] FAT-fs (loop2): Directory bread(block 69) failed
[  106.534338][ T6368] FAT-fs (loop2): Directory bread(block 70) failed
[  106.542835][ T6368] FAT-fs (loop2): Directory bread(block 71) failed
[  106.555327][ T6368] FAT-fs (loop2): Directory bread(block 72) failed
[  106.562167][ T6368] FAT-fs (loop2): Directory bread(block 73) failed
[  106.667522][ T6393] device veth0_to_team entered promiscuous mode
[  106.686190][ T4498] kworker/u4:35: attempt to access beyond end of device
[  106.686190][ T4498] loop2: rw=1, sector=1224, nr_sectors = 12 limit=256
[  106.713385][ T6397] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  106.824300][ T6416] loop1: detected capacity change from 0 to 1024
[  106.844159][ T6095] microsoft 0003:045E:07DA.0018: unknown main item tag 0x0
[  106.858136][   T28] audit: type=1326 audit(2000000079.540:2037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6423 comm="syz.9.2600" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5bb7d85d29 code=0x0
[  106.879872][ T6416] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  106.889586][ T6095] microsoft 0003:045E:07DA.0018: unknown main item tag 0x0
[  106.889612][ T6095] microsoft 0003:045E:07DA.0018: unknown main item tag 0x0
[  106.915469][ T6095] microsoft 0003:045E:07DA.0018: unknown main item tag 0x0
[  106.933206][ T6095] microsoft 0003:045E:07DA.0018: unknown main item tag 0x0
[  106.948459][  T290] EXT4-fs (loop1): unmounting filesystem.
[  106.951751][ T6095] microsoft 0003:045E:07DA.0018: unknown main item tag 0x0
[  106.967565][ T6095] microsoft 0003:045E:07DA.0018: unknown main item tag 0x0
[  106.974991][ T6095] microsoft 0003:045E:07DA.0018: unknown main item tag 0x0
[  106.982055][ T6095] microsoft 0003:045E:07DA.0018: unknown main item tag 0x0
[  106.989131][ T6095] microsoft 0003:045E:07DA.0018: unknown main item tag 0x0
[  106.999947][ T6095] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.0018/input/input17
[  107.011830][ T6095] microsoft 0003:045E:07DA.0018: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0
[  107.036953][   T28] audit: type=1400 audit(2000000079.720:2038): avc:  denied  { create } for  pid=6438 comm="syz.1.2604" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  107.050111][   T24] usb 5-1: USB disconnect, device number 12
[  107.075562][   T28] audit: type=1400 audit(2000000079.720:2039): avc:  denied  { write } for  pid=6438 comm="syz.1.2604" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  107.385079][ T6480] loop1: detected capacity change from 0 to 40427
[  107.392743][ T6480] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  107.400431][ T6480] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  107.409515][ T6480] F2FS-fs (loop1): invalid crc value
[  107.416648][ T6480] F2FS-fs (loop1): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 39874397669)
[  107.456999][ T6480] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  107.465074][ T6480] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  107.805831][ T6505] loop9: detected capacity change from 0 to 512
[  107.812997][ T6505] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode
[  107.824270][ T6505] EXT4-fs (loop9): 1 truncate cleaned up
[  107.829890][ T6505] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: writeback.
[  107.858837][ T5977] EXT4-fs (loop9): unmounting filesystem.
[  107.947901][  T497] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  108.067371][ T6527] loop4: detected capacity change from 0 to 256
[  108.080692][ T6527] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  108.138938][  T497] usb 2-1: config index 0 descriptor too short (expected 10860, got 146)
[  108.153956][  T497] usb 2-1: config 0 has too many interfaces: 44, using maximum allowed: 32
[  108.162832][  T497] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  108.173028][  T497] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 44
[  108.199864][  T497] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  108.206755][ T6545] xt_hashlimit: size too large, truncated to 1048576
[  108.215790][  T497] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  108.233990][  T497] usb 2-1: SerialNumber: syz
[  108.239688][  T497] usb 2-1: config 0 descriptor??
[  108.299330][ T6550] loop4: detected capacity change from 0 to 1024
[  108.305597][ T6533] loop9: detected capacity change from 0 to 40427
[  108.312445][ T6550] EXT4-fs: Ignoring removed nobh option
[  108.318121][ T6533] F2FS-fs (loop9): Invalid log_blocksize (268), supports only 12
[  108.325894][ T6550] EXT4-fs: Ignoring removed mblk_io_submit option
[  108.332224][ T6533] F2FS-fs (loop9): Can't find valid F2FS filesystem in 1th superblock
[  108.340923][ T6550] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  108.352850][ T6533] F2FS-fs (loop9): invalid crc value
[  108.360000][ T6533] F2FS-fs (loop9): Found nat_bits in checkpoint
[  108.388506][ T6550] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  108.430446][ T6550] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3841: comm syz.4.2655: Allocating blocks 497-513 which overlap fs metadata
[  108.447445][ T6533] F2FS-fs (loop9): Try to recover 1th superblock, ret: 0
[  108.455623][  T497] usb 2-1: USB disconnect, device number 12
[  108.465843][ T6533] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5
[  108.491464][ T6549] EXT4-fs (loop4): pa ffff888136ca6540: logic 32, phys. 177, len 21
[  108.499571][ T6549] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
[  108.550906][  T289] EXT4-fs (loop4): unmounting filesystem.
[  108.572517][ T5977] syz-executor: attempt to access beyond end of device
[  108.572517][ T5977] loop9: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  108.629635][ T6560] netlink: 60 bytes leftover after parsing attributes in process `syz.4.2656'.
[  108.726162][ T6564] loop9: detected capacity change from 0 to 512
[  108.736588][ T6564] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: writeback.
[  108.745983][ T6564] ext4 filesystem being mounted at /38/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  108.759972][ T6564] EXT4-fs error (device loop9): ext4_do_update_inode:5226: inode #2: comm syz.9.2657: corrupted inode contents
[  108.771790][ T6564] EXT4-fs error (device loop9): ext4_dirty_inode:6091: inode #2: comm syz.9.2657: mark_inode_dirty error
[  108.783253][ T6564] EXT4-fs error (device loop9): ext4_do_update_inode:5226: inode #2: comm syz.9.2657: corrupted inode contents
[  108.795421][ T6564] EXT4-fs error (device loop9): __ext4_ext_dirty:202: inode #2: comm syz.9.2657: mark_inode_dirty error
[  108.810418][   T28] audit: type=1400 audit(2000000081.509:2040): avc:  denied  { mounton } for  pid=6563 comm="syz.9.2657" path="/38/file0/bus" dev="loop9" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[  108.834246][ T5977] EXT4-fs (loop9): unmounting filesystem.
[  108.869405][ T6578] loop2: detected capacity change from 0 to 1024
[  108.878233][ T6578] EXT4-fs: Ignoring removed i_version option
[  108.884505][ T6578] EXT4-fs: Ignoring removed i_version option
[  108.907134][ T6578] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  108.923266][ T6578] EXT4-fs (loop2): unmounting filesystem.
[  108.938507][ T6591] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2669'.
[  109.019231][ T6607] overlayfs: failed to clone upperpath
[  109.270502][   T24] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  109.280309][ T6095] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  109.460624][   T24] usb 2-1: Using ep0 maxpacket: 8
[  109.469995][ T6095] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  109.470048][   T24] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  109.488729][ T6095] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  109.495049][   T24] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  109.507941][ T6095] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  109.519723][   T24] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  109.521828][ T6095] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  109.539479][ T6095] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  109.548345][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  109.548696][ T6095] usb 3-1: config 0 descriptor??
[  109.556144][   T24] usb 2-1: Product: syz
[  109.556162][   T24] usb 2-1: Manufacturer: syz
[  109.556177][   T24] usb 2-1: SerialNumber: syz
[  109.578129][  T497] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  109.679344][ T6645] 9pnet_fd: p9_fd_create_unix (6645): problem connecting socket: ./file0: -111
[  109.718168][ T6649] loop4: detected capacity change from 0 to 128
[  109.726177][ T6649] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  109.734784][ T6649] ext4 filesystem being mounted at /497/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  109.768164][  T497] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  109.784882][  T497] usb 10-1: config 0 has no interfaces?
[  109.790991][   T24] usb 2-1: 0:1 : does not exist
[  109.801366][   T24] usb 2-1: USB disconnect, device number 13
[  109.809255][  T289] EXT4-fs (loop4): unmounting filesystem.
[  109.815044][  T497] usb 10-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  109.824237][  T497] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  109.832943][  T497] usb 10-1: Product: syz
[  109.837664][  T497] usb 10-1: Manufacturer: syz
[  109.842225][  T497] usb 10-1: SerialNumber: syz
[  109.856364][  T497] usb 10-1: config 0 descriptor??
[  109.968114][ T6095] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0
[  109.978238][ T6095] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0
[  109.990956][ T6095] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0
[  110.001386][ T6661] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2702'.
[  110.010198][ T6095] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0
[  110.023210][ T6095] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0
[  110.031796][ T6095] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0
[  110.039993][ T6095] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0
[  110.047267][ T6095] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0
[  110.054575][ T6095] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0
[  110.061778][ T6095] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0
[  110.069051][ T6095] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0
[  110.076200][ T6095] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0
[  110.084172][ T6095] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0
[  110.091372][ T6095] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0
[  110.091845][   T24] usb 10-1: USB disconnect, device number 3
[  110.104914][ T6095] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0
[  110.112302][ T6095] plantronics 0003:047F:FFFF.0019: No inputs registered, leaving
[  110.120737][ T6095] plantronics 0003:047F:FFFF.0019: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  110.147071][   T28] audit: type=1400 audit(2000000082.849:2041): avc:  denied  { shutdown } for  pid=6672 comm="syz.4.2708" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  110.264032][  T497] usb 3-1: USB disconnect, device number 15
[  110.512883][ T6689] loop4: detected capacity change from 0 to 40427
[  110.529262][ T6689] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  110.539286][ T6689] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  110.558387][ T6689] F2FS-fs (loop4): invalid crc value
[  110.568596][ T6692] loop1: detected capacity change from 0 to 40427
[  110.575604][ T6692] F2FS-fs (loop1): Invalid SB checksum offset: 0
[  110.581856][ T6692] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock
[  110.592300][ T6689] F2FS-fs (loop4): Found nat_bits in checkpoint
[  110.605302][ T6692] F2FS-fs (loop1): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[  110.675350][ T6692] F2FS-fs (loop1): Try to recover 2th superblock, ret: 0
[  110.682419][ T6692] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  110.704504][ T6689] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  110.711732][ T6689] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  110.738513][  T290] syz-executor: attempt to access beyond end of device
[  110.738513][  T290] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  110.889665][ T6724] loop4: detected capacity change from 0 to 128
[  110.898959][ T6724] syz.4.2728: attempt to access beyond end of device
[  110.898959][ T6724] loop4: rw=2049, sector=153, nr_sectors = 3 limit=128
[  110.910520][ T6727] netlink: 104 bytes leftover after parsing attributes in process `syz.1.2730'.
[  110.927806][ T4456] kworker/u4:18: attempt to access beyond end of device
[  110.927806][ T4456] loop4: rw=1, sector=145, nr_sectors = 8 limit=128
[  110.986078][ T6737] loop1: detected capacity change from 0 to 2048
[  110.999170][ T6737] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  111.018264][  T290] EXT4-fs (loop1): unmounting filesystem.
[  111.108544][ T6754] bridge0: port 1(gretap0) entered blocking state
[  111.114934][ T6754] bridge0: port 1(gretap0) entered disabled state
[  111.122185][ T6754] bridge0: port 1(gretap0) entered blocking state
[  111.128468][ T6754] bridge0: port 1(gretap0) entered forwarding state
[  111.137151][ T6754] bridge0: port 1(gretap0) entered disabled state
[  111.183887][   T28] audit: type=1400 audit(2000000083.897:2042): avc:  denied  { validate_trans } for  pid=6766 comm="syz.1.2748" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  111.444904][ T6797] overlayfs: missing 'lowerdir'
[  111.461399][ T6799] futex_wake_op: syz.3.2761 tries to shift op by 32; fix this program
[  111.526491][   T28] audit: type=1326 audit(2000000084.240:2043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6808 comm="syz.3.2766" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff5f8985d29 code=0x0
[  111.712862][ T6822] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  111.721990][ T6822] FAT-fs (loop5): unable to read boot sector
[  111.799704][ T6818] loop9: detected capacity change from 0 to 40427
[  111.806418][ T6818] F2FS-fs (loop9): Invalid Fs Meta Ino: node(0) meta(2) root(0)
[  111.813941][ T6818] F2FS-fs (loop9): Can't find valid F2FS filesystem in 1th superblock
[  111.822564][ T6818] F2FS-fs (loop9): invalid crc value
[  111.829242][ T6818] F2FS-fs (loop9): Found nat_bits in checkpoint
[  111.865024][ T6818] F2FS-fs (loop9): Try to recover 1th superblock, ret: 0
[  111.871978][ T6818] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e4
[  111.903568][ T6818] syz.9.2769: attempt to access beyond end of device
[  111.903568][ T6818] loop9: rw=2051, sector=36912, nr_sectors = 8152 limit=40427
[  111.917858][ T6818] syz.9.2769: attempt to access beyond end of device
[  111.917858][ T6818] loop9: rw=2051, sector=45096, nr_sectors = 85976 limit=40427
[  111.932039][ T6818] F2FS-fs (loop9): Issue discard(4614, 4614, 1019) failed, ret: -5
[  111.932062][ T6818] F2FS-fs (loop9): Issue discard(5637, 5637, 10747) failed, ret: -5
[  112.337979][ T6842] input: syz0 as /devices/virtual/input/input18
[  112.380731][ T6860] loop4: detected capacity change from 0 to 1024
[  112.416243][ T6860] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  112.479939][   T28] audit: type=1326 audit(2000000085.207:2044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6871 comm="syz.1.2792" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0279185d29 code=0x0
[  112.839877][   T28] audit: type=1400 audit(2000000085.559:2045): avc:  denied  { shutdown } for  pid=6898 comm="syz.2.2804" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  112.884076][ T6905] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2807'.
[  112.893997][ T6905] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2807'.
[  112.953228][ T6913] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  113.227368][  T289] EXT4-fs (loop4): unmounting filesystem.
[  113.361114][ T6915] loop9: detected capacity change from 0 to 40427
[  113.377575][ T6915] F2FS-fs (loop9): invalid crc value
[  113.394268][ T6915] F2FS-fs (loop9): Found nat_bits in checkpoint
[  113.482923][ T6915] F2FS-fs (loop9): Start checkpoint disabled!
[  113.496033][ T6966] loop1: detected capacity change from 0 to 1024
[  113.502636][ T6966] EXT4-fs: Ignoring removed nobh option
[  113.508120][ T6915] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e6
[  113.515347][ T6966] EXT4-fs: Ignoring removed mblk_io_submit option
[  113.515643][ T6966] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  113.540922][ T6966] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  113.573990][ T6966] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3841: comm syz.1.2835: Allocating blocks 497-513 which overlap fs metadata
[  113.657734][ T6965] EXT4-fs (loop1): pa ffff88810ba65e70: logic 32, phys. 177, len 21
[  113.665618][ T6965] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
[  113.717039][ T6971] loop2: detected capacity change from 0 to 40427
[  113.727235][ T6971] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  113.735330][  T290] EXT4-fs (loop1): unmounting filesystem.
[  113.736748][ T6971] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  113.750083][ T6971] F2FS-fs (loop2): invalid crc value
[  113.760248][ T6971] F2FS-fs (loop2): Found nat_bits in checkpoint
[  113.781212][ T4498] kworker/u4:35: attempt to access beyond end of device
[  113.781212][ T4498] loop9: rw=1, sector=77824, nr_sectors = 2120 limit=40427
[  113.815986][ T4498] kworker/u4:35: attempt to access beyond end of device
[  113.815986][ T4498] loop9: rw=1, sector=79944, nr_sectors = 1976 limit=40427
[  113.830251][ T6971] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  113.837160][ T6971] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  113.847304][ T4498] kworker/u4:35: attempt to access beyond end of device
[  113.847304][ T4498] loop9: rw=1, sector=49152, nr_sectors = 720 limit=40427
[  113.872003][ T4471] kworker/u4:25: attempt to access beyond end of device
[  113.872003][ T4471] loop9: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  114.082448][ T6996] loop2: detected capacity change from 0 to 2048
[  114.105758][ T6996] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  114.125695][ T6996] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  114.143209][ T6984] loop1: detected capacity change from 0 to 256
[  114.150081][  T292] EXT4-fs (loop2): unmounting filesystem.
[  114.168537][ T7006] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2848'.
[  114.187102][ T7008] syz.4.2849[7008] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  114.187151][ T7008] syz.4.2849[7008] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  114.213352][   T28] audit: type=1326 audit(2000000086.939:2046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7009 comm="syz.4.2850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f012cd85d29 code=0x7ffc0000
[  114.248618][   T28] audit: type=1326 audit(2000000086.939:2047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7009 comm="syz.4.2850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f012cd85d29 code=0x7ffc0000
[  114.272063][   T28] audit: type=1326 audit(2000000086.990:2048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7009 comm="syz.4.2850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f012cd85d29 code=0x7ffc0000
[  114.296113][   T28] audit: type=1326 audit(2000000086.990:2049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7009 comm="syz.4.2850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f012cd85d29 code=0x7ffc0000
[  114.332844][ T7019] syz.3.2854[7019] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  114.332919][ T7019] syz.3.2854[7019] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  114.352129][   T28] audit: type=1326 audit(2000000086.990:2050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7009 comm="syz.4.2850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f012cd85d29 code=0x7ffc0000
[  114.392265][  T497] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[  114.400533][   T28] audit: type=1326 audit(2000000087.040:2051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7009 comm="syz.4.2850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f012cd85d29 code=0x7ffc0000
[  114.451947][   T24] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  114.496842][ T7033] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=43 sclass=netlink_route_socket pid=7033 comm=syz.3.2856
[  114.602807][  T497] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  114.613685][  T497] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  114.625682][  T497] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  114.638614][  T497] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  114.649199][  T497] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  114.657139][   T24] usb 3-1: Using ep0 maxpacket: 16
[  114.670466][   T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  114.681179][  T497] usb 10-1: config 0 descriptor??
[  114.688234][ T7056] loop1: detected capacity change from 0 to 256
[  114.692442][ T7054] loop4: detected capacity change from 0 to 8192
[  114.701632][   T24] usb 3-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f
[  114.716212][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  114.724857][   T24] usb 3-1: Product: syz
[  114.728910][   T24] usb 3-1: Manufacturer: syz
[  114.733520][   T24] usb 3-1: SerialNumber: syz
[  114.740241][   T24] usb 3-1: config 0 descriptor??
[  114.760243][   T24] snd-usb-audio: probe of 3-1:0.0 failed with error -2
[  114.811795][ T7068] loop1: detected capacity change from 0 to 256
[  114.817950][  T289] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 0)
[  114.837517][  T289] FAT-fs (loop4): Filesystem has been set read-only
[  114.844164][  T289] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 0)
[  114.920845][ T4471] tipc: Left network mode
[  114.952170][ T6095] usb 3-1: USB disconnect, device number 16
[  115.043128][ T7087] loop1: detected capacity change from 0 to 512
[  115.049871][ T7087] EXT4-fs (loop1): Test dummy encryption mode enabled
[  115.058032][ T7087] EXT4-fs error (device loop1): ext4_find_inline_data_nolock:164: inode #12: comm syz.1.2889: inline data xattr refers to an external xattr inode
[  115.073506][ T7087] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.2889: couldn't read orphan inode 12 (err -117)
[  115.085630][ T7087] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  115.088639][  T497] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0
[  115.103552][  T290] EXT4-fs (loop1): unmounting filesystem.
[  115.117122][  T497] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0
[  115.124435][  T497] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0
[  115.131864][  T497] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0
[  115.139421][  T497] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0
[  115.146642][  T497] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0
[  115.154151][  T497] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0
[  115.161767][  T497] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0
[  115.169025][  T497] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0
[  115.177206][  T497] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0
[  115.184516][  T497] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0
[  115.191751][  T497] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0
[  115.192346][ T7089] bridge0: port 1(bridge_slave_0) entered blocking state
[  115.198925][  T497] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0
[  115.205873][ T7089] bridge0: port 1(bridge_slave_0) entered disabled state
[  115.212981][  T497] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0
[  115.213005][  T497] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0
[  115.216630][  T497] plantronics 0003:047F:FFFF.001A: No inputs registered, leaving
[  115.220453][ T7089] device bridge_slave_0 entered promiscuous mode
[  115.237193][  T497] plantronics 0003:047F:FFFF.001A: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.9-1/input0
[  115.263006][ T7089] bridge0: port 2(bridge_slave_1) entered blocking state
[  115.271240][ T7089] bridge0: port 2(bridge_slave_1) entered disabled state
[  115.278646][ T7089] device bridge_slave_1 entered promiscuous mode
[  115.362535][ T7089] bridge0: port 2(bridge_slave_1) entered blocking state
[  115.369415][ T7089] bridge0: port 2(bridge_slave_1) entered forwarding state
[  115.376475][ T7089] bridge0: port 1(bridge_slave_0) entered blocking state
[  115.383378][ T7089] bridge0: port 1(bridge_slave_0) entered forwarding state
[  115.395951][ T6095] usb 10-1: USB disconnect, device number 4
[  115.413575][ T4456] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  115.422212][ T4456] bridge0: port 1(bridge_slave_0) entered disabled state
[  115.429445][ T4456] bridge0: port 2(bridge_slave_1) entered disabled state
[  115.442371][ T4456] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  115.450408][ T4456] bridge0: port 1(bridge_slave_0) entered blocking state
[  115.457277][ T4456] bridge0: port 1(bridge_slave_0) entered forwarding state
[  115.466558][ T4456] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  115.474813][ T4456] bridge0: port 2(bridge_slave_1) entered blocking state
[  115.481672][ T4456] bridge0: port 2(bridge_slave_1) entered forwarding state
[  115.505297][ T4456] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  115.513163][ T4456] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  115.546003][ T4456] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  115.559938][ T4456] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  115.571796][ T4471] bridge0: port 2(bridge_slave_1) entered disabled state
[  115.580970][ T4471] bridge0: port 1(bridge_slave_0) entered disabled state
[  115.691597][ T7110] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2896'.
[  115.722535][ T7112] loop2: detected capacity change from 0 to 2048
[  115.747392][ T7112] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  115.759202][ T7105] loop1: detected capacity change from 0 to 40427
[  115.768613][ T7105] F2FS-fs (loop1): Found nat_bits in checkpoint
[  115.770881][ T7112] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  115.790882][ T7112] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 2 with max blocks 1 with error 28
[  115.804446][ T7089] device veth0_vlan entered promiscuous mode
[  115.810842][ T4456] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  115.818381][ T7112] EXT4-fs (loop2): This should not happen!! Data will be lost
[  115.818381][ T7112] 
[  115.840309][ T4456] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  115.846016][ T7112] EXT4-fs (loop2): Total free blocks count 0
[  115.863573][ T7112] EXT4-fs (loop2): Free/Dirty block details
[  115.869421][ T7105] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  115.878278][ T4456] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  115.882111][ T7112] EXT4-fs (loop2): free_blocks=2415919504
[  115.891542][ T7112] EXT4-fs (loop2): dirty_blocks=16
[  115.897600][ T7112] EXT4-fs (loop2): Block reservation details
[  115.898603][ T7089] device veth1_macvtap entered promiscuous mode
[  115.909548][ T7112] EXT4-fs (loop2): i_reserved_data_blocks=1
[  115.915275][ T4456] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  115.924915][ T4456] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  115.933604][ T7126] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2900'.
[  115.938225][ T7121] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 3 with error 28
[  115.954550][ T7105] syz.1.2894: attempt to access beyond end of device
[  115.954550][ T7105] loop1: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  115.978031][  T290] syz-executor: attempt to access beyond end of device
[  115.978031][  T290] loop1: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  115.981251][ T4456] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  116.040070][ T7138] loop2: detected capacity change from 0 to 512
[  116.047241][ T4456] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  116.061211][ T7138] EXT4-fs: Ignoring removed oldalloc option
[  116.067842][ T7138] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  116.115553][ T7138] EXT4-fs (loop2): 1 truncate cleaned up
[  116.130041][ T7138] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  116.169993][ T7138] support for the xor transformation has been removed.
[  116.203704][  T292] EXT4-fs error (device loop2): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt.
[  116.240050][  T292] EXT4-fs (loop2): unmounting filesystem.
[  116.254305][ T7164] loop9: detected capacity change from 0 to 1024
[  116.278835][ T7162] IPv6: sit1: Disabled Multicast RS
[  116.282031][ T7164] EXT4-fs (loop9): ext4_check_descriptors: Checksum for group 0 failed (1764!=20869)
[  116.294757][ T7164] EXT4-fs (loop9): invalid journal inode
[  116.305617][ T7164] EXT4-fs (loop9): can't get journal size
[  116.326091][ T7164] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: writeback.
[  116.346765][ T7164] EXT4-fs (loop9): shut down requested (2)
[  116.373838][ T5977] EXT4-fs (loop9): unmounting filesystem.
[  116.414653][ T7185] loop9: detected capacity change from 0 to 1024
[  116.445208][ T7185] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: none.
[  116.458493][   T28] kauditd_printk_skb: 7 callbacks suppressed
[  116.458508][   T28] audit: type=1400 audit(2000000089.205:2059): avc:  denied  { rename } for  pid=7184 comm="syz.9.2924" name="file0" dev="loop9" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  116.487652][ T7185] EXT4-fs warning (device loop9): ext4_empty_dir:3156: inode #11: comm syz.9.2924: directory missing '..'
[  116.523826][ T7199] ------------[ cut here ]------------
[  116.529189][ T7199] Please remove unsupported %[  116.533853][ T7199] WARNING: CPU: 0 PID: 7199 at lib/vsprintf.c:2661 format_decode+0x12d2/0x1f10
[  116.542780][ T7199] Modules linked in:
[  116.546500][ T7199] CPU: 0 PID: 7199 Comm: syz.3.2931 Not tainted 6.1.118-syzkaller-00019-ge09bed30088f #0
[  116.556329][ T7199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  116.566227][ T7199] RIP: 0010:format_decode+0x12d2/0x1f10
[  116.571638][ T7199] Code: 78 02 01 48 b8 00 00 00 00 00 fc ff df 41 0f b6 04 07 84 c0 0f 85 30 0c 00 00 41 0f be 36 48 c7 c7 40 82 2a 86 e8 1e f5 2d fc <0f> 0b e9 01 fa ff ff 48 8b 4c 24 18 80 e1 07 38 c1 0f 8c e3 ed ff
[  116.593172][ T7199] RSP: 0018:ffffc90000f4f5c0 EFLAGS: 00010246
[  116.599266][ T7199] RAX: 8b8e1f2263b5d100 RBX: 00000000ffffffdb RCX: 0000000000080000
[  116.607142][ T7199] RDX: ffffc900032e1000 RSI: 00000000000004d1 RDI: 00000000000004d2
[  116.614874][ T7199] RBP: ffffc90000f4f6b0 R08: ffffffff8144ad6e R09: fffff520001e9e11
[  116.622771][ T7199] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff0a00ffffff00
[  116.627380][ T5977] EXT4-fs (loop9): unmounting filesystem.
[  116.630578][ T7199] R13: ffff0000ffffff00 R14: ffffc90000f4f8ec R15: 1ffff920001e9f1d
[  116.643946][ T7199] FS:  00007ff5f97b66c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  116.652757][ T7199] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  116.659251][ T7199] CR2: 0000001b2e11dff8 CR3: 00000001097b9000 CR4: 00000000003526b0
[  116.665167][ T7197] loop1: detected capacity change from 0 to 40427
[  116.667064][ T7199] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  116.674837][ T7197] F2FS-fs (loop1): invalid crc value
[  116.681134][ T7199] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  116.687903][ T7197] F2FS-fs (loop1): Found nat_bits in checkpoint
[  116.694400][ T7199] Call Trace:
[  116.694409][ T7199]  <TASK>
[  116.694417][ T7199]  ? show_regs+0x58/0x60
[  116.710459][ T7199]  ? __warn+0x160/0x3d0
[  116.714453][ T7199]  ? format_decode+0x12d2/0x1f10
[  116.719307][ T7199]  ? report_bug+0x4d5/0x7d0
[  116.723564][ T7199]  ? format_decode+0x12d2/0x1f10
[  116.728439][ T7199]  ? handle_bug+0x41/0x70
[  116.732502][ T7199]  ? exc_invalid_op+0x1b/0x50
[  116.737101][ T7199]  ? asm_exc_invalid_op+0x1b/0x20
[  116.741879][ T7199]  ? __warn_printk+0x28e/0x350
[  116.745027][ T7197] F2FS-fs (loop1): Start checkpoint disabled!
[  116.746492][ T7199]  ? format_decode+0x12d2/0x1f10
[  116.746535][ T7199]  ? vsnprintf+0x1c70/0x1c70
[  116.753106][ T7197] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  116.757168][ T7199]  ? bstr_printf+0x1bb/0x1160
[  116.757199][ T7199]  ? memcpy+0x56/0x70
[  116.777222][ T7199]  bstr_printf+0x130/0x1160
[  116.781547][ T7199]  ? vbin_printf+0x1be0/0x1be0
[  116.786175][ T7199]  ? bpf_trace_printk+0x122/0x330
[  116.791006][ T7199]  ? memcpy+0x56/0x70
[  116.794868][ T7199]  bpf_trace_printk+0x1b5/0x330
[  116.799537][ T7199]  ? kmem_cache_alloc+0x175/0x320
[  116.804376][ T7199]  ? ktime_get+0xf1/0x160
[  116.808650][ T7199]  ? bpf_probe_write_user+0xf0/0xf0
[  116.813688][ T7199]  ? do_syscall_64+0x3b/0xb0
[  116.818160][ T7199]  ? ktime_get+0xf1/0x160
[  116.822460][ T7199]  bpf_prog_12183cdb1cd51dab+0x2e/0x32
[  116.827773][ T7199]  bpf_test_run+0x4ab/0xa40
[  116.832094][ T7199]  ? convert___skb_to_skb+0x670/0x670
[  116.837582][ T7199]  ? eth_type_trans+0x342/0x710
[  116.842244][ T7199]  ? eth_get_headlen+0x240/0x240
[  116.847034][ T7199]  ? convert___skb_to_skb+0x44/0x670
[  116.852245][ T7199]  ? build_skb+0xde/0x220
[  116.856427][ T7199]  bpf_prog_test_run_skb+0xaf1/0x13a0
[  116.861605][ T7199]  ? __bpf_prog_test_run_raw_tp+0x2e0/0x2e0
[  116.867433][ T7199]  ? __kasan_check_write+0x14/0x20
[  116.872359][ T7199]  ? fput+0x15b/0x1b0
[  116.876195][ T7199]  ? __bpf_prog_test_run_raw_tp+0x2e0/0x2e0
[  116.881907][ T7199]  bpf_prog_test_run+0x3b0/0x630
[  116.886745][ T7199]  ? bpf_prog_query+0x260/0x260
[  116.891365][ T7199]  ? selinux_bpf+0xd2/0x100
[  116.895727][ T7199]  ? security_bpf+0x82/0xb0
[  116.900046][ T7199]  __sys_bpf+0x59f/0x7f0
[  116.904123][ T7199]  ? bpf_link_show_fdinfo+0x2d0/0x2d0
[  116.909708][ T7199]  ? fpregs_restore_userregs+0x130/0x290
[  116.915183][ T7199]  __x64_sys_bpf+0x7c/0x90
[  116.919405][ T7199]  x64_sys_call+0x87f/0x9a0
[  116.923842][ T7199]  do_syscall_64+0x3b/0xb0
[  116.928118][ T7199]  ? clear_bhb_loop+0x55/0xb0
[  116.932613][ T7199]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  116.938446][ T7199] RIP: 0033:0x7ff5f8985d29
[  116.942676][ T7199] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  116.962314][ T7199] RSP: 002b:00007ff5f97b6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  116.970571][ T7199] RAX: ffffffffffffffda RBX: 00007ff5f8b75fa0 RCX: 00007ff5f8985d29
[  116.978644][ T7199] RDX: 0000000000000028 RSI: 0000000020000080 RDI: 000000000000000a
[  116.986438][ T7199] RBP: 00007ff5f8a01b08 R08: 0000000000000000 R09: 0000000000000000
[  116.994251][ T7199] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  117.002040][ T7199] R13: 0000000000000000 R14: 00007ff5f8b75fa0 R15: 00007fff18d03af8
[  117.009867][ T7199]  </TASK>
[  117.012710][ T7199] ---[ end trace 0000000000000000 ]---
[  117.079180][ T4456] kworker/u4:18: attempt to access beyond end of device
[  117.079180][ T4456] loop1: rw=1, sector=77824, nr_sectors = 4096 limit=40427
[  117.151873][ T4456] kworker/u4:18: attempt to access beyond end of device
[  117.151873][ T4456] loop1: rw=1, sector=49152, nr_sectors = 4096 limit=40427
[  117.210076][ T4456] kworker/u4:18: attempt to access beyond end of device
[  117.210076][ T4456] loop1: rw=1, sector=57344, nr_sectors = 5600 limit=40427
[  117.237631][ T4456] kworker/u4:18: attempt to access beyond end of device
[  117.237631][ T4456] loop1: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  117.259614][ T7235] SELinux:  Context � is not valid (left unmapped).
[  117.318035][ T7246] incfs: iterate_incfs_dir / -22
[  117.322979][ T7246] incfs: iterate_incfs_dir / -22
[  117.376708][ T7255] loop2: detected capacity change from 0 to 512
[  117.408533][ T7255] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  117.462717][ T7255] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  117.472238][ T7255] ext4 filesystem being mounted at /497/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  117.520967][ T7265] loop9: detected capacity change from 0 to 1024
[  117.573812][ T7265] EXT4-fs (loop9): shut down requested (0)
[  117.590971][ T7265] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop9 ino=12
[  117.599697][ T7265] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop9 ino=12
[  117.627566][ T7283] overlayfs: failed to clone upperpath
[  117.638407][ T7265] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop9 ino=12
[  117.647722][ T7265] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop9 ino=12
[  117.656525][ T7265] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop9 ino=12
[  117.665219][   T28] audit: type=1326 audit(2000000090.423:2060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7284 comm="syz.1.2966" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0279185d29 code=0x0
[  117.690898][ T7265] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop9 ino=14
[  117.699785][ T7265] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop9 ino=12
[  117.708605][ T7265] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop9 ino=12
[  117.717328][ T7265] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop9 ino=12
[  117.726172][ T7265] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop9 ino=12
[  117.735002][ T7265] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop9 ino=14
[  117.743928][   T28] audit: type=1400 audit(2000000090.504:2061): avc:  denied  { link } for  pid=7264 comm="syz.9.2958" name="file1" dev="loop9" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1
[  117.766539][ T7291] tap0: tun_chr_ioctl cmd 1074025677
[  117.778778][ T7291] tap0: linktype set to 776
[  117.787862][ T7291] tap0: tun_chr_ioctl cmd 1074812117
[  118.153230][ T7334] SELinux:  policydb table sizes (0,0) do not match mine (8,7)
[  118.160737][ T7334] SELinux: failed to load policy
[  118.273901][   T28] audit: type=1400 audit(2000000091.038:2062): avc:  denied  { remount } for  pid=7355 comm="syz.3.2998" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  118.442785][ T7386] netlink: 'syz.3.3011': attribute type 1 has an invalid length.
[  118.446717][   T28] audit: type=1400 audit(2000000091.209:2063): avc:  denied  { read } for  pid=7381 comm="syz.0.3009" lport=5 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  118.451035][ T7386] netlink: 'syz.3.3011': attribute type 2 has an invalid length.
[  118.487102][ T7386] netlink: 'syz.3.3011': attribute type 1 has an invalid length.
[  118.496541][ T7386] netlink: 'syz.3.3011': attribute type 2 has an invalid length.
[  118.663955][   T28] audit: type=1326 audit(2000000091.430:2064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7301 comm="syz.2.2974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb64f85d29 code=0x7fc00000
[  118.687324][   T28] audit: type=1326 audit(2000000091.430:2065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7301 comm="syz.2.2974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fdb64f85d29 code=0x7fc00000
[  118.689703][ T7406] loop1: detected capacity change from 0 to 512
[  118.716537][   T28] audit: type=1326 audit(2000000091.430:2066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7301 comm="syz.2.2974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb64f85d29 code=0x7fc00000
[  118.717233][ T7406] EXT4-fs: Ignoring removed orlov option
[  118.741115][   T28] audit: type=1326 audit(2000000091.430:2067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7301 comm="syz.2.2974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb64f85d29 code=0x7fc00000
[  118.772813][   T28] audit: type=1326 audit(2000000091.430:2068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7301 comm="syz.2.2974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb64f85d29 code=0x7fc00000
[  118.797332][ T7406] EXT4-fs (loop1): orphan cleanup on readonly fs
[  118.803848][ T7406] EXT4-fs error (device loop1): ext4_find_extent:936: inode #4: comm syz.1.3019: pblk 2 bad header/extent: invalid magic - magic 3fff, entries 12, max 508(0), depth 0(0)
[  118.820855][ T7406] EXT4-fs warning (device loop1): ext4_enable_quotas:7023: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  118.835325][ T7406] EXT4-fs (loop1): Cannot turn on quotas: error -22
[  119.140360][ T7413] loop9: detected capacity change from 0 to 512
[  119.147155][ T7413] EXT4-fs (loop9): external journal device major/minor numbers have changed
[  119.155791][ T7413] EXT4-fs (loop9): failed to open journal device unknown-block(11,127) -6
[  119.507196][   T19] usb 10-1: new high-speed USB device number 5 using dummy_hcd
[  119.579586][ T7434] loop1: detected capacity change from 0 to 40427
[  119.586395][ T7434] F2FS-fs (loop1): fault_type options not supported
[  119.594480][ T7434] F2FS-fs (loop1): invalid crc value
[  119.600639][ T7434] F2FS-fs (loop1): Found nat_bits in checkpoint
[  119.635344][ T7434] F2FS-fs (loop1): Start checkpoint disabled!
[  119.641953][ T7434] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  119.669287][ T7434] syz.1.3032: attempt to access beyond end of device
[  119.669287][ T7434] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  119.700587][ T4456] kworker/u4:18: attempt to access beyond end of device
[  119.700587][ T4456] loop1: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  119.717711][   T19] usb 10-1: Using ep0 maxpacket: 16
[  119.734567][   T19] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  119.744260][   T19] usb 10-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  119.753224][   T19] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  119.761726][   T19] usb 10-1: config 0 descriptor??
[  119.849063][ T7454] loop1: detected capacity change from 0 to 8192
[  119.997264][ T7461] input: syz0 as /devices/virtual/input/input20
[  120.167452][   T19] hid-multitouch 0003:1FD2:6007.001B: unknown main item tag 0x0
[  120.174994][   T19] hid-multitouch 0003:1FD2:6007.001B: unknown main item tag 0x0
[  120.182485][   T19] hid-multitouch 0003:1FD2:6007.001B: unknown main item tag 0x0
[  120.189971][   T19] hid-multitouch 0003:1FD2:6007.001B: unknown main item tag 0x2
[  120.197999][   T19] hid-multitouch 0003:1FD2:6007.001B: unknown main item tag 0x0
[  120.206843][   T19] hid-multitouch 0003:1FD2:6007.001B: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.9-1/input0
[  120.302143][ T7490] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  120.311195][ T7490] FAT-fs (loop1): unable to read boot sector
[  120.367027][  T497] usb 10-1: USB disconnect, device number 5
[  120.440391][ T7507] bridge_slave_0: default FDB implementation only supports local addresses
[  120.538755][ T7518] loop1: detected capacity change from 0 to 512
[  120.552943][ T7518] EXT4-fs error (device loop1): ext4_acquire_dquot:6788: comm syz.1.3068: Failed to acquire dquot type 0
[  120.564308][ T7518] EXT4-fs error (device loop1): ext4_acquire_dquot:6788: comm syz.1.3068: Failed to acquire dquot type 0
[  120.576257][ T7518] EXT4-fs error (device loop1): ext4_acquire_dquot:6788: comm syz.1.3068: Failed to acquire dquot type 0
[  120.587780][ T7518] EXT4-fs (loop1): 1 orphan inode deleted
[  120.593616][ T7518] ext4 filesystem being mounted at /572/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  120.858447][   T45] Bluetooth: hci0: command 0x1003 tx timeout
[  120.858611][ T2805] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  120.887057][ T7539] loop2: detected capacity change from 0 to 1024
[  120.893696][ T7539] EXT4-fs: Ignoring removed nomblk_io_submit option
[  120.936846][ T7549] loop2: detected capacity change from 0 to 512
[  120.950120][ T7549] ext4 filesystem being mounted at /509/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  120.988475][ T7554] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3081'.
[  121.019623][  T497] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  121.206125][  T497] usb 2-1: Using ep0 maxpacket: 8
[  121.212268][  T497] usb 2-1: config 0 interface 0 altsetting 212 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  121.224068][  T497] usb 2-1: config 0 interface 0 altsetting 212 endpoint 0x81 has invalid wMaxPacketSize 0
[  121.233747][  T497] usb 2-1: config 0 interface 0 has no altsetting 0
[  121.240550][  T497] usb 2-1: New USB device found, idVendor=0eef, idProduct=260e, bcdDevice= 0.00
[  121.249694][  T497] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  121.258617][  T497] usb 2-1: config 0 descriptor??
[  121.315516][   T39] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  121.475372][ T7600] netlink: '+}[@': attribute type 3 has an invalid length.
[  121.504142][   T39] usb 3-1: Using ep0 maxpacket: 16
[  121.504255][ T7604] overlayfs: failed to clone upperpath
[  121.510258][   T39] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  121.525240][   T39] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  121.535102][   T39] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  121.548058][   T39] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  121.556977][   T39] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  121.565476][   T39] usb 3-1: config 0 descriptor??
[  121.613497][    T6] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  121.665980][  T497] hid (null): unknown global tag 0xd
[  121.672562][  T497] hid (null): unknown global tag 0x83
[  121.677908][  T497] hid (null): unknown global tag 0xc
[  121.683117][  T497] hid (null): global environment stack underflow
[  121.690889][  T497] hid-generic 0003:0EEF:260E.001C: unexpected long global item
[  121.699212][  T497] hid-generic: probe of 0003:0EEF:260E.001C failed with error -22
[  121.752969][ T7621] loop9: detected capacity change from 0 to 512
[  121.759721][ T7621] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode
[  121.772356][ T7621] EXT4-fs (loop9): 1 truncate cleaned up
[  121.793407][    T6] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  121.806276][    T6] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  121.817211][    T6] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  121.830291][    T6] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  121.840855][    T6] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  121.863000][   T19] usb 2-1: USB disconnect, device number 14
[  121.869940][    T6] usb 1-1: config 0 descriptor??
[  121.971787][   T39] microsoft 0003:045E:07DA.001D: unknown main item tag 0x0
[  121.978993][   T39] microsoft 0003:045E:07DA.001D: unknown main item tag 0x0
[  121.999832][   T39] microsoft 0003:045E:07DA.001D: unknown main item tag 0x0
[  122.007208][   T39] microsoft 0003:045E:07DA.001D: unknown main item tag 0x0
[  122.014638][   T39] microsoft 0003:045E:07DA.001D: unknown main item tag 0x0
[  122.023168][   T39] microsoft 0003:045E:07DA.001D: unknown main item tag 0x0
[  122.030557][   T39] microsoft 0003:045E:07DA.001D: unknown main item tag 0x0
[  122.038116][   T39] microsoft 0003:045E:07DA.001D: unknown main item tag 0x0
[  122.045189][   T39] microsoft 0003:045E:07DA.001D: unknown main item tag 0x0
[  122.054006][   T39] microsoft 0003:045E:07DA.001D: unknown main item tag 0x0
[  122.066225][   T39] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.001D/input/input21
[  122.078497][   T39] microsoft 0003:045E:07DA.001D: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0
[  122.187605][   T19] usb 3-1: USB disconnect, device number 17
[  122.276235][    T6] plantronics 0003:047F:FFFF.001E: unknown main item tag 0x0
[  122.284119][    T6] plantronics 0003:047F:FFFF.001E: No inputs registered, leaving
[  122.309202][    T6] plantronics 0003:047F:FFFF.001E: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  122.321561][ T6095] usb 10-1: new full-speed USB device number 6 using dummy_hcd
[  122.392379][ T7632] device bridge1 entered promiscuous mode
[  122.518928][ T6095] usb 10-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  122.527544][ T6095] usb 10-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  122.538109][ T6095] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 3
[  122.551615][   T39] usb 1-1: USB disconnect, device number 2
[  122.554770][ T6095] usb 10-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  122.572945][ T6095] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  122.580918][ T6095] usb 10-1: Product: syz
[  122.584928][ T6095] usb 10-1: Manufacturer: syz
[  122.589673][ T6095] usb 10-1: SerialNumber: syz
[  122.806921][ T6095] usb 10-1: 0:2 : does not exist
[  122.816634][ T6095] usb 10-1: USB disconnect, device number 6
[  123.011641][ T7671] loop1: detected capacity change from 0 to 40427
[  123.019211][ T7671] F2FS-fs (loop1): invalid crc value
[  123.025272][ T7671] F2FS-fs (loop1): Found nat_bits in checkpoint
[  123.072451][ T7671] F2FS-fs (loop1): Start checkpoint disabled!
[  123.079492][ T7675] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3138'.
[  123.080094][ T7671] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  123.114499][ T7675] netlink: 'syz.0.3138': attribute type 1 has an invalid length.
[  123.143893][ T7675] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3138'.
[  123.184233][   T28] kauditd_printk_skb: 58 callbacks suppressed
[  123.184249][   T28] audit: type=1326 audit(2000000095.979:2120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7677 comm="syz.0.3140" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f86b8185d29 code=0x0
[  123.199529][ T4471] kworker/u4:25: attempt to access beyond end of device
[  123.199529][ T4471] loop1: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  123.471541][ T7669] loop2: detected capacity change from 0 to 131072
[  123.478436][ T7669] F2FS-fs (loop2): Invalid log sectorsize (67108873)
[  123.485049][ T7669] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  123.493668][ T7669] F2FS-fs (loop2): invalid crc value
[  123.500509][ T7669] F2FS-fs (loop2): Found nat_bits in checkpoint
[  123.536905][ T7669] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  123.544112][ T7669] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[  123.561267][   T28] audit: type=1400 audit(2000000000.050:2121): avc:  denied  { lock } for  pid=7668 comm="syz.2.3135" path="/516/file1/file1" dev="loop2" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  123.584521][   T28] audit: type=1400 audit(2000000000.050:2122): avc:  denied  { link } for  pid=7668 comm="syz.2.3135" name="file1" dev="loop2" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  123.731530][   T39] usb 10-1: new high-speed USB device number 7 using dummy_hcd
[  123.751041][ T7702] futex_wake_op: syz.2.3147 tries to shift op by -1; fix this program
[  123.782804][ T7706] loop2: detected capacity change from 0 to 256
[  123.792071][ T7706] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  123.807041][   T28] audit: type=1400 audit(2000000000.300:2123): avc:  denied  { setattr } for  pid=7705 comm="syz.2.3149" name="/" dev="loop2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  123.858875][ T7712] loop2: detected capacity change from 0 to 512
[  123.872501][ T7712] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a802c01c, mo2=0002]
[  123.880583][ T7712] System zones: 0-2, 18-18, 34-35
[  123.886476][ T7712] ext4 filesystem being mounted at /522/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  123.898585][ T7712] netlink: 452 bytes leftover after parsing attributes in process `syz.2.3152'.
[  123.919399][   T28] audit: type=1326 audit(2000000000.410:2124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7715 comm="syz.2.3153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb64f85d29 code=0x7ffc0000
[  123.942898][   T39] usb 10-1: Using ep0 maxpacket: 16
[  123.948145][   T28] audit: type=1326 audit(2000000000.410:2125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7715 comm="syz.2.3153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb64f85d29 code=0x7ffc0000
[  123.971811][   T28] audit: type=1326 audit(2000000000.410:2126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7715 comm="syz.2.3153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7fdb64f85d29 code=0x7ffc0000
[  123.995183][   T28] audit: type=1326 audit(2000000000.410:2127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7715 comm="syz.2.3153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb64f85d29 code=0x7ffc0000
[  124.019244][   T28] audit: type=1326 audit(2000000000.410:2128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7715 comm="syz.2.3153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb64f85d29 code=0x7ffc0000
[  124.044946][   T28] audit: type=1326 audit(2000000000.410:2129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7715 comm="syz.2.3153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fdb64f85d29 code=0x7ffc0000
[  124.072013][   T39] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  124.101540][   T39] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  124.112056][   T39] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  124.125047][   T39] usb 10-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  124.135744][   T39] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  124.145680][   T39] usb 10-1: config 0 descriptor??
[  124.331437][ T7758] loop2: detected capacity change from 0 to 512
[  124.344375][ T7758] EXT4-fs (loop2): 1 orphan inode deleted
[  124.350292][ T7758] ext4 filesystem being mounted at /533/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  124.365105][ T4456] EXT4-fs error (device loop2): ext4_release_dquot:6811: comm kworker/u4:18: Failed to release dquot type 1
[  124.458640][ T7776] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3178'.
[  124.583839][   T39] microsoft 0003:045E:07DA.001F: unknown main item tag 0x0
[  124.591004][   T39] microsoft 0003:045E:07DA.001F: unknown main item tag 0x0
[  124.598345][   T39] microsoft 0003:045E:07DA.001F: unknown main item tag 0x0
[  124.605974][   T39] microsoft 0003:045E:07DA.001F: unknown main item tag 0x0
[  124.613313][   T39] microsoft 0003:045E:07DA.001F: unknown main item tag 0x0
[  124.625841][   T39] microsoft 0003:045E:07DA.001F: unknown main item tag 0x0
[  124.633090][   T39] microsoft 0003:045E:07DA.001F: unknown main item tag 0x0
[  124.640413][   T39] microsoft 0003:045E:07DA.001F: unknown main item tag 0x0
[  124.647587][   T39] microsoft 0003:045E:07DA.001F: unknown main item tag 0x0
[  124.654696][   T39] microsoft 0003:045E:07DA.001F: unknown main item tag 0x0
[  124.667372][   T39] input: HID 045e:07da as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:0.0/0003:045E:07DA.001F/input/input22
[  124.679937][   T39] microsoft 0003:045E:07DA.001F: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.9-1/input0
[  124.731551][   T24] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  124.764643][ T7800] bridge0: port 3(vlan3) entered blocking state
[  124.770742][ T7800] bridge0: port 3(vlan3) entered disabled state
[  124.792777][   T19] usb 10-1: USB disconnect, device number 7
[  124.911764][   T24] usb 2-1: Using ep0 maxpacket: 8
[  124.917696][   T24] usb 2-1: config 11 has an invalid interface number: 95 but max is 0
[  124.925811][   T24] usb 2-1: config 11 has no interface number 0
[  124.931813][   T24] usb 2-1: config 11 interface 95 has no altsetting 0
[  124.939700][   T24] usb 2-1: New USB device found, idVendor=10f0, idProduct=2002, bcdDevice=dc.4d
[  124.948569][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  124.956402][   T24] usb 2-1: Product: syz
[  124.960334][   T24] usb 2-1: Manufacturer: syz
[  124.964778][   T24] usb 2-1: SerialNumber: syz
[  125.173805][   T24] usb 2-1: USB disconnect, device number 15
[  125.191203][ T7812] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3195'.
[  125.291761][ T7825] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3201'.
[  125.366269][ T7846] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  125.661561][ T6095] usb 1-1: new full-speed USB device number 3 using dummy_hcd
[  125.852704][ T6095] usb 1-1: config index 0 descriptor too short (expected 31, got 27)
[  125.860836][ T6095] usb 1-1: config 1 interface 0 altsetting 253 endpoint 0x1 has invalid wMaxPacketSize 0
[  125.871874][ T6095] usb 1-1: config 1 interface 0 has no altsetting 0
[  125.880332][ T6095] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= b.72
[  125.889533][ T6095] usb 1-1: New USB device strings: Mfr=28, Product=37, SerialNumber=3
[  125.897609][ T6095] usb 1-1: Product: syz
[  125.901548][ T6095] usb 1-1: Manufacturer: syz
[  125.905969][ T6095] usb 1-1: SerialNumber: syz
[  125.951570][  T497] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  126.081604][   T39] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  126.131542][  T497] usb 2-1: Using ep0 maxpacket: 16
[  126.137712][  T497] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  126.148740][  T497] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  126.158409][  T497] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  126.171239][  T497] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  126.180321][  T497] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  126.189181][  T497] usb 2-1: config 0 descriptor??
[  126.222287][ T7883] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3226'.
[  126.261623][   T39] usb 3-1: Using ep0 maxpacket: 16
[  126.268119][   T39] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  126.279526][   T39] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  126.289975][   T39] usb 3-1: config 0 interface 0 has no altsetting 0
[  126.296477][   T39] usb 3-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00
[  126.305447][   T39] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  126.314449][   T39] usb 3-1: config 0 descriptor??
[  126.392560][ T7896] netem: change failed
[  126.515200][ T6095] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 3 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8
[  126.524709][ T7875] loop2: detected capacity change from 0 to 256
[  126.538935][ T7875] FAT-fs (loop2): Directory bread(block 64) failed
[  126.545316][ T7875] FAT-fs (loop2): Directory bread(block 65) failed
[  126.551676][ T7875] FAT-fs (loop2): Directory bread(block 66) failed
[  126.557950][ T7875] FAT-fs (loop2): Directory bread(block 67) failed
[  126.564349][ T7875] FAT-fs (loop2): Directory bread(block 68) failed
[  126.570627][ T7875] FAT-fs (loop2): Directory bread(block 69) failed
[  126.577027][ T7875] FAT-fs (loop2): Directory bread(block 70) failed
[  126.583304][ T7875] FAT-fs (loop2): Directory bread(block 71) failed
[  126.589654][ T7875] FAT-fs (loop2): Directory bread(block 72) failed
[  126.595995][ T7875] FAT-fs (loop2): Directory bread(block 73) failed
[  126.612858][  T497] microsoft 0003:045E:07DA.0020: unknown main item tag 0x0
[  126.619995][  T497] microsoft 0003:045E:07DA.0020: unknown main item tag 0x0
[  126.626988][  T497] microsoft 0003:045E:07DA.0020: unknown main item tag 0x0
[  126.634087][  T497] microsoft 0003:045E:07DA.0020: unknown main item tag 0x0
[  126.641081][  T497] microsoft 0003:045E:07DA.0020: unknown main item tag 0x0
[  126.648359][  T497] microsoft 0003:045E:07DA.0020: unknown main item tag 0x0
[  126.655492][  T497] microsoft 0003:045E:07DA.0020: unknown main item tag 0x0
[  126.662546][  T497] microsoft 0003:045E:07DA.0020: unknown main item tag 0x0
[  126.669939][  T497] microsoft 0003:045E:07DA.0020: unknown main item tag 0x0
[  126.677183][  T497] microsoft 0003:045E:07DA.0020: unknown main item tag 0x0
[  126.684814][ T7904] loop9: detected capacity change from 0 to 2048
[  126.690952][  T497] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0020/input/input23
[  126.692186][  T497] microsoft 0003:045E:07DA.0020: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[  126.723701][ T7904] EXT4-fs mount: 17 callbacks suppressed
[  126.723723][ T7904] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: none.
[  126.742564][ T7904] EXT4-fs error (device loop9): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  126.758145][ T7904] EXT4-fs (loop9): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 23 with error 28
[  126.770464][ T7904] EXT4-fs (loop9): This should not happen!! Data will be lost
[  126.770464][ T7904] 
[  126.780010][ T7904] EXT4-fs (loop9): Total free blocks count 0
[  126.785848][ T7904] EXT4-fs (loop9): Free/Dirty block details
[  126.791626][ T7904] EXT4-fs (loop9): free_blocks=2415919104
[  126.797171][ T7904] EXT4-fs (loop9): dirty_blocks=48
[  126.802151][ T7904] EXT4-fs (loop9): Block reservation details
[  126.808008][ T7904] EXT4-fs (loop9): i_reserved_data_blocks=3
[  126.820633][   T39] hid (null): unknown global tag 0xe
[  126.826003][   T39] hid (null): report_id 58501 is invalid
[  126.831690][   T39] hid (null): unknown global tag 0x1c
[  126.832441][ T6095] usb 2-1: USB disconnect, device number 16
[  126.841234][   T39] hid (null): unknown global tag 0x84
[  126.844665][ T4471] EXT4-fs (loop9): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  126.848385][   T39] hid (null): report_id 0 is invalid
[  126.865268][   T39] hid (null): unknown global tag 0xc
[  126.870777][   T39] hid (null): unknown global tag 0xd
[  126.876050][   T39] hid (null): report_id 2863014418 is invalid
[  126.882124][   T39] hid (null): report_id 2384115945 is invalid
[  126.889643][   T39] hid-generic 0003:060B:500A.0021: unknown main item tag 0x0
[  126.897262][   T39] hid-generic 0003:060B:500A.0021: unknown main item tag 0x0
[  126.904618][   T39] hid-generic 0003:060B:500A.0021: unknown main item tag 0x0
[  126.911933][   T39] hid-generic 0003:060B:500A.0021: unknown main item tag 0x0
[  126.919379][   T39] hid-generic 0003:060B:500A.0021: unknown main item tag 0x0
[  126.932322][   T39] hid-generic 0003:060B:500A.0021: unknown main item tag 0x0
[  126.940709][   T39] hid-generic 0003:060B:500A.0021: unknown main item tag 0x0
[  126.948495][   T39] hid-generic 0003:060B:500A.0021: unknown main item tag 0x0
[  126.955802][   T39] hid-generic 0003:060B:500A.0021: unknown main item tag 0x0
[  126.963057][   T39] hid-generic 0003:060B:500A.0021: unknown main item tag 0x0
[  126.970282][   T39] hid-generic 0003:060B:500A.0021: unknown main item tag 0x3
[  126.978013][   T39] hid-generic 0003:060B:500A.0021: unknown main item tag 0x4
[  126.978237][ T7918] xt_TCPMSS: Only works on TCP SYN packets
[  126.985418][   T39] hid-generic 0003:060B:500A.0021: unknown main item tag 0x6
[  126.985445][   T39] hid-generic 0003:060B:500A.0021: unexpected long global item
[  127.019199][   T39] hid-generic: probe of 0003:060B:500A.0021 failed with error -22
[  127.028717][   T39] usb 3-1: USB disconnect, device number 18
[  127.134730][ T7931] SELinux: security_context_str_to_sid (E�) failed with errno=-22
[  127.255078][ T7947] loop9: detected capacity change from 0 to 128
[  127.346074][ T7952] loop9: detected capacity change from 0 to 8192
[  127.367319][ T7956] syz.1.3256[7956] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  127.367531][ T7956] syz.1.3256[7956] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  127.773445][ T7974] input: syz1 as /devices/virtual/input/input24
[  127.941926][ T7983] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7983 comm=syz.2.3267
[  128.251965][ T8011] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3280'.
[  128.332927][ T8017] 9pnet: p9_errstr2errno: server reported unknown error �@�BN[9
[  128.332927][ T8017] tr��0�HJ��X���
[  128.391113][ T1556] usb 1-1: USB disconnect, device number 3
[  128.399442][ T1556] usblp0: removed
[  128.453313][ T8035] netlink: 'syz.2.3291': attribute type 4 has an invalid length.
[  128.469816][ T8035] netlink: 'syz.2.3291': attribute type 4 has an invalid length.
[  128.555537][ T8046] syz.9.3294[8046] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  128.555609][ T8046] syz.9.3294[8046] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  128.585575][ T8052] syz.9.3299[8052] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  128.600879][ T8052] syz.9.3299[8052] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  128.621989][ T8056] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3301'.
[  128.644564][ T8058] syz.2.3302[8058] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  128.644640][ T8058] syz.2.3302[8058] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  128.681911][ T8058] loop2: detected capacity change from 0 to 256
[  128.710110][ T8058] FAT-fs (loop2): bogus number of FAT sectors
[  128.720490][ T8058] FAT-fs (loop2): Can't find a valid FAT filesystem
[  128.728382][ T4506] Bluetooth: hci0: Frame reassembly failed (-84)
[  128.922390][ T8063] loop9: detected capacity change from 0 to 40427
[  128.929402][ T8063] F2FS-fs (loop9): fault_injection options not supported
[  128.936361][ T8063] F2FS-fs (loop9): Image doesn't support compression
[  128.942988][ T8063] F2FS-fs (loop9): Image doesn't support compression
[  128.949517][ T8063] F2FS-fs (loop9): fault_type options not supported
[  128.968226][ T8063] F2FS-fs (loop9): invalid crc value
[  128.974598][ T8063] F2FS-fs (loop9): Found nat_bits in checkpoint
[  129.022272][ T8063] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5
[  129.381525][  T497] usb 10-1: new high-speed USB device number 8 using dummy_hcd
[  129.450743][ T8147] input: syz1 as /devices/virtual/input/input25
[  129.562805][  T497] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  129.572849][  T497] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 3
[  129.582373][  T497] usb 10-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  129.591433][  T497] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  129.599460][  T497] usb 10-1: SerialNumber: syz
[  129.654252][ T8151] syz.3.3344[8151] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  129.654335][ T8151] syz.3.3344[8151] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  129.762967][   T28] kauditd_printk_skb: 18 callbacks suppressed
[  129.762984][   T28] audit: type=1326 audit(2000000006.260:2147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8162 comm="syz.0.3345" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86b8185d29 code=0x7ffc0000
[  129.803969][   T28] audit: type=1326 audit(2000000006.260:2148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8162 comm="syz.0.3345" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86b8185d29 code=0x7ffc0000
[  129.828971][   T28] audit: type=1326 audit(2000000006.260:2149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8162 comm="syz.0.3345" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f86b8185d29 code=0x7ffc0000
[  129.832948][  T497] usb 10-1: 0:2 : does not exist
[  129.852545][   T28] audit: type=1326 audit(2000000006.270:2150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8162 comm="syz.0.3345" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86b8185d29 code=0x7ffc0000
[  129.858956][  T497] usb 10-1: USB disconnect, device number 8
[  129.880576][   T28] audit: type=1326 audit(2000000006.270:2151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8162 comm="syz.0.3345" exe="/root/syz-executor" sig=0 arch=c000003e syscall=61 compat=0 ip=0x7f86b8185d29 code=0x7ffc0000
[  129.909166][   T28] audit: type=1326 audit(2000000006.270:2152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8166 comm="syz.0.3345" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f86b81b85e5 code=0x7ffc0000
[  129.932397][   T28] audit: type=1326 audit(2000000006.420:2153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8166 comm="syz.0.3345" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7f86b8185d29 code=0x7ffc0000
[  129.955917][   T28] audit: type=1326 audit(2000000006.430:2154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8162 comm="syz.0.3345" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f86b8121f29 code=0x7ffc0000
[  129.979160][   T28] audit: type=1326 audit(2000000006.430:2155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8162 comm="syz.0.3345" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86b8185d29 code=0x7ffc0000
[  130.002534][   T28] audit: type=1326 audit(2000000006.430:2156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8162 comm="syz.0.3345" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86b8185d29 code=0x7ffc0000
[  130.222389][ T8179] netlink: 104 bytes leftover after parsing attributes in process `syz.2.3356'.
[  130.311603][   T39] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  130.492611][   T39] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  130.504675][   T39] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  130.513646][   T39] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  130.521433][   T39] usb 1-1: Product: syz
[  130.525463][   T39] usb 1-1: Manufacturer: syz
[  130.529861][   T39] usb 1-1: SerialNumber: syz
[  130.696159][ T8210] syz.9.3370 uses obsolete (PF_INET,SOCK_PACKET)
[  130.761555][   T45] Bluetooth: hci0: command 0x1003 tx timeout
[  130.761572][ T2805] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  130.841064][ T8225] pci 0000:00:05.0: vgaarb: changed VGA decodes: olddecodes=io+mem,decodes=none:owns=io+mem
[  131.051561][ T1556] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  131.232522][ T1556] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  131.243339][ T1556] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  131.252911][ T1556] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  131.265585][ T1556] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  131.274565][ T1556] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  131.282911][ T1556] usb 2-1: config 0 descriptor??
[  131.538471][   T39] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[  131.544877][   T39] cdc_ncm 1-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[  131.552176][   T39] cdc_ncm 1-1:1.0: setting rx_max = 2048
[  131.647321][ T8238] input: syz1 as /devices/virtual/input/input26
[  131.691292][ T1556] plantronics 0003:047F:FFFF.0022: unknown main item tag 0x0
[  131.698791][ T1556] plantronics 0003:047F:FFFF.0022: unknown main item tag 0x0
[  131.706028][ T1556] plantronics 0003:047F:FFFF.0022: unknown main item tag 0x0
[  131.713268][ T1556] plantronics 0003:047F:FFFF.0022: unknown main item tag 0x0
[  131.720409][ T1556] plantronics 0003:047F:FFFF.0022: unknown main item tag 0x0
[  131.727848][ T1556] plantronics 0003:047F:FFFF.0022: unknown main item tag 0x0
[  131.735138][ T1556] plantronics 0003:047F:FFFF.0022: unknown main item tag 0x0
[  131.742518][ T1556] plantronics 0003:047F:FFFF.0022: unknown main item tag 0x0
[  131.752159][   T39] cdc_ncm 1-1:1.0 eth1: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[  131.762950][ T1556] plantronics 0003:047F:FFFF.0022: unknown main item tag 0x0
[  131.770064][ T1556] plantronics 0003:047F:FFFF.0022: unknown main item tag 0x0
[  131.778801][   T39] usb 1-1: USB disconnect, device number 4
[  131.784715][   T39] cdc_ncm 1-1:1.0 eth1: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
[  131.793713][ T1556] plantronics 0003:047F:FFFF.0022: unknown main item tag 0x0
[  131.800865][ T1556] plantronics 0003:047F:FFFF.0022: unknown main item tag 0x0
[  131.809921][ T1556] plantronics 0003:047F:FFFF.0022: unknown main item tag 0x0
[  131.817159][ T1556] plantronics 0003:047F:FFFF.0022: unknown main item tag 0x0
[  131.821377][ T8242] loop2: detected capacity change from 0 to 40427
[  131.824370][ T1556] plantronics 0003:047F:FFFF.0022: unknown main item tag 0x0
[  131.830650][ T6094] usb 10-1: new high-speed USB device number 9 using dummy_hcd
[  131.838135][ T1556] plantronics 0003:047F:FFFF.0022: No inputs registered, leaving
[  131.850921][ T8242] F2FS-fs (loop2): fault_injection options not supported
[  131.855725][ T1556] plantronics 0003:047F:FFFF.0022: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  131.860741][ T8242] F2FS-fs (loop2): invalid crc value
[  131.873400][ T1556] ==================================================================
[  131.878227][ T8242] F2FS-fs (loop2): Found nat_bits in checkpoint
[  131.884896][ T1556] BUG: KASAN: use-after-free in __list_del_entry_valid+0xa6/0x130
[  131.884933][ T1556] Read of size 8 at addr ffff888121972cf0 by task kworker/1:4/1556
[  131.884952][ T1556] 
[  131.884960][ T1556] CPU: 1 PID: 1556 Comm: kworker/1:4 Tainted: G        W          6.1.118-syzkaller-00019-ge09bed30088f #0
[  131.919700][ T1556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  131.929596][ T1556] Workqueue: mm_percpu_wq vmstat_update
[  131.934990][ T1556] Call Trace:
[  131.938100][ T1556]  <TASK>
[  131.940878][ T1556]  dump_stack_lvl+0x151/0x1b7
[  131.945392][ T1556]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[  131.950686][ T1556]  ? _printk+0xd1/0x111
[  131.951207][ T8242] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  131.954677][ T1556]  ? __virt_addr_valid+0x242/0x2f0
[  131.966918][ T1556]  print_report+0x158/0x4e0
[  131.971260][ T1556]  ? __virt_addr_valid+0x242/0x2f0
[  131.976208][ T1556]  ? kasan_complete_mode_report_info+0x90/0x1b0
[  131.982278][ T1556]  ? __list_del_entry_valid+0xa6/0x130
[  131.987567][ T1556]  kasan_report+0x13c/0x170
[  131.991930][ T1556]  ? __list_del_entry_valid+0xa6/0x130
[  131.997206][ T1556]  __asan_report_load8_noabort+0x14/0x20
[  132.002668][ T1556]  __list_del_entry_valid+0xa6/0x130
[  132.007792][ T1556]  process_one_work+0x4d7/0xcb0
[  132.012481][ T1556]  worker_thread+0xa60/0x1260
[  132.016996][ T1556]  kthread+0x26d/0x300
[  132.020895][ T1556]  ? worker_clr_flags+0x1a0/0x1a0
[  132.025755][ T1556]  ? kthread_blkcg+0xd0/0xd0
[  132.030182][ T1556]  ret_from_fork+0x1f/0x30
[  132.034440][ T1556]  </TASK>
[  132.037302][ T1556] 
[  132.039470][ T1556] Allocated by task 39:
[  132.043566][ T1556]  kasan_set_track+0x4b/0x70
[  132.047995][ T1556]  kasan_save_alloc_info+0x1f/0x30
[  132.052939][ T1556]  __kasan_kmalloc+0x9c/0xb0
[  132.057367][ T1556]  __kmalloc_node+0xb4/0x1e0
[  132.061792][ T1556]  kvmalloc_node+0x221/0x640
[  132.066226][ T1556]  alloc_netdev_mqs+0x8c/0xf90
[  132.070928][ T1556]  alloc_etherdev_mqs+0x36/0x40
[  132.075609][ T1556]  usbnet_probe+0x213/0x28a0
[  132.080034][ T1556]  usb_probe_interface+0x5b6/0xa90
[  132.084985][ T1556]  really_probe+0x2b8/0x920
[  132.089320][ T1556]  __driver_probe_device+0x1a0/0x310
[  132.094444][ T1556]  driver_probe_device+0x54/0x3d0
[  132.099313][ T1556]  __device_attach_driver+0x2e3/0x490
[  132.104509][ T1556]  bus_for_each_drv+0x183/0x200
[  132.109195][ T1556]  __device_attach+0x312/0x510
[  132.113794][ T1556]  device_initial_probe+0x1a/0x20
[  132.118654][ T1556]  bus_probe_device+0xbe/0x1e0
[  132.123255][ T1556]  device_add+0xb60/0xf10
[  132.127423][ T1556]  usb_set_configuration+0x190f/0x1e80
[  132.132719][ T1556]  usb_generic_driver_probe+0x8b/0x150
[  132.138011][ T1556]  usb_probe_device+0x144/0x260
[  132.142698][ T1556]  really_probe+0x2b8/0x920
[  132.147039][ T1556]  __driver_probe_device+0x1a0/0x310
[  132.152164][ T1556]  driver_probe_device+0x54/0x3d0
[  132.157020][ T1556]  __device_attach_driver+0x2e3/0x490
[  132.162228][ T1556]  bus_for_each_drv+0x183/0x200
[  132.166914][ T1556]  __device_attach+0x312/0x510
[  132.171514][ T1556]  device_initial_probe+0x1a/0x20
[  132.176374][ T1556]  bus_probe_device+0xbe/0x1e0
[  132.180977][ T1556]  device_add+0xb60/0xf10
[  132.185142][ T1556]  usb_new_device+0xf2f/0x1820
[  132.189859][ T1556]  hub_event+0x2db1/0x4830
[  132.194128][ T1556]  process_one_work+0x73d/0xcb0
[  132.198798][ T1556]  worker_thread+0xa60/0x1260
[  132.203404][ T1556]  kthread+0x26d/0x300
[  132.207305][ T1556]  ret_from_fork+0x1f/0x30
[  132.211561][ T1556] 
[  132.213726][ T1556] Freed by task 39:
[  132.217372][ T1556]  kasan_set_track+0x4b/0x70
[  132.221797][ T1556]  kasan_save_free_info+0x2b/0x40
[  132.226656][ T1556]  ____kasan_slab_free+0x131/0x180
[  132.231623][ T1556]  __kasan_slab_free+0x11/0x20
[  132.236204][ T1556]  __kmem_cache_free+0x21d/0x410
[  132.240996][ T1556]  kfree+0x7a/0xf0
[  132.244536][ T1556]  kvfree+0x35/0x40
[  132.248180][ T1556]  netdev_freemem+0x3f/0x60
[  132.252520][ T1556]  netdev_release+0x7f/0xb0
[  132.256860][ T1556]  device_release+0x95/0x1c0
[  132.261289][ T1556]  kobject_put+0x178/0x260
[  132.265540][ T1556]  put_device+0x1f/0x30
[  132.269561][ T1556]  free_netdev+0x393/0x480
[  132.273786][ T1556]  usbnet_disconnect+0x25f/0x3b0
[  132.278560][ T1556]  usb_unbind_interface+0x1fa/0x8c0
[  132.283597][ T1556]  device_release_driver_internal+0x53e/0x870
[  132.289494][ T1556]  device_release_driver+0x19/0x20
[  132.294443][ T1556]  bus_remove_device+0x2fa/0x360
[  132.299377][ T1556]  device_del+0x663/0xe90
[  132.303550][ T1556]  usb_disable_device+0x380/0x720
[  132.309088][ T1556]  usb_disconnect+0x32a/0x890
[  132.313605][ T1556]  hub_event+0x1ed8/0x4830
[  132.317851][ T1556]  process_one_work+0x73d/0xcb0
[  132.322539][ T1556]  worker_thread+0xd71/0x1260
[  132.327053][ T1556]  kthread+0x26d/0x300
[  132.330958][ T1556]  ret_from_fork+0x1f/0x30
[  132.335213][ T1556] 
[  132.337382][ T1556] Last potentially related work creation:
[  132.342939][ T1556]  kasan_save_stack+0x3b/0x60
[  132.347449][ T1556]  __kasan_record_aux_stack+0xb4/0xc0
[  132.352655][ T1556]  kasan_record_aux_stack_noalloc+0xb/0x10
[  132.358297][ T1556]  insert_work+0x56/0x310
[  132.362464][ T1556]  __queue_work+0x9b6/0xd70
[  132.366827][ T1556]  queue_work_on+0x105/0x170
[  132.371244][ T1556]  usbnet_link_change+0x182/0x1a0
[  132.376088][ T1556]  usbnet_probe+0x1e1e/0x28a0
[  132.380603][ T1556]  usb_probe_interface+0x5b6/0xa90
[  132.385548][ T1556]  really_probe+0x2b8/0x920
[  132.389891][ T1556]  __driver_probe_device+0x1a0/0x310
[  132.395009][ T1556]  driver_probe_device+0x54/0x3d0
[  132.399871][ T1556]  __device_attach_driver+0x2e3/0x490
[  132.405079][ T1556]  bus_for_each_drv+0x183/0x200
[  132.409763][ T1556]  __device_attach+0x312/0x510
[  132.414365][ T1556]  device_initial_probe+0x1a/0x20
[  132.419225][ T1556]  bus_probe_device+0xbe/0x1e0
[  132.423824][ T1556]  device_add+0xb60/0xf10
[  132.427990][ T1556]  usb_set_configuration+0x190f/0x1e80
[  132.433284][ T1556]  usb_generic_driver_probe+0x8b/0x150
[  132.438579][ T1556]  usb_probe_device+0x144/0x260
[  132.443266][ T1556]  really_probe+0x2b8/0x920
[  132.447605][ T1556]  __driver_probe_device+0x1a0/0x310
[  132.452814][ T1556]  driver_probe_device+0x54/0x3d0
[  132.457673][ T1556]  __device_attach_driver+0x2e3/0x490
[  132.462883][ T1556]  bus_for_each_drv+0x183/0x200
[  132.467570][ T1556]  __device_attach+0x312/0x510
[  132.472169][ T1556]  device_initial_probe+0x1a/0x20
[  132.477028][ T1556]  bus_probe_device+0xbe/0x1e0
[  132.481630][ T1556]  device_add+0xb60/0xf10
[  132.485794][ T1556]  usb_new_device+0xf2f/0x1820
[  132.490397][ T1556]  hub_event+0x2db1/0x4830
[  132.494648][ T1556]  process_one_work+0x73d/0xcb0
[  132.499334][ T1556]  worker_thread+0xa60/0x1260
[  132.503847][ T1556]  kthread+0x26d/0x300
[  132.507752][ T1556]  ret_from_fork+0x1f/0x30
[  132.512005][ T1556] 
[  132.514177][ T1556] The buggy address belongs to the object at ffff888121972000
[  132.514177][ T1556]  which belongs to the cache kmalloc-4k of size 4096
[  132.528062][ T1556] The buggy address is located 3312 bytes inside of
[  132.528062][ T1556]  4096-byte region [ffff888121972000, ffff888121973000)
[  132.541455][ T1556] 
[  132.543620][ T1556] The buggy address belongs to the physical page:
[  132.549875][ T1556] page:ffffea0004865c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x121970
[  132.559938][ T1556] head:ffffea0004865c00 order:3 compound_mapcount:0 compound_pincount:0
[  132.568116][ T1556] flags: 0x4000000000010200(slab|head|zone=1)
[  132.574011][ T1556] raw: 4000000000010200 0000000000000000 dead000000000001 ffff888100043380
[  132.582424][ T1556] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
[  132.590836][ T1556] page dumped because: kasan: bad access detected
[  132.597353][ T1556] page_owner tracks the page as allocated
[  132.602901][ T1556] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5144, tgid 5143 (syz.2.2055), ts 87744049581, free_ts 87706020384
[  132.625397][ T1556]  post_alloc_hook+0x213/0x220
[  132.629996][ T1556]  prep_new_page+0x1b/0x110
[  132.634338][ T1556]  get_page_from_freelist+0x2f41/0x2fc0
[  132.639719][ T1556]  __alloc_pages+0x234/0x610
[  132.644143][ T1556]  alloc_slab_page+0x6c/0xf0
[  132.648569][ T1556]  new_slab+0x90/0x3e0
[  132.652479][ T1556]  ___slab_alloc+0x6f9/0xb80
[  132.657055][ T1556]  __slab_alloc+0x5d/0xa0
[  132.661186][ T1556]  __kmem_cache_alloc_node+0x207/0x2a0
[  132.666716][ T1556]  __kmalloc_node_track_caller+0xa2/0x1e0
[  132.672261][ T1556]  kmemdup+0x29/0x60
[  132.675995][ T1556]  __addrconf_sysctl_register+0xad/0x3e0
[  132.681460][ T1556]  addrconf_sysctl_register+0x141/0x1a0
[  132.686846][ T1556]  ipv6_add_dev+0xbd7/0x11a0
[  132.691269][ T1556]  addrconf_notify+0x6d2/0xe10
[  132.695868][ T1556]  raw_notifier_call_chain+0x8c/0xf0
[  132.700991][ T1556] page last free stack trace:
[  132.705504][ T1556]  free_unref_page_prepare+0x83d/0x850
[  132.710798][ T1556]  free_unref_page+0xb2/0x5c0
[  132.715311][ T1556]  __free_pages+0x61/0xf0
[  132.719477][ T1556]  __free_slab+0xce/0x1a0
[  132.723642][ T1556]  __unfreeze_partials+0x165/0x1a0
[  132.728592][ T1556]  put_cpu_partial+0xa9/0x100
[  132.733196][ T1556]  __slab_free+0x1c8/0x280
[  132.737536][ T1556]  ___cache_free+0xc6/0xd0
[  132.741802][ T1556]  qlist_free_all+0xc5/0x140
[  132.746321][ T1556]  kasan_quarantine_reduce+0x15a/0x180
[  132.751608][ T1556]  __kasan_slab_alloc+0x24/0x80
[  132.756295][ T1556]  slab_post_alloc_hook+0x53/0x2c0
[  132.761330][ T1556]  kmem_cache_alloc+0x175/0x320
[  132.766015][ T1556]  getname_flags+0xba/0x520
[  132.770356][ T1556]  __se_sys_newfstatat+0xe2/0x7b0
[  132.775213][ T1556]  __x64_sys_newfstatat+0x9b/0xb0
[  132.780075][ T1556] 
[  132.782244][ T1556] Memory state around the buggy address:
[  132.787714][ T1556]  ffff888121972b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  132.795615][ T1556]  ffff888121972c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  132.803512][ T1556] >ffff888121972c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  132.811406][ T1556]                                                              ^
[  132.818959][ T1556]  ffff888121972d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  132.826858][ T1556]  ffff888121972d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  132.834754][ T1556] ==================================================================
[  132.842742][ T1556] Disabling lock debugging due to kernel taint
[  132.849568][   T19] usb 2-1: USB disconnect, device number 17
[  132.868736][ T8242] syz.2.3385: attempt to access beyond end of device
[  132.868736][ T8242] loop2: rw=2049, sector=45096, nr_sectors = 96 limit=40427
[  132.883665][ T6094] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  132.884305][ T8242] syz.2.3385: attempt to access beyond end of device
[  132.884305][ T8242] loop2: rw=2049, sector=77824, nr_sectors = 40 limit=40427
[  132.894510][ T6094] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  132.908209][ T8242] syz.2.3385: attempt to access beyond end of device
[  132.908209][ T8242] loop2: rw=2049, sector=45096, nr_sectors = 96 limit=40427
[  132.917794][ T6094] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  132.944415][ T6094] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  132.953417][ T6094] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  132.961450][  T292] syz-executor: attempt to access beyond end of device
[  132.961450][  T292] loop2: rw=2049, sector=45192, nr_sectors = 8 limit=40427
[  132.962211][ T6094] usb 10-1: config 0 descriptor??
[  133.383490][ T6094] plantronics 0003:047F:FFFF.0023: No inputs registered, leaving
[  133.391917][ T6094] plantronics 0003:047F:FFFF.0023: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.9-1/input0
[  135.521966][ T6094] usb 10-1: USB disconnect, device number 9