last executing test programs:

3m42.289186437s ago: executing program 2 (id=288):
r0 = syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000000030020f003176c400000000001090224725100000000090400001207010300090501020000000000090582020002"], 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r2}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r1}, &(0x7f0000000280), &(0x7f0000000300)=r2}, 0x20)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={0xffffffffffffffff, &(0x7f0000000000), 0x0}, 0x20)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
getresgid(0x0, 0x0, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0x12)
bpf$BPF_PROG_QUERY(0x10, &(0x7f00000007c0)={@cgroup, 0x8, 0x0, 0x0, &(0x7f00000002c0)=[0x0], 0x1, 0x0, &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000580)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000780)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r4=>0x0}, 0x40)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000800)={@fallback=r2, r3, 0xe, 0x18, 0x0, @void, @value=r3, @void, @void, r4}, 0x20)
timer_settime(0x0, 0x0, 0x0, 0x0)
dup(0xffffffffffffffff)
read(0xffffffffffffffff, &(0x7f0000000380)=""/189, 0x8)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r5}, 0x10)
syz_usb_control_io(r0, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r6 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
writev(r6, &(0x7f0000000140)=[{&(0x7f0000000200)="7a1a", 0x2}], 0x1)

3m39.929316576s ago: executing program 2 (id=304):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000100)='net_dev_xmit\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000002ec0)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e01f3440cee51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cad32b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337602d3e5a815232f5e16c1b30c3a6abc85018e5ff2c91018afc9ffc2cc788bee1b47683db012469398685211dfbbae3e2ed0a50e7393bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d300006aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7af22e30d46a9d26d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977fb536a9caab37d9ac4cfc1c7b400000000000007ffc826b956ba859ac8e3c177b91bd7d5e41ff83ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d000069a16203a967c1bbe09315c29877a308bcc87dc3addb08142bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8240000e3428d2129369ee1b85af9ffffff0d0df414b315f651c8412392191fa83ee830548f11be359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92000000000f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb74d4ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905de328c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a978ee56c83a3466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342e0eaf6f330e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea95ec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf81700cd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be3827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f969369de47422604e2fc5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293b6c833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b612272d40f522d8c98c879aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbe71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd46dbd61627a2e0a74b5e6aefb7eee403502734137ff47a57f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a125e3af1130d66a7b66837ae7e7123dde7404a067ad0a6a2d6bec9411b61cad4121be3c72ff3a04713042253d438e7becf8120de3895b8ce974958bde39cb8da3427a2e9e2de936431e67fed5ab5684db07de39083d8948cc4c8a2608100000000000000000000aecb8b0b7941088f971ce17427eec32a012295cc0cdd32955176b6ad5a4bb953e58ccfa9428f452cfb5a48a9fda26db3985c8be3c2f99827da074825b01c4a3a71fb59d5798100000000000000c76b05a45d2dd8c20d971e2f3e4369168f5cb83d6ff3a18733fec726034fbfa95624135bee374414b2c8c61f52357a520efd6a10aff244bc8a62ed367981fb4d5d77f7bc093958ff46527499957da4934cd4b370cf76f72dd05fa80cdfb68c836fd81be7a58532e041a87f9222f157610a4bcdc05b2a55308c8e7568b90f7a338557e816a16972aea79dff5becefa6f9c5ce6c58fb38da9e7532dc53cfdc2e789b76f7d32aca1bfea2aa62621b78dded30fc07171866bf3d552900000000a32dda61eeda1750e157c2d569b9d08f583c0ee28daec2e8bb85f3c8e91c4448096ee953def18dc73e55cb30f9cd069d8780b00eaba382f0c3ae391c30a5f1b0f36dd0c2193b791995d2890327a10d7abac76d1202f72e97f0105184d7aaaab8d3e29c9a8d263f076b55cf53c5bb9c0662a3d19a6722d7f83ae4331d3256f90a"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xe2c, 0x60000000, &(0x7f0000000100)="b9ff03316844268cb89e14f0080047e0ffff00124000632f77fbac14fe16e000030a07080403fe80000020006558845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0x24, 0x60000000}, 0x2c)

3m39.776736506s ago: executing program 2 (id=305):
socket$nl_route(0x10, 0x3, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000003c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x10, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000440)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x5, 0x1, 0x0, @void, @value, @void, @value}, 0x50)
r3 = syz_io_uring_complete(0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.numa_stat\x00', 0x275a, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r4, 0x8004587d, &(0x7f00000003c0)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x4})
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000500)=@generic={&(0x7f00000004c0)='./file0\x00', 0x0, 0x10}, 0x18)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x6, 0x11, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x5}, [@printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x6}}, @map_idx_val={0x18, 0xb, 0x6, 0x0, 0x3, 0x0, 0x0, 0x0, 0x9}, @btf_id={0x18, 0x9, 0x3, 0x0, 0x5}, @map_idx={0x18, 0x5, 0x5, 0x0, 0x10}]}, 0x0, 0x5, 0xf3, &(0x7f0000000180)=""/243, 0x41000, 0x9, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f00000002c0)={0x4, 0x2}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000540)=[r1, r2, r3, r4], &(0x7f0000000580)=[{0x5, 0x4, 0xc, 0x6}, {0x4, 0x5, 0x4, 0x2622fac9047dc2f2}, {0x4, 0x1, 0x1, 0x6}, {0x0, 0x4, 0xa, 0xb}, {0x4, 0x2, 0x6, 0x8}, {0x0, 0x3, 0x10, 0xa}], 0x10, 0x80000000, @void, @value}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x88, 0x30, 0x1, 0x0, 0x0, {}, [{0x74, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r6 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff})
connect$unix(r3, 0x0, 0x0)
sched_setaffinity(r6, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$IPSET_CMD_SAVE(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="1c00000008060102000000070000000000000000050001000780000007000000000000000c6074810f485a2c7d82086521bdc5735a7d842d3fcd8ae5a38ff8c7284c270abe0872009c401f6737b894d4c99132491b719c072bac3511f6d500bdb2f9db97499b9bed6fa0a34c2669e1acc815cd53a9cfbac2dd0fd0fc602fd65d829fa799ae453d73f88869375fb99316033504627723d0d8acc57548957a09fbd25d5167cf25b820c5fc39db420700000064e9c04ce96d8537e1d1d6ed9a4e7ec22664c24cb7e1853501ce451bdb02f2e10dbe3938830ad5"], 0x1c}}, 0x0)

3m39.776323065s ago: executing program 2 (id=306):
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000300)={'erspan0\x00', &(0x7f0000000440)={'tunl0\x00', <r0=>0x0, 0x8000, 0x8, 0x8000, 0xc9cd, {{0x31, 0x4, 0x3, 0x6, 0xc4, 0x65, 0x0, 0xf3, 0x4, 0x0, @remote, @multicast2, {[@rr={0x7, 0x23, 0xec, [@loopback, @remote, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x1e}, @private=0xa010102, @loopback, @local, @remote]}, @timestamp_prespec={0x44, 0x3c, 0xe4, 0x3, 0x5, [{@empty, 0x1000}, {@local, 0xa}, {@rand_addr=0x64010100, 0x8}, {@rand_addr=0x64010101, 0x6}, {@dev={0xac, 0x14, 0x14, 0x3a}, 0x40}, {@local, 0x1ff}, {@multicast1, 0xb64}]}, @lsrr={0x83, 0x13, 0x1a, [@broadcast, @multicast2, @rand_addr=0x64010101, @empty]}, @end, @cipso={0x86, 0x3b, 0xfffffffffffffffd, [{0x5, 0x3, 'R'}, {0x7, 0xe, "107ee703012552501d672ffa"}, {0x6, 0x12, "476bfb94fdff60bf49eb71c774c853ec"}, {0x1, 0xb, "28c605fbf9efd19bdc"}, {0x1, 0x2}, {0x2, 0x5, "d1f414"}]}]}}}}})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000000)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x2cab91c23f62543, 0x27, '\x00', r0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x58, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94)
setgroups(0x0, 0x0)
getgroups(0x1, &(0x7f0000000080)=[<r1=>0xee00])
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000180)='./file2\x00', 0x1000844, &(0x7f0000000b80), 0x3, 0x359, &(0x7f0000000740)="$eJzs3U1oY9UXAPCTeWnSGZh/u/jDoCA83QlaphUXumoZOjCYjUrwYyEGp6PS1IEGg51FM12JS8Glrty50IWLrsWFiLhx4dYRZFRc6OwGHHySvJcmadKPETJj8fdbhJN773n33ObRvL42t68ux/rlmbhy69bNmJ0tRXn5wnLcLsV8JNF3PcZVJrQBACfD7SyLP7LcMVNKUy4JAJiy3vv/62f7T08fNT7z7g8AJ17x8/+h7/uzB3VcnUpJAMCUjd3/f2SkuzL6q/7y0F8FAAAn1fMvvfzMSi3iuTSdjdh4t11v1+PpQf/KlXgzmrEW52Mu7kTkFwrdh1Lv8eKl2ur5NE078fN81LsZ7XrERqddz68UVpJefjUWYy7mi/ziaiPLsuTi57XVxbQnIq53evPHRqldn4kzxfw/nIm1WIo0/j+WH3GptrqUFgeob/TzOxE7g/sW3foXYi6+ey2uRjMuRze3f1lTW91eTNMLWW0kv12v9sblDrwDAgAAAAAAAAAAAAAAAAAAAAAA/8hCumd+b/+bbLB/z8LChP7e/jh5frE/0E6+P1BWzSLLfn/n8fp7SYzsD7R/f552vRyn7u/SAQAAAAAAAAAAAAAAAAAA4F+jtVWJRrO5ttnaurY+HHQ2W1unIqLb8tbXn355OsbHHBGUizmGutKi6dp6I0v6g7NkZEwRJN3J+y2f7O5VPDymureKiWVUD+5qNs8+/NOHg5aHkv6R/xqMSWLyApN9ZQwHG//LS7qbL9ResHTEmBtZlh2Uvv3KeFaUIsp3/8IdHmTd4KubbzzwROvck72WL7Lco4/NvXDjg49/XW80uzNH7xWsbLbuZOuN4vnkk+3gIBk6f0qRB6XhM6F8WPrOaEsj+f63Fx98/5vjzZ4Nt7w9YUySL+ez/V2VPOiWua/rdB6cGjnOzISTfwrBuY+WG7vbP/5y3KyhbxI26gAAAAAAAAAAAAAAAAAAgHti6LPiheLDvjOHZT317PQrAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB7Z/D//4eCnbGW4wR/diIPvt3Nj93tqq5ttiIq93uZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8x/0dAAD//zIeau4=")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
setregid(0x0, r1)
r2 = syz_clone(0x20300000, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r3)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x1, 0xa, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r4}, &(0x7f0000000200), &(0x7f0000000240)}, 0x52)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r6, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x4}, 0x6)
r7 = socket$key(0xf, 0x3, 0x2)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000400)=ANY=[@ANYBLOB="180000000000000000000000fcffffff18110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r9}, 0x10)
sendmsg$key(r7, &(0x7f0000000000)={0x400000000000000, 0x0, &(0x7f0000000080)={&(0x7f0000000500)={0x2, 0x3, 0x0, 0x9, 0x5, 0x0, 0x0, 0x20000, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote}}]}, 0x28}}, 0x0)
recvmmsg(r6, &(0x7f0000000e80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x10020, 0x0)
r10 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r10, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000240), 0x8)
syz_clone(0x42164000, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_procfs(r2, &(0x7f0000000100)='io\x00')
r11 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r11, 0x8933, &(0x7f0000000140)={'vcan0\x00'})

3m39.407873287s ago: executing program 2 (id=308):
bpf$PROG_LOAD(0x5, &(0x7f0000000cc0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket(0x10, 0x803, 0x0)
syz_mount_image$ext4(&(0x7f0000000180)='ext3\x00', &(0x7f0000000500)='./file0\x00', 0x21085e, &(0x7f0000000300)={[{@init_itable}]}, 0x0, 0x51c, &(0x7f0000000780)="$eJzs3c9vI1cdAPCvvXHiZNMmLT0AgnZpCwtarZN426jqgZYTQqgSokeQtiHxRlHsOIqd0oSVmp65IlGJExz5Azhw6ok7FwQ3LuWAxI8I1CBxGDTjSdabtTcWSewo/nyk2Zk3bzLf74t33lu/bPwCGFu3IuIgIiYj4r2ImMvPF/It3u5s6XWfHT5cPTp8uFqIJHn3H4WsPj0XXV+TupnfsxwR3/92xI8KT8Zt7e1vrtTrtZ28vNBubC+09vbvbjRW1mvrta1qdXlpefGNe69XL6ytLzUm86Mvf/r7g2/8JE1rNj/T3Y6L1Gl66SROaiIivnsZwUbgRt6eyVEnwv+lGBHPR8TL2fM/FzeyVxMAuM6SZC6Sue4yAHDdFbM5sEKxks8FzEaxWKl05vBeiJlivdlq33nQ3N1a68yVzUep+GCjXlvM5wrno1RIy0vZ8aNy9VT5XkQ8FxE/m5rOypXVZn1tlP/wAYAxdvPU+P/vqc74HxHJh6NODgC4POVRJwAADJ3xHwDGj/EfAMaP8R8Axk9n/J8e4MKdy08GABgK7/8BYPwY/wFgrHzvnXfSLTnKP/967f293c3m+3fXaq3NSmN3tbLa3NmurDeb69ln9jTOul+92dxeei12P5j/5narvdDa27/faO5ute9nn+t9v1bKrjoYQssAgH6ee+mTPxXSEfnN6WyLrrUcSiPNDLhsxVEnAIzMjVEnAIyM1b5gfJ3jPb7pAbgmeizR+5hyr18QSpIkubyUgEt2+wvm/2Fcdc3/+1/AMGbM/8P4Mv8P4ytJCoOu+R+DXggAXG3m+IE+P/9/Pt//Ov/hwA/XHtX9Nvvz455fd5B3LxebJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwxx+v/VvK1wGejWKxUIp6JiPkoFR5s1GuLEfFsRPxxqjSVlpdGnDMAcF7Fvxby9b9uz706+1jVizdPDicj4se/ePfnH6y02zt/iJgs/HPq+Hz74/x8dfjZAwBnOx6ns33XG/nPDh+uHm/DzOdv34qIcif+0eFkHJ3En4iJbF+OUkTM/KuQlzsKXXMX53HwUUR8vlf7CzGbzYF0Vj49HT+N/cxQ4xcfi1/M6jr79HvxuQvIBcbNJ2n/83av568Yt7J97+e/nPVQ55f3f+mtVo+yPvBR/OP+70af/u/WoDFe+913OkfTT9Z9FPHFiYjj2Edd/c9x/EKf+K8OGP/PX3rx5X51yS8jbkfv+N2xFtqN7YXW3v7djcbKem29tlWtLi8tL75x7/XqQjZHvdB/NPj7m3ee7VeXtn+mT/zyGe3/6oDt/9V/3/vBV54S/+uv9IpfjBeeEj8dE782YPyVmd+U+9Wl8df6tP+s1//OgPE//cv+2oCXAgBD0Nrb31yp12s7Dp48SJLkw/SbdFXycZC+GlcgjZ4Hbw0r1mSfv5A/faXzTJ+qSpKn3/Ct3lX9eoyLmHUDroKThz4i/jPqZAAAAAAAAAAAAAAAgJ6G8RtLo24jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA19f/AgAA//99m9kb")
openat(0xffffffffffffff9c, 0x0, 0x107042, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000c577df99a40f96922df5abba89da52124eea51d531f5d56dc27b61d9e07cfe5bc24da433", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)={0x34, r3, 0x1, 0x0, 0x2, {}, [@ETHTOOL_A_DEBUG_MSGMASK={0x8, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x4}]}, @ETHTOOL_A_DEBUG_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}]}]}, 0x34}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, 0x0, &(0x7f00000001c0)='GPL\x00', 0x4, 0x92, &(0x7f00000003c0)=""/146, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = socket$can_raw(0x1d, 0x3, 0x1)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xa, 0x3, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r9}, 0x10)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000006c0)={{r8}, &(0x7f0000000640), &(0x7f0000000680)='%pi6   \x00'}, 0x20)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000280)={'ip6tnl0\x00', <r10=>0x0})
sendmsg$can_raw(r7, &(0x7f0000000140)={&(0x7f0000000040)={0x1d, r10}, 0x10, &(0x7f0000000240)={&(0x7f0000000100)=@can={{}, 0xfc, 0x0, 0x0, 0x0, "5d5901d3284a3d58"}, 0x10}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

3m39.216991489s ago: executing program 2 (id=309):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid() (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) (async, rerun: 32)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) (rerun: 32)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f00000005c0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc6751dfb265a0e3ccae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fd52347125907000000000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df262ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71d20fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada12f7a1001500a710eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff000000000000000000000000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18a904c0e585a66c3b84b138efc20a546d3d5227e23b03f2a834391ad24fe7d9b20cf92cb151763d41f5c76e2ff3e93ee296c4082ee73e7e197253a2b66c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0842b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f04c7f0be31491eb8c9ff68236c8600000000000000000000000066e034c81c3cab4e33fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f2243471221c15fa12313ffbfa7c2730302b66a99f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca20508011132153c528f7bca92980a3223c5b9cdddedb0a14adddf9a6e70a26b5c0ee0879c349814bee9d96d8bd23db4e801d49201ae84090455682794098afa42b34196b1d849020eeeb1ef48d003d71524683d7cdfa841bca708414fb8ff49742420d1ab7fa678aa4806d5247616e8bc0b02887f8efe9310ccf9bec1c9b7f6671c9d59ac6b09b4436cafdd1887c8e884c930d21ace088ccc99a94d4b33da2fc1b1310bb607a9ad65844655de1ac9fd36d12e07a821fb950368a970c58fb4f3f403fdaf68902874"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
socket$netlink(0x10, 0x3, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async, rerun: 64)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (rerun: 64)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48) (async)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e) (async)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) (async, rerun: 32)
capset(0x0, 0x0) (rerun: 32)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
poll(0x0, 0x0, 0x5)

3m39.203933899s ago: executing program 32 (id=309):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid() (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) (async, rerun: 32)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) (rerun: 32)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f00000005c0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc6751dfb265a0e3ccae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fd52347125907000000000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df262ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71d20fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada12f7a1001500a710eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff000000000000000000000000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18a904c0e585a66c3b84b138efc20a546d3d5227e23b03f2a834391ad24fe7d9b20cf92cb151763d41f5c76e2ff3e93ee296c4082ee73e7e197253a2b66c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0842b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f04c7f0be31491eb8c9ff68236c8600000000000000000000000066e034c81c3cab4e33fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f2243471221c15fa12313ffbfa7c2730302b66a99f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca20508011132153c528f7bca92980a3223c5b9cdddedb0a14adddf9a6e70a26b5c0ee0879c349814bee9d96d8bd23db4e801d49201ae84090455682794098afa42b34196b1d849020eeeb1ef48d003d71524683d7cdfa841bca708414fb8ff49742420d1ab7fa678aa4806d5247616e8bc0b02887f8efe9310ccf9bec1c9b7f6671c9d59ac6b09b4436cafdd1887c8e884c930d21ace088ccc99a94d4b33da2fc1b1310bb607a9ad65844655de1ac9fd36d12e07a821fb950368a970c58fb4f3f403fdaf68902874"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
socket$netlink(0x10, 0x3, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async, rerun: 64)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (rerun: 64)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48) (async)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e) (async)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) (async, rerun: 32)
capset(0x0, 0x0) (rerun: 32)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
poll(0x0, 0x0, 0x5)

3m14.309036611s ago: executing program 5 (id=396):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
sendmmsg$inet(r0, 0x0, 0x0, 0x240080e4)
sched_setscheduler(0x0, 0x1, 0x0)
getpid()
bpf$PROG_LOAD(0x5, 0x0, 0x0)
readv(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xbf27b000)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000004f4b000000000000000000180100002020702000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000fdffffff850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
io_uring_register$IORING_REGISTER_FILES_UPDATE2(0xffffffffffffffff, 0xe, &(0x7f0000000400)={0x7a8a, 0x0, 0x0, 0x0}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xc, 0xe, &(0x7f0000001700)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000f0ffffff7a0af0ff0200000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000010000006a0af2fe000000008500000009000000b700000000000000950000000000000000e154cd8445974b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87881c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f85db47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dac06b57479321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ab99dda0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c958559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7f9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d00000020000000ef19349ee7f31abc11c800000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da202274f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec7ffff35e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000749efd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c41ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0e2e9120be61e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42cea68bef67422ecc13968a27ef6a1296dfff4a979369b0e8ebc62887aa46e824d86869ec4ab392b0a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f78fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb3c035fc6846abe389b25c988f0bbb889560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a412a9b7d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f85714a1d3ef29acd4d49b62339c10c2ec0dac090000000000000084d8223edbccbf9258b7374e79a1f8bf3fb73c8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc309353eea4cd8ab96bafda393276bdd8d32ead8db9e1b54d2d3d50e2815268fc1a6ec566981bc8ca2a4583f3d40e817433d0f4f25cfe6cc1897449ba5f26a9d66ac73e6f5c401376f23a314e0b9ff997d22f381ba6e0363d0a4a8a813edaa626f0000000000000000004f9e02a3b51a97c4b1c1b411cc6bee2a56f29c55a6aac46a0cfc318fae02922a403431d4e5a4396cad2c8dd34037bc041a2ba1505ba2c4889122ca04e85881aad5f8bfc12e6741872aad21bf5301cd4c60"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000001c0), 0xfffffedf, 0x10, &(0x7f0000000040), 0x0, 0x0, 0xffffffffffffffff, 0xd, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r2, 0x0, 0x10, 0x0, &(0x7f0000000400)="e0b9547ef3873ce6dbe9abc89b6f5bec", 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioprio_get$uid(0x3, 0x0)

3m13.344216028s ago: executing program 5 (id=398):
getpid() (async)
getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
fcntl$getflags(r0, 0x1)
sendmmsg$unix(r1, 0x0, 0x0, 0x0) (async)
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
socket$inet6(0xa, 0x2, 0x0) (async)
r4 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r4, &(0x7f0000000380)={0xa, 0x14e24}, 0x1c)
connect$inet6(r4, &(0x7f00000002c0)={0xa, 0x4e24, 0x2}, 0x1c)
sendmmsg(r4, &(0x7f0000006400)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40080)
accept$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4}, &(0x7f0000000100)=0x1c)
splice(r4, 0x0, r3, 0x0, 0x800000000000045, 0x0)
ioctl$TIOCGSID(r3, 0x5429, &(0x7f0000000080)) (async)
ioctl$TIOCGSID(r3, 0x5429, &(0x7f0000000080))
r5 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_inet_SIOCSIFNETMASK(r5, 0x891c, &(0x7f0000000e80)={'syz_tun\x00', {0x2, 0x4e25, @empty}})
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r6}, 0x4)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1b, 0x18, &(0x7f00000003c0)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x200, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r7}, 0x10)
socket$netlink(0x10, 0x3, 0x0) (async)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000180)=ANY=[@ANYBLOB="4000000010001fff00"/20, @ANYRES32=0x0, @ANYRES8=r5, @ANYRES64=r5], 0x40}}, 0x40080)

3m13.273309132s ago: executing program 5 (id=399):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="3c0000001000010429bd70000000000000000040", @ANYRES32=0x0, @ANYBLOB="9320000000000000140012800b0001006d616373656300000400028008"], 0x3c}}, 0x20000000)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r2, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000080)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000108000000180001801400020073797a5f74756e00000000000000000018000280140003"], 0x44}}, 0x0)

3m13.208735176s ago: executing program 5 (id=402):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
r1 = syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000300)={[{@grpjquota}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1}}, {@oldalloc}, {@norecovery}, {@discard}, {@lazytime}, {@noload}, {@usrquota}, {@noauto_da_alloc}]}, 0xfe, 0x54d, &(0x7f0000000400)="$eJzs3d9rW1UcAPDvTdv96nQdjKE+SGEPTubStfXHBB/mo+hwoO8ztHdlNFlGk461Dtwe3IsvMgQRB+If4LuPw3/Av2KggyGj6IMvkZvedNmatFmXrZn5fOC259x703NPzv2enpOTkACG1mT2oxDxakR8m0Qcajs2GvnByfXz1h5cm8u2JBqNz/5KIsn3tc5P8t/jeeaViPjt64gThc3l1lZWF0vlcrqU56fqlctTtZXVkxcrpYV0Ib00Mzt7+p3Zmfffe7dvdX3z3D8/fHrno9PfHFv7/pd7h28lcSYO5sfa6/EUrrdnJmMyf07G4sxjJ073obBBkuz2BbAjI3mcj0XWBxyKkTzqgf+/ryKiAQypRPzDkGqNA1pz+z7Ng18Y9z9cnwBtrv/o+msjsa85NzqwljwyM8rmuxN9KD8r49c/b9/Ktujf6xAA27p+IyJOjY5u7v+SvP/buVM9nPN4Gfo/eH7uZOOftzqNfwob45/oMP4Z7xC7O7F9/Bfu9aGYrrLx3wcdx78bi1YTI3nupeaYbyy5cLGcZn3byxFxPMb2Zvmt1nNOr91tdDvWPv7Ltqz81lgwv457o3sffcx8qV56mjq3u38j4rWO499ko/2TDu2fPR/neizjaHr79W7Htq//s9X4OeKNju3/cEUr2Xp9cqp5P0y17orN/r559Pdu5e92/bP2P7B1/SeS9vXa2pOX8dO+f9Nux3Z6/+9JPm+m9+T7rpbq9aXpiD3JJ5v3zzx8bCvfOj+r//FjW/d/ne7//RHxRY/1v3nkZtdTB6H955+o/Z88cffjL3/sVn5v7f92M3U839NL/9frBT7NcwcAAAAAAACDphARByMpFDfShUKxuP7+jiNxoFCu1uonLlSXL81H87OyEzFWaK10j7e9H2I6fz9sKz/zWH42Ig5HxHcj+5v54ly1PL/blQcAAAAAAAAAAAAAAAAAAIABMd7l8/+ZP0Z2++qAZ85XfsPw2jb++/FNT8BA8v8fhpf4h+El/mF4iX8YXuIfhpf4h+El/mF4iX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoq3Nnz2ZbY+3BtbksP39lZXmxeuXkfFpbLFaW54pz1aXLxYVqdaGcFueqle3+XrlavTw9E8tXp+pprT5VW1k9X6kuX6qfv1gpLaTn07HnUisAAAAAAAAAAAAAAAAAAAB4sdRWVhdL5XK6JCGxo8ToYFyGRJ8Tu90zAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBD/wUAAP//y284sw==")
getresuid(0x0, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10)
accept4$inet6(0xffffffffffffffff, &(0x7f0000004a00)={0xa, 0x0, 0x0, @empty}, &(0x7f0000004a40)=0x1c, 0x0)
syz_open_procfs(0x0, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f000000ac00)={0x2020, 0x0, <r3=>0x0, <r4=>0x0}, 0x2020)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000004200)={0x50, 0x0, r3, {0x7, 0x1f, 0x0, 0xeea390}}, 0x50)
fstat(r1, 0x0)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x313a483, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x1480, 0x0)
mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc01, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000a00)=ANY=[@ANYBLOB="18004000000000000000000000000000181100004587357fdef627ffc118a8d60a69642ccccb877135b84bb9761e00"/56, @ANYRESHEX=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000800000850000008200000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000100))
syz_mount_image$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe2$9p(&(0x7f0000001900)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r7, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r8 = dup(r7)
write$FUSE_BMAP(r8, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r8, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r6, @ANYBLOB=',wfdno=', @ANYRESHEX=r8])
chmod(&(0x7f0000000140)='./file0\x00', 0x0)

3m12.936160202s ago: executing program 5 (id=405):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x65, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0xa4}, [@initr0]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r3=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=@framed={{}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r4}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r5}, 0x10)
recvmmsg(r3, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x1d, 0x200000000000013d, &(0x7f0000000180)=ANY=[@ANYRESOCT=0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f00000002c0)=[{0x6}]}, 0x10)

3m11.573094453s ago: executing program 5 (id=408):
socket$packet(0x11, 0x2, 0x300)
bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xffffffff)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0, 0xeeef0000})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
io_uring_setup(0x32e6, &(0x7f0000000580)={0x0, 0x86ba, 0x40, 0x80000003, 0xfffffffc})
bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000440), 0x10)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0x0, @host}, 0x10)
close_range(0xffffffffffffffff, r0, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x0, 0x0, 0x0, 0x0, 0x25, 0x0, 0x0, 0x42, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0xfffffffffffffefd, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2000000f, @void, @value}, 0x94)

3m11.536151205s ago: executing program 33 (id=408):
socket$packet(0x11, 0x2, 0x300)
bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xffffffff)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0, 0xeeef0000})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
io_uring_setup(0x32e6, &(0x7f0000000580)={0x0, 0x86ba, 0x40, 0x80000003, 0xfffffffc})
bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000440), 0x10)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0x0, @host}, 0x10)
close_range(0xffffffffffffffff, r0, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x0, 0x0, 0x0, 0x0, 0x25, 0x0, 0x0, 0x42, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0xfffffffffffffefd, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2000000f, @void, @value}, 0x94)

4.178354312s ago: executing program 4 (id=1197):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_udp_int(r5, 0x11, 0x67, &(0x7f0000000040)=0x91, 0x4)
connect$inet6(r5, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x9}, 0x1c)
sendmmsg$inet6(r5, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)

3.165559252s ago: executing program 4 (id=1202):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r1, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
r5 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r5, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x9}, 0x1c)
sendmmsg$inet6(r5, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)

2.19885902s ago: executing program 4 (id=1204):
pipe2(&(0x7f0000000040)={<r0=>0xffffffffffffffff}, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0)
socket$tipc(0x1e, 0x5, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)={0x38, r6, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_DEBUG_MSGMASK={0xc, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x8, 0x3, 0x0, 0x1, [{0x4}]}]}, @ETHTOOL_A_DEBUG_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r7}, 0x10)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

2.090244036s ago: executing program 4 (id=1206):
r0 = socket$packet(0x11, 0x3, 0x300)
writev(r0, &(0x7f0000000000)=[{&(0x7f0000000200)="e2b0ac68d1f301f821d5def9e1b7f7b4512a035c0a13ad0d858a351f81caf5051f183e17cbb2b06613ca79739aa6dd9a1fe488eb2681a47927f095c2cb0639a603e4317b4788e4fd4df0ab87a662a19ba880aa3c77db9b5d7bd4db908299566ea3ef7423f237f630f45b84f3b1e0f7bd0f27bf4b0f5a3722fc6fe6a50da17bcd9bcda97f4cc1552ebeaee97c135a50cc97dd1ca5fe762c7402d2304bb3ffac050e85d128702d6208d0959dd2642a335adace98d4908b2b", 0xb7}, {&(0x7f00000002c0)="21c9464739dcde850f875656376e78c9578639614282b7a76517e57e0769d0f4636f9f3a61bb36e626023520042e021ced72a016fa4615fb6b7a34f1e57b8e151e37a8276b0c14e0d9d63ded712241", 0x4f}], 0x2)
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./file1\x00', 0x101880a, &(0x7f0000000400)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c61636c2c6673796e635f6d6f64653d7374726963742c696e6c696e655f78617474722c6673796e635f6d6f64653d706f7369782c646973636172645f756e69743d7365676d656e742c6261636b67726f756e645f67633d6f6e2c6e6f696e6c696e655f78617474722c646973636172645f756e69743d626c6f636b2c6673796e635f6d6f64653d7374726963742c617467632c657874656e745f63616368652c6661756c745f696e6a656374696f6e3d30303030303030303030303030303031343033302c00271d57a599b8b169a579679e220c689eaaec4fa6229021e75c68a687d319b615573b0b0ceefba8e2e2419434463974ef8174b66469344931de0ccad650792761"], 0x1, 0x550b, &(0x7f00000079c0)="$eJzs3M1rI2UYAPAn/dhv1yIevO3AIrSwiU0/Fr1V3cUP7FJWPXjSNElDdpNMadK09uTBo3jwPxEFTx79Gzx49iYeFG+Ckpmpbv0AoWlj298PJs+8b94887xhWXhmSgK4sOaSX34qxc24GhHTEXEjIjsvFUdmLQ/PRcStiJh64igV839MXIqIaxFxc5Q8z1kq3vrszvD26o9v/vz1t5dnrn/+1XeT2zUwac9HRHc7P9/r5jFt5fFRMV8btrPYXRkWMX+j+7gYp3nca25mGfZqh+tqWVxu5evT7d3+KG51avVRbLW3svntXn7B/rB1mCf7wKPaTjZuNDez2O6nWWwd5HXtH+T/tx30B3meRpHvwyx9DAaHMZ9v7jfz/Ww/zmK9Nyjm87xpo7k/isMiFpeLetppZHVsHueb/n97q93b3U+GzZ1+O+0lq5Xqi5Xq3XJ1J200B82Vcq3buLuSzLc6o2XlQbPWXWulaavTrNTT7kIy36rXy9VqMn+vudmu9ZJqtbJcWSyvLhRnd5LXHrybdBrJ/Ci+0u7tDtqdfrKV7iT5JxaSpcrySwvJ7Wry9vpGsvHw/v31jXfev/feg5fX33i1WPS3spL5pcWlpXJ1sbxUXbhA+/+4KHqM+4djKU26AICzR/8PTMLJ9f87DyNOvv8P/f9YnKn+9/z1/3svREx0/3As+n8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAvr+9kvXs9O5vLx9WL+qWLqmWJcioipiPjtH0zHpSM5p4s8s/+yfvYvNXxTiizD6BqXi+NaRKwVx69Pn/S3AAAAAOfXlx/d+jTv1vOXuUkXxGnKb9pM3fhgTPlKETE798OYsk2NXp4dU7Ls3/dM7I8pW3YD68qYkuW33GbGle0/mT4SrjwRSnmYOtVyAACAU3G0EzjdLgQAAIDT9MmkC2AySnH4KPPwWXD2l/d/PhC8emQEAAAAnEGlSRcAAAAAnLis//f7fwAAAHC+5b//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAv7NzP7eJA1EcgJ8NXth/WrTa+7ayNyhjS9jjHiMKSBMUkANpIQ1QA7mlhAgiPA6BiEMkj20l+j7JmYxlfrxBcJgZaQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAu3Vfrxe3V7+u2Obt9O3lGAwAAAFyyrdaL+p9Z6n9t7n9vbv1s+kVElBFxae4+ik9nmaMmp3p5/ub0+epVDXcRdcLhPSbN9SUi/jTX44+uPwUAAAD4uDbL1TzN1tOf2dAF0ae0aFN++5spr4iIavaQKa085P3KFFZ/v8fxP1NavYA1zRSWltzGudLepP65H1ftpidNkZry4suORWYbOwAA0KPRWdPvLAQAAIA+/Ru6AIZRxPNW5nErcJKaZnvv81kPAAAAeIeKoQsAAAAAOlfP/3s6/2/v/D8AAAAYRjr/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC5tq/Vis1zN2+bs9u3kGQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyxP+8oEAJhEAZ713cmc//DSoOmpiZVIHz8jcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMX+vKRACARBFMwZ/zvp+x9WEvQMIkRAw6OKWjQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBFv/vl/8TUOJPMnTaWjkeStavG1lVj70Hj6MF4+zcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMXO/bzGUcUBAP/OzM7WtooxSg4RUfCgF5tua2tv4kEJHvwThJBua+zWH20QW4qYizfJuRfRo4igxFv/h55b6KXeethDBc/KzM5kp23A9dfMNvl84M377jDM+75ZCPnOewkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtfFb0zgrDguTOK3O3bp/bb3obz/UF25s31kuWhEnbSb9eHih+SFZioij3SUDAADAwZDV9X1E3M13Vos+XSjr/7y+pqj5v31qElf1/Gd1yfpw/V/X/kX75ed7z+0OtDAZp7jpuY3R8PijqfT+rznOu6f/8ope+eTLdy9Z+YWk7249O87L55l8ffPm2/0yPNRGtgDAP3Gs7qug/n2o6AddJgbAgdFrFN51/Z8tdJsTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQBvGW3G0jpOIWO5N48Lt+9fW9+pvbN9Zrtvp69e348vpPYtb5BFxbmM0PN7qbObb5StXL6yNRsNL7QcvRkRXo79ZTf/C+zNcHNHJ8xH8R0Fafdnzks/jEXT4QwkAgH0pr1pR19/Nd1aLc8lixB/fPVj/v9KIY8b6/94Hp281x2rW/4PWZjj/VjYvfrJy+crV1zYurp0fnh9+9PqJwRuDk2dOnTqzUr4rWfHGBAAAgH+nX7Vm/Z8uPrr+f6QRx4z1/6ffDL5ojpWp//c0XfTrOhMAAICD7ZmXfv8t2eN80u/H52ubm5cGk+Pu5xOTYwep/m2Hqtas/7PFrrMCAAAA2jDeSh5Y/z/biGPG9f8nv3/+x+Y9s4g4XK3/H1v/eHS2venMtTb+nLjrOQIAANCtw1Vrrv/n5f7/dHfLQxoRr748iat/AzhT/Z+989UPzbGa+/9PtjfFuZQuTZ5H2S9F9Ja6zggAAID97ImqFcX+r/nO6oc/HXmvb/8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQNv+DAAA///fxzxy")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143441, 0x98)
r2 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r3 = dup(r2)
sendto$packet(r3, 0x0, 0x0, 0x40005, 0x0, 0x0)
pwritev2(r1, &(0x7f00000001c0)=[{&(0x7f0000000080)="ff", 0xfdef}], 0x1, 0xe7b, 0x0, 0x0)
syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0x4800, 0x0, 0x3, 0x0, &(0x7f0000000080))
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103)
sendfile(r4, r4, 0x0, 0x7a680000)

1.437780295s ago: executing program 4 (id=1211):
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r1, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='kmem_cache_free\x00', r2}, 0x10)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0xe22, 0x1000, @rand_addr, 0x5}, 0x1c)
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000180)=0x2, 0x4)
r3 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r3, 0x1, 0x2, &(0x7f0000000240)=0x9, 0x4)
setsockopt$sock_int(r0, 0x1, 0x2, &(0x7f00000002c0)=0xffff, 0x4)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
syz_emit_ethernet(0xd2, &(0x7f0000000d00)=ANY=[@ANYBLOB="0182c2000000ffffffffffff86dd60000000009c1100fe8000000000000000000000000000bbff02000000000000000000000000000100000e22009c90"], 0x0)

1.230387247s ago: executing program 4 (id=1213):
r0 = syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000000030020f003176c400000000001090224725100000000090400001207010300090501"], 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
read(0xffffffffffffffff, &(0x7f0000000380)=""/189, 0x8)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10)
syz_usb_control_io(r0, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
writev(r2, &(0x7f0000000140)=[{&(0x7f0000000200)="7a1a", 0x2}], 0x1)

1.217218268s ago: executing program 1 (id=1214):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x3000046, &(0x7f0000000380)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0xf06}}, {@nodelalloc}, {@grpquota}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x5, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143441, 0x98)
pwritev2(r0, &(0x7f00000001c0)=[{&(0x7f0000000080)="ff", 0xfdef}], 0x1, 0xe7b, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x100010e, &(0x7f0000000a00)={[{@init_itable}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x8}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80}}, {@jqfmt_vfsv0}, {@noload}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x7}}, {@init_itable}, {@bh}]}, 0x1, 0x455, &(0x7f0000000e00)="$eJzs27tvHMUfAPDv7sXOL6+fTQiPPABDQFg87NgJkIIGBBIFSEg0oTS2E4VcYhQbiUQWGIRCiSLRI0ok/gIqaBBQIdFCjyJFyA2B6tDe7d6dz3eO7Zx9Jvf5SGvP7M565uvZWc/u+ALoWyPZlyRif0T8FhFDtezKAiO1b7eWF6f/Xl6cTqJSeevPpFrur+XF6aJocd6+PDOaRqSfJnG0Tb3zV65emCqXZy/n+fGFi++Nz1+5+uz5i1PnZs/NXpo8ffrUyYkXnp98ritx3pO19ciHc8cOv/b29Temz1x/56dvkiL+lji6ZGStg09UKl2urrcONKWTXT1sCBtSioisuwaq438oStHovKF49ZOOJ6bb1EBgy1RyHQ4vVYC7WFK/B1RKLTcF4K5W/KHPnn+LbXtmHjvDzZdqD0BZ3LfyLZaiurN4xBloeb7tppGIOLP0z5fZFlvzHgIAYIXvsvnPM+3mf2nc31Tu//na0HC+lnIwIu6t7I5DEXFfRLXsAxHx4Abrb10kWT3/SW/Uk3s2+MPXIZv/vZivbdXnf7V6iyLDpTx3oBr/QHL2fHn2RP47GY2B3Vl+Yo06vn/l1887HWue/2VbVn8xF8zbcWPX7pXnzEwtTN1JzM1ufhxxZFe7+JP6SkASEYcj4sgm6zj/1NfHOh27ffxr6MI6U+WriCdr/b8ULfEXkrXXJ8f/F+XZE+PFVbHaz79ce7NT/XcUfxdk/b+37fVfj384aV6vnd94Hdd+/6zjM83Ypq7/xo7B/PsHUwsLlyciBpPXa41u3j/ZOLfIF+Wz+EePtx//B6PxmzgaEdlF/FBEPBwRj+R992hEPBYRx9eI/8eXH3+307Gd0P8zLf0/vLJIS/83EoPRuqd9onThh29X/sRGcn33v1PV1Gi+Zz33v/W0a3NXMwAAAPz3pBGxP5J0rJ5O07Gx2v/wH4q9aXlufuHps3PvX5qpfUZgOAbS4k3XUNP70In8sb7IT7bkT+bvjb8o7anmx6bnyjO9Dh763L4O4z/zR6nXrQO2nM9rQf8y/qF/Gf/Qv4x/6F9txv8W/Ks1sBO1+/v/UQ/aAWy/lvFv2Q/6yCaf/we73Q5g+3n/B/2refwnPWwHsK3m98TtPyQvIbEqEemOaEZ3EskWj4L9vQ5w44le35kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC6498AAAD//2JY4hI=")
syz_open_procfs(0x0, &(0x7f0000000080)='mounts\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
lseek(0xffffffffffffffff, 0x7ffffb, 0x0)
r2 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
pwrite64(r2, 0x0, 0x0, 0x8080c61)
fallocate(r1, 0x100000003, 0x800002, 0x28120001)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x10, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000200)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x10)
syz_mount_image$ext4(&(0x7f0000000280)='ext2\x00', &(0x7f0000000f00)='./file0\x00', 0x2000c08, &(0x7f0000000180), 0xfe, 0x263, &(0x7f0000000700)="$eJzs3T9oJFUcB/DfzO6af4tGbUTxD4iIBkLsBBttFAIiQURQISJiJYkQDXZZKxsLrVVS2QSxM1qKTbjm4NrcXYpcc8WFKy5ccVfsMTu7x2azucvtZnfvdj4fmMy8mffmzcB83wyBmQ2gsGYj4u2IKEXEXERUIiJpr/BSPs02i5tTO8sR9fqH15NGvbyca7WbiYhaRLwZUW5tW9/+dP/m7nuv/vRd5ZU/tj+ZGsKplTpXHOzvvX/4+wc//r34xnraXFdtztvP4ww9+0SXleUk4qkBdPawSMqjPgJOY+n7vy5mIXk6Il5u5L8SaTOyP6899n8lXv/tpLa/XLvw3DCPFTh79XoluwfW6kDhpI1n4CSdj4h8OU3n5/Nn+Eul6fTr1bVv575aLa18OeqRCjgr1Yi9d/+d+GemI/9XS3n+gfGV5f+jpa3L2fLhsf+UAWPp+XyW5X/u843XQv6hcOQfikv+YSxUe2wk//Co6zG78g/FJf9QXPIPY6zSWqh13Sz/UFynzv8w3tQDhsr9H4qrPf8AQLHUJ0b9BjIwKqMefwAAAAAAAAAAAAAAAAAAgOM2p3aWW9Ow+jz3a8TBOxFR7tZ/qfF7xBGTjb/TN5Ks2l1J3qwvn73Y5w769Ofg376uTxwtT7YXHr8y8P7v6fwLg9nvD0eLJ37BcmMlopZVXiiXj19/SfP6692T99le+aLPDh5Q0lF+6+Ph9t/p9tZo+1/cjfgvG38Wuo0/aTzTmHcff6rtn1ju0Te3+twBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ3MnAAD//7Gtauk=")
r8 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x441, 0x14a)
fallocate(r8, 0x20, 0x8000, 0x18000)

982.341071ms ago: executing program 6 (id=1222):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000001c0), 0xffffffffffffffff)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000ec0)={'wpan0\x00', <r3=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000002e80)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010001000100fddbdf2529b2000014002d800800020002800000050001000100000008000300", @ANYRES32=r3], 0x30}, 0x1, 0x0, 0x0, 0x48894}, 0x8000)

922.233845ms ago: executing program 6 (id=1225):
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
sendmsg$802154_raw(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)="083b000000000022add7aead", 0xc}}, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x3a, 0x0, 0x0)
r1 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r1, 0x0, 0x0)
listen(r1, 0x8)

804.711572ms ago: executing program 6 (id=1231):
r0 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000014c0)=@newtaction={0x14, 0x30, 0x1, 0x70bd27, 0x25dfdbfc}, 0x14}}, 0x4014)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xfff3}, {0xffff, 0xffff}, {0xc}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000080)=@newtfilter={0x3c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {}, {0x2, 0xe}}, [@filter_kind_options=@f_route={{0xa}, {0xc, 0x2, [@TCA_ROUTE4_IIF={0x8, 0x4, r1}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x24000081)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

781.531974ms ago: executing program 6 (id=1233):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @any, 0xfffa}, 0xe)
close(r0)

734.928446ms ago: executing program 6 (id=1234):
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={0xffffffffffffffff, 0x108, 0xe, 0x0, &(0x7f0000000340)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0xf48f, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x8014}, 0x4004081)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000040)={'bridge_slave_0\x00'})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'bridge_slave_0\x00', @broadcast})

653.517841ms ago: executing program 6 (id=1238):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'bridge_slave_0\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=@bridge_dellink={0x2c, 0x13, 0x5, 0x0, 0x0, {0x7, 0x0, 0x0, r3}, [@IFLA_AF_SPEC={0xc, 0x1a, 0x0, 0x1, [@AF_INET={0x8, 0x5, 0x0, 0x1, {0x4, 0x7}}]}]}, 0x2c}}, 0x0)

573.401726ms ago: executing program 0 (id=1241):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400000010e7010000000000000000000000000a20000000000a03000000000000000000070000000c00044000000000000000021c000000090a010400000000000000000700000008000a4000000003"], 0x64}, 0x1, 0x0, 0x0, 0x4004001}, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x40d, 0x70bd25, 0x25ffdbfc, {0x0, 0x0, 0x0, 0x0, 0x10}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_HELLO_TIME={0x8, 0x2, 0x6}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)

558.251996ms ago: executing program 0 (id=1243):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_IFLAGS={0x6, 0x2, 0x2020}]}}}, @IFLA_IFNAME={0x14, 0x3, 'nicvf0\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0xc845}, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

536.266508ms ago: executing program 0 (id=1244):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @any, 0xfffa}, 0xe)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
close(r0)

462.356192ms ago: executing program 0 (id=1245):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000005c0)=ANY=[@ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="0200000002"], 0x10)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r2, r3, 0x2, 0x2, 0x0, @void, @value}, 0x10)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="180000000000000000000000000000009500160000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r4}, 0x10)
r6 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r5}, 0x8)
close(r6)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005345c0f63cdc2e82818254950ee03568b8809a1f04c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab66c1aae9314d7381fcfeb970bea672010000000000000043144648a07a975bd89dc398712376610faa54f12495b4659be8673086f6f3543205d4bc4ce05b8b961103673dff7f158052e62bfbdcddde6985f3f1ac5d9a94cc53207899762a07282a1914452d11858e795a3ca30a101af5574f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5ed44039aab46419496362e54cfad05b4004ac71a003d7b85d07191bed4e5a8908263722d4146f7ed569985439baa355cf3d8731f5e7a237bc06d035a8d601f21746d880819f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c5b9f87d988c9fbd2b9d9b4e2d71753b1549fa734f0b2e5fcf9549804cddad721971637f9c9730a9cc384eed30345979db9c93e1c52f42cad0a4d4f9436d3f39b0ed09c395dc6e970366087a8e4daeeb1b017006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f710c490ecd085d2811a7555c53030000007f00000000bfa6478eb96b079c277e2910b7ccdc3d672ed34aa65278c549e2abb549ad954884289130bc71cee2b7de62bf48129ae1af052a2d46a6165eb0954dac7265f1f425735acf6377793946b3229e861d8ea49806b3b533345d36ecef9df700000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c000000aaae37f044bcadeb0f6846582b7653665aa336db9f0384d3c7ddf79c2e0000000000000000000000000000000000000000000000e154aa0d3e41986a668ee1e5ef93a8ceac75f44aae95e26742f895f287111f8ee86f7e3ffb63cfb0e345cf7fc63dd2b0d30977899c6f03640040af4db71f7452bfc79a05118d8bb42b63b195771e42f9942ec626bd4b5461b74324012164e8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@cgroup=r8, r7, 0x2, 0x6, 0x4000, @void, @value}, 0x10)

461.978012ms ago: executing program 0 (id=1247):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r2, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x18, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94)
setsockopt$MRT_ADD_VIF(r2, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10)
setsockopt$inet_mreq(r1, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8)
syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @address_request}}}}, 0x0)
setsockopt$MRT_ADD_MFC_PROXY(r2, 0x0, 0xd2, &(0x7f0000000200)={@empty, @multicast2=0xe0000300, 0x1, "028a3f6c58b274e6d8451697efe42811ee1df06e9264f7d866b1970548fc3c7b", 0xb2, 0xfffffff5, 0x6, 0x6}, 0x3c)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0)

400.971505ms ago: executing program 3 (id=1250):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f00000002c0)={0x1, 0x4, 0x0, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
r1 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_FLUSH(r1, 0x0, 0xd4, &(0x7f0000000300)=0x8, 0x4)

330.37804ms ago: executing program 0 (id=1251):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f0000000100), 0x1c)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r3, 0x8)
setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000400)={@in6={{0xa, 0x4e24, 0x91, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x5}}, 0x0, 0x0, 0x32, 0x0, "0c9e089c9b4a04000bde79090003c458187eb46c2d996aff287154e786455261c425a7519cc253d04e6205abd307a0c4fa3838bf399ad5bd35f21907c7988d1300"}, 0xd8)
setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x4e24, 0x0, @private1={0xfc, 0x1, '\x00', 0xfe}, 0x2}}, 0x0, 0x0, 0x4, 0x0, "a1c1dd75a6843e10951cd4b347113e55eb499519becf7542c90bc21470e441225642855b5f2faed4a18d67efd5f2fdf98328de94410300"}, 0xd8)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r4, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e21, 0x1, @mcast2, 0x4}}, 0x0, 0x0, 0x11, 0x0, "2b20a9a47cddc63b223be606d7fa19f22a369ae751de81ca4d11e10450d766feb63b382d54ba4bb57a219cad5ddfc1e4fe760a1ce2ca64196953e92a07b3937730a33b6deca160d8c2fbff48eb964283"}, 0xd8)
listen(r5, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r6, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r7, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100080c10000000000000000000", 0x58}], 0x1)

272.942133ms ago: executing program 3 (id=1252):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$inet(r3, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmsg$inet(r5, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
sendmsg$inet(r7, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x0)
close(r6)
pipe(0x0)

243.343265ms ago: executing program 3 (id=1253):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=@updpolicy={0xc4, 0x19, 0xfd3649826d894c67, 0x703d25, 0x0, {{@in6=@mcast1, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x0, 0x9, 0x8000000000000001, 0x8000000000000001}, {0x8, 0x8}, 0x0, 0x0, 0x1}, [@policy_type={0xa, 0x10, {0x1}}]}, 0xc4}}, 0x0)

196.951648ms ago: executing program 3 (id=1254):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xd}, 0xe)
sendmmsg(r0, &(0x7f0000000200)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20048046)

135.233992ms ago: executing program 3 (id=1255):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x24}}, 0x0)
getsockname(r1, &(0x7f0000000400)=@xdp={0x2c, 0x0, <r2=>0x0}, &(0x7f00000000c0)=0x30)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x48, 0x10, 0x581, 0x400, 0x0, {0x0, 0x0, 0x0, r2, 0x48005}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LOCAL={0x14, 0x2, @private1}]}}}]}, 0x48}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r4)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x14, 0x0, 0x0)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x2, &(0x7f0000000b80)=@gcm_128={{0x303}, '\x00', "4617a9f6040839230fb7fead776dd8dc", "3f4051c4", "a44a889722b66244"}, 0x28)
socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0xffffff4d, &(0x7f0000000480)={&(0x7f0000000200)=@delchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x0, 0xffe0}}}, 0x24}}, 0x0)

134.831182ms ago: executing program 1 (id=1256):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.numa_stat\x00', 0x26e1, 0x0)
close(r0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
ioctl$SIOCSIFHWADDR(r0, 0x8b1a, &(0x7f0000000000)={'virt_wifi0\x00', @random="0200002000"})

33.099948ms ago: executing program 1 (id=1257):
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6)
write(r0, &(0x7f0000000040)="05000000010000", 0x7)

33.028818ms ago: executing program 1 (id=1258):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a80)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a320000000094000000060a010400000000000000000100000208000b40000000006c000480340001800b000100657874686472000024000280080001400000000c080003400000000008000440000000220500020007000000340001800c0001006269747769736500240002800800034000000002080001400000001408000240000a001208000340000000040900010073797a30"], 0x108}}, 0x0)

32.969867ms ago: executing program 1 (id=1259):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_TDLS_OPER(r1, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000040)={0x1c, r0, 0x1, 0x0, 0x0, {{0x8}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0)

26.132708ms ago: executing program 3 (id=1260):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@empty, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast1, 0x0, 0x2b}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x3}}, 0xe8)
r1 = socket$key(0xf, 0x3, 0x2)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4)
sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0)
sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, 0x0, 0x40)
sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}}, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc0000000000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x4000)
sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000000000000020ac1e000100000000000000000000000000000000000000000a0040", @ANYRES32=0x0], 0xb8}}, 0x0)

0s ago: executing program 1 (id=1261):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000004d00)={&(0x7f0000004640)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a34000000140a010300000000000000000200000008000340000000000900010073797a30000000000c0006"], 0x5c}}, 0x0)

kernel console output (not intermixed with test programs):

10
[  229.156002][ T3357]  ? security_quotactl+0x8c/0xb0
[  229.160778][ T3357]  do_quotactl+0x454/0x620
[  229.165029][ T3357]  __se_sys_quotactl+0x2b1/0x760
[  229.169806][ T3357]  ? fput_many+0x160/0x1b0
[  229.174059][ T3357]  ? __x64_sys_quotactl+0xb0/0xb0
[  229.178912][ T3357]  ? ksys_write+0x260/0x2c0
[  229.183252][ T3357]  ? debug_smp_processor_id+0x17/0x20
[  229.188460][ T3357]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  229.194462][ T3357]  __x64_sys_quotactl+0x9b/0xb0
[  229.199136][ T3357]  x64_sys_call+0x4ea/0x9a0
[  229.203478][ T3357]  do_syscall_64+0x3b/0xb0
[  229.207729][ T3357]  ? clear_bhb_loop+0x35/0x90
[  229.212243][ T3357]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  229.217968][ T3357] RIP: 0033:0x7fbed95a7169
[  229.222224][ T3357] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  229.241661][ T3357] RSP: 002b:00007fbed7c11038 EFLAGS: 00000246 ORIG_RAX: 00000000000000b3
[  229.249906][ T3357] RAX: ffffffffffffffda RBX: 00007fbed97bffa0 RCX: 00007fbed95a7169
[  229.257719][ T3357] RDX: 0000000000000000 RSI: 0000400000000000 RDI: ffffffff80000601
[  229.265528][ T3357] RBP: 00007fbed7c11090 R08: 0000000000000000 R09: 0000000000000000
[  229.273361][ T3357] R10: 0000400000000140 R11: 0000000000000246 R12: 0000000000000001
[  229.281159][ T3357] R13: 0000000000000000 R14: 00007fbed97bffa0 R15: 00007ffcdd0a1d88
[  229.288977][ T3357]  </TASK>
[  229.447652][ T3368] loop1: detected capacity change from 0 to 1024
[  229.513504][ T3368] EXT4-fs (loop1): Quota format mount options ignored when QUOTA feature is enabled
[  229.520849][ T3372] loop4: detected capacity change from 0 to 1024
[  229.529380][ T3368] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option
[  229.538830][ T3368] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,errors=remount-ro,abort,errors=continue,dioread_nolock,jqfmt=vfsv0,nomblk_io_submit,dioread_lock,. Quota mode: writeback.
[  229.582017][ T3372] EXT4-fs (loop4): Ignoring removed nobh option
[  229.595331][ T3372] EXT4-fs (loop4): Ignoring removed bh option
[  229.601740][ T3372] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  229.613922][  T368] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  229.636748][ T3372] EXT4-fs (loop4): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x0000000000000f06,nodelalloc,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback.
[  230.301324][  T368] usb 7-1: device descriptor read/64, error -71
[  230.681336][ T1749] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  230.732131][  T368] usb 7-1: device descriptor read/64, error -71
[  231.061767][ T1749] usb 2-1: New USB device found, idVendor=59cc, idProduct=980d, bcdDevice=b4.8e
[  231.107303][ T1749] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  231.153889][  T368] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  231.157843][ T3397] loop0: detected capacity change from 0 to 1024
[  231.621991][ T3397] EXT4-fs (loop0): Quota format mount options ignored when QUOTA feature is enabled
[  231.638599][ T3397] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[  231.671169][ T3397] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,errors=remount-ro,abort,errors=continue,dioread_nolock,jqfmt=vfsv0,nomblk_io_submit,dioread_lock,. Quota mode: writeback.
[  231.781290][  T368] usb 7-1: device descriptor read/64, error -71
[  231.801319][ T1749] usb 2-1: config 0 descriptor??
[  232.893733][ T1749] usb-storage 2-1:0.0: USB Mass Storage device detected
[  233.333068][ T3418] loop4: detected capacity change from 0 to 512
[  233.435832][ T3418] EXT4-fs (loop4): Ignoring removed nobh option
[  233.464823][ T3425] netlink: 4 bytes leftover after parsing attributes in process `syz.3.818'.
[  233.475502][ T3418] fscrypt (loop4, inode 2): Error -61 getting encryption context
[  233.486501][ T3418] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -61
[  233.495035][ T3418] EXT4-fs error (device loop4): ext4_orphan_get:1401: inode #13: comm syz.4.814: casefold flag without casefold feature
[  233.507833][ T3418] EXT4-fs error (device loop4): ext4_orphan_get:1406: comm syz.4.814: couldn't read orphan inode 13 (err -117)
[  233.519813][ T3418] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsold,nouid32,nobh,stripe=0x000000000000ffff,block_validity,grpjquota=",errors=continue. Quota mode: writeback.
[  233.564450][ T3418] EXT4-fs (loop4): Ignoring removed orlov option
[  233.570680][ T3418] EXT4-fs (loop4): Remounting file system with no journal so ignoring journalled data option
[  233.581132][ T3418] EXT4-fs error (device loop4): ext4_remount:5846: comm syz.4.814: Abort forced by user
[  233.592454][ T3418] EXT4-fs (loop4): Remounting filesystem read-only
[  233.601636][ T3418] EXT4-fs (loop4): re-mounted. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,minixdf,orlov,abort,delalloc,data=journal,. Quota mode: writeback.
[  233.649373][   T26] usb 2-1: USB disconnect, device number 15
[  233.671702][ T3431] fuse: Bad value for 'rootmode'
[  233.691841][   T30] audit: type=1400 audit(1740395201.753:3088): avc:  denied  { bind } for  pid=3437 comm="syz.3.822" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  233.704713][ T3434] loop1: detected capacity change from 0 to 1024
[  233.727055][ T3434] EXT4-fs (loop1): Ignoring removed nobh option
[  233.733371][ T3434] EXT4-fs (loop1): Ignoring removed bh option
[  233.739381][ T3434] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  233.763651][ T3434] EXT4-fs (loop1): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x0000000000000f06,nodelalloc,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback.
[  234.877000][ T3450] loop3: detected capacity change from 0 to 1024
[  234.892724][ T3450] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  234.903676][ T3450] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  234.914306][ T3450] JBD2: no valid journal superblock found
[  234.921473][ T3450] EXT4-fs (loop3): error loading journal
[  234.986677][ T3457] loop0: detected capacity change from 0 to 1024
[  234.992596][ T1749] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  235.005563][ T3457] EXT4-fs (loop0): Quota format mount options ignored when QUOTA feature is enabled
[  235.014997][ T3457] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[  235.022449][ T3457] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  235.035385][ T3457] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  235.043852][ T3457] System zones: 0-1, 3-36
[  235.049664][ T3457] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,delalloc,resuid=0x0000000000000000,debug,dioread_nolock,jqfmt=vfsold,nomblk_io_submit,noauto_da_alloc,,errors=continue. Quota mode: writeback.
[  235.291366][ T1749] usb 5-1: Using ep0 maxpacket: 32
[  235.421481][ T1749] usb 5-1: config index 0 descriptor too short (expected 29220, got 36)
[  235.430212][ T1749] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  235.447285][ T1749] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81
[  235.456702][ T1749] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  235.466306][ T1749] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  235.476403][ T1749] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  235.489781][ T1749] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  235.518899][ T1749] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  235.550838][ T1749] usb 5-1: config 0 descriptor??
[  236.028431][ T3473] loop6: detected capacity change from 0 to 512
[  236.132200][ T3473] EXT4-fs (loop6): Ignoring removed nobh option
[  236.144445][ T3473] fscrypt (loop6, inode 2): Error -61 getting encryption context
[  236.152991][ T3473] EXT4-fs (loop6): Cannot turn on journaled quota: type 1: error -61
[  236.161680][ T3473] EXT4-fs error (device loop6): ext4_orphan_get:1401: inode #13: comm syz.6.830: casefold flag without casefold feature
[  236.174722][ T3473] EXT4-fs error (device loop6): ext4_orphan_get:1406: comm syz.6.830: couldn't read orphan inode 13 (err -117)
[  236.187082][ T3473] EXT4-fs (loop6): mounted filesystem without journal. Opts: jqfmt=vfsold,nouid32,nobh,stripe=0x000000000000ffff,block_validity,grpjquota=",errors=continue. Quota mode: writeback.
[  236.237544][ T3473] EXT4-fs (loop6): Ignoring removed orlov option
[  236.243973][ T3473] EXT4-fs (loop6): Remounting file system with no journal so ignoring journalled data option
[  236.254555][ T3473] EXT4-fs error (device loop6): ext4_remount:5846: comm syz.6.830: Abort forced by user
[  236.265160][ T3473] EXT4-fs (loop6): Remounting filesystem read-only
[  236.272444][ T3473] EXT4-fs (loop6): re-mounted. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,minixdf,orlov,abort,delalloc,data=journal,. Quota mode: writeback.
[  236.273777][ T1749] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 13 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  236.305379][ T1749] usb 5-1: USB disconnect, device number 13
[  236.313111][ T1749] usblp0: removed
[  236.321392][  T368] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  236.561395][  T943] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  236.681381][  T368] usb 1-1: New USB device found, idVendor=59cc, idProduct=980d, bcdDevice=b4.8e
[  236.690631][  T368] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  236.705491][  T368] usb 1-1: config 0 descriptor??
[  236.742128][  T368] usb-storage 1-1:0.0: USB Mass Storage device detected
[  236.921410][  T943] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  236.932224][  T943] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  236.942377][  T943] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  236.951698][  T943] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  236.960495][   T30] audit: type=1400 audit(1740395205.013:3089): avc:  denied  { remount } for  pid=3499 comm="syz.1.838" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  236.960505][ T3501] binder: Bad value for 'max'
[  236.964077][  T943] usb 4-1: config 0 descriptor??
[  237.350209][ T3510] loop6: detected capacity change from 0 to 128
[  237.432385][ T3510] EXT4-fs (loop6): Test dummy encryption mode enabled
[  237.467689][ T3510] EXT4-fs (loop6): mounted filesystem without journal. Opts: test_dummy_encryption,,errors=continue. Quota mode: none.
[  237.485708][ T3510] ext4 filesystem being mounted at /90/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  237.534967][ T1749] usb 1-1: USB disconnect, device number 20
[  237.681344][  T943] usb 4-1: language id specifier not provided by device, defaulting to English
[  237.781300][  T368] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  237.811620][ T3516] loop4: detected capacity change from 0 to 512
[  237.952342][ T3516] EXT4-fs (loop4): Ignoring removed nobh option
[  238.035835][ T3478] UDC core: couldn't find an available UDC or it's busy: -16
[  238.060022][ T3516] fscrypt (loop4, inode 2): Error -61 getting encryption context
[  238.074992][ T3478] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  238.109788][ T3516] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -61
[  238.163508][ T3516] EXT4-fs error (device loop4): ext4_orphan_get:1401: inode #13: comm syz.4.843: casefold flag without casefold feature
[  238.226130][ T3516] EXT4-fs error (device loop4): ext4_orphan_get:1406: comm syz.4.843: couldn't read orphan inode 13 (err -117)
[  238.286529][ T3516] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsold,nouid32,nobh,stripe=0x000000000000ffff,block_validity,grpjquota=",errors=continue. Quota mode: writeback.
[  238.504858][ T3516] EXT4-fs (loop4): Ignoring removed orlov option
[  238.511136][ T3516] EXT4-fs (loop4): Remounting file system with no journal so ignoring journalled data option
[  238.521978][ T3516] EXT4-fs error (device loop4): ext4_remount:5846: comm syz.4.843: Abort forced by user
[  238.532058][ T3516] EXT4-fs (loop4): Remounting filesystem read-only
[  238.538569][ T3516] EXT4-fs (loop4): re-mounted. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,minixdf,orlov,abort,delalloc,data=journal,. Quota mode: writeback.
[  238.771351][ T3523] loop0: detected capacity change from 0 to 1024
[  238.789177][ T3525] loop4: detected capacity change from 0 to 128
[  238.832615][ T3525] EXT4-fs (loop4): Test dummy encryption mode enabled
[  238.838001][ T3523] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  238.848500][ T3525] EXT4-fs (loop4): mounted filesystem without journal. Opts: test_dummy_encryption,,errors=continue. Quota mode: none.
[  238.854323][ T3523] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  238.862399][ T3525] ext4 filesystem being mounted at /168/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  238.872488][ T3523] JBD2: no valid journal superblock found
[  238.889854][ T3523] EXT4-fs (loop0): error loading journal
[  238.911346][   T26] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  239.001332][  T943] uclogic 0003:256C:006D.0008: failed retrieving string descriptor #100: -71
[  239.010081][  T943] uclogic 0003:256C:006D.0008: failed retrieving pen parameters: -71
[  239.018106][  T943] uclogic 0003:256C:006D.0008: failed probing pen v1 parameters: -71
[  239.026210][  T943] uclogic 0003:256C:006D.0008: failed probing parameters: -71
[  239.033660][  T943] uclogic: probe of 0003:256C:006D.0008 failed with error -71
[  239.050253][  T943] usb 4-1: USB disconnect, device number 11
[  239.071332][  T368] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  239.082183][  T368] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  239.092032][  T368] usb 7-1: New USB device found, idVendor=5543, idProduct=0042, bcdDevice= 0.00
[  239.111330][  T368] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  239.123997][  T368] usb 7-1: config 0 descriptor??
[  239.191317][   T26] usb 2-1: Using ep0 maxpacket: 32
[  239.191317][  T313] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  239.352322][   T26] usb 2-1: config index 0 descriptor too short (expected 29220, got 36)
[  239.360793][   T26] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  239.370072][   T26] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81
[  239.379293][   T26] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  239.389193][   T26] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  239.402251][   T26] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  239.415112][   T26] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  239.424001][   T26] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  239.432595][   T26] usb 2-1: config 0 descriptor??
[  239.602775][  T368] uclogic 0003:5543:0042.0009: unbalanced collection at end of report description
[  239.612362][  T368] uclogic 0003:5543:0042.0009: parse failed
[  239.618129][  T368] uclogic: probe of 0003:5543:0042.0009 failed with error -22
[  239.685084][ T3537] syz.3.849[3537] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  239.685469][ T3537] syz.3.849[3537] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  239.740758][  T313] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  239.763849][  T313] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  239.765057][   T26] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 16 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  239.774595][  T313] usb 5-1: New USB device found, idVendor=5543, idProduct=0042, bcdDevice= 0.00
[  239.793945][  T313] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  240.501591][  T415] usb 2-1: USB disconnect, device number 16
[  240.513173][  T415] usblp0: removed
[  240.761540][  T313] usb 5-1: config 0 descriptor??
[  240.872374][  T415] usb 7-1: USB disconnect, device number 8
[  241.096426][ T3547] loop1: detected capacity change from 0 to 1024
[  241.171730][ T3547] EXT4-fs (loop1): Quota format mount options ignored when QUOTA feature is enabled
[  241.181060][ T3547] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option
[  241.190049][ T3547] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,errors=remount-ro,abort,errors=continue,dioread_nolock,jqfmt=vfsv0,nomblk_io_submit,dioread_lock,. Quota mode: writeback.
[  241.288806][  T313] uclogic 0003:5543:0042.000A: unbalanced collection at end of report description
[  241.297996][  T313] uclogic 0003:5543:0042.000A: parse failed
[  241.303745][  T313] uclogic: probe of 0003:5543:0042.000A failed with error -22
[  241.542439][ T3551] incfs: Can't find or create .index dir in ./file0
[  241.549340][ T3551] incfs: mount failed -1
[  241.689538][   T30] audit: type=1400 audit(1740395209.743:3090): avc:  denied  { create } for  pid=3554 comm="syz.6.853" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1
[  241.739173][ T3557] loop3: detected capacity change from 0 to 512
[  241.881400][ T3557] EXT4-fs (loop3): Ignoring removed nobh option
[  241.895520][ T3557] fscrypt (loop3, inode 2): Error -61 getting encryption context
[  241.898931][ T3564] loop6: detected capacity change from 0 to 1024
[  241.905370][ T3557] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -61
[  241.918886][ T3557] EXT4-fs error (device loop3): ext4_orphan_get:1401: inode #13: comm syz.3.855: casefold flag without casefold feature
[  244.466887][ T3557] EXT4-fs error (device loop3): ext4_orphan_get:1406: comm syz.3.855: couldn't read orphan inode 13 (err -117)
[  244.496210][ T3557] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsold,nouid32,nobh,stripe=0x000000000000ffff,block_validity,grpjquota=",errors=continue. Quota mode: writeback.
[  244.518536][ T3564] EXT4-fs (loop6): Ignoring removed nobh option
[  244.528214][ T3564] EXT4-fs (loop6): Ignoring removed bh option
[  244.546916][ T3564] EXT4-fs (loop6): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  244.603642][ T3557] EXT4-fs (loop3): Ignoring removed orlov option
[  244.614021][  T415] usb 5-1: USB disconnect, device number 14
[  244.622110][ T3564] EXT4-fs (loop6): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x0000000000000f06,nodelalloc,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback.
[  244.654351][ T3557] EXT4-fs (loop3): Remounting file system with no journal so ignoring journalled data option
[  244.669540][ T3557] EXT4-fs error (device loop3): ext4_remount:5846: comm syz.3.855: Abort forced by user
[  244.703663][ T3557] EXT4-fs (loop3): Remounting filesystem read-only
[  244.717240][ T3557] EXT4-fs (loop3): re-mounted. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,minixdf,orlov,abort,delalloc,data=journal,. Quota mode: writeback.
[  244.794374][ T3570] loop0: detected capacity change from 0 to 1024
[  244.861515][ T3570] EXT4-fs (loop0): Ignoring removed nobh option
[  244.875946][ T3570] EXT4-fs (loop0): Ignoring removed bh option
[  244.924018][ T3570] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  245.013533][ T3576] loop3: detected capacity change from 0 to 1024
[  245.189136][ T3576] EXT4-fs (loop3): Ignoring removed nobh option
[  245.205686][ T3576] EXT4-fs (loop3): Ignoring removed bh option
[  245.211806][ T3576] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  245.252766][ T3588] loop4: detected capacity change from 0 to 1024
[  245.254231][ T3576] EXT4-fs (loop3): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x0000000000000f06,nodelalloc,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback.
[  245.259667][ T3585] loop1: detected capacity change from 0 to 1024
[  245.287030][ T3570] EXT4-fs (loop0): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x0000000000000f06,nodelalloc,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback.
[  245.333527][ T3588] EXT4-fs (loop4): Quota format mount options ignored when QUOTA feature is enabled
[  245.344223][ T3585] EXT4-fs (loop1): Ignoring removed nobh option
[  245.366644][ T3585] EXT4-fs (loop1): Ignoring removed bh option
[  245.381145][ T3588] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option
[  245.387664][ T3585] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  246.927990][ T3588] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,errors=remount-ro,abort,errors=continue,dioread_nolock,jqfmt=vfsv0,nomblk_io_submit,dioread_lock,. Quota mode: writeback.
[  246.983851][ T3585] EXT4-fs (loop1): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x0000000000000f06,nodelalloc,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback.
[  247.013625][ T3599] loop6: detected capacity change from 0 to 128
[  247.040370][ T3599] EXT4-fs (loop6): Test dummy encryption mode enabled
[  247.140104][ T3599] EXT4-fs (loop6): mounted filesystem without journal. Opts: test_dummy_encryption,,errors=continue. Quota mode: none.
[  247.153168][ T3599] ext4 filesystem being mounted at /93/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  247.701308][  T368] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  248.381440][  T368] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  248.386258][ T3612] loop3: detected capacity change from 0 to 1024
[  248.401435][  T368] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  248.415348][  T368] usb 7-1: New USB device found, idVendor=5543, idProduct=0042, bcdDevice= 0.00
[  248.425300][  T368] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  248.454820][ T3612] EXT4-fs (loop3): Quota format mount options ignored when QUOTA feature is enabled
[  248.466376][ T3612] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option
[  248.647827][  T368] usb 7-1: config 0 descriptor??
[  248.659874][ T3612] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,errors=remount-ro,abort,errors=continue,dioread_nolock,jqfmt=vfsv0,nomblk_io_submit,dioread_lock,. Quota mode: writeback.
[  249.175820][ T3623] loop1: detected capacity change from 0 to 256
[  249.231522][ T3623] exfat: Deprecated parameter 'namecase'
[  249.248068][ T3625] loop0: detected capacity change from 0 to 512
[  249.262831][ T3623] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe3f33698, utbl_chksum : 0xe619d30d)
[  249.276317][ T3626] binder: Bad value for 'max'
[  249.297519][  T495] hid-generic 0000:3000000:0000.000B: unknown main item tag 0x4
[  249.305205][  T495] hid-generic 0000:3000000:0000.000B: unknown main item tag 0x2
[  249.313023][  T495] hid-generic 0000:3000000:0000.000B: unknown main item tag 0x4
[  249.323008][  T495] hid-generic 0000:3000000:0000.000B: hidraw0: <UNKNOWN> HID v0.00 Device [sy

] on syz0
[  249.333497][ T3625] EXT4-fs (loop0): Mount option "nojournal_checksum" incompatible with ext2
[  249.457394][  T368] uclogic 0003:5543:0042.000C: unbalanced collection at end of report description
[  249.466998][  T368] uclogic 0003:5543:0042.000C: parse failed
[  249.473086][  T368] uclogic: probe of 0003:5543:0042.000C failed with error -22
[  249.681334][  T495] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  249.931279][  T495] usb 4-1: Using ep0 maxpacket: 32
[  250.051369][  T495] usb 4-1: config index 0 descriptor too short (expected 29220, got 36)
[  250.065132][  T495] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  250.113291][  T495] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81
[  250.173324][  T495] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  250.201317][  T495] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  250.231200][  T495] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  250.280265][  T495] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  250.290285][  T495] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  250.341443][  T495] usb 4-1: config 0 descriptor??
[  250.423693][  T368] usb 7-1: USB disconnect, device number 9
[  250.602414][  T495] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 12 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  250.809076][ T3648] loop4: detected capacity change from 0 to 1024
[  250.822797][  T495] usb 4-1: USB disconnect, device number 12
[  250.831893][  T495] usblp0: removed
[  250.848240][ T3650] loop0: detected capacity change from 0 to 1024
[  250.894775][ T3650] EXT4-fs (loop0): Ignoring removed nobh option
[  250.901573][ T3650] EXT4-fs (loop0): Ignoring removed bh option
[  250.907675][ T3650] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  250.922688][ T3648] EXT4-fs (loop4): Quota format mount options ignored when QUOTA feature is enabled
[  250.943321][ T3648] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option
[  250.974498][ T3648] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,errors=remount-ro,abort,errors=continue,dioread_nolock,jqfmt=vfsv0,nomblk_io_submit,dioread_lock,. Quota mode: writeback.
[  251.017362][ T3650] EXT4-fs (loop0): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x0000000000000f06,nodelalloc,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback.
[  253.757588][ T3673] loop3: detected capacity change from 0 to 512
[  253.842523][ T3673] EXT4-fs (loop3): Mount option "nojournal_checksum" incompatible with ext2
[  253.945422][ T3678] loop6: detected capacity change from 0 to 512
[  253.957212][ T3680] loop0: detected capacity change from 0 to 1024
[  253.999762][ T3680] EXT4-fs (loop0): Quota format mount options ignored when QUOTA feature is enabled
[  254.009105][ T3680] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[  254.020248][ T3678] EXT4-fs (loop6): Mount option "nojournal_checksum" incompatible with ext2
[  254.043381][ T3680] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,errors=remount-ro,abort,errors=continue,dioread_nolock,jqfmt=vfsv0,nomblk_io_submit,dioread_lock,. Quota mode: writeback.
[  254.158051][ T3689] loop1: detected capacity change from 0 to 1024
[  254.392340][ T3689] EXT4-fs (loop1): Quota format mount options ignored when QUOTA feature is enabled
[  254.435361][ T3689] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option
[  254.513105][ T3689] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,errors=remount-ro,abort,errors=continue,dioread_nolock,jqfmt=vfsv0,nomblk_io_submit,dioread_lock,. Quota mode: writeback.
[  254.552474][ T3689] incfs: Backing dir is not set, filesystem can't be mounted.
[  254.570009][ T3689] incfs: mount failed -2
[  254.619131][ T3699] loop0: detected capacity change from 0 to 1024
[  254.651047][ T3702] loop1: detected capacity change from 0 to 128
[  254.660266][ T3702] EXT4-fs (loop1): Test dummy encryption mode enabled
[  254.691503][ T3702] EXT4-fs (loop1): mounted filesystem without journal. Opts: test_dummy_encryption,,errors=continue. Quota mode: none.
[  254.702536][ T3707] xt_hashlimit: size too large, truncated to 1048576
[  254.710777][ T3699] EXT4-fs (loop0): Quota format mount options ignored when QUOTA feature is enabled
[  254.721481][ T3702] ext4 filesystem being mounted at /165/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  254.759931][ T3699] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[  254.775044][ T3699] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,errors=remount-ro,abort,errors=continue,dioread_nolock,jqfmt=vfsv0,nomblk_io_submit,dioread_lock,. Quota mode: writeback.
[  254.941290][ T1749] usb 5-1: new full-speed USB device number 15 using dummy_hcd
[  255.021263][  T495] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  255.311398][ T1749] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 255, setting to 64
[  255.390790][ T3713] loop3: detected capacity change from 0 to 1024
[  255.483921][  T495] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  255.495051][  T495] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  255.505182][  T495] usb 2-1: New USB device found, idVendor=5543, idProduct=0042, bcdDevice= 0.00
[  255.514118][  T495] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  255.523535][ T3713] EXT4-fs (loop3): Ignoring removed nobh option
[  255.524051][  T495] usb 2-1: config 0 descriptor??
[  255.538694][ T3713] EXT4-fs (loop3): Ignoring removed bh option
[  255.544782][ T3713] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  255.572248][ T1749] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  255.584381][ T3719] syz.6.893[3719] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  255.584728][ T3719] syz.6.893[3719] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  255.672731][ T1749] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  255.694375][ T1749] usb 5-1: Product: syz
[  255.698418][ T1749] usb 5-1: Manufacturer: syz
[  255.707341][ T1749] usb 5-1: SerialNumber: syz
[  255.829051][ T3713] EXT4-fs (loop3): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x0000000000000f06,nodelalloc,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback.
[  256.353167][  T495] uclogic 0003:5543:0042.000D: unbalanced collection at end of report description
[  256.364175][ T3700] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  256.385696][  T495] uclogic 0003:5543:0042.000D: parse failed
[  256.397779][  T495] uclogic: probe of 0003:5543:0042.000D failed with error -22
[  256.520297][ T3723] loop0: detected capacity change from 0 to 40427
[  256.659446][ T3723] F2FS-fs (loop0): Found nat_bits in checkpoint
[  256.707893][ T3723] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  256.786384][  T289] attempt to access beyond end of device
[  256.786384][  T289] loop0: rw=2049, want=45104, limit=40427
[  256.845555][    T6] usb 2-1: USB disconnect, device number 17
[  257.071565][ T3700] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  257.138800][ T3737] loop0: detected capacity change from 0 to 1024
[  257.201869][ T3737] EXT4-fs (loop0): Quota format mount options ignored when QUOTA feature is enabled
[  257.211374][ T3737] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[  257.220670][ T3737] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,errors=remount-ro,abort,errors=continue,dioread_nolock,jqfmt=vfsv0,nomblk_io_submit,dioread_lock,. Quota mode: writeback.
[  257.311389][ T1749] cdc_ncm 5-1:1.0: MAC-Address: 42:42:42:42:42:42
[  257.317712][ T1749] cdc_ncm 5-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[  257.324916][ T1749] cdc_ncm 5-1:1.0: setting rx_max = 2048
[  257.621754][ T1749] cdc_ncm 5-1:1.0 eth1: register 'cdc_ncm' at usb-dummy_hcd.4-1, CDC NCM, 42:42:42:42:42:42
[  257.722454][ T1749] usb 5-1: USB disconnect, device number 15
[  257.732040][   T30] audit: type=1400 audit(1740395225.793:3091): avc:  denied  { read } for  pid=139 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1
[  257.747398][ T1749] cdc_ncm 5-1:1.0 eth1: unregister 'cdc_ncm' usb-dummy_hcd.4-1, CDC NCM
[  257.791955][ T3745] loop6: detected capacity change from 0 to 1024
[  257.814791][   T30] audit: type=1400 audit(1740395225.873:3092): avc:  denied  { getattr } for  pid=3747 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf/eth0.dhcp" dev="tmpfs" ino=425 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  257.841955][ T3745] EXT4-fs (loop6): Quota format mount options ignored when QUOTA feature is enabled
[  257.854798][ T3745] EXT4-fs (loop6): Ignoring removed nomblk_io_submit option
[  257.869291][ T3745] EXT4-fs (loop6): mounted filesystem without journal. Opts: grpquota,errors=remount-ro,abort,errors=continue,dioread_nolock,jqfmt=vfsv0,nomblk_io_submit,dioread_lock,. Quota mode: writeback.
[  257.889878][   T30] audit: type=1400 audit(1740395225.943:3093): avc:  denied  { read } for  pid=3749 comm="sed" name="eth0.dhcp" dev="tmpfs" ino=425 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  257.916563][   T30] audit: type=1400 audit(1740395225.953:3094): avc:  denied  { open } for  pid=3749 comm="sed" path="/run/dhcpcd/hook-state/resolv.conf/eth0.dhcp" dev="tmpfs" ino=425 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  257.942750][ T3745] incfs: Backing dir is not set, filesystem can't be mounted.
[  257.950415][ T3745] incfs: mount failed -2
[  257.983501][   T30] audit: type=1400 audit(1740395226.043:3095): avc:  denied  { create } for  pid=3746 comm="dhcpcd-run-hook" name="resolv.conf.eth1.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  258.005814][   T30] audit: type=1400 audit(1740395226.043:3096): avc:  denied  { write } for  pid=3746 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf.eth1.link" dev="tmpfs" ino=9057 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  258.031875][   T30] audit: type=1400 audit(1740395226.043:3097): avc:  denied  { append } for  pid=3746 comm="dhcpcd-run-hook" name="resolv.conf.eth1.link" dev="tmpfs" ino=9057 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  258.064527][   T30] audit: type=1400 audit(1740395226.073:3098): avc:  denied  { unlink } for  pid=3760 comm="rm" name="resolv.conf.eth1.link" dev="tmpfs" ino=9057 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  258.138271][ T3772] loop4: detected capacity change from 0 to 512
[  258.156238][   T30] audit: type=1326 audit(1740395226.213:3099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3774 comm="syz.6.900" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ffadb296169 code=0x0
[  258.202667][ T3772] EXT4-fs (loop4): Mount option "nojournal_checksum" incompatible with ext2
[  258.274471][ T3781] loop6: detected capacity change from 0 to 2048
[  258.356297][ T3779] loop0: detected capacity change from 0 to 40427
[  258.373021][ T3781] EXT4-fs (loop6): mounted filesystem without journal. Opts: dioread_nolock,minixdf,nolazytime,bsddf,,errors=continue. Quota mode: none.
[  258.393464][ T3779] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  258.414483][ T3779] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  258.422804][ T3781] ext4 filesystem being mounted at /100/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  258.442407][ T3779] F2FS-fs (loop0): invalid crc value
[  258.456590][ T3779] F2FS-fs (loop0): Found nat_bits in checkpoint
[  258.538973][ T3779] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  258.546012][ T3779] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  258.600111][ T3779] attempt to access beyond end of device
[  258.600111][ T3779] loop0: rw=2049, want=78776, limit=40427
[  258.627489][ T3779] attempt to access beyond end of device
[  258.627489][ T3779] loop0: rw=2049, want=78832, limit=40427
[  258.655405][ T3779] attempt to access beyond end of device
[  258.655405][ T3779] loop0: rw=2049, want=77896, limit=40427
[  258.742406][   T30] audit: type=1326 audit(1740395226.803:3100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3777 comm="syz.0.901" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f60e22b0169 code=0x0
[  259.343640][  T289] attempt to access beyond end of device
[  259.343640][  T289] loop0: rw=2049, want=40968, limit=40427
[  259.411297][ T3799] loop3: detected capacity change from 0 to 512
[  259.440343][ T1705] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  259.908313][ T1705] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  259.972380][ T3799] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities
[  259.985812][ T3801] netlink: 4 bytes leftover after parsing attributes in process `syz.4.907'.
[  260.018629][ T3801] loop4: detected capacity change from 0 to 256
[  260.138051][ T3801] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x4ec6003b, utbl_chksum : 0xe619d30d)
[  260.371428][ T3811] usb usb1: usbfs: process 3811 (syz.1.908) did not claim interface 0 before use
[  260.412556][ T3811] loop1: detected capacity change from 0 to 1024
[  260.748503][ T3811] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  261.375630][ T3824] loop6: detected capacity change from 0 to 1024
[  261.467578][ T3824] EXT4-fs (loop6): Quota format mount options ignored when QUOTA feature is enabled
[  261.479161][ T3829] FAULT_INJECTION: forcing a failure.
[  261.479161][ T3829] name failslab, interval 1, probability 0, space 0, times 0
[  261.491615][ T3829] CPU: 0 PID: 3829 Comm: syz.0.906 Not tainted 5.15.178-syzkaller-00013-g7d1f9b5c2ff5 #0
[  261.501210][ T3829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  261.511101][ T3829] Call Trace:
[  261.514223][ T3829]  <TASK>
[  261.517001][ T3829]  dump_stack_lvl+0x151/0x1c0
[  261.521519][ T3829]  ? io_uring_drop_tctx_refs+0x190/0x190
[  261.527082][ T3829]  dump_stack+0x15/0x20
[  261.531069][ T3829]  should_fail+0x3c6/0x510
[  261.535330][ T3829]  __should_failslab+0xa4/0xe0
[  261.539925][ T3829]  should_failslab+0x9/0x20
[  261.544261][ T3829]  slab_pre_alloc_hook+0x37/0xd0
[  261.549038][ T3829]  __kmalloc+0x6d/0x2c0
[  261.553030][ T3829]  ? sk_prot_alloc+0xf9/0x330
[  261.557549][ T3829]  ? cap_capable+0x1d2/0x270
[  261.561970][ T3829]  sk_prot_alloc+0xf9/0x330
[  261.566311][ T3829]  sk_alloc+0x38/0x430
[  261.570214][ T3829]  ? ns_capable+0x89/0xe0
[  261.574379][ T3829]  xsk_create+0x114/0x6b0
[  261.578550][ T3829]  __sock_create+0x3be/0x7e0
[  261.582972][ T3829]  __sys_socket+0x132/0x370
[  261.587310][ T3829]  ? sock_create_kern+0x50/0x50
[  261.591997][ T3829]  ? debug_smp_processor_id+0x17/0x20
[  261.597202][ T3829]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  261.603110][ T3829]  __x64_sys_socket+0x7a/0x90
[  261.607620][ T3829]  x64_sys_call+0x147/0x9a0
[  261.611956][ T3829]  do_syscall_64+0x3b/0xb0
[  261.616212][ T3829]  ? clear_bhb_loop+0x35/0x90
[  261.620723][ T3829]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  261.626548][ T3829] RIP: 0033:0x7f60e22b0169
[  261.630792][ T3829] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  261.650408][ T3829] RSP: 002b:00007f60e08d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[  261.658649][ T3829] RAX: ffffffffffffffda RBX: 00007f60e24c9160 RCX: 00007f60e22b0169
[  261.666461][ T3829] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 000000000000002c
[  261.674273][ T3829] RBP: 00007f60e08d8090 R08: 0000000000000000 R09: 0000000000000000
[  261.682083][ T3829] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  261.689897][ T3829] R13: 0000000000000000 R14: 00007f60e24c9160 R15: 00007fffeb380018
[  261.697736][ T3829]  </TASK>
[  261.706394][ T3824] EXT4-fs (loop6): Ignoring removed nomblk_io_submit option
[  261.724629][ T3824] EXT4-fs (loop6): mounted filesystem without journal. Opts: grpquota,errors=remount-ro,abort,errors=continue,dioread_nolock,jqfmt=vfsv0,nomblk_io_submit,dioread_lock,. Quota mode: writeback.
[  261.747703][ T3834] loop1: detected capacity change from 0 to 1024
[  261.781767][ T3824] incfs: Backing dir is not set, filesystem can't be mounted.
[  261.789191][ T3824] incfs: mount failed -2
[  261.862779][ T3834] EXT4-fs (loop1): Quota format mount options ignored when QUOTA feature is enabled
[  261.891350][ T3834] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option
[  261.923304][ T3834] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,errors=remount-ro,abort,errors=continue,dioread_nolock,jqfmt=vfsv0,nomblk_io_submit,dioread_lock,. Quota mode: writeback.
[  262.191384][  T312] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  262.573847][ T3851] loop3: detected capacity change from 0 to 512
[  262.634739][ T3851] EXT4-fs (loop3): Mount option "nojournal_checksum" incompatible with ext2
[  262.661860][  T312] usb 7-1: New USB device found, idVendor=59cc, idProduct=980d, bcdDevice=b4.8e
[  262.687020][  T312] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  262.834070][  T312] usb 7-1: config 0 descriptor??
[  262.875048][ T3860] syz.1.919[3860] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  262.875869][ T3860] syz.1.919[3860] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  262.940119][  T312] usb-storage 7-1:0.0: USB Mass Storage device detected
[  263.437315][ T3871] loop4: detected capacity change from 0 to 256
[  263.501983][ T3871] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  263.521328][ T3871] exFAT-fs (loop4): Medium has reported failures. Some data may be lost.
[  263.543119][ T3871] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  263.684950][ T3877] loop4: detected capacity change from 0 to 1024
[  263.711514][ T3877] EXT4-fs (loop4): Quota format mount options ignored when QUOTA feature is enabled
[  263.734442][ T3877] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option
[  263.793043][ T3877] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,errors=remount-ro,abort,errors=continue,dioread_nolock,jqfmt=vfsv0,nomblk_io_submit,dioread_lock,. Quota mode: writeback.
[  263.874765][ T1749] usb 7-1: USB disconnect, device number 10
[  263.996065][ T3873] loop0: detected capacity change from 0 to 40427
[  264.030109][ T3889] loop3: detected capacity change from 0 to 1024
[  264.161093][ T3873] F2FS-fs (loop0): Invalid log blocks per segment (4278190089)
[  264.171188][ T3873] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  264.180867][ T3873] F2FS-fs (loop0): invalid crc value
[  264.188690][ T3873] F2FS-fs (loop0): Found nat_bits in checkpoint
[  264.195959][ T3889] EXT4-fs (loop3): Quota format mount options ignored when QUOTA feature is enabled
[  264.227708][ T3889] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option
[  264.309786][ T3889] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,errors=remount-ro,abort,errors=continue,dioread_nolock,jqfmt=vfsv0,nomblk_io_submit,dioread_lock,. Quota mode: writeback.
[  264.348512][ T3873] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  264.379167][ T3873] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  264.511318][   T30] kauditd_printk_skb: 3 callbacks suppressed
[  264.511336][   T30] audit: type=1400 audit(1740395232.543:3104): avc:  denied  { execute } for  pid=3872 comm="syz.0.922" name="file1" dev="loop0" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  264.572921][   T30] audit: type=1400 audit(1740395232.543:3105): avc:  denied  { execute_no_trans } for  pid=3872 comm="syz.0.922" path="/184/file2/file1" dev="loop0" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  264.795842][  T289] attempt to access beyond end of device
[  264.795842][  T289] loop0: rw=2049, want=45112, limit=40427
[  265.109345][ T3910] netlink: 28 bytes leftover after parsing attributes in process `syz.3.932'.
[  265.139993][ T3913] loop3: detected capacity change from 0 to 256
[  265.164874][ T3913] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  265.189208][ T3913] exFAT-fs (loop3): Medium has reported failures. Some data may be lost.
[  265.197875][ T3914] loop4: detected capacity change from 0 to 512
[  265.206546][ T3913] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  265.271706][ T3914] EXT4-fs (loop4): couldn't mount as ext3 due to feature incompatibilities
[  265.455153][ T3926] netlink: 'syz.3.935': attribute type 15 has an invalid length.
[  265.477695][ T3928] loop0: detected capacity change from 0 to 1024
[  265.479522][ T3926] netlink: 24 bytes leftover after parsing attributes in process `syz.3.935'.
[  265.507098][   T30] audit: type=1326 audit(1740395233.563:3106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3923 comm="syz.3.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbed95a7169 code=0x7ffc0000
[  265.532351][   T30] audit: type=1326 audit(1740395233.593:3107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3923 comm="syz.3.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbed95a7169 code=0x7ffc0000
[  265.558917][ T3928] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[  265.570407][   T30] audit: type=1400 audit(1740395233.593:3108): avc:  denied  { getopt } for  pid=3923 comm="syz.3.935" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  265.570439][   T30] audit: type=1400 audit(1740395233.593:3109): avc:  denied  { mount } for  pid=3923 comm="syz.3.935" name="/" dev="ramfs" ino=29556 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  265.620388][ T3928] EXT4-fs (loop0): mounted filesystem without journal. Opts: minixdf,bsddf,barrier=0x00000000000001ff,commit=0x0000000000000005,debug_want_extra_isize=0x0000000000000080,lazytime,nodelalloc,noblock_validity,nomblk_io_submit,,errors=continue. Quota mode: none.
[  265.669962][ T3937] loop3: detected capacity change from 0 to 512
[  265.714167][ T3939] loop0: detected capacity change from 0 to 1024
[  265.731871][ T3937] EXT4-fs (loop3): Mount option "nojournal_checksum" incompatible with ext2
[  265.792176][ T3939] EXT4-fs (loop0): Ignoring removed nobh option
[  265.798269][ T3939] EXT4-fs (loop0): Ignoring removed bh option
[  265.816586][ T3939] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  265.870962][ T3939] EXT4-fs (loop0): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x0000000000000f06,nodelalloc,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback.
[  266.872617][ T3956] loop1: detected capacity change from 0 to 512
[  266.945108][ T3956] EXT4-fs (loop1): Mount option "nojournal_checksum" incompatible with ext2
[  267.285547][ T3960] loop0: detected capacity change from 0 to 1024
[  267.482868][ T3960] EXT4-fs (loop0): Ignoring removed nobh option
[  267.537237][ T3960] EXT4-fs (loop0): Ignoring removed bh option
[  268.031364][ T3960] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  268.063176][ T3960] EXT4-fs (loop0): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x0000000000000f06,nodelalloc,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback.
[  268.375048][ T3977] mmap: syz.6.948 (3977) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst.
[  268.425070][   T30] audit: type=1400 audit(1740395236.483:3110): avc:  denied  { ioctl } for  pid=3979 comm="syz.4.949" path="socket:[28636]" dev="sockfs" ino=28636 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  268.465199][   T30] audit: type=1326 audit(1740395236.523:3111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3982 comm="syz.4.950" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fda6ca88169 code=0x0
[  268.681609][ T3986] usb usb1: usbfs: process 3986 (syz.6.948) did not claim interface 0 before use
[  269.854428][   T30] audit: type=1400 audit(1740395237.913:3112): avc:  denied  { append } for  pid=3998 comm="syz.6.956" name="kvm" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  272.289157][ T4015] loop0: detected capacity change from 0 to 2048
[  272.567618][ T4015] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  272.615658][ T4015] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  273.052812][ T4015] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 33 with error 28
[  273.065425][ T4015] EXT4-fs (loop0): This should not happen!! Data will be lost
[  273.065425][ T4015] 
[  273.075569][ T4015] EXT4-fs (loop0): Total free blocks count 0
[  273.141402][ T4015] EXT4-fs (loop0): Free/Dirty block details
[  273.181804][ T4015] EXT4-fs (loop0): free_blocks=2415919104
[  273.459666][ T4015] EXT4-fs (loop0): dirty_blocks=48
[  273.475092][ T4041] loop1: detected capacity change from 0 to 512
[  273.483075][ T4015] EXT4-fs (loop0): Block reservation details
[  273.499342][ T4015] EXT4-fs (loop0): i_reserved_data_blocks=3
[  273.555518][ T4015] device bridge_slave_0 left promiscuous mode
[  273.562358][ T4041] EXT4-fs (loop1): Mount option "nojournal_checksum" incompatible with ext2
[  273.589176][ T4015] bridge0: port 1(bridge_slave_0) entered disabled state
[  274.804735][ T4072] loop4: detected capacity change from 0 to 40427
[  274.905722][ T4072] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  274.915675][ T4072] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  274.931860][ T4072] F2FS-fs (loop4): Found nat_bits in checkpoint
[  275.098198][ T4072] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  275.138384][ T4072] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  275.777266][ T4087] loop3: detected capacity change from 0 to 1024
[  275.875086][ T4087] EXT4-fs (loop3): Quota format mount options ignored when QUOTA feature is enabled
[  275.904768][ T4087] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option
[  275.956055][ T4087] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,errors=remount-ro,abort,errors=continue,dioread_nolock,jqfmt=vfsv0,nomblk_io_submit,dioread_lock,. Quota mode: writeback.
[  276.005503][ T4095] loop0: detected capacity change from 0 to 128
[  276.062886][ T4072] attempt to access beyond end of device
[  276.062886][ T4072] loop4: rw=2049, want=80272, limit=40427
[  276.078221][ T4072] attempt to access beyond end of device
[  276.078221][ T4072] loop4: rw=2049, want=81920, limit=40427
[  276.097479][ T4072] attempt to access beyond end of device
[  276.097479][ T4072] loop4: rw=2049, want=51880, limit=40427
[  276.114271][ T4072] attempt to access beyond end of device
[  276.114271][ T4072] loop4: rw=2049, want=53248, limit=40427
[  276.135609][ T4072] attempt to access beyond end of device
[  276.135609][ T4072] loop4: rw=2049, want=57736, limit=40427
[  276.489562][ T4103] loop1: detected capacity change from 0 to 512
[  276.602292][ T4103] EXT4-fs (loop1): Unrecognized mount option "permit_directio" or missing value
[  278.079425][ T4122] loop4: detected capacity change from 0 to 512
[  278.156784][ T4125] loop3: detected capacity change from 0 to 1024
[  278.861386][ T4122] EXT4-fs (loop4): Ignoring removed nobh option
[  278.867702][ T4125] EXT4-fs (loop3): Ignoring removed nobh option
[  278.882028][ T4125] EXT4-fs (loop3): Ignoring removed bh option
[  278.895055][ T4122] fscrypt (loop4, inode 2): Error -61 getting encryption context
[  278.904074][ T4125] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  278.919315][ T4122] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -61
[  278.932004][ T4122] EXT4-fs error (device loop4): ext4_orphan_get:1401: inode #13: comm syz.4.987: casefold flag without casefold feature
[  278.948059][ T4122] EXT4-fs error (device loop4): ext4_orphan_get:1406: comm syz.4.987: couldn't read orphan inode 13 (err -117)
[  278.960304][ T4122] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsold,nouid32,nobh,stripe=0x000000000000ffff,block_validity,grpjquota=",errors=continue. Quota mode: writeback.
[  279.022052][ T4125] EXT4-fs (loop3): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x0000000000000f06,nodelalloc,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback.
[  279.048698][ T4137] loop6: detected capacity change from 0 to 256
[  279.061940][ T4122] EXT4-fs (loop4): Ignoring removed orlov option
[  279.081868][ T4122] EXT4-fs (loop4): Remounting file system with no journal so ignoring journalled data option
[  279.101309][ T4122] EXT4-fs error (device loop4): ext4_remount:5846: comm syz.4.987: Abort forced by user
[  279.116825][ T4137] exFAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  279.153637][ T4122] EXT4-fs (loop4): Remounting filesystem read-only
[  279.181327][ T4137] exFAT-fs (loop6): Medium has reported failures. Some data may be lost.
[  279.225383][ T4122] EXT4-fs (loop4): re-mounted. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,minixdf,orlov,abort,delalloc,data=journal,. Quota mode: writeback.
[  279.242667][ T4137] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  279.315916][ T4138] loop0: detected capacity change from 0 to 40427
[  279.363463][ T4138] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  279.384661][ T4138] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  279.482030][ T4138] F2FS-fs (loop0): Found nat_bits in checkpoint
[  279.494644][ T4149] loop1: detected capacity change from 0 to 256
[  279.563959][ T4149] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  279.813015][ T4149] exFAT-fs (loop1): Medium has reported failures. Some data may be lost.
[  279.831487][ T4149] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  279.857409][ T4138] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  279.864600][ T4138] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  280.016967][ T4138] attempt to access beyond end of device
[  280.016967][ T4138] loop0: rw=2049, want=80280, limit=40427
[  280.032193][ T4138] attempt to access beyond end of device
[  280.032193][ T4138] loop0: rw=2049, want=81920, limit=40427
[  280.048095][ T4138] attempt to access beyond end of device
[  280.048095][ T4138] loop0: rw=2049, want=51504, limit=40427
[  280.099266][ T4138] attempt to access beyond end of device
[  280.099266][ T4138] loop0: rw=2049, want=53248, limit=40427
[  280.442877][ T4138] attempt to access beyond end of device
[  280.442877][ T4138] loop0: rw=2049, want=59744, limit=40427
[  280.478025][ T4165] loop4: detected capacity change from 0 to 1024
[  280.493812][ T4165] EXT4-fs (loop4): Ignoring removed nobh option
[  280.499940][ T4165] EXT4-fs (loop4): Ignoring removed bh option
[  280.506108][ T4165] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  280.542563][ T4165] EXT4-fs (loop4): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x0000000000000f06,nodelalloc,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback.
[  280.569354][ T4169] loop6: detected capacity change from 0 to 1024
[  280.612729][ T4169] EXT4-fs (loop6): Quota format mount options ignored when QUOTA feature is enabled
[  280.624769][ T4169] EXT4-fs (loop6): Ignoring removed nomblk_io_submit option
[  280.708081][ T4169] EXT4-fs (loop6): mounted filesystem without journal. Opts: grpquota,errors=remount-ro,abort,errors=continue,dioread_nolock,jqfmt=vfsv0,nomblk_io_submit,dioread_lock,. Quota mode: writeback.
[  282.828036][ T4178] incfs: Can't find or create .index dir in ./file0
[  282.834629][ T4178] incfs: mount failed -1
[  283.199521][ T4184] loop1: detected capacity change from 0 to 512
[  283.249230][ T4186] loop3: detected capacity change from 0 to 512
[  283.283269][ T4184] EXT4-fs (loop1): Ignoring removed nobh option
[  283.293191][ T4186] EXT4-fs (loop3): Ignoring removed nobh option
[  283.301391][ T4184] fscrypt (loop1, inode 2): Error -61 getting encryption context
[  283.309025][ T4191] loop6: detected capacity change from 0 to 256
[  283.315332][ T4184] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -61
[  283.316170][ T4191] exFAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  283.323672][ T4186] fscrypt (loop3, inode 2): Error -61 getting encryption context
[  283.336438][ T4184] EXT4-fs error (device loop1): ext4_orphan_get:1401: inode #13: comm syz.1.1004: casefold flag without casefold feature
[  283.342174][ T4186] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -61
[  283.362306][ T4191] exFAT-fs (loop6): Medium has reported failures. Some data may be lost.
[  283.362355][ T4186] EXT4-fs error (device loop3): ext4_orphan_get:1401: inode #13: comm syz.3.1003: casefold flag without casefold feature
[  283.383517][ T4184] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.1004: couldn't read orphan inode 13 (err -117)
[  283.395489][ T4186] EXT4-fs error (device loop3): ext4_orphan_get:1406: comm syz.3.1003: couldn't read orphan inode 13 (err -117)
[  283.408377][ T4184] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsold,nouid32,nobh,stripe=0x000000000000ffff,block_validity,grpjquota=",errors=continue. Quota mode: writeback.
[  283.410702][ T4191] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  283.446425][ T4186] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsold,nouid32,nobh,stripe=0x000000000000ffff,block_validity,grpjquota=",errors=continue. Quota mode: writeback.
[  283.473257][ T4184] EXT4-fs (loop1): Ignoring removed orlov option
[  283.509184][ T4184] EXT4-fs (loop1): Remounting file system with no journal so ignoring journalled data option
[  283.522556][ T4184] EXT4-fs error (device loop1): ext4_remount:5846: comm syz.1.1004: Abort forced by user
[  283.541773][ T4184] EXT4-fs (loop1): Remounting filesystem read-only
[  283.554698][ T4184] EXT4-fs (loop1): re-mounted. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,minixdf,orlov,abort,delalloc,data=journal,. Quota mode: writeback.
[  283.570163][ T4196] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  283.578489][ T4196] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  283.595999][ T4186] EXT4-fs (loop3): Ignoring removed orlov option
[  283.619919][ T4186] EXT4-fs (loop3): Remounting file system with no journal so ignoring journalled data option
[  283.633822][ T4186] EXT4-fs error (device loop3): ext4_remount:5846: comm syz.3.1003: Abort forced by user
[  283.644479][ T4186] EXT4-fs (loop3): Remounting filesystem read-only
[  283.651018][ T4186] EXT4-fs (loop3): re-mounted. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,minixdf,orlov,abort,delalloc,data=journal,. Quota mode: writeback.
[  283.671865][ T4202] sit: Src spoofed 0.0.0.224/2002::bfd8:a5dd -> 224.0.0.1/2002:c021:42c4:3911:45ba:dd28:fd7f:1a9a
[  283.730011][ T4202] loop6: detected capacity change from 0 to 1024
[  283.815787][ T4202] EXT4-fs (loop6): mounted filesystem without journal. Opts: stripe=0x0000000000000003,nodelalloc,jqfmt=vfsold,data_err=ignore,noauto_da_alloc,delalloc,resuid=0x0000000000000000,nodiscard,jqfmt=vfsv1,,errors=continue. Quota mode: none.
[  283.851294][  T550] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  283.982952][ T4209] loop3: detected capacity change from 0 to 40427
[  284.000344][ T4209] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  284.008138][ T4209] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  284.024802][ T4209] F2FS-fs (loop3): Found nat_bits in checkpoint
[  284.069445][ T4209] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  284.080882][ T4209] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  284.121359][  T550] usb 1-1: device descriptor read/64, error -71
[  284.229479][ T4209] handle_bad_sector: 9 callbacks suppressed
[  284.229497][ T4209] attempt to access beyond end of device
[  284.229497][ T4209] loop3: rw=2049, want=79880, limit=40427
[  284.251082][ T4209] attempt to access beyond end of device
[  284.251082][ T4209] loop3: rw=2049, want=81920, limit=40427
[  284.266429][ T4209] attempt to access beyond end of device
[  284.266429][ T4209] loop3: rw=2049, want=51200, limit=40427
[  284.282135][ T4209] attempt to access beyond end of device
[  284.282135][ T4209] loop3: rw=2049, want=53248, limit=40427
[  284.297903][ T4209] attempt to access beyond end of device
[  284.297903][ T4209] loop3: rw=2049, want=59392, limit=40427
[  284.313716][ T4209] attempt to access beyond end of device
[  284.313716][ T4209] loop3: rw=2049, want=61448, limit=40427
[  284.329440][ T4209] attempt to access beyond end of device
[  284.329440][ T4209] loop3: rw=2049, want=63504, limit=40427
[  284.347130][ T4209] attempt to access beyond end of device
[  284.347130][ T4209] loop3: rw=2049, want=66480, limit=40427
[  284.367338][ T4209] attempt to access beyond end of device
[  284.367338][ T4209] loop3: rw=2049, want=70608, limit=40427
[  284.391888][ T4209] attempt to access beyond end of device
[  284.391888][ T4209] loop3: rw=2049, want=75760, limit=40427
[  284.581324][  T550] usb 1-1: device descriptor read/64, error -71
[  284.821367][   T30] audit: type=1400 audit(1740395252.843:3113): avc:  denied  { create } for  pid=4220 comm="syz.6.1012" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  284.951496][  T550] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  285.301314][  T550] usb 1-1: device descriptor read/64, error -71
[  285.543442][ T4238] FAULT_INJECTION: forcing a failure.
[  285.543442][ T4238] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  285.665166][ T4238] CPU: 1 PID: 4238 Comm: syz.4.1017 Not tainted 5.15.178-syzkaller-00013-g7d1f9b5c2ff5 #0
[  285.674898][ T4238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  285.684802][ T4238] Call Trace:
[  285.687915][ T4238]  <TASK>
[  285.690693][ T4238]  dump_stack_lvl+0x151/0x1c0
[  285.695208][ T4238]  ? io_uring_drop_tctx_refs+0x190/0x190
[  285.700679][ T4238]  ? tracing_record_taskinfo_sched_switch+0x84/0x390
[  285.707188][ T4238]  dump_stack+0x15/0x20
[  285.711176][ T4238]  should_fail+0x3c6/0x510
[  285.715431][ T4238]  should_fail_usercopy+0x1a/0x20
[  285.720294][ T4238]  _copy_from_user+0x20/0xd0
[  285.724716][ T4238]  get_itimerspec64+0xa6/0x450
[  285.729317][ T4238]  ? release_firmware_map_entry+0x190/0x190
[  285.735048][ T4238]  ? wait_for_completion_killable_timeout+0x10/0x10
[  285.741467][ T4238]  ? put_old_timespec32+0x230/0x230
[  285.746500][ T4238]  ? preempt_schedule_irq+0xe7/0x140
[  285.751621][ T4238]  __x64_sys_timerfd_settime+0x129/0x220
[  285.757132][ T4238]  ? __ia32_sys_timerfd_create+0x70/0x70
[  285.762555][ T4238]  ? irqentry_exit+0x30/0x40
[  285.766991][ T4238]  ? asm_sysvec_reschedule_ipi+0x1b/0x20
[  285.772458][ T4238]  x64_sys_call+0x78a/0x9a0
[  285.776881][ T4238]  do_syscall_64+0x3b/0xb0
[  285.781218][ T4238]  ? clear_bhb_loop+0x35/0x90
[  285.785733][ T4238]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  285.791545][ T4238] RIP: 0033:0x7fda6ca88169
[  285.795802][ T4238] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  285.815241][ T4238] RSP: 002b:00007fda6b0f2038 EFLAGS: 00000246 ORIG_RAX: 000000000000011e
[  285.823485][ T4238] RAX: ffffffffffffffda RBX: 00007fda6cca0fa0 RCX: 00007fda6ca88169
[  285.831297][ T4238] RDX: 0000400000000000 RSI: 0000000000000003 RDI: 0000000000000003
[  285.839109][ T4238] RBP: 00007fda6b0f2090 R08: 0000000000000000 R09: 0000000000000000
[  285.846923][ T4238] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  285.854731][ T4238] R13: 0000000000000000 R14: 00007fda6cca0fa0 R15: 00007ffd12dccba8
[  285.862549][ T4238]  </TASK>
[  286.247045][  T550] usb 1-1: device descriptor read/64, error -71
[  286.322758][ T4241] loop1: detected capacity change from 0 to 256
[  286.333518][ T4246] loop4: detected capacity change from 0 to 512
[  286.356534][ T4241] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  286.356546][ T4246] EXT4-fs (loop4): Ignoring removed nobh option
[  286.381320][  T550] usb usb1-port1: attempt power cycle
[  286.401514][ T4241] exFAT-fs (loop1): Medium has reported failures. Some data may be lost.
[  286.402802][ T4246] fscrypt (loop4, inode 2): Error -61 getting encryption context
[  286.411493][  T415] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  286.425712][ T4249] loop6: detected capacity change from 0 to 16
[  286.435772][ T4246] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -61
[  286.444394][ T4241] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  286.467000][ T4246] EXT4-fs error (device loop4): ext4_orphan_get:1401: inode #13: comm syz.4.1021: casefold flag without casefold feature
[  286.492113][ T4249] erofs: (device loop6): mounted with root inode @ nid 36.
[  286.521304][ T4246] EXT4-fs error (device loop4): ext4_orphan_get:1406: comm syz.4.1021: couldn't read orphan inode 13 (err -117)
[  286.563845][ T4246] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsold,nouid32,nobh,stripe=0x000000000000ffff,block_validity,grpjquota=",errors=continue. Quota mode: writeback.
[  286.621665][ T4246] EXT4-fs (loop4): Ignoring removed orlov option
[  286.628947][ T4254] syz.1.1023[4254] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  286.629031][ T4254] syz.1.1023[4254] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  286.638045][ T4246] EXT4-fs (loop4): Remounting file system with no journal so ignoring journalled data option
[  286.661502][ T4246] EXT4-fs error (device loop4): ext4_remount:5846: comm syz.4.1021: Abort forced by user
[  286.671563][ T4246] EXT4-fs (loop4): Remounting filesystem read-only
[  286.679712][ T4246] EXT4-fs (loop4): re-mounted. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,minixdf,orlov,abort,delalloc,data=journal,. Quota mode: writeback.
[  286.702064][ T4252] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=2580 sclass=netlink_xfrm_socket pid=4252 comm=syz.0.1022
[  286.761897][   T30] audit: type=1400 audit(1740395254.823:3114): avc:  denied  { mounton } for  pid=4253 comm="syz.1.1023" path="/192/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=file permissive=1
[  286.811324][  T415] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  286.832301][  T415] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  286.862607][  T415] usb 4-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00
[  286.881531][  T415] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  286.907175][  T415] usb 4-1: config 0 descriptor??
[  287.734655][ T4274] loop1: detected capacity change from 0 to 128
[  287.792393][ T4274] EXT4-fs (loop1): Test dummy encryption mode enabled
[  287.814064][ T4274] EXT4-fs (loop1): mounted filesystem without journal. Opts: test_dummy_encryption,,errors=continue. Quota mode: none.
[  287.856052][ T4274] ext4 filesystem being mounted at /193/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  287.887749][ T4283] loop0: detected capacity change from 0 to 1024
[  287.911381][  T415] hid-led: probe of 0003:27B8:01ED.000E failed with error -71
[  287.920035][  T415] usb 4-1: USB disconnect, device number 13
[  287.926711][ T4283] EXT4-fs (loop0): Quota format mount options ignored when QUOTA feature is enabled
[  287.940119][ T4283] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[  287.949761][ T4283] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,errors=remount-ro,abort,errors=continue,dioread_nolock,jqfmt=vfsv0,nomblk_io_submit,dioread_lock,. Quota mode: writeback.
[  288.024779][ T4289] loop4: detected capacity change from 0 to 1024
[  288.040748][ T4289] EXT4-fs (loop4): couldn't mount as ext3 due to feature incompatibilities
[  288.284690][ T4291] incfs: Can't find or create .index dir in ./file0
[  288.291542][ T4291] incfs: mount failed -1
[  288.449228][ T4298] loop6: detected capacity change from 0 to 512
[  288.461302][    T6] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  288.498793][ T4296] loop4: detected capacity change from 0 to 16
[  288.512169][ T4298] EXT4-fs (loop6): Ignoring removed mblk_io_submit option
[  288.519145][ T4298] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  288.529880][ T4296] erofs: (device loop4): mounted with root inode @ nid 36.
[  288.544603][ T4298] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 219 vs 220 free clusters
[  288.562480][ T4298] EXT4-fs (loop6): 1 truncate cleaned up
[  288.568034][ T4298] EXT4-fs (loop6): mounted filesystem without journal. Opts: i_version,mblk_io_submit,debug_want_extra_isize=0x0000000000000068,lazytime,usrquota,data_err=abort,,errors=continue. Quota mode: writeback.
[  289.091671][    T6] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  289.135299][    T6] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  289.148309][    T6] usb 2-1: New USB device found, idVendor=5543, idProduct=0042, bcdDevice= 0.00
[  289.157650][    T6] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  289.186763][    T6] usb 2-1: config 0 descriptor??
[  289.705143][    T6] uclogic 0003:5543:0042.000F: unbalanced collection at end of report description
[  289.715433][    T6] uclogic 0003:5543:0042.000F: parse failed
[  289.721569][    T6] uclogic: probe of 0003:5543:0042.000F failed with error -22
[  290.161026][   T30] audit: type=1400 audit(1740395258.213:3115): avc:  denied  { read write } for  pid=4333 comm="syz.6.1046" dev="sockfs" ino=30352 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  290.335031][ T4342] loop3: detected capacity change from 0 to 512
[  290.356342][ T4344] IPv6: addrconf: prefix option has invalid lifetime
[  290.364710][ T4342] EXT4-fs (loop3): EXT4-fs: inode_readahead_blks must be 0 or a power of 2 smaller than 2^31
[  290.367012][ T4344] 9pnet: p9_errstr2errno: server reported unknown error 
[  290.437750][ T4345] loop0: detected capacity change from 0 to 256
[  291.256829][    T6] usb 2-1: USB disconnect, device number 18
[  291.376408][ T4356] loop6: detected capacity change from 0 to 1024
[  291.452086][ T4356] EXT4-fs (loop6): Ignoring removed nobh option
[  291.460338][ T4356] EXT4-fs (loop6): Ignoring removed bh option
[  291.472513][ T4356] EXT4-fs (loop6): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  291.603993][ T4356] EXT4-fs (loop6): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x0000000000000f06,nodelalloc,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback.
[  291.657094][ T4368] loop1: detected capacity change from 0 to 2048
[  291.752947][ T4368] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  291.778775][   T30] audit: type=1400 audit(1740395259.833:3116): avc:  denied  { lock } for  pid=4367 comm="syz.1.1052" path="/194/file1/cpuset.effective_cpus" dev="loop1" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  292.903132][ T4380] loop1: detected capacity change from 0 to 40427
[  293.012393][ T4380] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  293.021270][ T4380] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  293.253805][ T4392] loop4: detected capacity change from 0 to 40427
[  293.275253][ T4380] F2FS-fs (loop1): invalid crc value
[  293.289581][ T4380] F2FS-fs (loop1): Found nat_bits in checkpoint
[  293.297136][ T4392] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  293.304769][ T4392] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  293.316095][ T4392] F2FS-fs (loop4): invalid crc value
[  293.363836][ T4392] F2FS-fs (loop4): Found nat_bits in checkpoint
[  293.407443][ T4392] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  293.414377][ T4392] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  293.423126][ T4380] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  293.443488][ T4380] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  293.475166][   T30] audit: type=1326 audit(1740395261.533:3117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4401 comm="syz.3.1065" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fbed95a7169 code=0x0
[  293.551828][ T1705] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  293.561015][ T1705] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  293.991093][ T4421] loop1: detected capacity change from 0 to 1024
[  294.042392][ T4421] EXT4-fs (loop1): Quota format mount options ignored when QUOTA feature is enabled
[  294.053284][   T30] audit: type=1400 audit(1740395262.113:3118): avc:  denied  { ioctl } for  pid=4417 comm="syz.0.1070" path="user:[4026531837]" dev="nsfs" ino=4026531837 ioctlcmd=0xb701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  294.083091][ T4421] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option
[  294.099935][ T4421] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,errors=remount-ro,abort,errors=continue,dioread_nolock,jqfmt=vfsv0,nomblk_io_submit,dioread_lock,. Quota mode: writeback.
[  294.120343][    T8] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  294.132341][    T8] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  294.502134][   T30] audit: type=1326 audit(1740395262.563:3119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4448 comm="syz.1.1081" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0d6283b169 code=0x0
[  294.525183][ T4451] loop6: detected capacity change from 0 to 128
[  294.569213][ T4451] EXT4-fs (loop6): mounted filesystem without journal. Opts: journal_dev=0x0000000000000008,nouid32,,errors=continue. Quota mode: none.
[  294.583376][ T4451] ext4 filesystem being mounted at /140/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  294.655149][ T1749] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  294.911308][ T1749] usb 5-1: Using ep0 maxpacket: 32
[  294.995776][ T4459] loop0: detected capacity change from 0 to 512
[  295.061362][ T1749] usb 5-1: config index 0 descriptor too short (expected 29220, got 36)
[  295.069616][ T1749] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  295.077992][ T1749] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  295.088185][ T1749] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 81
[  295.094678][ T4459] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  295.097231][ T1749] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  295.109396][ T4459] EXT4-fs (loop0): 1 truncate cleaned up
[  295.115780][ T1749] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  295.117094][ T1749] usb 5-1: config 0 descriptor??
[  295.131368][ T4459] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  295.240112][ T4462] loop3: detected capacity change from 0 to 512
[  295.550195][ T4462] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  295.556638][ T4466] loop1: detected capacity change from 0 to 1024
[  295.568248][ T4462] EXT4-fs (loop3): 1 truncate cleaned up
[  295.573888][ T4462] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  295.601919][ T4466] EXT4-fs (loop1): Quota format mount options ignored when QUOTA feature is enabled
[  295.628839][ T4466] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option
[  295.638760][ T4466] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,errors=remount-ro,abort,errors=continue,dioread_nolock,jqfmt=vfsv0,nomblk_io_submit,dioread_lock,. Quota mode: writeback.
[  295.764189][ T4470] FAULT_INJECTION: forcing a failure.
[  295.764189][ T4470] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  295.777246][ T4470] CPU: 1 PID: 4470 Comm: syz.3.1084 Not tainted 5.15.178-syzkaller-00013-g7d1f9b5c2ff5 #0
[  295.786912][ T4470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  295.796820][ T4470] Call Trace:
[  295.799928][ T4470]  <TASK>
[  295.802705][ T4470]  dump_stack_lvl+0x151/0x1c0
[  295.807219][ T4470]  ? io_uring_drop_tctx_refs+0x190/0x190
[  295.812692][ T4470]  dump_stack+0x15/0x20
[  295.816680][ T4470]  should_fail+0x3c6/0x510
[  295.820936][ T4470]  should_fail_usercopy+0x1a/0x20
[  295.825793][ T4470]  _copy_from_user+0x20/0xd0
[  295.830220][ T4470]  copy_from_sockptr_offset+0x76/0xb0
[  295.835427][ T4470]  do_ipt_set_ctl+0xb59/0x1200
[  295.840030][ T4470]  ? ipt_unregister_table_exit+0x210/0x210
[  295.845664][ T4470]  ? irqentry_exit_cond_resched+0x2a/0x30
[  295.851220][ T4470]  ? irqentry_exit+0x30/0x40
[  295.855649][ T4470]  ? sysvec_reschedule_ipi+0x8c/0x160
[  295.860866][ T4470]  ? irqentry_exit_cond_resched+0x2a/0x30
[  295.866412][ T4470]  ? irqentry_exit+0x30/0x40
[  295.870836][ T4470]  ? sysvec_reschedule_ipi+0x8c/0x160
[  295.876043][ T4470]  ? asm_sysvec_reschedule_ipi+0x1b/0x20
[  295.881516][ T4470]  nf_setsockopt+0x274/0x2a0
[  295.885950][ T4470]  ip_setsockopt+0x2ae7/0x4730
[  295.890540][ T4470]  ? ipv4_pktinfo_prepare+0x530/0x530
[  295.895751][ T4470]  ? find_lock_lowest_rq+0x75/0x480
[  295.900780][ T4470]  ? __kasan_check_write+0x14/0x20
[  295.905724][ T4470]  ? push_rt_task+0x46e/0x5c0
[  295.910239][ T4470]  ? _raw_spin_unlock+0x4d/0x70
[  295.914928][ T4470]  ? finish_task_switch+0x167/0x7b0
[  295.919960][ T4470]  ? requeue_task_rt+0x410/0x410
[  295.924734][ T4470]  ? __schedule+0xcd4/0x1590
[  295.929160][ T4470]  ? release_firmware_map_entry+0x190/0x190
[  295.934889][ T4470]  ? avc_has_perm_noaudit+0x348/0x430
[  295.940094][ T4470]  ? __kasan_check_read+0x11/0x20
[  295.944960][ T4470]  ? preempt_schedule_irq+0xe7/0x140
[  295.950091][ T4470]  ? __cond_resched+0x20/0x20
[  295.954591][ T4470]  ? avc_has_perm_noaudit+0x2dd/0x430
[  295.959800][ T4470]  ? irqentry_exit_cond_resched+0x2a/0x30
[  295.965350][ T4470]  ? irqentry_exit+0x30/0x40
[  295.969777][ T4470]  ? sysvec_reschedule_ipi+0x8c/0x160
[  295.974983][ T4470]  ? asm_sysvec_reschedule_ipi+0x1b/0x20
[  295.980458][ T4470]  tcp_setsockopt+0x22d/0x3800
[  295.985055][ T4470]  ? kasan_check_range+0x8b/0x2a0
[  295.989914][ T4470]  ? tcp_set_window_clamp+0x1b0/0x1b0
[  295.995120][ T4470]  ? selinux_socket_setsockopt+0x260/0x360
[  296.000762][ T4470]  ? selinux_socket_getsockopt+0x340/0x340
[  296.006405][ T4470]  sock_common_setsockopt+0xa2/0xc0
[  296.011460][ T4470]  ? sock_common_recvmsg+0x240/0x240
[  296.016560][ T4470]  __sys_setsockopt+0x4dc/0x840
[  296.021261][ T4470]  ? __ia32_sys_recv+0xb0/0xb0
[  296.025845][ T4470]  ? __kasan_check_write+0x14/0x20
[  296.030791][ T4470]  ? switch_fpu_return+0x15f/0x2e0
[  296.035737][ T4470]  __x64_sys_setsockopt+0xbf/0xd0
[  296.040599][ T4470]  x64_sys_call+0x1a2/0x9a0
[  296.044938][ T4470]  do_syscall_64+0x3b/0xb0
[  296.049189][ T4470]  ? clear_bhb_loop+0x35/0x90
[  296.053703][ T4470]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  296.059436][ T4470] RIP: 0033:0x7fbed95a7169
[  296.063696][ T4470] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  296.083127][ T4470] RSP: 002b:00007fbed7bcf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  296.091370][ T4470] RAX: ffffffffffffffda RBX: 00007fbed97c0160 RCX: 00007fbed95a7169
[  296.099189][ T4470] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 000000000000000a
[  296.106991][ T4470] RBP: 00007fbed7bcf090 R08: 00000000000002f0 R09: 0000000000000000
[  296.114807][ T4470] R10: 0000400000000380 R11: 0000000000000246 R12: 0000000000000001
[  296.122614][ T4470] R13: 0000000000000000 R14: 00007fbed97c0160 R15: 00007ffcdd0a1d88
[  296.130435][ T4470]  </TASK>
[  296.208672][ T4473] incfs: Can't find or create .index dir in ./file0
[  296.215718][ T4473] incfs: mount failed -1
[  296.258523][ T4479] loop0: detected capacity change from 0 to 256
[  296.271796][ T4475] loop6: detected capacity change from 0 to 1024
[  296.282128][ T4479] exfat: Unknown parameter 'erÎdŧ©KŒºxlrors'
[  296.352743][ T4475] EXT4-fs (loop6): Ignoring removed nobh option
[  296.361362][ T4475] EXT4-fs (loop6): Ignoring removed bh option
[  296.367288][ T4475] EXT4-fs (loop6): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  296.438279][ T4475] EXT4-fs (loop6): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x0000000000000f06,nodelalloc,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback.
[  296.556112][ T4481] loop3: detected capacity change from 0 to 40427
[  296.589039][   T30] audit: type=1326 audit(1740395264.643:3120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4497 comm="syz.0.1095" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f60e22b0169 code=0x0
[  296.695433][ T4481] F2FS-fs (loop3): Invalid SB checksum offset: 0
[  296.734319][ T4481] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[  296.817405][ T4481] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[  297.378527][   T26] usb 5-1: USB disconnect, device number 16
[  298.051854][ T4529] loop1: detected capacity change from 0 to 1024
[  298.066575][ T4509] loop4: detected capacity change from 0 to 40427
[  298.092016][ T4529] EXT4-fs (loop1): Ignoring removed orlov option
[  298.098254][ T4529] EXT4-fs (loop1): Unrecognized mount option "fsuuid=a44c4cb6-9b84-53a5-cd1b-a1094ba0" or missing value
[  298.112893][ T4509] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  298.131271][ T4509] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  298.139273][ T4534] loop0: detected capacity change from 0 to 1024
[  298.150516][ T4532] loop3: detected capacity change from 0 to 512
[  298.158060][ T4509] F2FS-fs (loop4): invalid crc value
[  298.169590][ T4509] F2FS-fs (loop4): Found nat_bits in checkpoint
[  298.191689][ T4534] EXT4-fs (loop0): Quota format mount options ignored when QUOTA feature is enabled
[  298.205528][ T4534] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[  298.239376][ T4534] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,errors=remount-ro,abort,errors=continue,dioread_nolock,jqfmt=vfsv0,nomblk_io_submit,dioread_lock,. Quota mode: writeback.
[  298.259426][ T4532] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities
[  298.348190][ T4509] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  298.355385][ T4509] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  298.386322][ T1705] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  298.412284][ T1705] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  298.456886][ T4542] incfs: Can't find or create .index dir in ./file0
[  298.463544][ T4542] incfs: mount failed -1
[  298.801438][ T4544] loop4: detected capacity change from 0 to 40427
[  298.872321][ T4544] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  298.880021][ T4544] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  298.889550][ T4544] F2FS-fs (loop4): invalid crc value
[  298.896755][ T4544] F2FS-fs (loop4): Found nat_bits in checkpoint
[  298.944020][ T4544] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  298.950930][ T4544] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  299.027009][ T3110] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  299.039121][ T3110] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  299.101366][   T26] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  299.103545][ T4553] loop0: detected capacity change from 0 to 256
[  299.153132][ T4553] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  299.155939][ T4559] loop3: detected capacity change from 0 to 512
[  299.170172][ T4553] exFAT-fs (loop0): Medium has reported failures. Some data may be lost.
[  299.181564][ T4553] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  299.212079][ T4559] EXT4-fs (loop3): Mount option "nojournal_checksum" incompatible with ext2
[  299.233851][ T4561] loop4: detected capacity change from 0 to 128
[  299.312922][ T4561] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  299.351263][   T26] usb 2-1: Using ep0 maxpacket: 32
[  299.371866][ T4561] ext4 filesystem being mounted at /219/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  299.491275][   T26] usb 2-1: config index 0 descriptor too short (expected 29220, got 36)
[  299.511242][   T26] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  299.519682][   T26] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  299.529727][   T26] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 81
[  299.549437][   T26] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  299.668836][   T26] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  299.855478][   T26] usb 2-1: config 0 descriptor??
[  300.187837][ T4588] xt_hashlimit: size too large, truncated to 1048576
[  301.215924][ T4607] loop4: detected capacity change from 0 to 256
[  301.271994][ T4607] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  301.282607][ T4607] exFAT-fs (loop4): Medium has reported failures. Some data may be lost.
[  301.321752][ T4607] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  301.358836][ T4609] loop3: detected capacity change from 0 to 512
[  301.462129][ T4612] loop4: detected capacity change from 0 to 1024
[  301.468376][ T4609] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities
[  301.541967][ T4612] EXT4-fs (loop4): Ignoring removed nobh option
[  301.548142][ T4612] EXT4-fs (loop4): Ignoring removed bh option
[  301.601286][ T4612] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  301.734069][ T4612] EXT4-fs (loop4): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x0000000000000f06,nodelalloc,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback.
[  301.913165][ T1749] usb 2-1: USB disconnect, device number 19
[  303.655806][   T30] audit: type=1326 audit(1740395271.713:3121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4640 comm="syz.0.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60e22b0169 code=0x7ffc0000
[  303.726110][   T30] audit: type=1326 audit(1740395271.743:3122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4640 comm="syz.0.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60e22b0169 code=0x7ffc0000
[  303.953855][   T30] audit: type=1326 audit(1740395271.743:3123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4640 comm="syz.0.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f60e22b2087 code=0x7ffc0000
[  304.078607][   T30] audit: type=1326 audit(1740395271.743:3124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4640 comm="syz.0.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f60e22b1ffc code=0x7ffc0000
[  304.118194][   T30] audit: type=1326 audit(1740395271.743:3125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4640 comm="syz.0.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f60e22b1f34 code=0x7ffc0000
[  304.142438][   T30] audit: type=1326 audit(1740395271.743:3126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4640 comm="syz.0.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f60e22b1f34 code=0x7ffc0000
[  304.166039][   T30] audit: type=1326 audit(1740395271.743:3127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4640 comm="syz.0.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f60e22aedca code=0x7ffc0000
[  304.274928][   T30] audit: type=1326 audit(1740395271.773:3128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4640 comm="syz.0.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60e22b0169 code=0x7ffc0000
[  304.321993][   T30] audit: type=1326 audit(1740395271.773:3129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4640 comm="syz.0.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60e22b0169 code=0x7ffc0000
[  304.642123][   T30] audit: type=1326 audit(1740395271.803:3130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4640 comm="syz.0.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f60e22b0169 code=0x7ffc0000
[  304.669416][ T4649] xt_hashlimit: size too large, truncated to 1048576
[  304.777947][ T4653] loop4: detected capacity change from 0 to 256
[  304.841489][ T4653] exfat: Unknown parameter '18446744073709551615'
[  305.243648][ T4673] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=272 sclass=netlink_route_socket pid=4673 comm=syz.3.1143
[  305.370959][  T550] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  305.621266][  T550] usb 7-1: Using ep0 maxpacket: 32
[  305.899822][  T550] usb 7-1: config index 0 descriptor too short (expected 29220, got 36)
[  305.913668][  T550] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  307.104340][ T4687] loop4: detected capacity change from 0 to 1024
[  307.192737][  T550] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  307.202719][  T550] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 81
[  307.220391][ T4687] EXT4-fs (loop4): Ignoring removed nobh option
[  307.223849][  T550] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  307.231297][ T4687] EXT4-fs (loop4): Ignoring removed bh option
[  307.235719][  T550] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  307.241718][ T4687] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  307.281547][  T550] usb 7-1: config 0 descriptor??
[  307.496741][ T4687] EXT4-fs (loop4): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x0000000000000f06,nodelalloc,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback.
[  307.788300][ T4676] loop3: detected capacity change from 0 to 40427
[  307.842608][ T4676] F2FS-fs (loop3): invalid crc value
[  308.194802][ T4676] F2FS-fs (loop3): Found nat_bits in checkpoint
[  308.729397][   T30] kauditd_printk_skb: 150 callbacks suppressed
[  308.729413][   T30] audit: type=1400 audit(1740395276.783:3281): avc:  denied  { unmount } for  pid=292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[  308.855017][ T4717] loop1: detected capacity change from 0 to 128
[  308.874270][ T4717] EXT4-fs (loop1): Test dummy encryption mode enabled
[  308.887026][ T4720] loop3: detected capacity change from 0 to 512
[  308.902142][ T4717] EXT4-fs (loop1): mounted filesystem without journal. Opts: test_dummy_encryption,,errors=continue. Quota mode: none.
[  308.902996][ T4720] EXT4-fs (loop3): Mount option "nojournal_checksum" incompatible with ext2
[  308.923362][ T4717] ext4 filesystem being mounted at /217/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  309.063640][ T4725] loop0: detected capacity change from 0 to 512
[  309.174691][ T4725] EXT4-fs (loop0): couldn't mount as ext3 due to feature incompatibilities
[  309.183521][ T4727] loop4: detected capacity change from 0 to 512
[  309.199138][  T943] usb 7-1: USB disconnect, device number 11
[  309.212634][ T4727] EXT4-fs (loop4): Mount option "nojournal_checksum" incompatible with ext2
[  309.221261][  T415] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  309.621304][  T415] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  309.637651][  T415] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  309.654563][  T415] usb 2-1: New USB device found, idVendor=5543, idProduct=0042, bcdDevice= 0.00
[  309.684968][  T415] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  309.715081][  T415] usb 2-1: config 0 descriptor??
[  309.876971][ T4738] FAULT_INJECTION: forcing a failure.
[  309.876971][ T4738] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  309.901234][ T4738] CPU: 1 PID: 4738 Comm: syz.3.1158 Not tainted 5.15.178-syzkaller-00013-g7d1f9b5c2ff5 #0
[  309.911004][ T4738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  309.920870][ T4738] Call Trace:
[  309.923988][ T4738]  <TASK>
[  309.926765][ T4738]  dump_stack_lvl+0x151/0x1c0
[  309.931280][ T4738]  ? io_uring_drop_tctx_refs+0x190/0x190
[  309.936750][ T4738]  ? _raw_spin_lock_bh+0xa4/0x1b0
[  309.941609][ T4738]  ? wait_woken+0x170/0x170
[  309.945956][ T4738]  dump_stack+0x15/0x20
[  309.949943][ T4738]  should_fail+0x3c6/0x510
[  309.954196][ T4738]  should_fail_usercopy+0x1a/0x20
[  309.959053][ T4738]  _copy_from_user+0x20/0xd0
[  309.963482][ T4738]  __copy_msghdr_from_user+0xaf/0x7c0
[  309.968696][ T4738]  ? __ia32_sys_shutdown+0x70/0x70
[  309.973632][ T4738]  ? kmem_cache_free+0x115/0x330
[  309.978409][ T4738]  ? import_iovec+0xe5/0x120
[  309.982837][ T4738]  ___sys_sendmsg+0x166/0x2e0
[  309.987348][ T4738]  ? __sys_sendmsg+0x260/0x260
[  309.991952][ T4738]  ? __kasan_check_write+0x14/0x20
[  309.996898][ T4738]  ? proc_fail_nth_write+0x20b/0x290
[  310.002023][ T4738]  ? __fdget+0x1bc/0x240
[  310.006117][ T4738]  __sys_sendmmsg+0x2bf/0x530
[  310.010613][ T4738]  ? __ia32_sys_sendmsg+0x90/0x90
[  310.015472][ T4738]  ? mutex_unlock+0xb2/0x260
[  310.019900][ T4738]  ? __kasan_check_write+0x14/0x20
[  310.024843][ T4738]  ? __ia32_sys_read+0x90/0x90
[  310.029466][ T4738]  ? debug_smp_processor_id+0x17/0x20
[  310.034647][ T4738]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  310.040559][ T4738]  __x64_sys_sendmmsg+0xa0/0xb0
[  310.045241][ T4738]  x64_sys_call+0x81d/0x9a0
[  310.049580][ T4738]  do_syscall_64+0x3b/0xb0
[  310.053827][ T4738]  ? clear_bhb_loop+0x35/0x90
[  310.058340][ T4738]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  310.064069][ T4738] RIP: 0033:0x7fbed95a7169
[  310.068319][ T4738] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  310.087769][ T4738] RSP: 002b:00007fbed7bf0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  310.096005][ T4738] RAX: ffffffffffffffda RBX: 00007fbed97c0080 RCX: 00007fbed95a7169
[  310.103817][ T4738] RDX: 0000000000000006 RSI: 0000400000006880 RDI: 0000000000000003
[  310.111644][ T4738] RBP: 00007fbed7bf0090 R08: 0000000000000000 R09: 0000000000000000
[  310.119443][ T4738] R10: 00000000200000d1 R11: 0000000000000246 R12: 0000000000000002
[  310.127251][ T4738] R13: 0000000000000000 R14: 00007fbed97c0080 R15: 00007ffcdd0a1d88
[  310.135076][ T4738]  </TASK>
[  310.312760][  T415] uclogic 0003:5543:0042.0010: unbalanced collection at end of report description
[  310.332151][  T415] uclogic 0003:5543:0042.0010: parse failed
[  310.337900][  T415] uclogic: probe of 0003:5543:0042.0010 failed with error -22
[  310.471666][ T4740] loop6: detected capacity change from 0 to 40427
[  310.555451][ T4740] F2FS-fs (loop6): Invalid SB checksum offset: 0
[  310.563044][ T4740] F2FS-fs (loop6): Can't find valid F2FS filesystem in 2th superblock
[  310.596079][ T4740] F2FS-fs (loop6): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[  310.653975][ T4749] loop0: detected capacity change from 0 to 256
[  310.750928][ T4749] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  310.777138][ T4749] exFAT-fs (loop0): Medium has reported failures. Some data may be lost.
[  310.799545][ T4749] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  310.881920][ T4753] input: syz0 as /devices/virtual/input/input5
[  310.901837][   T30] audit: type=1400 audit(1740395278.953:3282): avc:  denied  { read } for  pid=86 comm="acpid" name="event3" dev="devtmpfs" ino=1491 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  311.072686][   T30] audit: type=1400 audit(1740395278.993:3283): avc:  denied  { open } for  pid=86 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=1491 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  311.219302][   T30] audit: type=1400 audit(1740395278.993:3284): avc:  denied  { ioctl } for  pid=86 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=1491 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  311.286798][ T4763] loop0: detected capacity change from 0 to 1024
[  311.384570][   T30] audit: type=1400 audit(1740395279.443:3285): avc:  denied  { connect } for  pid=4759 comm="syz.3.1165" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  311.469089][ T4763] EXT4-fs (loop0): Quota format mount options ignored when QUOTA feature is enabled
[  311.530895][ T4763] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[  311.667292][ T4763] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,errors=remount-ro,abort,errors=continue,dioread_nolock,jqfmt=vfsv0,nomblk_io_submit,dioread_lock,. Quota mode: writeback.
[  311.756388][ T4769] loop4: detected capacity change from 0 to 512
[  311.765380][  T943] usb 2-1: USB disconnect, device number 20
[  311.803783][ T4769] EXT4-fs (loop4): Ignoring removed nobh option
[  311.846757][ T4769] fscrypt (loop4, inode 2): Error -61 getting encryption context
[  311.857562][ T4769] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -61
[  311.868768][ T4769] EXT4-fs error (device loop4): ext4_orphan_get:1401: inode #13: comm syz.4.1167: casefold flag without casefold feature
[  311.881862][ T4769] EXT4-fs error (device loop4): ext4_orphan_get:1406: comm syz.4.1167: couldn't read orphan inode 13 (err -117)
[  311.894299][ T4769] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsold,nouid32,nobh,stripe=0x000000000000ffff,block_validity,grpjquota=",errors=continue. Quota mode: writeback.
[  311.942048][ T4769] EXT4-fs (loop4): Ignoring removed orlov option
[  311.954085][ T4769] EXT4-fs (loop4): Remounting file system with no journal so ignoring journalled data option
[  311.964240][ T4769] EXT4-fs error (device loop4): ext4_remount:5846: comm syz.4.1167: Abort forced by user
[  311.974254][ T4769] EXT4-fs (loop4): Remounting filesystem read-only
[  311.980922][ T4769] EXT4-fs (loop4): re-mounted. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,minixdf,orlov,abort,delalloc,data=journal,. Quota mode: writeback.
[  312.551059][ T4785] loop4: detected capacity change from 0 to 1024
[  312.586547][ T4785] EXT4-fs (loop4): Ignoring removed nobh option
[  312.600277][ T4785] EXT4-fs (loop4): Ignoring removed bh option
[  312.897111][ T4785] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  312.992189][ T4794] loop0: detected capacity change from 0 to 256
[  313.021819][ T4785] EXT4-fs (loop4): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x0000000000000f06,nodelalloc,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback.
[  313.058242][ T4794] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  313.978530][ T4802] loop6: detected capacity change from 0 to 16
[  313.985066][ T4794] exFAT-fs (loop0): Medium has reported failures. Some data may be lost.
[  314.025635][ T4802] erofs: (device loop6): mounted with root inode @ nid 36.
[  314.232995][ T4794] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  314.432125][ T4814] loop6: detected capacity change from 0 to 512
[  314.496022][ T4818] loop0: detected capacity change from 0 to 512
[  314.503730][ T4814] EXT4-fs (loop6): mounted filesystem without journal. Opts: usrquota,grpjquota=,nodelalloc,,errors=continue. Quota mode: writeback.
[  314.517362][ T4814] ext4 filesystem being mounted at /156/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  315.090298][ T4818] EXT4-fs (loop0): Mount option "nojournal_checksum" incompatible with ext2
[  315.416888][ T4826] loop1: detected capacity change from 0 to 512
[  315.482391][ T4826] EXT4-fs (loop1): Ignoring removed nobh option
[  315.497147][ T4826] fscrypt (loop1, inode 2): Error -61 getting encryption context
[  315.519273][ T4826] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -61
[  315.545866][   T30] audit: type=1326 audit(1740395283.603:3286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4830 comm="syz.6.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffadb296169 code=0x7ffc0000
[  315.654965][ T4826] EXT4-fs error (device loop1): ext4_orphan_get:1401: inode #13: comm syz.1.1183: casefold flag without casefold feature
[  315.689911][ T4826] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.1183: couldn't read orphan inode 13 (err -117)
[  315.696783][   T30] audit: type=1326 audit(1740395283.713:3287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4830 comm="syz.6.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ffadb298087 code=0x7ffc0000
[  315.724836][   T30] audit: type=1326 audit(1740395283.713:3288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4830 comm="syz.6.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7ffadb297ffc code=0x7ffc0000
[  315.729062][ T4826] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsold,nouid32,nobh,stripe=0x000000000000ffff,block_validity,grpjquota=",errors=continue. Quota mode: writeback.
[  315.748121][   T30] audit: type=1326 audit(1740395283.713:3289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4830 comm="syz.6.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7ffadb297f34 code=0x7ffc0000
[  315.748158][   T30] audit: type=1326 audit(1740395283.713:3290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4830 comm="syz.6.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7ffadb297f34 code=0x7ffc0000
[  315.748185][   T30] audit: type=1326 audit(1740395283.713:3291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4830 comm="syz.6.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7ffadb294dca code=0x7ffc0000
[  315.767960][ T4833] syz.3.1186[4833] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  315.835745][   T30] audit: type=1326 audit(1740395283.713:3292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4830 comm="syz.6.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffadb296169 code=0x7ffc0000
[  315.903511][ T4833] syz.3.1186[4833] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  315.913204][ T4833] FAULT_INJECTION: forcing a failure.
[  315.913204][ T4833] name failslab, interval 1, probability 0, space 0, times 0
[  315.937730][   T30] audit: type=1326 audit(1740395283.713:3293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4830 comm="syz.6.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffadb296169 code=0x7ffc0000
[  315.988820][ T4833] CPU: 0 PID: 4833 Comm: syz.3.1186 Not tainted 5.15.178-syzkaller-00013-g7d1f9b5c2ff5 #0
[  315.998560][ T4833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  316.008456][ T4833] Call Trace:
[  316.011579][ T4833]  <TASK>
[  316.014356][ T4833]  dump_stack_lvl+0x151/0x1c0
[  316.018879][ T4833]  ? io_uring_drop_tctx_refs+0x190/0x190
[  316.024338][ T4833]  dump_stack+0x15/0x20
[  316.028336][ T4833]  should_fail+0x3c6/0x510
[  316.032599][ T4833]  __should_failslab+0xa4/0xe0
[  316.037194][ T4833]  should_failslab+0x9/0x20
[  316.041603][ T4833]  slab_pre_alloc_hook+0x37/0xd0
[  316.046469][ T4833]  ? p9_client_create+0x2db/0x1180
[  316.051531][ T4833]  __kmalloc_track_caller+0x6c/0x2c0
[  316.056684][ T4833]  ? p9_client_create+0x2db/0x1180
[  316.061594][ T4833]  ? p9_client_create+0x184/0x1180
[  316.066551][ T4833]  kstrdup+0x34/0x70
[  316.070278][ T4833]  p9_client_create+0x2db/0x1180
[  316.075046][ T4833]  ? p9_parse_header+0x6c0/0x6c0
[  316.079820][ T4833]  ? __kasan_kmalloc+0x9/0x10
[  316.084329][ T4833]  ? kstrdup+0x4f/0x70
[  316.088247][ T4833]  ? memset+0x35/0x40
[  316.092058][ T4833]  v9fs_session_init+0x1fa/0x19b0
[  316.096925][ T4833]  ? v9fs_show_options+0x570/0x570
[  316.101952][ T4833]  ? __kasan_kmalloc+0x9/0x10
[  316.106476][ T4833]  ? v9fs_mount+0x5f/0x7f0
[  316.110805][ T4833]  v9fs_mount+0x75/0x7f0
[  316.114885][ T4833]  legacy_get_tree+0xf1/0x190
[  316.119397][ T4833]  ? incfs_get_verity_signature+0x420/0x420
[  316.125242][ T4833]  vfs_get_tree+0x88/0x290
[  316.129476][ T4833]  do_new_mount+0x2ba/0xb30
[  316.133815][ T4833]  ? do_move_mount_old+0x160/0x160
[  316.138759][ T4833]  ? security_capable+0x87/0xb0
[  316.143451][ T4833]  ? ns_capable+0x89/0xe0
[  316.147614][ T4833]  path_mount+0x671/0x1070
[  316.151869][ T4833]  __se_sys_mount+0x2c4/0x3b0
[  316.156384][ T4833]  ? __x64_sys_mount+0xd0/0xd0
[  316.160978][ T4833]  ? debug_smp_processor_id+0x17/0x20
[  316.166189][ T4833]  __x64_sys_mount+0xbf/0xd0
[  316.170611][ T4833]  x64_sys_call+0x49d/0x9a0
[  316.174951][ T4833]  do_syscall_64+0x3b/0xb0
[  316.179202][ T4833]  ? clear_bhb_loop+0x35/0x90
[  316.183719][ T4833]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  316.189448][ T4833] RIP: 0033:0x7fbed95a7169
[  316.193699][ T4833] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  316.213137][ T4833] RSP: 002b:00007fbed7c11038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  316.221386][ T4833] RAX: ffffffffffffffda RBX: 00007fbed97bffa0 RCX: 00007fbed95a7169
[  316.229195][ T4833] RDX: 0000400000000b80 RSI: 0000400000000040 RDI: 0000000000000000
[  316.237011][ T4833] RBP: 00007fbed7c11090 R08: 0000400000000600 R09: 0000000000000000
[  316.244992][ T4833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  316.252804][ T4833] R13: 0000000000000000 R14: 00007fbed97bffa0 R15: 00007ffcdd0a1d88
[  316.260646][ T4833]  </TASK>
[  316.319410][ T4826] EXT4-fs (loop1): Ignoring removed orlov option
[  316.367205][ T4826] EXT4-fs (loop1): Remounting file system with no journal so ignoring journalled data option
[  316.398819][ T4826] EXT4-fs error (device loop1): ext4_remount:5846: comm syz.1.1183: Abort forced by user
[  316.410146][   T30] audit: type=1326 audit(1740395283.713:3294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4830 comm="syz.6.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ffadb296169 code=0x7ffc0000
[  316.437281][   T30] audit: type=1326 audit(1740395283.713:3295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4830 comm="syz.6.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffadb296169 code=0x7ffc0000
[  316.496420][ T4826] EXT4-fs (loop1): Remounting filesystem read-only
[  316.532739][ T4843] loop0: detected capacity change from 0 to 512
[  316.545174][ T4826] EXT4-fs (loop1): re-mounted. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,minixdf,orlov,abort,delalloc,data=journal,. Quota mode: writeback.
[  316.613992][ T4843] EXT4-fs (loop0): Mount option "nojournal_checksum" incompatible with ext2
[  317.089061][ T4852] FAULT_INJECTION: forcing a failure.
[  317.089061][ T4852] name failslab, interval 1, probability 0, space 0, times 0
[  317.101600][ T4852] CPU: 0 PID: 4852 Comm: syz.1.1190 Not tainted 5.15.178-syzkaller-00013-g7d1f9b5c2ff5 #0
[  317.104485][ T4853] loop4: detected capacity change from 0 to 256
[  317.111490][ T4852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  317.111508][ T4852] Call Trace:
[  317.111514][ T4852]  <TASK>
[  317.111523][ T4852]  dump_stack_lvl+0x151/0x1c0
[  317.111551][ T4852]  ? io_uring_drop_tctx_refs+0x190/0x190
[  317.111573][ T4852]  dump_stack+0x15/0x20
[  317.111592][ T4852]  should_fail+0x3c6/0x510
[  317.111613][ T4852]  __should_failslab+0xa4/0xe0
[  317.111636][ T4852]  should_failslab+0x9/0x20
[  317.160645][ T4852]  slab_pre_alloc_hook+0x37/0xd0
[  317.165416][ T4852]  kmem_cache_alloc_trace+0x48/0x270
[  317.170535][ T4852]  ? cls_bpf_init+0x51/0x150
[  317.174976][ T4852]  cls_bpf_init+0x51/0x150
[  317.179218][ T4852]  tcf_proto_create+0x202/0x2f0
[  317.183901][ T4852]  tc_new_tfilter+0x1097/0x1c00
[  317.188594][ T4852]  ? tcf_gate_entry_destructor+0x20/0x20
[  317.194068][ T4852]  ? security_capable+0x87/0xb0
[  317.198836][ T4852]  ? ns_capable+0x89/0xe0
[  317.203005][ T4852]  ? netlink_net_capable+0x125/0x160
[  317.208204][ T4852]  ? tcf_gate_entry_destructor+0x20/0x20
[  317.213677][ T4852]  rtnetlink_rcv_msg+0x776/0xc40
[  317.218449][ T4852]  ? rtnetlink_bind+0x80/0x80
[  317.222958][ T4852]  ? stack_trace_save+0x1c0/0x1c0
[  317.227823][ T4852]  ? __kernel_text_address+0x9b/0x110
[  317.233029][ T4852]  ? unwind_get_return_address+0x4d/0x90
[  317.238493][ T4852]  ? avc_has_perm_noaudit+0x348/0x430
[  317.243703][ T4852]  ? memcpy+0x56/0x70
[  317.247520][ T4852]  ? avc_has_perm_noaudit+0x2dd/0x430
[  317.252729][ T4852]  ? avc_denied+0x1b0/0x1b0
[  317.257082][ T4852]  ? avc_has_perm+0x16f/0x260
[  317.261578][ T4852]  ? ____kasan_kmalloc+0xed/0x110
[  317.266547][ T4852]  ? avc_has_perm_noaudit+0x430/0x430
[  317.271755][ T4852]  ? x64_sys_call+0x16a/0x9a0
[  317.276274][ T4852]  netlink_rcv_skb+0x1cf/0x410
[  317.280864][ T4852]  ? rtnetlink_bind+0x80/0x80
[  317.285379][ T4852]  ? netlink_ack+0xb10/0xb10
[  317.289820][ T4852]  ? __netlink_lookup+0x37b/0x3a0
[  317.294667][ T4852]  rtnetlink_rcv+0x1c/0x20
[  317.298929][ T4852]  netlink_unicast+0x8df/0xac0
[  317.303519][ T4852]  ? netlink_detachskb+0x90/0x90
[  317.308290][ T4852]  ? security_netlink_send+0x7b/0xa0
[  317.313414][ T4852]  netlink_sendmsg+0xa0a/0xd20
[  317.318013][ T4852]  ? netlink_getsockopt+0x560/0x560
[  317.323079][ T4852]  ? kmem_cache_free+0x115/0x330
[  317.327818][ T4852]  ? security_socket_sendmsg+0x82/0xb0
[  317.333124][ T4852]  ? netlink_getsockopt+0x560/0x560
[  317.338260][ T4852]  ____sys_sendmsg+0x59e/0x8f0
[  317.342863][ T4852]  ? __sys_sendmsg_sock+0x40/0x40
[  317.347724][ T4852]  ? import_iovec+0xe5/0x120
[  317.352148][ T4852]  ___sys_sendmsg+0x252/0x2e0
[  317.356662][ T4852]  ? __sys_sendmsg+0x260/0x260
[  317.361264][ T4852]  ? putname+0xfa/0x150
[  317.365269][ T4852]  ? __kasan_check_read+0x11/0x20
[  317.370117][ T4852]  ? __fdget+0x179/0x240
[  317.374219][ T4852]  __se_sys_sendmsg+0x19a/0x260
[  317.378884][ T4852]  ? __x64_sys_sendmsg+0x90/0x90
[  317.383692][ T4852]  ? ksys_write+0x24f/0x2c0
[  317.388017][ T4852]  ? debug_smp_processor_id+0x17/0x20
[  317.393212][ T4852]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  317.399106][ T4852]  __x64_sys_sendmsg+0x7b/0x90
[  317.403713][ T4852]  x64_sys_call+0x16a/0x9a0
[  317.408050][ T4852]  do_syscall_64+0x3b/0xb0
[  317.412313][ T4852]  ? clear_bhb_loop+0x35/0x90
[  317.416824][ T4852]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  317.422554][ T4852] RIP: 0033:0x7f0d6283b169
[  317.426791][ T4852] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  317.446407][ T4852] RSP: 002b:00007f0d60ea5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  317.454645][ T4852] RAX: ffffffffffffffda RBX: 00007f0d62a53fa0 RCX: 00007f0d6283b169
[  317.462458][ T4852] RDX: 0000000000000000 RSI: 0000400000006040 RDI: 0000000000000003
[  317.470271][ T4852] RBP: 00007f0d60ea5090 R08: 0000000000000000 R09: 0000000000000000
[  317.478180][ T4852] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  317.485990][ T4852] R13: 0000000000000000 R14: 00007f0d62a53fa0 R15: 00007ffc2446ee08
[  317.493807][ T4852]  </TASK>
[  317.584693][ T4853] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  317.641305][ T4853] exFAT-fs (loop4): Medium has reported failures. Some data may be lost.
[  317.667774][ T4853] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  318.740891][ T4866] loop3: detected capacity change from 0 to 256
[  319.083954][ T4866] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  319.094665][ T4866] exFAT-fs (loop3): Medium has reported failures. Some data may be lost.
[  319.115068][ T4866] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  319.893841][ T4871] loop1: detected capacity change from 0 to 1024
[  320.045484][ T4871] EXT4-fs (loop1): Ignoring removed nobh option
[  320.055888][ T4871] EXT4-fs (loop1): Ignoring removed bh option
[  320.062797][ T4871] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  320.075703][ T4874] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1198'.
[  320.940223][ T4871] EXT4-fs (loop1): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x0000000000000f06,nodelalloc,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback.
[  321.024059][ T4893] loop3: detected capacity change from 0 to 512
[  321.041982][ T4894] loop6: detected capacity change from 0 to 512
[  321.153208][ T4894] EXT4-fs (loop6): mounted filesystem without journal. Opts: sb=0x0000000000000001,nodioread_nolock,,errors=continue. Quota mode: writeback.
[  321.167721][ T4894] ext4 filesystem being mounted at /159/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  321.193263][ T4893] EXT4-fs (loop3): Ignoring removed nobh option
[  321.204514][ T4892] bridge0: port 3(syz_tun) entered blocking state
[  321.210929][ T4892] bridge0: port 3(syz_tun) entered disabled state
[  321.220068][ T4893] fscrypt (loop3, inode 2): Error -61 getting encryption context
[  321.221607][ T4892] device syz_tun entered promiscuous mode
[  321.227927][ T4893] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -61
[  321.672286][ T4892] bridge0: port 3(syz_tun) entered blocking state
[  321.678570][ T4892] bridge0: port 3(syz_tun) entered forwarding state
[  321.703819][ T4893] EXT4-fs error (device loop3): ext4_orphan_get:1401: inode #13: comm syz.3.1201: casefold flag without casefold feature
[  321.765803][ T4893] EXT4-fs error (device loop3): ext4_orphan_get:1406: comm syz.3.1201: couldn't read orphan inode 13 (err -117)
[  321.965010][ T4893] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsold,nouid32,nobh,stripe=0x000000000000ffff,block_validity,grpjquota=",errors=continue. Quota mode: writeback.
[  322.015041][ T4891] EXT4-fs (loop3): Ignoring removed orlov option
[  322.028219][ T4891] EXT4-fs (loop3): Remounting file system with no journal so ignoring journalled data option
[  322.039102][ T4891] EXT4-fs error (device loop3): ext4_remount:5846: comm syz.3.1201: Abort forced by user
[  322.049003][ T4891] EXT4-fs (loop3): Remounting filesystem read-only
[  322.055716][ T4891] EXT4-fs (loop3): re-mounted. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,minixdf,orlov,abort,delalloc,data=journal,. Quota mode: writeback.
[  322.099368][ T4915] loop0: detected capacity change from 0 to 256
[  322.111035][   T30] kauditd_printk_skb: 44 callbacks suppressed
[  322.111055][   T30] audit: type=1326 audit(1740395290.173:3340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4916 comm="syz.6.1207" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ffadb296169 code=0x0
[  322.148666][ T4919] loop3: detected capacity change from 0 to 512
[  322.161959][ T4915] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  322.172578][ T4919] EXT4-fs (loop3): Mount option "nojournal_checksum" incompatible with ext2
[  322.181790][ T4915] exFAT-fs (loop0): Medium has reported failures. Some data may be lost.
[  322.195295][ T4915] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  322.309583][ T4912] loop4: detected capacity change from 0 to 40427
[  322.320847][ T4924] loop0: detected capacity change from 0 to 1024
[  322.365720][ T4912] F2FS-fs (loop4): fault_injection options not supported
[  322.379693][ T4912] F2FS-fs (loop4): invalid crc value
[  322.386256][ T4912] F2FS-fs (loop4): Found nat_bits in checkpoint
[  322.422402][ T4924] EXT4-fs (loop0): Quota format mount options ignored when QUOTA feature is enabled
[  322.445638][ T4912] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  322.445633][ T4924] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[  322.479627][ T4924] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,errors=remount-ro,abort,errors=continue,dioread_nolock,jqfmt=vfsv0,nomblk_io_submit,dioread_lock,. Quota mode: writeback.
[  322.506964][   T30] audit: type=1400 audit(1740395290.563:3341): avc:  denied  { create } for  pid=4911 comm="syz.4.1206" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  322.509578][ T4912] handle_bad_sector: 5 callbacks suppressed
[  322.509599][ T4912] attempt to access beyond end of device
[  322.509599][ T4912] loop4: rw=2049, want=45224, limit=40427
[  322.541218][   T30] audit: type=1400 audit(1740395290.563:3342): avc:  denied  { write } for  pid=4911 comm="syz.4.1206" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  322.574715][ T4912] attempt to access beyond end of device
[  322.574715][ T4912] loop4: rw=2049, want=45224, limit=40427
[  322.594197][   T30] audit: type=1400 audit(1740395290.633:3343): avc:  denied  { create } for  pid=4911 comm="syz.4.1206" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=chr_file permissive=1
[  322.651738][  T293] attempt to access beyond end of device
[  322.651738][  T293] loop4: rw=2049, want=45248, limit=40427
[  323.056784][ T4948] loop1: detected capacity change from 0 to 1024
[  323.102846][ T4959] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1221'.
[  323.150978][   T30] audit: type=1400 audit(1740395291.203:3344): avc:  denied  { setopt } for  pid=4965 comm="syz.6.1225" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  323.173690][ T4948] EXT4-fs (loop1): Ignoring removed nobh option
[  323.179969][ T4948] EXT4-fs (loop1): Ignoring removed bh option
[  323.182487][   T30] audit: type=1400 audit(1740395291.233:3345): avc:  denied  { create } for  pid=4972 comm="syz.0.1228" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  323.186216][  T550] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  323.241254][ T4948] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  323.256326][   T30] audit: type=1400 audit(1740395291.273:3346): avc:  denied  { create } for  pid=4965 comm="syz.6.1225" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  323.294360][ T4948] EXT4-fs (loop1): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x0000000000000f06,nodelalloc,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback.
[  323.328867][ T4983] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1232'.
[  323.330439][   T30] audit: type=1400 audit(1740395291.273:3347): avc:  denied  { bind } for  pid=4972 comm="syz.0.1228" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  323.363089][   T30] audit: type=1400 audit(1740395291.273:3348): avc:  denied  { write } for  pid=4972 comm="syz.0.1228" path="socket:[33694]" dev="sockfs" ino=33694 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  323.387517][   T30] audit: type=1400 audit(1740395291.273:3349): avc:  denied  { nlmsg_read } for  pid=4972 comm="syz.0.1228" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  323.419054][ T4988] bridge0: port 1(bridge_slave_0) entered disabled state
[  323.440475][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  323.467936][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[  323.474950][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[  323.512464][  T550] usb 5-1: Using ep0 maxpacket: 32
[  323.519400][ T5003] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1241'.
[  323.631333][  T550] usb 5-1: config index 0 descriptor too short (expected 29220, got 36)
[  323.647336][  T550] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  323.674727][  T550] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  323.709997][  T550] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81
[  323.760416][  T550] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  323.813602][  T550] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[  323.869885][  T550] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  323.896589][  T550] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  323.920604][  T550] usb 5-1: config 0 descriptor??
[  323.953744][ T5031] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=5031 comm=syz.3.1255
[  323.979796][ T5031] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1255'.
[  324.017544][ T5029] bridge0: port 1(bridge_slave_0) entered blocking state
[  324.024527][ T5029] bridge0: port 1(bridge_slave_0) entered disabled state
[  324.040899][ T5029] device bridge_slave_0 entered promiscuous mode
[  324.053964][ T5029] bridge0: port 2(bridge_slave_1) entered blocking state
[  324.065198][ T5029] bridge0: port 2(bridge_slave_1) entered disabled state
[  324.073340][ T5029] device bridge_slave_1 entered promiscuous mode
[  324.090905][ T5045] ==================================================================
[  324.098801][ T5045] BUG: KASAN: slab-out-of-bounds in xfrm_policy_inexact_list_reinsert+0x5b0/0x660
[  324.107929][ T5045] Read of size 1 at addr ffff888127003bf8 by task syz.3.1260/5045
[  324.115581][ T5045] 
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  324.117729][ T5045] CPU: 0 PID: 5045 Comm: syz.3.1260 Not tainted 5.15.178-syzkaller-00013-g7d1f9b5c2ff5 #0
[  324.127464][ T5045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  324.137351][ T5045] Call Trace:
[  324.140470][ T5045]  <TASK>
[  324.143253][ T5045]  dump_stack_lvl+0x151/0x1c0
[  324.147790][ T5045]  ? io_uring_drop_tctx_refs+0x190/0x190
[  324.153230][ T5045]  ? panic+0x760/0x760
[  324.157144][ T5045]  print_address_description+0x87/0x3b0
[  324.162525][ T5045]  ? stack_trace_save+0x113/0x1c0
[  324.167381][ T5045]  ? ___sys_sendmsg+0x252/0x2e0
[  324.172065][ T5045]  kasan_report+0x179/0x1c0
[  324.176404][ T5045]  ? xfrm_policy_inexact_list_reinsert+0x5b0/0x660
[  324.182917][ T5045]  ? xfrm_policy_inexact_list_reinsert+0x5b0/0x660
[  324.189252][ T5045]  __asan_report_load1_noabort+0x14/0x20
[  324.194728][ T5045]  xfrm_policy_inexact_list_reinsert+0x5b0/0x660
[  324.200877][ T5045]  ? ____kasan_kmalloc+0xed/0x110
[  324.205742][ T5045]  ? ____kasan_kmalloc+0xdb/0x110
[  324.210606][ T5045]  ? xfrm_policy_addr_delta+0x23b/0x370
[  324.216603][ T5045]  xfrm_policy_inexact_insert_node+0x917/0xb00
[  324.222678][ T5045]  ? entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  324.228578][ T5045]  ? xfrm_policy_inexact_alloc_bin+0x5ad/0x13f0
[  324.234655][ T5045]  xfrm_policy_inexact_alloc_chain+0x4ec/0xaf0
[  324.240645][ T5045]  xfrm_policy_inexact_insert+0x6a/0x1160
[  324.246198][ T5045]  ? __kasan_check_write+0x14/0x20
[  324.251147][ T5045]  ? _raw_spin_lock_bh+0xa4/0x1b0
[  324.255998][ T5045]  ? policy_hash_bysel+0x137/0x700
[  324.260948][ T5045]  xfrm_policy_insert+0xe7/0x940
[  324.265718][ T5045]  xfrm_add_policy+0x4f2/0x980
[  324.270320][ T5045]  ? cap_capable+0x1d2/0x270
[  324.274746][ T5045]  ? xfrm_dump_sa_done+0xc0/0xc0
[  324.279609][ T5045]  xfrm_user_rcv_msg+0x4f3/0x7d0
[  324.284385][ T5045]  ? xfrm_netlink_rcv+0x90/0x90
[  324.289071][ T5045]  ? avc_has_perm+0x16f/0x260
[  324.293581][ T5045]  ? ____kasan_kmalloc+0xed/0x110
[  324.298441][ T5045]  ? avc_has_perm_noaudit+0x430/0x430
[  324.303953][ T5045]  ? x64_sys_call+0x16a/0x9a0
[  324.308552][ T5045]  netlink_rcv_skb+0x1cf/0x410
[  324.313148][ T5045]  ? xfrm_netlink_rcv+0x90/0x90
[  324.317846][ T5045]  ? netlink_ack+0xb10/0xb10
[  324.322271][ T5045]  ? mutex_lock+0xb6/0x1e0
[  324.326522][ T5045]  ? wait_for_completion_killable_timeout+0x10/0x10
[  324.332945][ T5045]  ? __netlink_lookup+0x37b/0x3a0
[  324.337800][ T5045]  xfrm_netlink_rcv+0x72/0x90
[  324.342402][ T5045]  netlink_unicast+0x8df/0xac0
[  324.346997][ T5045]  ? netlink_detachskb+0x90/0x90
[  324.351772][ T5045]  ? security_netlink_send+0x7b/0xa0
[  324.356894][ T5045]  netlink_sendmsg+0xa0a/0xd20
[  324.361492][ T5045]  ? netlink_getsockopt+0x560/0x560
[  324.366521][ T5045]  ? x64_sys_call+0x147/0x9a0
[  324.371037][ T5045]  ? security_socket_sendmsg+0x82/0xb0
[  324.376331][ T5045]  ? netlink_getsockopt+0x560/0x560
[  324.381449][ T5045]  ____sys_sendmsg+0x59e/0x8f0
[  324.386051][ T5045]  ? __sys_sendmsg_sock+0x40/0x40
[  324.390914][ T5045]  ? import_iovec+0xe5/0x120
[  324.395342][ T5045]  ___sys_sendmsg+0x252/0x2e0
[  324.399850][ T5045]  ? __sys_sendmsg+0x260/0x260
[  324.404450][ T5045]  ? percpu_counter_add_batch+0x13d/0x160
[  324.410014][ T5045]  ? __fdget+0x1bc/0x240
[  324.414084][ T5045]  __se_sys_sendmsg+0x19a/0x260
[  324.418771][ T5045]  ? __x64_sys_sendmsg+0x90/0x90
[  324.423546][ T5045]  ? __kasan_check_write+0x14/0x20
[  324.428494][ T5045]  ? switch_fpu_return+0x15f/0x2e0
[  324.433444][ T5045]  __x64_sys_sendmsg+0x7b/0x90
[  324.438039][ T5045]  x64_sys_call+0x16a/0x9a0
[  324.442381][ T5045]  do_syscall_64+0x3b/0xb0
[  324.446635][ T5045]  ? clear_bhb_loop+0x35/0x90
[  324.451260][ T5045]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  324.456990][ T5045] RIP: 0033:0x7fbed95a7169
[  324.461246][ T5045] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  324.480688][ T5045] RSP: 002b:00007fbed7c11038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  324.489104][ T5045] RAX: ffffffffffffffda RBX: 00007fbed97bffa0 RCX: 00007fbed95a7169
[  324.496911][ T5045] RDX: 0000000000000000 RSI: 0000400000000580 RDI: 0000000000000005
[  324.504729][ T5045] RBP: 00007fbed96282a0 R08: 0000000000000000 R09: 0000000000000000
[  324.512534][ T5045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  324.520346][ T5045] R13: 0000000000000000 R14: 00007fbed97bffa0 R15: 00007ffcdd0a1d88
[  324.528163][ T5045]  </TASK>
[  324.531025][ T5045] 
[  324.533206][ T5045] Allocated by task 5045:
[  324.537366][ T5045]  ____kasan_kmalloc+0xdb/0x110
[  324.542046][ T5045]  __kasan_kmalloc+0x9/0x10
[  324.546385][ T5045]  __kmalloc+0x13f/0x2c0
[  324.550462][ T5045]  sk_prot_alloc+0xf9/0x330
[  324.554803][ T5045]  sk_alloc+0x38/0x430
[  324.558709][ T5045]  pfkey_create+0x12c/0x620
[  324.563065][ T5045]  __sock_create+0x3be/0x7e0
[  324.567474][ T5045]  __sys_socket+0x132/0x370
[  324.571811][ T5045]  __x64_sys_socket+0x7a/0x90
[  324.576328][ T5045]  x64_sys_call+0x147/0x9a0
[  324.580667][ T5045]  do_syscall_64+0x3b/0xb0
[  324.584918][ T5045]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  324.590650][ T5045] 
[  324.592815][ T5045] Last potentially related work creation:
[  324.598370][ T5045]  kasan_save_stack+0x3b/0x60
[  324.602891][ T5045]  __kasan_record_aux_stack+0xd3/0xf0
[  324.608095][ T5045]  kasan_record_aux_stack_noalloc+0xb/0x10
[  324.613735][ T5045]  insert_work+0x56/0x320
[  324.617899][ T5045]  __queue_work+0x92a/0xcd0
[  324.622237][ T5045]  queue_work_on+0x105/0x170
[  324.626676][ T5045]  bpf_prog_free+0x13c/0x150
[  324.631094][ T5045]  __bpf_prog_put_rcu+0xaf/0xc0
[  324.635894][ T5045]  rcu_do_batch+0x57a/0xc10
[  324.640226][ T5045]  rcu_core+0x517/0x1020
[  324.644307][ T5045]  rcu_core_si+0x9/0x10
[  324.648296][ T5045]  handle_softirqs+0x25e/0x5c0
[  324.652902][ T5045]  __irq_exit_rcu+0x52/0xf0
[  324.657235][ T5045]  irq_exit_rcu+0x9/0x10
[  324.661317][ T5045]  sysvec_apic_timer_interrupt+0xa9/0xc0
[  324.666785][ T5045]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[  324.672597][ T5045] 
[  324.674791][ T5045] Second to last potentially related work creation:
[  324.681193][ T5045]  kasan_save_stack+0x3b/0x60
[  324.685709][ T5045]  __kasan_record_aux_stack+0xd3/0xf0
[  324.690909][ T5045]  kasan_record_aux_stack_noalloc+0xb/0x10
[  324.696568][ T5045]  call_rcu+0x123/0x10b0
[  324.700630][ T5045]  __bpf_prog_put_noref+0x291/0x2c0
[  324.705673][ T5045]  bpf_prog_put_deferred+0x2ee/0x3e0
[  324.710797][ T5045]  bpf_prog_release+0x27d/0x290
[  324.715485][ T5045]  __fput+0x228/0x8c0
[  324.719289][ T5045]  ____fput+0x15/0x20
[  324.723108][ T5045]  task_work_run+0x129/0x190
[  324.727542][ T5045]  exit_to_user_mode_loop+0xc4/0xe0
[  324.732580][ T5045]  exit_to_user_mode_prepare+0x5a/0xa0
[  324.737866][ T5045]  syscall_exit_to_user_mode+0x26/0x160
[  324.743335][ T5045]  do_syscall_64+0x47/0xb0
[  324.747586][ T5045]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  324.753965][ T5045] 
[  324.756089][ T5045] The buggy address belongs to the object at ffff888127003800
[  324.756089][ T5045]  which belongs to the cache kmalloc-1k of size 1024
[  324.769979][ T5045] The buggy address is located 1016 bytes inside of
[  324.769979][ T5045]  1024-byte region [ffff888127003800, ffff888127003c00)
[  324.783260][ T5045] The buggy address belongs to the page:
[  324.788739][ T5045] page:ffffea00049c0000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x127000
[  324.798801][ T5045] head:ffffea00049c0000 order:3 compound_mapcount:0 compound_pincount:0
[  324.806958][ T5045] flags: 0x4000000000010200(slab|head|zone=1)
[  324.812877][ T5045] raw: 4000000000010200 dead000000000100 dead000000000122 ffff888100043080
[  324.821287][ T5045] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[  324.829698][ T5045] page dumped because: kasan: bad access detected
[  324.835962][ T5045] page_owner tracks the page as allocated
[  324.841495][ T5045] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd60c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 292, ts 22971266553, free_ts 0
[  324.861241][ T5045]  post_alloc_hook+0x1a3/0x1b0
[  324.865797][ T5045]  prep_new_page+0x1b/0x110
[  324.870133][ T5045]  get_page_from_freelist+0x3550/0x35d0
[  324.875674][ T5045]  __alloc_pages+0x27e/0x8f0
[  324.880088][ T5045]  new_slab+0x9a/0x4e0
[  324.883994][ T5045]  ___slab_alloc+0x39e/0x830
[  324.888419][ T5045]  __slab_alloc+0x4a/0x90
[  324.892583][ T5045]  __kmalloc+0x172/0x2c0
[  324.896668][ T5045]  kvmalloc_node+0x1f0/0x4d0
[  324.901090][ T5045]  alloc_netdev_mqs+0x5c4/0xc90
[  324.905777][ T5045]  rtnl_create_link+0x2e1/0x9d0
[  324.910472][ T5045]  rtnl_newlink+0x13dc/0x2050
[  324.914977][ T5045]  rtnetlink_rcv_msg+0x951/0xc40
[  324.919750][ T5045]  netlink_rcv_skb+0x1cf/0x410
[  324.924351][ T5045]  rtnetlink_rcv+0x1c/0x20
[  324.928604][ T5045]  netlink_unicast+0x8df/0xac0
[  324.933205][ T5045] page_owner free stack trace missing
[  324.938423][ T5045] 
[  324.940589][ T5045] Memory state around the buggy address:
[  324.946061][ T5045]  ffff888127003a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  324.953952][ T5045]  ffff888127003b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  324.961861][ T5045] >ffff888127003b80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[  324.969745][ T5045]                                                                 ^
[  324.977567][ T5045]  ffff888127003c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  324.985453][ T5045]  ffff888127003c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  324.993349][ T5045] ==================================================================
[  325.001248][ T5045] Disabling lock debugging due to kernel taint
[  325.121920][ T4995] bridge0: port 3(syz_tun) entered disabled state
[  325.129546][ T4995] device syz_tun left promiscuous mode
[  325.135209][ T4995] bridge0: port 3(syz_tun) entered disabled state
[  325.271668][  T550] usb 5-1: USB disconnect, device number 17
[  325.632236][ T1206] device bridge_slave_1 left promiscuous mode
[  325.638207][ T1206] bridge0: port 2(bridge_slave_1) entered disabled state
[  325.646219][ T1206] device veth1_macvtap left promiscuous mode
[  325.652093][ T1206] device veth0_vlan left promiscuous mode
[  327.093492][ T1206] device bridge_slave_1 left promiscuous mode
[  327.099437][ T1206] bridge0: port 2(bridge_slave_1) entered disabled state
[  327.106867][ T1206] device bridge_slave_0 left promiscuous mode
[  327.113093][ T1206] bridge0: port 1(bridge_slave_0) entered disabled state
[  327.121424][ T1206] device bridge_slave_1 left promiscuous mode
[  327.127381][ T1206] bridge0: port 2(bridge_slave_1) entered disabled state
[  327.134918][ T1206] device bridge_slave_0 left promiscuous mode
[  327.140875][ T1206] bridge0: port 1(bridge_slave_0) entered disabled state
[  327.148754][ T1206] device bridge_slave_1 left promiscuous mode
[  327.154740][ T1206] bridge0: port 2(bridge_slave_1) entered disabled state
[  327.162185][ T1206] bridge0: port 1(bridge_slave_0) entered disabled state
[  327.169921][ T1206] device bridge_slave_1 left promiscuous mode
[  327.175990][ T1206] bridge0: port 2(bridge_slave_1) entered disabled state
[  327.183330][ T1206] device bridge_slave_0 left promiscuous mode
[  327.189276][ T1206] bridge0: port 1(bridge_slave_0) entered disabled state
[  327.197242][ T1206] device bridge_slave_1 left promiscuous mode
[  327.203299][ T1206] bridge0: port 2(bridge_slave_1) entered disabled state
[  327.210612][ T1206] device bridge_slave_0 left promiscuous mode
[  327.216610][ T1206] bridge0: port 1(bridge_slave_0) entered disabled state
[  327.225132][ T1206] device veth1_macvtap left promiscuous mode
[  327.230955][ T1206] device veth0_vlan left promiscuous mode
[  327.236886][ T1206] device veth1_macvtap left promiscuous mode
[  327.242907][ T1206] device veth1_macvtap left promiscuous mode
[  327.248743][ T1206] device veth0_vlan left promiscuous mode
[  327.254873][ T1206] device veth1_macvtap left promiscuous mode
[  327.260697][ T1206] device veth0_vlan left promiscuous mode