last executing test programs:

1m0.38467633s ago: executing program 2 (id=716):
syz_read_part_table(0x5df, &(0x7f0000000000)="$eJzs3DGIE1kYB/CXIBEFETs7gykichAh3UkEDXGQgAnBQ4s70c4t0qyVRYxgQCzMNhE5Gy0UYQ1aaCUiCCImFkIqUXavuN1l2eJY2CawLHMEZrvjYG/JHQe/Hzx4b97/zcfHMOVM4H8tHf6I4zgVQoj37vz0T/OVs+ey9dONCyGkwi8hhN/zs79OdlJJYvuuR5P1YrIuvt3TvDcf3en2Dhx+nd38nE72byVjZfjw8q6bY+qOXT/+/sh4dOhNNTwenBqc3N+8dK2fL7f7X+qvzjzNPtt+7oUp1X9Z+njwdmc26t4ozXyNWkvRanpjPTr/4FEhM9du5NdOJLkrU6rf3LqYef7kQ7mzvK/4qVqr9V58v59rVd51bo6GuW/ju1eT3MI/eLsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPj3Hbt+/P2R8ejQm2p4PDg1OLm/eelaP19u97/UX515mn12NMkVplT/Zenjwdud2ah7ozTzNWotRavpjfXo/INHhcxcu5FfO5HkrvzV4TiO27us39y6mHn+5EO5s7yv+Klaq/VefL+fa1XedW6Ohrlv47tXk9zC3l0WAgAAAAAAAAAAAAAAAAAAgL9ROXsuWz/duDCZ/xxC+GHmx7nJPE6+d08lue3/ACxOrqdDKL7d07w3H93p9g4cfp3d/Pxbkr+VjJXhw8v/QTvs0J8BAAD//9odjZ8=")
socket$inet6(0xa, 0x2, 0x0)
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
r1 = dup2(r0, r0)
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000700)={0x3, 0x0, 0x98, &(0x7f0000000640)={0x7ff, 0x9, 0xe}})

1m0.302812401s ago: executing program 2 (id=718):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0)
ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f00000002c0)={0x3f})
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3)
write$uinput_user_dev(r0, &(0x7f0000001740)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff5f08, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7fffffff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0xffffffff, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], [0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xac6d]}, 0x45c)

1m0.231150192s ago: executing program 2 (id=720):
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000, 0x0, 0x0, 0x8})
syz_mount_image$exfat(0x0, &(0x7f00000000c0)='./bus\x00', 0x808, 0x0, 0x0, 0x0, &(0x7f00000000c0))
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x10000, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './bus'}}], [], 0x2c})
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, 0x0)

1m0.153598153s ago: executing program 2 (id=722):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x400, &(0x7f0000000080)={[{@noblock_validity}, {@stripe={'stripe', 0x3d, 0x2}}]}, 0x1, 0x4a6, &(0x7f0000000a40)="$eJzs3c9rXNUeAPDvzDRpkua9/niPR9sHr4U+6HtKM/mBNFEXulIXBbHgRqHGZBprJpmQmdQmdJHqrgsXoiiIC/f+BW7syiKIa92LC6lojaCCMHLvzKT5NXXQNAO5nw/czrn33M73nAzfw51z750bQGadTv7JRQxGxBcRcbixunmH042XtbvXp5IlF/X6xe9z6X7JemvX1v87FBGrEdEXEc89FfFybnvc6vLK7GS5XFpsrhdrcwvF6vLKuStzkzOlmdL8yPj5iYnx4bHRiV3r6803X7154eNnej/6+Y07t9/69JOkWYPNuo392E2NrvfE0Q3bDkTE4w8iWBcUmv3p73ZD+FOSz+8fEXEmzf/DUUg/TSAL6vV6/bf6wXbVq3Vg38qnx8C5/FBENMr5/NBQ4xj+nzGQL1eqtYcvV5bmpxvHykeiJ3/5Srk03PyucCR6csn6SFq+tz66ZX0sIj0GfrvQn64PTVXK03s71AFbHNqS/z8VGvkPZISv/JBd8h+yS/5Ddsl/yC75D9kl/yG75D9kl/yH7JL/kF3yH7JL/kMmPXvhQrLUW/e/T19dXpqtXD03XarODs0tTQ1NVRYXhmYqlZn0np25P3q/cqWyMPJILF0r1krVWrG6vHJprrI0X7uU3td/qdSzJ70COnH01K2vchGx+mh/uiR6m3VyFfa3ej0X3b4HGeiOQrcHIKBrTP1BdvmOD+zwE72b9LWrWNj9tgB7I9/tBgBdc/aE83+QVeb/IbvM/0N2OcYHzP9D9pj/h+wabPP8r79teHbXcET8PSK+LPQcbD3rC9gP8t/mmsf/Zw//d3BrbW/ul/QUQW9EvPb+xXevTdZqiyPJ9h/Wt9fea24f7Ub7gU618rSVxwBAdq3dvT7VWvYy7ndPNi5C2B7/QHNusi89Rzmwltt0rUJul65dWL0REcd3ip9rPu+8ceZjYK2wLf6x5muu8RZpew+kz03fm/gnNsT/z4b4J//yXwWy4VYy/gzvlH/5NKdjPf82jz+Du3TtRPvxL78+/hXajH+nOozxygevf9M2/o2IkzvGb8XrS2NtjZ+07WyH8e+8+Py/2tXVP2y8z07xW5JSsTa3UKwur5xLf0dupjQ/Mn5+YmJ8eGx0opjOURdbM9XbPXb889v36/9Am/jt+v9Es03/77D/v/77sxdO3yf+/87s/PkfaxM/0R8RD3UY/8fRr19qV5fEn27T//x94ifbxjqMX33n6YMd7goA7IHq8srsZLlcWlRQUFBYL3R7ZAIetHtJ3+2WAAAAAAAAAAAAAJ3ai8uJu91HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID94PcAAAD//5j81ps=")
r0 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0)
write$binfmt_register(r0, &(0x7f0000000140)={0x3a, 'syz2', 0x3a, 'E', 0x3a, 0x2007, 0x3a, 'M', 0x3a, '\x84\xa3\xea\xd6O\x89|\xeb\x80\xf0\xe96\xf4`&\xd4E\xe7L\x82n;H\xd8\xdf\x9a, \\E\xd4\xab\x1ed', 0x3a, './file2', 0x3a, [0x46]}, 0x4b)
syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1258438, &(0x7f0000000f80)=ANY=[], 0xb, 0x0, &(0x7f0000000000))

59.937832575s ago: executing program 2 (id=730):
bpf$TOKEN_CREATE(0x24, &(0x7f0000000000), 0x8)
close(0xffffffffffffffff)
recvmsg$unix(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000700)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d640500000000006504040001001f000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000c74396c8e3ebbadc20e5a7ef8c9ac1465c4d40c9fc564e0bbfc7553358380b3a1f59916ffc9bf0bdf81524f07fb2819bf5774fedda52e39c90af27db5b56024df96b4673b4e8d5467e114604ea09b290a248a120c9c6e69f603ff0e80677eeba68562eb8ae2bcd87cef9000000a39c15a7ef365cc27dfeac7bb40e9048517354b0ca4f9cf8b59ee6fa003fe1f2c4c15f20a07db4583a462d8be6602186fd68ee14a19e9b5381791cbf0ceb42122b8635a66ce6b5b92356081bc0f18a0ca83dbc08c2daa235197f1496679a9813c1efa26001b3f486ebfaae85c4d0b96778478ae5355e6f923b1105696904fa93fa915ab8e1e0d7f31ebd19455e6827cd493907bf9d00"/382], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x2ca, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0x2f9, 0x304, &(0x7f0000000040)="b90103600040f000009e0ff008001fffffe1000087e9450077fbac141411ac1414e0be3e7d2a182fff", 0x0, 0x104, 0x6000000000000000, 0x0, 0xfeb9, &(0x7f0000000400)="9209558f0c5fb25cd57f98113135c3171b8b331fbc04f0e6955a796ff8e3aae3cac46cec3030dfc999058aea01f0e6dcf2f9d480d328655aca003927bd50ed49d4843c8a0a2a4b26ceb747947200bd644c85e7a8a7d7cfce840c02a7d69c9e0bca410f64d43290abbbf3131e1fa8bd8c3e5f19d5a491d3d4c1a0fe47de9eebaf073ac3da6256bdb681d18fbd607c9b0d710442bcf78bc36fd3c035812bde582a262bff0e4d6181c818fccf542868c6e602d97bea23a101955dc76bcc984142ab305387aa348566d688edd291a3e9d08952adbdf60462bb7f7faebcdfccf17115708b0d73d0f3a469ce7d8374219b3f92c92bcec4958d474bb281c26691949d054b784a5866f081e53eb9cfd7"}, 0x28)

59.881982696s ago: executing program 2 (id=733):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x181040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000000)=0x9)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, 0x0)

59.778907808s ago: executing program 32 (id=733):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x181040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000000)=0x9)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, 0x0)

12.899203441s ago: executing program 5 (id=2015):
openat$sndtimer(0xffffffffffffff9c, &(0x7f00000003c0), 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040))
epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000c40)={0x2000000b})

12.882726081s ago: executing program 5 (id=2018):
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000280)='./file0\x00', 0x3200884, &(0x7f0000000240)=ANY=[], 0x1, 0x1242, &(0x7f0000001900)="$eJzs3E9rHGUcB/DfJhuTTc0ftf7rQR/qxdPQ5OBJ0CApSPYg1QitIG7tBpeMuyGzBCJq68mr4LsQj94E8Q148S147MVjD8KIO5tk86epkbIJ9vO5zG/neb77zPCwC88wM/ff/O7zzY0i22j1Y6JWi4mtiPQgRYqJ2PPKWrW9eWttpdlcvZHS9ZUPlt5IKc2/+stHX/549df+pQ9/mv95On5b/Pj+n8sRce+f/p91itQpUrfXT610u9frt27n7cnoFJtZSu/l7VbRTp1u0d4ebU8beW9raze1unfmZre220WRWt3dtNneTf1eqg8PqZuyLEtzs8ER0429aupY2ydHd67/8KAsy4iynIqnoizLshGzcSmejrmYH0ziM/FsPBeX4/l4IV6Ml+LlQa/xnAoAAAAAAAAAAAAAAAAAAAA8KU57/n8hFj3/DwAAAAAAAAAAAAAAAAAAAGPw/s1bayvN5uqNlGYi8m931nfWq23VvrIRncijHddiIf6KwdP/laq+/m5z9VoaWIxv8rvD/N2d9cnD+aXB6wSG+fqgbS+/VOXT4fx0zI7ml2MhLp88/vIJ+anvI15/bSSfxUL8/mn0Io87g7EP8l8vpfTOveqYYn/8K4N+B2pRG/1YH8/8AAAAwOOQpX376/e3R9bvWXa8vVofV/kzXB84sr6vxxVr6HNX7H6x2crz9vbhYubYnkcVtYj4150fVtSGl1hO7BMzEf/5m8daTJw1NTmcjdM7771386F9Ghfg3C9k0Th7aub0H8j/vziXvyPG7GDSD+//4+p+2Rj/UQEAAAAAAAAAAPAoj+2ewaiddP9vPao7y6ZHx3wrvsrO74wBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBvduBYAAAAAECYv3UaHRsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHBSAAAA///73bR7")
r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r1, 0x402, 0x2)
ioctl$FAT_IOCTL_GET_ATTRIBUTES(r0, 0x40047211, &(0x7f0000000080))

12.764046053s ago: executing program 5 (id=2034):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000400)='kfree\x00', r1}, 0x10)
ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000740)={0x0})

12.733273783s ago: executing program 5 (id=2025):
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000080)='./file1\x00', 0x8000, &(0x7f0000000480)=ANY=[@ANYBLOB="002918d910d46be7099c66b02010b1f0b7c3dc1dabe625969fb0adc922385af53d57a1d35dd71c90d9dd649b53142dd3d4108b4c7db82e8475d5bb6fa2fa626cd92c7326ce1ba2f33b0aef2b2164e01d910058b51684696959ea7f5a607a6572d2640cf9312a07000000260e3651a0cbfd2c080990fb4c76e9e613a759863734a70d0600ec77e8ba76aacbb21e4b903aa4873a9951f269a9c0f87805a1a0cbdf6b8644a1de05a8d9dd9687d67c8af7f68cb59e60d1fbefb49b93d6b72cce4162edc4468a13987d94d428df36915621aeff6dc1358a7331fa69e05c417c2e1e6b8dc29c496c76d02dfc2d7b48616fb3f01b221f4f8f484a00090964922de8909a1f9f7ef655a12a68a56cb341a8fba4cd81cedec9cb518d13d2a2564427b63b037494748a24daa21fe1256df68d000b2778bf0437cc642cd83c5a1b34eeffdf93ecbd85bb340eeef68dd60101769c74f94d217264c171feea0305bfc87c36247d90b129a9973f00000001d99b195d2f75653a0193672783c6dbca5d1445110621d8095064f0a034f492cf5aa4767a772d6f4967722546bfd83d3202f76c20a9d7f40f9e7818d77129df7fd072804e0227ecaa03dddd303a318d6f7763ce011543587e6a306780ca2f37db7e8a5b64a5059ac91ff2110e40ea13d70e1504653ba9eebcf61b427797fb3fd79d2bb9aaa13c9729fe323c4ac222991981381e004684fb200b17d2f6ede181067662ad8a31f45b613869ca8fc5b1dbe62407a1f6dcb86a4c430210e9bcfca9b83283b87316c4d17f388e0bab0500000092a82e12f8e5348f11e7739033e9081bfc598746cf032fa55d0300470000000019ac65f89ca7d96da3ca2db52f8ec80462fddf42dbbca24b720000000000000000000000000000005214e7febdbc0033d6402c34aa96940474"], 0x1, 0x1221, &(0x7f0000002300)="$eJzs3M9rHGUYB/Bn2/wyNdmotdqC9EUvehmbHDx5CZKCdEFpm0IrCFMz0WU3uyGzBLaI7c2rf4d49CaI/0AuXjwL3nLx2IM40p1gTUiRFNrdhs/nsg8775d9ZncZ2OF9dv/D77Y6m2W2mQ/iTKMRU9sR6WGKFGfibNQexHu3fvv9rRu371xbbbXWrqd0dfXm8gcppcXLP3/29Q9v/zI4d+vHxZ9mY2/p8/0/V/7Yu7B3cf/vm1+1y9QuU68/SHm62+8P8rvdIm20y06W0qfdIi+L1O6Vxc6h45vd/vb2MOW9jYX57Z2iLFPeG6ZOMUyDfhrsDFP+Zd7upSzL0sJ88PRmYv37h1VVRVTVdMxEVVXVSzEf5+LlWIjFaMbSdMSr8Vqcj9fjQrwRb8bF0apxdw4AAAAAAAAAAAAAAAAAAACny//M/8cr5v8BAAAAAAAAAAAAAAAAAADgmTP/DwAAAAAAAAAAAAAAAAAAAONn/h8AAAAAAAAAAAAAAAAAAADG78btO9dWW6216ynNRWx9u7u+u14/1sdXN6Md3SjiSjTjrxhN/9fq+urHrbUraWQp3t+6f5C/v7t+9nB+efR3Asfml+t8Opyfjfn/5leiGeePz68cm5+Ld9+p841H+Sya8esX0Y9ubMSj7OP8N8spffRJ60j+0mgdAAAAnAZZ+texv9+zLDUa9dIjx+snn3x/oGoeuT/QOJyfiktTYzxxRsrhvU7e7RY7L1Zx8JWMe5388iT08+Ri5qDTSelnAoqDd+TBpPTzghbTEfEMX+LIhWIuImaf44WJ5+Lxhz7uTgAAAAAAAAAAADiJE2wMnKr32558O+G4zxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAfduBYAAAAAECYv3UaHRsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABcFQAA//8my+RP")
creat(&(0x7f00000000c0)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x201000, 0x0)
r0 = open(&(0x7f0000000540)='./bus\x00', 0x4000, 0x0)
preadv2(r0, &(0x7f0000000940)=[{&(0x7f00000003c0)=""/170, 0xaa}, {&(0x7f00000009c0)=""/111, 0x6f}, {0x0}, {&(0x7f00000007c0)=""/201, 0xc9}, {&(0x7f00000001c0)=""/22, 0x16}, {&(0x7f00000008c0)=""/83, 0x53}], 0x6, 0x0, 0x0, 0x0)

12.665616524s ago: executing program 5 (id=2028):
syz_mount_image$ext4(&(0x7f0000000040)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x10, &(0x7f0000000140)={[{@norecovery}]}, 0xee, 0x469, &(0x7f0000000ac0)="$eJzs3E1sVEUcAPD/e/3i01bEDxC0ikbiR0vLhxy8aDTxoImJHjCealsIUqihNRFCFD3g0ZB4Nx5NvJt40otRD8bEq94NCTFcQE9rZve9sl12S8tuWXB/v+RtZ96bZua/86Y7O7PbAHrWaHrIIrZExB8RMVzLLi8wWvtx7cq56X+unJvOolJ58++sWu7qlXPTZdHy9zbXMpVKxFBKDjWp98I7EVNzc7Oni/z44sn3xxfOnH3u+MmpY7PHZk9NHj58YP/uwUOTB9uKLy9+priu7vxofteOV9+++Pr0kYvv/vxNOr+luF4fxy1J0TYYrT27jR5ND0+2Vdkd5df0sLXuRNbfuvDYbWgQq9cXEam7Bqrjfzj6YuPSteF45dOuNg5YV5VKpdLs9blwvgL8j2XR7RYA3VG+0Kf3v+Vxm6Yed4TLL9beAKW4rxVH7Ur/0trBQMP7204ajYgj5//9Mh3RiXUIAICb+D7Nf55tNv/L44G6cvcUeygjEXFvRGyLiPsiYntE3B9RLftgRDy0xvobd0hunP/kl24psFVK878Xir2t5fO/cvYXI31Fbms1/oHs6PG52X3Fc7I3BoZSfmKFOn54+ffPy/SGhmv18790pPrLuWDRjkv9DQt0M1OLU+3GXbr8ScTO/mbxZ1Fu42QRsSMidt5iHcef/npXq2s3j38FK+wzrVblq4inav1/PpbFf72rspb7kxPPH5o8OL4h5mb3jZd3xY1++e3CG63qbyv+Dkj9v6np/b+0CzySbYhYOHP2RHW/dmHtdVz487O6Mb1sdznFn38bseb7fzB7q5oeLM59OLW4eHoiYjB77cbzk9d/t8yX5VP8e/c0H//b6lr8cESkm3h3RDxSbOKmvnssIh6PiD0rxP/TS0+81+pa6/5fYVW+g1L8Mzfr/6jv/7Un+k78+N3a4y+l/j9QTe0tzqzm799qG9jOcwcAAAB3i7z6GfgsH1tK5/nYWO0z/NtjUz43v7D4zNH5D07N1D4rPxIDebnSNVy3HjpRrA2X+cmG/P5i3fiLvo3V/Nj0/NxMt4OHHre5xfhP/urrduuAddeBfTTgLmX8Q+8y/qF3Gf/Qu4x/6F3Nxv/HXWgHcPt5/YfeZfxD7zL+oXcZ/9CTWn43Pm/rK/9dTpT/O+FOaU+XEhvXs4rIux9gTyT61/s2Hmp6qct/mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADrkvwAAAP//ZWPiyA==")
symlink(&(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000440)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x1000, 0x1)
link(&(0x7f0000001240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000bc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000001dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)

12.520542116s ago: executing program 5 (id=2033):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x6, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='scsi_dispatch_cmd_start\x00', r1}, 0x10)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)

12.511915906s ago: executing program 33 (id=2033):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x6, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='scsi_dispatch_cmd_start\x00', r1}, 0x10)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)

1.955143184s ago: executing program 1 (id=2362):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="11000000040000000400000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000800850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000600)="304f150900000000989e14f088a8", 0x0, 0x1, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)

1.856368506s ago: executing program 1 (id=2374):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b000000080000000c000000ffbfffff01"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000810018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={&(0x7f0000000040)='hrtimer_init\x00', r1}, 0x18)
socketpair(0xa, 0x1, 0x0, &(0x7f0000000000))

1.840886186s ago: executing program 1 (id=2375):
r0 = socket$xdp(0x2c, 0x3, 0x0)
mmap(&(0x7f000000b000/0x4000)=nil, 0x4000, 0x1000005, 0x8012, r0, 0x0)
mmap(&(0x7f00002ad000/0xc00000)=nil, 0xc00000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x200000c, 0x12, r0, 0x84522000)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800006, 0x7000001, 0x6e073, 0xffffffffffffffff, 0x0)

1.450549051s ago: executing program 1 (id=2378):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000240)=0x9, 0x4)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
r1 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r1, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001500add427323b472545b45602117fffffff81000e220e227f000008925aa80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1)

1.429921322s ago: executing program 1 (id=2379):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x93, &(0x7f00000003c0)=""/147, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = io_uring_setup(0xad5, &(0x7f0000000040)={0x0, 0xfffffffc})
close(r1)
clock_nanosleep(0x2, 0x1, &(0x7f0000000000)={0x77359400}, 0xfffffffffffffffe)

646.771561ms ago: executing program 4 (id=2397):
r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
mount$9p_fd(0x0, &(0x7f0000000180)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESOCT=r2])
ioctl$TCXONC(r0, 0x540a, 0x2)

582.980732ms ago: executing program 1 (id=2398):
syz_mount_image$ext4(&(0x7f0000000880)='ext2\x00', &(0x7f0000000540)='./file1\x00', 0x0, &(0x7f0000000280)={[{@min_batch_time={'min_batch_time', 0x3d, 0xa04d}}, {@errors_continue}]}, 0xdf, 0x52e, &(0x7f0000000e00)="$eJzs3c9vI1cdAPDvTOwl201JChxKpf4QXbRbwdqbhrYRh7YIxK0SqNyXKPFG0TrrVey0m6hCWfEHICEElThx4oLEjQsS6p+AkCrROwIEQrCFAwdg0IzH26w7TozqHyX5fKRnv3nz4/vexB6/+ZGZAM6tZyLi1YhYiIjnImK5LE/LFEf9lE/3/v23NvOUF7/+1ySSsiyiyD5wqZxtsf9WqXtweGuj3W7tlcPN3u6dZvfg8NrO7sZ2a7t1e21t9cX1l9ZfWL8+kXbm7Xr5a3/84fd++vWXf/XFN393489Xv5NX+qvl+EG7JqdYe/Fe8VrP18UDtYjYm2ywuVko21Ofd0UAABhL3kv9VER8ruj/L8dC0ZsrDHfpFmdfOwAAAGASsleW4l9JRAYAAACcWa9ExFIkaaO8FmAp0rTR6F/D+5l4JG13ur0v3Ozs397Kx0WsRD29udNuXS+vqV2JepIPrxb5D4afHxpei4jHIuIHyxeL4cZmp70174MfAAAAcE5cGtr//8dyf/8fAAAAOGNW5l0BAAAAYOpG7f8nM64HAAAAMD3O/wMAAMCZ9o3XXstTNnj+9dYbB/u3Om9c22p1bzV29zcbm529O43tTme7uGff7knLqkdEu9O586WI/bvNXqvba3YPDm/sdvZv927seH4gAAAAzMtjT7/zXhIRR1++WKTchfxlYcQMrhWAMyMda6r+diH+MN26ALM16md+DBcmWQ9g9mrzrgAwP0fzrgAwbw/d6qOiU3D84p2Hjhn8enp1AgAAJuvKZ6vP/9fK6/mBs2u88//AWfQRzv8D/+ec/4fzq/4/9QDuTbEmwLyc9qiPkTfvqDr/X3llcJaduiwAAGCqlor0dNoozwUuRZo2GhGPFv/qX09u7rRb1yPikxHx2+X6J/Lh1WLOxOMBAQAAAAAAAAAAAAAAAAAAAAAAAGBMWZZEBgAAAJxpEemfkvL5X1eWLy8NHx+4kPxzOcpHer3549d/dHej19tbzcv/9qC893ZZ/vw8jmAAAADAeVQ7cexgP32wHw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAk/T+/bc2B2mWcf/ylYhYqYpfi8XifTHqEfHI35OoHZsviYiFCcQ/uhcRj1fFT/JqxUpZi+H4aURcnE38J7Msq4x/aQLx4Tx7J9/+vFr1/UvjmeK9+vtfK9NH9dD278Ivjo1JH2z/FkZs/x4dM8YT7/68OTL+vYgnatXbn0H8ZET8Z6sWWLFSvv2tw8MPFfYXHtlPIq5U/v4kD8Vq9nbvNLsHh9d2dje2W9ut22trqy+uv7T+wvr15s2ddqt8rWzj95/85X+Giv6d9RXtjxHxV05p/+U8Uz9WmA2HKYO9e/f+p/vZ+tAiivhXn63+/D1+Qvz8M/H58ncgH39lkD/q54976me/eaqyYmX8rRHtP+3vf3XUQoc8983v/n7MSQGAGegeHN7aaLdbe1PPvJ1l2axijZ+JdNyJi+7iTNfYbDOD3t3UQix+XFo648zlD49amOZ6nkBmEke2AACAj5sPOv3zrgkAAAAAAAAAAAAAAAAAAACcX92DSKd9O7HhmEfzaSoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwIn+GwAA//8lHteP")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
fallocate(r0, 0x0, 0x0, 0x8000c62)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143041, 0x0)
pwritev2(r1, &(0x7f00000001c0)=[{&(0x7f0000000080)="ff", 0x1}], 0x1, 0xe7b, 0x0, 0x2)

568.997073ms ago: executing program 6 (id=2399):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@gettfilter={0x24, 0x2e, 0x301, 0x0, 0x0, {0x0, 0x0, 0x0, r2}}, 0x24}}, 0x0)

564.832652ms ago: executing program 4 (id=2401):
unshare(0x2040600)
r0 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
unshare(0x2000400)
fsmount(r0, 0x0, 0x0)

512.184363ms ago: executing program 6 (id=2402):
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x100000a, 0x4082172, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000009000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
munmap(&(0x7f0000001000/0x4000)=nil, 0x4000)
r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8)

499.431423ms ago: executing program 4 (id=2403):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'gretap0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f0000000180)="0b0312002e0064000200475400f6a13bb1000000086086dd4803", 0x100a6, 0x0, &(0x7f0000000140)={0x11, 0x88a8, r1}, 0x14)

424.001674ms ago: executing program 6 (id=2405):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x282, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_CAP_DISABLE_QUIRKS(r1, 0x4068aea3, &(0x7f0000000100)={0x74, 0x0, 0x1c})
ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000000)={0x1, 0x0, [{0xb, 0x6c6b, 0x1, 0x1, 0x3, 0xf3bb, 0x9}]})

288.357406ms ago: executing program 6 (id=2410):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x6, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10)
setresuid(0x0, 0x0, 0x0)

268.724266ms ago: executing program 0 (id=2411):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000500000002"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r1}, 0x10)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000700)=ANY=[@ANYBLOB="0203000310000000000000000000000002000900080000000a0000000000000005000600000000000a0000000000000000000000000000000000000000000001000000000000000002000100002000000000060c0000000005000500000000000a00000000"], 0x80}, 0x1, 0x7}, 0x0)

261.012347ms ago: executing program 3 (id=2412):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x7, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000b00), &(0x7f0000000300)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1000002}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r2}, 0x10)
statx(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)

239.952197ms ago: executing program 6 (id=2413):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0a00000004000000040000000a"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000a00)={{r0}, &(0x7f00000002c0), &(0x7f00000009c0)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)

207.929057ms ago: executing program 0 (id=2414):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000040000000900000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000f9ffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10)
r2 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000340)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$restrict_keyring(0x1d, r2, 0x0, 0x0)

206.238847ms ago: executing program 3 (id=2415):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="05000000070000000700000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000740)='scsi_dispatch_cmd_start\x00', r1}, 0x10)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)

200.455357ms ago: executing program 6 (id=2416):
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r1 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r1, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[], 0x2000)
syz_mount_image$f2fs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x42, &(0x7f00000000c0)=ANY=[@ANYBLOB="6673796e635f6d6f64653d706f7369782c6e6f696e6c696e655f646174612c6469736361726400aa19fd46b492dc6cf59d696e6c696e655f64656e7472792c00"], 0x1, 0x550d, &(0x7f0000000a40)="$eJzs3M2LG2UYAPAnu91+WxcR9NaBIuxCE5rttuhBWLXFD2wpfhw8aTaZhrRJZtmk6bonDx7Fg/+JKHjy6N/gwbO34kHxJqxkZqKNKIib3bjd3w8mz7xv3jzzvDksPDNLAji2lpNff67EhTgTEYsRcT4iP6+UR26jCM9HxMWIWHjsqJTzf0ycjIizEXFhnLzIWSnf+uLy6NK1n9765dvvT5049+U3P8xv18C8vRARva3i/GGviFm7iPfK+caok8fe+qiMxRu9++U4K+LDdDPP8LAxWdfI49V2sT7bejAYx7vdRnMc2527+fxWv7jgYNSe5Mk/cK+xnY9b6WYeO4Msj+3doq6d3eJv2+5gWORplfk+ztPHcDiJxXy6kxb72bqfx2Z/WM4XebNWujOOozKWl4tm1m3ldWzu55v+f3u703+wk4zS7UEn6yfXavUXa/Xr1fp21kqH6Xq10WtdX09W2t3xsuowbfQ22lnW7qa1ZtZbTVbazWa1Xk9WbqSbnUY/qddrV2tXqtdWy7PLyeu330+6rWRlHF/t9B8MX97b27ubbSfFJ1aTtdrVl1aTS/Xk3Vt3kjvv3Lx56857H9744PYrt958rVw0XdajdD1ZWbuytlatX6mu1VeP2P473UHyX/f/aVn0DPcP+1KZdwEAR4/+H5iHo97/h/5/Jo5U/zsp67j2/wewf9gX/T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwLH149JXb+Qny8X4XDn/VDn1TDmuRMRCROz9jcU4OZVzscyz9A/rl/5Sw3eVyDOMr3GqPM5GxEZ5/Pb0QX8LAAAA8OT6+pOLnxfdevGyPO+COEzFTZuF8x/NKF8lIpaWH80o28L45dkZJYvnIuJE7MwoW34D6/SMkhW33E7MKtu/sjgVTj8WKkVYONRyAACAQzHdCRxuFwIAAMBh+mzeBTAflZg8ypw8C87/8/7PB4JnpkbTNg6+PgAAAGD/KvMuAAAAADhwef/v9/8AAADgyVb8/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwOzv3k5M8EMYB+G2hH3z/IjHuvYo7OIZHMK5cGg7gJTgCXsELcAbceQQDhrYk1mBi7JQG8zxJO0xDfrwlbN4ZUgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6NJzsZw93l8+tM3ZbNtJczcAAADAIetiOStfTKr53/r6//rSeT3PIiKPiEO9+yB+NTIHdU7xyfuLDzU8RZQJu88Y1cefiLiqj9ezrr8FAAAA+LlW88W06tar06TvgjimatEm/3edKC+LiGLykigt350uEoWVv+9h3CVKKxewxonCqiW3Yaq0Lxk0hvG7IauG/KjlAAAAR9HsBBpdyKiPegAAAOjKTd8F0I8s9luZ+73gfctfbwj+bswAAACAE5T1XQAAAADQubL/P4Xn/936BwIAAAB8W/X8PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALq0Lpaz1XwxbZuz2baT5m4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDf25x0FQiAMwmDv+s5k7n9YadDU1KQKhI+/MRgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3vzuL/8npsaZZO61sfQ8kqydGlunxt65cfSH8fVrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuNiflxQIgSCIgjnjfyd9/8NKgp5BhAhoeFRRiwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAv+t0v/yemxplk7rSxdDySrF01tq4aew8aRw/G278BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuNi5n9c4qjgA4G9mdramKq5R9hARBQ96sdttbe3VgxI8+CcIId3W6NYfbQ62FCEXb5JzL6JHEUGJt/4PPbfQS731sIcK4rEyv5JJsuBKzMwm+XzgzfvuS3be901CyHfeJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlcl7O3GSHXpFHJdj95/cXs36B3v6zN3Nh0tZy+KoyaSPhlfrL6J+e4kAAABwciRVfR9CeJRuLWd93Mvr/7T6nKzm/+H5Iq7q+b11f9VXtX/Wfv/t8cvbE/WKebKTXlkbj87uT6VzeKucE38/LewZfuFf39jJr3x+7yXJvyDxhxsvTdL8ekbf3bv3fjcPTx1W4gDAQZ2p+jKofh/K+mGbiQFwYnRqhXdV/ye9dnMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaMJkIzxbxVEIYamzE2cePLm9Oq2/u/lwqWoX79zZrJ8zO0UaQriyNh6dbXAt8+7GzVufrYzHo+vNB6+FEJqcdGHahz6e4e0htHJ9BP9TEJff6/OSz9EIWv7BBADAsZOWLavrH6Vby9lYtBjC0x931/9v1uIwY/3/+JOL9+tz1ev/YWMrnH+D9WtfDm7cvPX22rWVq6Oro8/fOTd8d3j+0oULlwb5vZKBOyYAAAAcTLds9fo/Xty//3+6FocZ6/+vvh9+U58rUf9PtbPp13YmAAAAJ9uLr//1ZzRlPOp2w9cr6+vXh8Vx+/W54thCqv/ZqbLV6/9kse2sAAAAgCZMNqJd+/+Xa3GYcf//uZ9e+aV+ziSEsFDu/59Z/WJ8ubnlzI1kylgTf07cwlIBAACYIwtlq+//p/nz//H2Iw9xCOGtN4q4/DeAM9X/yQff/lyfq/78//nmljiX4n5xPfK+H0Kn33ZGAAAAHGfPlC0r9v9It5Y//fX0R13P/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA07Z8AAAD//wxuSv0=")

182.161557ms ago: executing program 4 (id=2417):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
recvfrom(r0, 0x0, 0x0, 0x10002, 0x0, 0x0)
setsockopt$inet6_udp_encap(r0, 0x11, 0x68, &(0x7f0000000100)=0x5, 0x4)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)

161.071268ms ago: executing program 3 (id=2418):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r1}, 0x10)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)

158.248798ms ago: executing program 0 (id=2419):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000080000085000000d0000000a50000009700000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = dup2(r0, r0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10)
futimesat(r1, 0x0, 0x0)

132.768358ms ago: executing program 0 (id=2420):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c)
r1 = syz_open_procfs(0x0, &(0x7f00000009c0)='net/tcp6\x00')
read$FUSE(r1, &(0x7f00000082c0)={0x2020}, 0x2020)

119.665368ms ago: executing program 3 (id=2421):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10)
io_destroy(0x0)

101.253269ms ago: executing program 4 (id=2422):
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)={0x14, 0x2, 0x3, 0x3, 0x0, 0x0, {0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0xc100)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f00000000c0)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0x20, 0x0, 0x0, 0xfffff038}, {0x6}]}, 0x10)
sendmmsg(r0, &(0x7f0000000180), 0x4000190, 0x0)

76.741209ms ago: executing program 3 (id=2423):
syz_mount_image$vfat(&(0x7f0000000ec0), &(0x7f0000000180)='./file2\x00', 0x420c, &(0x7f00000003c0)=ANY=[], 0x6, 0x360, &(0x7f0000000b00)="$eJzs3c1rO0UYwPEnaZImKW1yEEVBOtiLXpY2ehaDtCAELG0jtoKwbTcasiYlG6oRse3Jq3j3JHgovVnwUND+A71404sI3noRPFhBXdm3ZPPWl5g0/trvB0omM/PszmQn5dm0m718+/MPKiVLK+kNiSaVRERErkSyEpVAxH+MuuWEhB3KSzO///j8+mYx6VWolfzGyzml1Nz8dx9+kvK7nU3LRfbdy99yv148ffHs5T8b75ctVbZUtdZQutqu/dzQt01D7ZatiqbUqmnolqHKVcuoe+3f+Nsxa3t7TaVXd2fTe3XDspRebaqK0VSNmmrUm0p/Ty9XlaZpajYtuEnxeG1Nzw8ZvDPiwWBM6vW8PiUiqZ6W4vFEBgQAACaqO/+POin9MPn/lswVCstryunczv9PXjhvzLx1Oufn/2eJfvn/Kz952+rI/53TiXb+X/POD0o35/9fyh3y/96M6HEZOv/PjmEwGM58oqcq0vHMyf/T/vvXdfTOyaJbIP8HAAAAAAAAAAAAAAAAAAAAAOBJcGXbGdu2M8Fj8NO+hMB/jgdp0PGfFpGkc/Rtjv9Dtr65JUn3wj3nGJuf7Rf3i96j3+FcREwx/ra7OWsjuPJIObLyvXngxx/sF6fclnxJyk68LElGsu56CsXb9sobheUl5fHjW5cppcPxOcnIU+H4b93V6cTnOuP9/SfkxYVQvCYZ+WFHamLKrhvZ3v+nS0q9/mahKz7l9hORX+79oAAAAAAAMGKaaul7/q5pg9q9bxnJl9yPiQxZlIz81f/8frHv+Xks81xs0rMHAAAAAOBxsJofV3SJGnW3YJr9CikZ2DSCQqyjJi4ifTsnumri1215KjTD244nId4dTP7rvL4KXtW7RAX/SOEMvNXk31FFhhtPMH+3JhJrNf1513lFDsVdAIfhpqjcIjzWPfh5p0L17bwwcDtH/kRaNcHHRokBr7Os9m4nes1KiPfU2JHhFsAzX3z9x+jeIK+e+ivgo5s7H5mGfSC3OShdBWcXvU3xsf/iAQAAAHDv2kl/UPNauDl8I5HwzXL4yz0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAACM0lq/06ypMeo4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/8W/AQAA//9/d/Qh")
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8)
getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8)

66.365979ms ago: executing program 0 (id=2424):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
request_key(&(0x7f0000000900)='user\x00', &(0x7f0000000940)={'syz', 0x2}, &(0x7f0000000980)='\x00', 0x0)

40.899179ms ago: executing program 4 (id=2425):
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000003000000000000000010000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2, 0x25, 0x2}, 0x14)
syz_emit_ethernet(0x2a, &(0x7f0000000000)={@remote, @link_local, @val={@val={0x88a8, 0x5, 0x1}, {0x8100, 0x4, 0x0, 0x3}}, {@arp={0x806, @generic={0x2, 0x18, 0x6, 0x0, 0x1, @empty, "", @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}}}}, 0x0)

10.80027ms ago: executing program 3 (id=2426):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r0, &(0x7f0000000040)={0x1f, @fixed}, 0x8)
listen(r0, 0x0)
io_setup(0xa, &(0x7f0000000000)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f00000003c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}])

0s ago: executing program 0 (id=2427):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000200)={0x0, 0x22, 0xf, {[@global=@item_012={0x0, 0x1, 0x5}, @local=@item_4={0x3, 0x2, 0x0, "45501821"}, @global=@item_012={0x1, 0x1, 0x9, "f5"}, @global=@item_012={0x1, 0x1, 0x7, "84"}, @main=@item_4={0x3, 0x0, 0xb, "9e3ce079"}]}}, 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
ioctl$HIDIOCGREPORT(r1, 0x400c4807, &(0x7f0000000080)={0x2, 0x3, 0xfffffff7})

kernel console output (not intermixed with test programs):

blocking state
[   61.023875][ T2044] bridge0: port 1(bridge_slave_0) entered forwarding state
[   61.042678][  T402] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[   61.060548][  T402] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   61.072220][  T304] device bridge_slave_1 left promiscuous mode
[   61.078422][  T304] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.082941][  T402] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   61.101974][  T304] device bridge_slave_0 left promiscuous mode
[   61.108345][  T304] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.109690][  T402] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[   61.129540][  T304] device veth1_macvtap left promiscuous mode
[   61.146435][  T304] device veth0_vlan left promiscuous mode
[   61.149803][  T402] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[   61.187453][  T402] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[   61.201956][ T2062] loop0: detected capacity change from 0 to 40427
[   61.211879][  T402] usb 2-1: Manufacturer: syz
[   61.218733][ T2062] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[   61.227174][  T402] usb 2-1: config 0 descriptor??
[   61.235720][ T2062] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[   61.261111][ T2062] F2FS-fs (loop0): invalid crc value
[   61.271161][ T2068] loop4: detected capacity change from 0 to 256
[   61.278899][ T2068] exfat: Deprecated parameter 'utf8'
[   61.284633][ T2068] exfat: Deprecated parameter 'namecase'
[   61.290822][ T2068] exfat: Deprecated parameter 'namecase'
[   61.297494][ T2068] exfat: Deprecated parameter 'utf8'
[   61.304203][ T2062] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 39874397669)
[   61.318807][ T2068] exFAT-fs (loop4): failed to load upcase table (idx : 0x00012153, chksum : 0xc3dffc2e, utbl_chksum : 0xe619d30d)
[   61.333632][ T2062] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[   61.402656][ T2062] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[   61.409897][ T2062] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   61.442470][ T2062] syz.0.747: attempt to access beyond end of device
[   61.442470][ T2062] loop0: rw=2049, sector=77824, nr_sectors = 408 limit=40427
[   61.457118][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   61.465309][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   61.474850][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   61.500096][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   61.512042][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   61.547142][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   61.568057][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   61.619478][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   61.629223][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   61.639240][  T402] appleir 0003:05AC:8243.000E: unknown main item tag 0x0
[   61.647470][  T402] appleir 0003:05AC:8243.000E: No inputs registered, leaving
[   61.652506][ T2044] device veth0_vlan entered promiscuous mode
[   61.681970][  T402] appleir 0003:05AC:8243.000E: hiddev96,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0
[   61.694919][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   61.712158][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   61.728899][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   61.746857][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   61.768060][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   61.784404][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   61.804166][ T2044] device veth1_macvtap entered promiscuous mode
[   61.821359][ T2081] netlink: 8 bytes leftover after parsing attributes in process `syz.0.762'.
[   61.845212][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   61.865921][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   61.962555][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   61.979955][ T2058] loop3: detected capacity change from 0 to 131072
[   62.025859][ T2084] loop0: detected capacity change from 0 to 40427
[   62.034967][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   62.038671][ T2084] F2FS-fs (loop0): Invalid segment/section count (24 != 1 * 1)
[   62.043667][    T6] usb 2-1: USB disconnect, device number 10
[   62.050685][ T2084] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[   62.067021][ T2084] F2FS-fs (loop0): invalid crc value
[   62.073669][ T2084] F2FS-fs (loop0): Found nat_bits in checkpoint
[   62.091647][ T2058] F2FS-fs (loop3): Test dummy encryption mode enabled
[   62.105248][  T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   62.126444][ T2084] F2FS-fs (loop0): Start checkpoint disabled!
[   62.138742][ T2084] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[   62.138898][ T2058] F2FS-fs (loop3): invalid crc value
[   62.146002][ T2084] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[   62.191764][ T2058] F2FS-fs (loop3): Found nat_bits in checkpoint
[   62.281585][ T2058] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   62.456574][ T2102] loop5: detected capacity change from 0 to 256
[   62.829374][ T2130] loop4: detected capacity change from 0 to 256
[   63.020796][ T2145] serio: Serial port ptm0
[   63.163474][ T2151] netlink: 8 bytes leftover after parsing attributes in process `syz.5.780'.
[   63.289918][ T2140] loop1: detected capacity change from 0 to 40427
[   63.331057][ T2140] F2FS-fs (loop1): invalid crc value
[   63.349696][ T2140] F2FS-fs (loop1): Found nat_bits in checkpoint
[   63.396605][ T2140] F2FS-fs (loop1): Start checkpoint disabled!
[   63.424022][ T2140] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[   63.529504][ T2164] device veth1_macvtap left promiscuous mode
[   63.598677][ T2140] F2FS-fs (loop1): ino:10, start:0, end:8192, need to trigger GC to reclaim enough free segment when checkpoint is enabled
[   63.642170][ T2165] syz.1.776: attempt to access beyond end of device
[   63.642170][ T2165] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   63.751576][   T28] kauditd_printk_skb: 8 callbacks suppressed
[   63.751596][   T28] audit: type=1400 audit(2000000003.100:615): avc:  denied  { setopt } for  pid=2168 comm="syz.5.787" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   63.811544][   T28] audit: type=1400 audit(2000000003.140:616): avc:  denied  { bind } for  pid=2168 comm="syz.5.787" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   63.832904][  T304] kworker/u4:4: attempt to access beyond end of device
[   63.832904][  T304] loop1: rw=2049, sector=45104, nr_sectors = 16 limit=40427
[   63.834988][ T2171] loop5: detected capacity change from 0 to 16
[   63.854068][   T28] audit: type=1400 audit(2000000003.190:617): avc:  denied  { bind } for  pid=2170 comm="syz.5.788" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   63.888713][ T2171] erofs: (device loop5): mounted with root inode @ nid 36.
[   63.942961][ T2175] syz.5.791[2175] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   63.943037][ T2175] syz.5.791[2175] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   64.000703][   T28] audit: type=1400 audit(2000000259.348:618): avc:  denied  { ioctl } for  pid=2180 comm="syz.3.795" path="socket:[23989]" dev="sockfs" ino=23989 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   64.036049][ T2183] loop4: detected capacity change from 0 to 512
[   64.098418][ T2183] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   64.143691][ T2183] EXT4-fs (loop4): orphan cleanup on readonly fs
[   64.173271][ T2183] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.793: bg 0: block 248: padding at end of block bitmap is not set
[   64.207284][ T2183] Quota error (device loop4): write_blk: dquota write failed
[   64.225601][ T2183] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[   64.251523][ T2183] EXT4-fs error (device loop4): ext4_acquire_dquot:6789: comm syz.4.793: Failed to acquire dquot type 1
[   64.303890][ T2183] EXT4-fs (loop4): 1 truncate cleaned up
[   64.328886][ T2183] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[   64.351528][ T1052] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[   64.398441][  T279] EXT4-fs (loop4): unmounting filesystem.
[   64.561604][ T1052] usb 4-1: Using ep0 maxpacket: 32
[   64.568098][ T1052] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 102, changing to 10
[   64.588273][ T1052] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24624, setting to 1024
[   64.612197][ T1052] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[   64.640275][ T1052] usb 4-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22
[   64.661553][ T1052] usb 4-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131
[   64.669937][ T1052] usb 4-1: Product: syz
[   64.681506][ T1052] usb 4-1: Manufacturer: syz
[   64.686152][ T1052] usb 4-1: SerialNumber: syz
[   64.732938][   T28] audit: type=1400 audit(2000000260.088:619): avc:  denied  { shutdown } for  pid=2217 comm="syz.1.809" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   64.903721][ T1052] usb 4-1: USB disconnect, device number 6
[   65.084767][ T2233] SELinux: security_context_str_to_sid (defcontext) failed with errno=-22
[   65.509470][ T2228] loop1: detected capacity change from 0 to 131072
[   65.518549][ T2228] F2FS-fs (loop1): Test dummy encryption mode enabled
[   65.527772][ T2228] F2FS-fs (loop1): invalid crc value
[   65.544147][ T2228] F2FS-fs (loop1): Found nat_bits in checkpoint
[   65.583422][ T2228] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   66.085774][ T2283] loop0: detected capacity change from 0 to 512
[   66.150076][ T2283] EXT4-fs (loop0): 1 orphan inode deleted
[   66.162265][ T2283] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[   66.171711][    T8] Quota error (device loop0): do_check_range: Getting dqdh_entries 15 out of range 0-14
[   66.194700][ T2283] ext4 filesystem being mounted at /129/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   66.208154][    T8] EXT4-fs error (device loop0): ext4_release_dquot:6812: comm kworker/u4:0: Failed to release dquot type 1
[   66.264824][   T28] audit: type=1400 audit(2000000261.618:620): avc:  denied  { watch watch_reads } for  pid=2282 comm="syz.0.837" path="/129/file1" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   66.316100][  T275] EXT4-fs (loop0): unmounting filesystem.
[   66.398332][ T2285] loop1: detected capacity change from 0 to 40427
[   66.432397][ T2285] F2FS-fs (loop1): heap/no_heap options were deprecated
[   66.446442][ T2285] F2FS-fs (loop1): Image doesn't support compression
[   66.477652][ T2285] F2FS-fs (loop1): invalid crc value
[   66.506263][ T2285] F2FS-fs (loop1): Found nat_bits in checkpoint
[   66.608210][ T2285] F2FS-fs (loop1): Start checkpoint disabled!
[   66.625486][ T2285] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[   66.666255][ T2308] incfs: Options parsing error. -22
[   66.685631][ T2308] incfs: mount failed -22
[   66.732257][   T28] audit: type=1400 audit(2000000262.088:621): avc:  denied  { setopt } for  pid=2311 comm="syz.4.847" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[   66.822326][    T8] kworker/u4:0: attempt to access beyond end of device
[   66.822326][    T8] loop1: rw=2049, sector=40960, nr_sectors = 32 limit=40427
[   66.873052][ T2303] loop5: detected capacity change from 0 to 40427
[   66.901638][ T2303] F2FS-fs (loop5): heap/no_heap options were deprecated
[   66.909120][ T2303] F2FS-fs (loop5): heap/no_heap options were deprecated
[   66.919921][ T2303] F2FS-fs (loop5): invalid crc value
[   66.943837][ T2303] F2FS-fs (loop5): Found nat_bits in checkpoint
[   67.027815][ T2303] F2FS-fs (loop5): Start checkpoint disabled!
[   67.051833][ T2303] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[   67.060377][ T2330] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[   67.152245][ T2303] syz.5.843: attempt to access beyond end of device
[   67.152245][ T2303] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   67.186574][ T2336] ./file0: Can't open blockdev
[   67.273696][   T43] kworker/u4:2: attempt to access beyond end of device
[   67.273696][   T43] loop5: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[   67.288693][ T2318] loop0: detected capacity change from 0 to 40427
[   67.331869][ T2318] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[   67.344261][ T2318] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[   67.360378][ T2345] loop1: detected capacity change from 0 to 1024
[   67.374643][ T2345] EXT4-fs: Ignoring removed bh option
[   67.381430][ T2345] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   67.390755][ T2345] EXT4-fs (loop1): orphan cleanup on readonly fs
[   67.402423][ T2345] EXT4-fs error (device loop1): __ext4_get_inode_loc:4508: comm syz.1.863: Invalid inode table block 0 in block_group 0
[   67.423360][ T2345] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5887: Corrupt filesystem
[   67.445946][ T2318] F2FS-fs (loop0): invalid crc value
[   67.477770][ T2345] EXT4-fs error (device loop1): ext4_quota_write:7184: inode #3: comm syz.1.863: mark_inode_dirty error
[   67.516449][ T2318] F2FS-fs (loop0): Found nat_bits in checkpoint
[   67.531940][ T2345] EXT4-fs error (device loop1): ext4_acquire_dquot:6789: comm syz.1.863: Failed to acquire dquot type 0
[   67.586638][ T2345] EXT4-fs error (device loop1): __ext4_get_inode_loc:4508: comm syz.1.863: Invalid inode table block 0 in block_group 0
[   67.617433][ T2345] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5887: Corrupt filesystem
[   67.628872][ T2345] EXT4-fs error (device loop1): ext4_ext_truncate:4453: inode #15: comm syz.1.863: mark_inode_dirty error
[   67.640883][ T2318] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[   67.650246][ T2318] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   67.693080][ T2345] EXT4-fs error (device loop1): __ext4_get_inode_loc:4508: comm syz.1.863: Invalid inode table block 0 in block_group 0
[   67.719698][ T2345] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5887: Corrupt filesystem
[   67.739046][ T2345] EXT4-fs error (device loop1) in ext4_orphan_del:305: Corrupt filesystem
[   67.751567][ T2345] EXT4-fs error (device loop1): __ext4_get_inode_loc:4508: comm syz.1.863: Invalid inode table block 0 in block_group 0
[   67.790032][ T2345] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5887: Corrupt filesystem
[   67.824880][ T2345] EXT4-fs error (device loop1): ext4_truncate:4313: inode #15: comm syz.1.863: mark_inode_dirty error
[   67.848836][ T2345] EXT4-fs error (device loop1) in ext4_process_orphan:347: Corrupt filesystem
[   67.901884][ T2345] EXT4-fs (loop1): 1 truncate cleaned up
[   67.922647][ T2345] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   68.024849][  T276] EXT4-fs (loop1): unmounting filesystem.
[   68.286974][ T2374] loop4: detected capacity change from 0 to 40427
[   68.347834][ T2374] F2FS-fs (loop4): Found nat_bits in checkpoint
[   68.435067][ T2374] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   68.736594][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   68.745201][  T279] syz-executor: attempt to access beyond end of device
[   68.745201][  T279] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   68.751581][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   68.781711][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   68.796824][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   68.811520][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   68.827811][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   68.843281][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   68.858388][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   68.873562][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   68.888643][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   68.903864][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   68.918022][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   68.933374][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   68.950134][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   68.965319][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   68.980757][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   68.997031][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.005475][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.013217][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.013535][   T28] kauditd_printk_skb: 8 callbacks suppressed
[   69.013550][   T28] audit: type=1400 audit(2000000264.368:628): avc:  denied  { execstack } for  pid=2431 comm="syz.3.899" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   69.021358][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.059366][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.068185][ T2434] loop3: detected capacity change from 0 to 128
[   69.074736][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.083565][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.092153][ T2434] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[   69.101614][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.109163][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.117106][ T2434] ext4 filesystem being mounted at /229/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   69.117116][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.117145][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.143052][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.150757][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.158845][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.160217][   T28] audit: type=1400 audit(2000000264.508:629): avc:  denied  { map } for  pid=2433 comm="syz.3.900" path="/229/file0/cgroup.controllers" dev="loop3" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   69.195131][  T277] EXT4-fs (loop3): unmounting filesystem.
[   69.201068][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.209146][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.222064][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.230048][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.240528][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.248936][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.256921][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.264425][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.272017][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.279490][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.287162][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.295022][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.304108][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.311836][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.319512][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.327171][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.334838][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.342331][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.350158][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.357860][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.365496][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.373121][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.380672][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.388221][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.395825][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.403500][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.411132][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.418701][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.426259][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.433828][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.441801][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.449685][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.457204][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.465008][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.472759][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.480300][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.488304][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.496322][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.503831][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.511427][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.518941][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.526441][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.534021][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.541519][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.549015][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.556651][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.564314][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.572547][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.580556][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.588262][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.595819][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.603719][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.611910][   T24] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   69.622147][   T24] hid-generic 0000:0000:0000.000F: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[   69.771885][  T286] usb 2-1: new full-speed USB device number 11 using dummy_hcd
[   69.972760][  T286] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   69.989565][ T2465] loop3: detected capacity change from 0 to 40427
[   69.993844][  T286] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[   70.007876][  T286] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   70.020371][ T2465] F2FS-fs (loop3): Unrecognized mount option "!ctive_logs=4" or missing value
[   70.027514][  T286] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   70.039093][  T286] usb 2-1: Product: syz
[   70.051630][  T286] usb 2-1: Manufacturer: syz
[   70.057004][  T286] usb 2-1: SerialNumber: syz
[   70.090041][   T28] audit: type=1400 audit(2000000265.438:630): avc:  denied  { create } for  pid=2489 comm="syz.3.923" name="file7" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[   70.147449][ T2495] loop0: detected capacity change from 0 to 256
[   70.153911][   T28] audit: type=1400 audit(2000000265.438:631): avc:  denied  { mount } for  pid=2488 comm="syz.0.924" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[   70.270908][  T286] usb 2-1: 0:2 : does not exist
[   70.280512][  T286] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[   70.298709][  T286] usb 2-1: USB disconnect, device number 11
[   70.366330][   T28] audit: type=1400 audit(2000000265.718:632): avc:  denied  { bpf } for  pid=2507 comm="syz.5.932" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   70.387745][   T28] audit: type=1400 audit(2000000265.718:633): avc:  denied  { prog_load } for  pid=2507 comm="syz.5.932" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   70.421869][   T28] audit: type=1400 audit(2000000265.718:634): avc:  denied  { perfmon } for  pid=2507 comm="syz.5.932" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   70.471580][   T28] audit: type=1400 audit(2000000265.718:635): avc:  denied  { prog_run } for  pid=2507 comm="syz.5.932" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   70.482948][ T2513] loop0: detected capacity change from 0 to 256
[   70.499688][ T2514] loop5: detected capacity change from 0 to 512
[   70.519112][ T2513] exfat: Deprecated parameter 'utf8'
[   70.521728][   T28] audit: type=1400 audit(2000000265.768:636): avc:  denied  { append } for  pid=84 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=6 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   70.528550][ T2513] exfat: Deprecated parameter 'utf8'
[   70.561768][ T2513] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x23a77120, utbl_chksum : 0xe619d30d)
[   70.578704][   T28] audit: type=1400 audit(2000000265.768:637): avc:  denied  { read write } for  pid=275 comm="syz-executor" name="loop0" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   70.612791][ T2514] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[   70.626772][ T2514] ext4 filesystem being mounted at /50/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   70.676611][ T2044] EXT4-fs (loop5): unmounting filesystem.
[   70.765274][ T2537] netlink: 8 bytes leftover after parsing attributes in process `syz.5.942'.
[   70.780681][ T2537] netlink: 8 bytes leftover after parsing attributes in process `syz.5.942'.
[   70.863514][ T2551] loop5: detected capacity change from 0 to 512
[   70.884528][ T2551] EXT4-fs: Ignoring removed mblk_io_submit option
[   70.902176][ T2551] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[   70.915579][ T2551] EXT4-fs (loop5): 1 truncate cleaned up
[   70.921639][ T2551] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[   70.986774][ T2044] EXT4-fs (loop5): unmounting filesystem.
[   71.029395][ T2565] loop3: detected capacity change from 0 to 512
[   71.059630][ T2565] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[   71.136681][ T2565] ext4 filesystem being mounted at /243/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   71.163231][ T2577] loop4: detected capacity change from 0 to 16
[   71.187383][ T2577] erofs: (device loop4): mounted with root inode @ nid 36.
[   71.269613][  T277] EXT4-fs (loop3): unmounting filesystem.
[   71.275972][ T2587] loop5: detected capacity change from 0 to 8192
[   71.392003][ T2587]  loop5: p1 p2 < > p3 p4 < p5 >
[   71.397309][ T2587] loop5: partition table partially beyond EOD, truncated
[   71.405237][ T2587] loop5: p1 size 100663296 extends beyond EOD, truncated
[   71.431068][ T2587] loop5: p2 start 591104 is beyond EOD, truncated
[   71.447452][ T2595] loop4: detected capacity change from 0 to 40427
[   71.451535][ T2587] loop5: p3 start 33572980 is beyond EOD, truncated
[   71.462889][ T2595] F2FS-fs (loop4): invalid crc value
[   71.469645][ T2587] loop5: p5 size 100663296 extends beyond EOD, truncated
[   71.509222][ T2595] F2FS-fs (loop4): Found nat_bits in checkpoint
[   71.523812][ T2609] netlink: 104 bytes leftover after parsing attributes in process `syz.0.974'.
[   71.552669][ T2595] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   71.557763][  T299] udevd[299]: inotify_add_watch(7, /dev/loop5p1, 10) failed: No such file or directory
[   71.563014][  T429] udevd[429]: inotify_add_watch(7, /dev/loop5p5, 10) failed: No such file or directory
[   71.586669][  T372] udevd[372]: inotify_add_watch(7, /dev/loop5p4, 10) failed: No such file or directory
[   71.878393][ T2623] loop3: detected capacity change from 0 to 40427
[   71.897127][ T2623] F2FS-fs (loop3): Unrecognized mount option "whint_mode=user-based" or missing value
[   71.967282][ T2644] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[   72.039111][ T2631] loop4: detected capacity change from 0 to 40427
[   72.056773][ T2623] overlayfs: invalid origin (000000790000000000000000000000000000000000000000000000000000000000000000000000000000000000000000)
[   72.070537][  T297] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[   72.078981][ T2631] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[   72.087010][ T2631] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[   72.109343][ T2631] F2FS-fs (loop4): invalid crc value
[   72.155133][ T2631] F2FS-fs (loop4): Found nat_bits in checkpoint
[   72.169014][ T2648] loop0: detected capacity change from 0 to 40427
[   72.179273][ T2648] F2FS-fs (loop0): invalid crc value
[   72.187034][ T2648] F2FS-fs (loop0): Found nat_bits in checkpoint
[   72.224700][ T2648] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   72.272476][ T2631] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[   72.272697][  T297] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   72.279998][ T2631] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   72.325756][  T297] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   72.352217][  T297] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   72.369075][  T297] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   72.372013][ T2666] loop5: detected capacity change from 0 to 256
[   72.379052][  T297] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   72.398733][  T297] usb 2-1: config 0 descriptor??
[   72.514966][ T2672] loop0: detected capacity change from 0 to 128
[   72.549250][ T2672] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[   72.573603][ T2672] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   72.628730][ T2686] loop4: detected capacity change from 0 to 256
[   72.828251][  T297] plantronics 0003:047F:FFFF.0010: No inputs registered, leaving
[   72.843275][ T2706] syz.4.1017[2706] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   72.843357][ T2706] syz.4.1017[2706] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   72.866662][  T297] plantronics 0003:047F:FFFF.0010: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[   73.142487][  T286] usb 2-1: USB disconnect, device number 12
[   73.216980][ T2733] sch_tbf: peakrate 8 is lower than or equals to rate 12 !
[   73.711382][ T2759] binder: 2756:2759 ioctl c0306201 0 returned -14
[   73.732625][ T2759] binder: 2756:2759 ioctl 400454ca 0 returned -22
[   73.782439][ T2702] loop5: detected capacity change from 0 to 131072
[   73.804226][ T2702] F2FS-fs (loop5): Test dummy encryption mode enabled
[   73.815435][ T2702] F2FS-fs (loop5): invalid crc value
[   73.835906][ T2702] F2FS-fs (loop5): Found nat_bits in checkpoint
[   73.863957][ T2772] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1044'.
[   73.924340][ T2702] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[   73.999053][ T2784] loop4: detected capacity change from 0 to 1024
[   74.062282][ T2786] loop0: detected capacity change from 0 to 512
[   74.076553][ T2786] EXT4-fs: Ignoring removed oldalloc option
[   74.091986][ T2786] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   74.119317][ T2784] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[   74.134594][ T2786] EXT4-fs error (device loop0): ext4_xattr_inode_iget:400: comm syz.0.1051: Parent and EA inode have the same ino 15
[   74.171426][   T28] kauditd_printk_skb: 102 callbacks suppressed
[   74.180075][ T2786] EXT4-fs error (device loop0): ext4_xattr_inode_iget:400: comm syz.0.1051: Parent and EA inode have the same ino 15
[   74.229427][   T28] audit: type=1400 audit(2000000269.518:740): avc:  denied  { create } for  pid=2783 comm="syz.4.1050" name="control" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[   74.252841][  T279] EXT4-fs (loop4): unmounting filesystem.
[   74.259019][ T2786] EXT4-fs (loop0): 1 orphan inode deleted
[   74.271082][ T2786] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   74.288678][   T28] audit: type=1400 audit(2000000269.528:741): avc:  denied  { write } for  pid=2783 comm="syz.4.1050" name="control" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[   74.335416][   T28] audit: type=1400 audit(2000000269.528:742): avc:  denied  { add_name } for  pid=2783 comm="syz.4.1050" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[   74.413465][ T2798] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1056'.
[   74.453970][   T28] audit: type=1400 audit(2000000269.548:743): avc:  denied  { remove_name } for  pid=2783 comm="syz.4.1050" name="control" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   74.506391][  T275] EXT4-fs (loop0): unmounting filesystem.
[   74.554194][   T28] audit: type=1400 audit(2000000269.548:744): avc:  denied  { rmdir } for  pid=2783 comm="syz.4.1050" name="control" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[   74.621969][   T28] audit: type=1400 audit(2000000269.738:745): avc:  denied  { bind } for  pid=2795 comm="syz.4.1055" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   74.624734][ T2815] loop5: detected capacity change from 0 to 512
[   74.642421][   T28] audit: type=1400 audit(2000000269.838:746): avc:  denied  { connect } for  pid=2799 comm="syz.4.1057" laddr=127.0.0.1 lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   74.679844][   T28] audit: type=1400 audit(2000000269.838:747): avc:  denied  { shutdown } for  pid=2799 comm="syz.4.1057" laddr=127.0.0.1 lport=255 faddr=224.0.0.1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   74.705863][ T2815] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[   74.707803][   T28] audit: type=1326 audit(2000000270.058:748): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2819 comm="syz.3.1066" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f568a58e969 code=0x0
[   74.760464][ T2815] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[   74.772593][ T2815] ext4 filesystem being mounted at /65/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   74.817271][   T28] audit: type=1400 audit(2000000270.168:749): avc:  denied  { read write } for  pid=2814 comm="syz.5.1052" name="file1" dev="loop5" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   74.859547][ T2815] EXT4-fs error (device loop5): ext4_validate_block_bitmap:438: comm syz.5.1052: bg 0: block 304: padding at end of block bitmap is not set
[   74.870673][ T2832] input: syz0 as /devices/virtual/input/input14
[   74.892058][ T2815] EXT4-fs (loop5): Remounting filesystem read-only
[   74.936779][ T2044] EXT4-fs (loop5): unmounting filesystem.
[   75.009327][ T2848] syz.5.1077[2848] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   75.009407][ T2848] syz.5.1077[2848] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   75.037061][ T2849] netlink: 176 bytes leftover after parsing attributes in process `syz.0.1074'.
[   75.210683][ T2861] loop1: detected capacity change from 0 to 1024
[   75.218244][ T2861] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   75.229435][ T2861] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   75.240727][ T2861] JBD2: no valid journal superblock found
[   75.246717][ T2861] EXT4-fs (loop1): error loading journal
[   75.275494][ T2855] loop5: detected capacity change from 0 to 40427
[   75.285018][ T2855] F2FS-fs (loop5): fault_injection options not supported
[   75.305443][ T2855] F2FS-fs (loop5): invalid crc value
[   75.316742][ T2855] F2FS-fs (loop5): Found nat_bits in checkpoint
[   75.351838][ T2868] loop1: detected capacity change from 0 to 1024
[   75.363488][ T2855] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[   75.382782][ T2868] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[   75.391780][ T2868] ext4 filesystem being mounted at /184/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   75.413696][ T2044] syz-executor: attempt to access beyond end of device
[   75.413696][ T2044] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   75.414857][ T2868] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[   75.443825][ T2868] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 65 with error 28
[   75.456444][ T2868] EXT4-fs (loop1): This should not happen!! Data will be lost
[   75.456444][ T2868] 
[   75.466819][ T2868] EXT4-fs (loop1): Total free blocks count 0
[   75.473065][ T2868] EXT4-fs (loop1): Free/Dirty block details
[   75.479356][ T2868] EXT4-fs (loop1): free_blocks=4293918720
[   75.485417][ T2868] EXT4-fs (loop1): dirty_blocks=80
[   75.490607][ T2868] EXT4-fs (loop1): Block reservation details
[   75.497178][ T2868] EXT4-fs (loop1): i_reserved_data_blocks=5
[   75.533761][  T276] EXT4-fs (loop1): unmounting filesystem.
[   75.949775][ T2876] loop5: detected capacity change from 0 to 131072
[   75.959422][ T2876] F2FS-fs (loop5): Wrong CP boundary, start(512) end(198144) blocks(1024)
[   75.968320][ T2876] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock
[   75.977157][ T2876] F2FS-fs (loop5): invalid crc value
[   75.984839][ T2876] F2FS-fs (loop5): Found nat_bits in checkpoint
[   76.015757][ T2876] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0
[   76.023008][ T2876] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4
[   76.510363][ T2912] loop1: detected capacity change from 0 to 128
[   76.536500][ T2912] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   76.548268][ T2915] loop3: detected capacity change from 0 to 256
[   76.555006][ T2912] ext4 filesystem being mounted at /188/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   76.566306][ T2915] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[   76.634719][  T276] EXT4-fs (loop1): unmounting filesystem.
[   76.711345][ T2921] sch_tbf: burst 1399 is lower than device veth0_to_team mtu (1514) !
[   76.812945][ T2906] loop5: detected capacity change from 0 to 131072
[   76.820104][ T2906] F2FS-fs (loop5): Wrong CP boundary, start(512) end(198144) blocks(1024)
[   76.829790][ T2906] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock
[   76.840488][ T2906] F2FS-fs (loop5): invalid crc value
[   76.848129][ T2906] F2FS-fs (loop5): Found nat_bits in checkpoint
[   76.880550][ T2906] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0
[   76.887752][ T2906] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4
[   77.061535][  T286] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[   77.197015][ T2936] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1110'.
[   77.241558][  T286] usb 4-1: Using ep0 maxpacket: 16
[   77.248421][  T286] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 253, changing to 11
[   77.248462][  T286] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[   77.248498][  T286] usb 4-1: New USB device found, idVendor=0458, idProduct=5019, bcdDevice= 0.00
[   77.248523][  T286] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   77.253791][  T286] usb 4-1: config 0 descriptor??
[   77.706099][  T286] kye 0003:0458:5019.0011: unknown main item tag 0x0
[   77.706132][  T286] kye 0003:0458:5019.0011: unknown main item tag 0x0
[   77.706177][  T286] kye 0003:0458:5019.0011: unknown main item tag 0x0
[   77.706199][  T286] kye 0003:0458:5019.0011: unknown main item tag 0x0
[   77.706220][  T286] kye 0003:0458:5019.0011: unknown main item tag 0x0
[   77.707034][  T286] kye 0003:0458:5019.0011: hidraw0: USB HID v0.00 Device [HID 0458:5019] on usb-dummy_hcd.3-1/input0
[   77.707067][  T286] kye 0003:0458:5019.0011: tablet-enabling feature report not found
[   77.707082][  T286] kye 0003:0458:5019.0011: tablet enabling failed
[   77.927686][  T286] usb 4-1: USB disconnect, device number 7
[   77.994378][ T2960] loop4: detected capacity change from 0 to 128
[   78.021086][ T2960] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[   78.021306][ T2960] ext4 filesystem being mounted at /178/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   78.052174][  T279] EXT4-fs (loop4): unmounting filesystem.
[   78.079656][ T2968] netlink: 'syz.4.1124': attribute type 5 has an invalid length.
[   78.084474][ T2970] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1125'.
[   78.145231][ T2977] syz.1.1130[2977] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   78.145317][ T2977] syz.1.1130[2977] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   78.418404][ T3010] overlayfs: failed to clone upperpath
[   78.459075][ T3014] loop3: detected capacity change from 0 to 128
[   78.470353][ T3014] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[   78.482051][ T3014] ext4 filesystem being mounted at /272/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   78.515447][  T277] EXT4-fs (loop3): unmounting filesystem.
[   79.227552][ T3055] syz.5.1165[3055] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   79.227627][ T3055] syz.5.1165[3055] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   79.416795][   T28] kauditd_printk_skb: 39 callbacks suppressed
[   79.416812][   T28] audit: type=1400 audit(2000000274.768:789): avc:  denied  { watch } for  pid=3069 comm="syz.5.1172" path="/92/file0" dev="tmpfs" ino=498 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   79.511033][ T3078] netem: incorrect gi model size
[   79.516330][ T3078] netem: change failed
[   79.540124][ T3082] netlink: 136 bytes leftover after parsing attributes in process `syz.3.1178'.
[   79.549812][ T3082] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check.
[   79.585357][ T3086] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1180'.
[   79.620544][ T3090] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1183'.
[   79.673474][ T3100] loop3: detected capacity change from 0 to 512
[   79.684482][ T3100] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[   79.707390][ T3100] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[   79.721578][ T3100] ext4 filesystem being mounted at /282/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   79.753750][ T3100] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.1187: bg 0: block 304: padding at end of block bitmap is not set
[   79.768691][ T3100] EXT4-fs (loop3): Remounting filesystem read-only
[   79.785085][  T277] EXT4-fs (loop3): unmounting filesystem.
[   79.941872][ T3116] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1193'.
[   79.951075][ T3116] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1193'.
[   79.961413][ T3116] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1193'.
[   79.970676][ T3116] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check.
[   80.028639][ T3120] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1194'.
[   80.087101][ T3126] syz.3.1198[3126] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   80.087186][ T3126] syz.3.1198[3126] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   80.095432][   T28] audit: type=1400 audit(2000000275.438:790): avc:  denied  { setopt } for  pid=3127 comm="syz.0.1199" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   80.133024][ T3128] netlink: 277 bytes leftover after parsing attributes in process `syz.0.1199'.
[   80.143406][   T28] audit: type=1326 audit(2000000275.498:791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3125 comm="syz.3.1198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f568a58e969 code=0x7ffc0000
[   80.168045][   T28] audit: type=1326 audit(2000000275.498:792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3125 comm="syz.3.1198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f568a58e969 code=0x7ffc0000
[   80.232320][   T28] audit: type=1326 audit(2000000275.498:793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3125 comm="syz.3.1198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=103 compat=0 ip=0x7f568a58e969 code=0x7ffc0000
[   80.258460][   T28] audit: type=1326 audit(2000000275.538:794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3125 comm="syz.3.1198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f568a58e969 code=0x7ffc0000
[   80.294977][   T28] audit: type=1326 audit(2000000275.538:795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3125 comm="syz.3.1198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f568a58e969 code=0x7ffc0000
[   80.327495][ T3138] 9pnet_fd: p9_fd_create_unix (3138): problem connecting socket: ./file0: -111
[   80.339072][   T28] audit: type=1400 audit(2000000275.578:796): avc:  denied  { write } for  pid=3134 comm="syz.0.1202" name="tcp6" dev="proc" ino=4026532342 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[   80.410849][   T28] audit: type=1400 audit(2000000275.638:797): avc:  denied  { name_bind } for  pid=3136 comm="syz.5.1204" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[   80.447071][   T28] audit: type=1400 audit(2000000275.638:798): avc:  denied  { node_bind } for  pid=3136 comm="syz.5.1204" saddr=::1 src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   80.587881][ T3172] fuse: Bad value for 'fd'
[   80.974855][ T3208] usb usb8: usbfs: process 3208 (syz.5.1236) did not claim interface 0 before use
[   81.141595][ T1052] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[   81.331604][ T1052] usb 4-1: Using ep0 maxpacket: 16
[   81.340014][ T1052] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[   81.349306][ T1052] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   81.357591][ T1052] usb 4-1: Product: syz
[   81.361963][ T1052] usb 4-1: Manufacturer: syz
[   81.366712][ T1052] usb 4-1: SerialNumber: syz
[   81.373113][ T1052] r8152-cfgselector 4-1: config 0 descriptor??
[   81.488693][ T3251] loop5: detected capacity change from 0 to 512
[   81.508145][ T3251] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: comm syz.5.1255: inode #1: comm syz.5.1255: iget: illegal inode #
[   81.523292][ T3251] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz.5.1255: error while reading EA inode 1 err=-117
[   81.536668][ T3251] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: comm syz.5.1255: inode #1: comm syz.5.1255: iget: illegal inode #
[   81.551313][ T3251] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz.5.1255: error while reading EA inode 1 err=-117
[   81.564461][ T3251] EXT4-fs (loop5): 1 orphan inode deleted
[   81.571426][ T3251] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[   81.583278][ T3195] bridge: RTM_NEWNEIGH with invalid state 0x1
[   81.591581][ T1052] r8152-cfgselector 4-1: Unknown version 0x0000
[   81.618617][ T1052] r8152-cfgselector 4-1: Unknown version 0x0000
[   81.640541][ T1052] r8152-cfgselector 4-1: bad CDC descriptors
[   81.651129][ T1052] r8152-cfgselector 4-1: Unknown version 0x0000
[   81.672209][ T1052] r8152-cfgselector 4-1: USB disconnect, device number 8
[   81.728546][ T2044] EXT4-fs (loop5): unmounting filesystem.
[   82.032868][ T3291] loop5: detected capacity change from 0 to 40427
[   82.064166][ T3291] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[   82.072781][ T3291] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[   82.107163][ T3291] F2FS-fs (loop5): invalid crc value
[   82.132215][ T3291] F2FS-fs (loop5): Found nat_bits in checkpoint
[   82.188504][ T3291] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[   82.195714][ T3291] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[   82.239327][ T2044] syz-executor: attempt to access beyond end of device
[   82.239327][ T2044] loop5: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[   82.636393][ T3398] loop5: detected capacity change from 0 to 40427
[   82.648802][ T3398] F2FS-fs (loop5): Wrong segment_count / block_count (31 > 0)
[   82.656582][ T3398] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock
[   82.672274][ T3398] F2FS-fs (loop5): invalid crc value
[   82.698079][ T3398] F2FS-fs (loop5): Found nat_bits in checkpoint
[   82.761848][ T3398] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0
[   82.769029][ T3398] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[   82.812707][ T3398] syz.5.1275: attempt to access beyond end of device
[   82.812707][ T3398] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   82.828635][ T3398] syz.5.1275: attempt to access beyond end of device
[   82.828635][ T3398] loop5: rw=2049, sector=45136, nr_sectors = 8 limit=40427
[   82.896259][ T3418] syz.5.1275: attempt to access beyond end of device
[   82.896259][ T3418] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   82.914160][ T3377] kworker/u4:92: attempt to access beyond end of device
[   82.914160][ T3377] loop5: rw=2049, sector=45144, nr_sectors = 8 limit=40427
[   82.933339][ T3390] loop3: detected capacity change from 0 to 40427
[   82.963168][ T3390] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[   82.970944][ T3390] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[   83.002896][ T3390] F2FS-fs (loop3): Found nat_bits in checkpoint
[   83.065583][ T3390] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[   83.073087][ T3390] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   83.291319][ T3446] usb usb8: usbfs: process 3446 (syz.5.1295) did not claim interface 0 before use
[   83.524111][ T3479] futex_wake_op: syz.1.1311 tries to shift op by -1; fix this program
[   83.538902][ T3481] loop0: detected capacity change from 0 to 512
[   83.539206][ T3477] __nla_validate_parse: 1 callbacks suppressed
[   83.539221][ T3477] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1309'.
[   83.545902][ T3481] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[   83.577274][ T3481] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1310'.
[   83.704575][ T3502] loop5: detected capacity change from 0 to 512
[   83.739692][ T3502] EXT4-fs error (device loop5): ext4_orphan_get:1400: inode #15: comm syz.5.1321: casefold flag without casefold feature
[   83.754049][ T3502] EXT4-fs error (device loop5): ext4_orphan_get:1405: comm syz.5.1321: couldn't read orphan inode 15 (err -117)
[   83.766597][ T3502] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[   83.787238][ T2044] EXT4-fs (loop5): unmounting filesystem.
[   83.911723][ T3529] input: syz0 as /devices/virtual/input/input15
[   83.918139][ T3529] input: failed to attach handler leds to device input15, error: -6
[   84.027880][ T3546] loop3: detected capacity change from 0 to 1024
[   84.037711][ T3546] EXT4-fs: Ignoring removed oldalloc option
[   84.065156][ T3546] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[   84.087840][ T3555] SELinux:  Context system_u:object_r:dhcp_state_t:s0 is not valid (left unmapped).
[   84.119239][ T3546] EXT4-fs (loop3): Online defrag not supported with bigalloc
[   84.137691][  T277] EXT4-fs (loop3): unmounting filesystem.
[   84.464895][   T28] kauditd_printk_skb: 120 callbacks suppressed
[   84.464911][   T28] audit: type=1400 audit(2000000279.818:919): avc:  denied  { create } for  pid=3593 comm="syz.0.1362" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   84.471580][  T402] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[   84.587291][   T28] audit: type=1400 audit(2000000279.938:920): avc:  denied  { execmem } for  pid=3612 comm="syz.1.1371" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   84.650708][   T28] audit: type=1400 audit(2000000279.998:921): avc:  denied  { sys_module } for  pid=3619 comm="syz.1.1375" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[   84.678104][  T402] usb 6-1: Using ep0 maxpacket: 16
[   84.681522][ T1052] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[   84.685275][  T402] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 38, using maximum allowed: 30
[   84.708180][   T28] audit: type=1400 audit(2000000280.048:922): avc:  denied  { module_load } for  pid=3619 comm="syz.1.1375" path=2F6D656D66643A2D42D54E49C56A9A707070F00884A26D202864656C6574656429 dev="tmpfs" ino=1116 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=system permissive=1
[   84.737061][  T402] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 238, changing to 11
[   84.748442][  T402] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 38
[   84.761715][  T402] usb 6-1: New USB device found, idVendor=172f, idProduct=0500, bcdDevice= 0.00
[   84.771236][  T402] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   84.783808][  T402] usb 6-1: config 0 descriptor??
[   84.862864][ T1052] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2
[   84.872678][ T1052] usb 4-1: config 1 has no interface number 0
[   84.879665][ T1052] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   84.891055][ T1052] usb 4-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[   84.900392][ T1052] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[   84.920491][ T1052] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   84.930659][ T1052] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   84.939112][ T1052] usb 4-1: Product: syz
[   84.943562][ T1052] usb 4-1: Manufacturer: syz
[   84.948323][ T1052] usb 4-1: SerialNumber: syz
[   84.992859][  T402] usbhid 6-1:0.0: can't add hid device: -71
[   84.999053][  T402] usbhid: probe of 6-1:0.0 failed with error -71
[   85.009648][  T402] usb 6-1: USB disconnect, device number 2
[   85.483342][ T3644] fuse: Bad value for 'fd'
[   85.500525][   T28] audit: type=1400 audit(2000000280.848:923): avc:  denied  { name_bind } for  pid=3645 comm="syz.1.1385" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[   85.579604][ T3649] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1386'.
[   85.592110][   T28] audit: type=1400 audit(2000000280.948:924): avc:  denied  { module_request } for  pid=3647 comm="syz.1.1386" kmod="rtnl-link-geneve" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[   85.663944][ T3660] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1389'.
[   85.674482][ T3660] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1389'.
[   85.757691][ T1052] cdc_ncm 4-1:1.1: bind() failure
[   85.861195][   T28] audit: type=1400 audit(2000000281.208:925): avc:  denied  { read } for  pid=3670 comm="syz.5.1393" path="socket:[29430]" dev="sockfs" ino=29430 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   85.969967][  T297] usb 4-1: USB disconnect, device number 9
[   86.076143][   T28] audit: type=1400 audit(2000000281.428:926): avc:  denied  { setopt } for  pid=3685 comm="syz.0.1403" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   86.076735][   T28] audit: type=1400 audit(2000000281.428:927): avc:  denied  { setopt } for  pid=3685 comm="syz.0.1403" lport=8 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   86.142803][ T1052] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0
[   86.143273][   T28] audit: type=1400 audit(2000000281.478:928): avc:  denied  { connect } for  pid=3685 comm="syz.0.1403" lport=8 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   86.143547][ T1052] hid-generic 0000:0000:0000.0012: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[   86.949735][ T3749] loop5: detected capacity change from 0 to 512
[   86.959706][ T3749] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[   87.027011][ T3749] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[   87.057041][ T3749] EXT4-fs: Ignoring sb option on remount
[   87.062934][ T3749] EXT4-fs: Ignoring removed orlov option
[   87.068709][ T3749] EXT4-fs: Remounting file system with no journal so ignoring journalled data option
[   87.083171][ T3749] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   87.103099][ T3749] EXT4-fs (loop5): re-mounted. Quota mode: writeback.
[   87.134355][ T2044] EXT4-fs (loop5): unmounting filesystem.
[   87.228528][ T3766] incfs: Options parsing error. -22
[   87.241653][ T3766] incfs: mount failed -22
[   87.605809][ T3820] netlink: 'syz.1.1456': attribute type 2 has an invalid length.
[   87.621598][  T286] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[   87.637769][ T3824] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[   87.711810][    C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0)
[   87.773717][ T3837] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1464'.
[   87.802710][  T286] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   87.812996][  T286] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[   87.832737][  T286] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[   87.861911][  T286] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[   87.874442][ T3845] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1467'.
[   87.878013][  T286] usb 4-1: SerialNumber: syz
[   87.883812][ T3845] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1467'.
[   87.993827][ T3860] device batadv_slave_1 entered promiscuous mode
[   88.001231][ T3859] device batadv_slave_1 left promiscuous mode
[   88.105297][  T286] usb 4-1: 0:2 : does not exist
[   88.114084][  T286] usb 4-1: USB disconnect, device number 10
[   88.119279][ T3870] netlink: 136 bytes leftover after parsing attributes in process `syz.5.1479'.
[   88.139589][ T3870] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check.
[   88.322182][  T299] udevd[299]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[   88.362007][ T3881] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[   88.404924][ T3886] loop5: detected capacity change from 0 to 512
[   88.405191][ T3886] EXT4-fs: Ignoring removed nobh option
[   88.433313][ T3886] EXT4-fs error (device loop5): ext4_do_update_inode:5226: inode #3: comm syz.5.1487: corrupted inode contents
[   88.433508][ T3886] EXT4-fs (loop5): Remounting filesystem read-only
[   88.452538][ T3886] EXT4-fs error (device loop5): ext4_dirty_inode:6091: inode #3: comm syz.5.1487: mark_inode_dirty error
[   88.465260][ T3886] EXT4-fs (loop5): Remounting filesystem read-only
[   88.465558][ T3886] EXT4-fs error (device loop5): ext4_do_update_inode:5226: inode #3: comm syz.5.1487: corrupted inode contents
[   88.465710][ T3886] EXT4-fs (loop5): Remounting filesystem read-only
[   88.491857][ T3886] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #3: comm syz.5.1487: mark_inode_dirty error
[   88.503883][ T3886] EXT4-fs (loop5): Remounting filesystem read-only
[   88.504146][ T3886] EXT4-fs error (device loop5): ext4_acquire_dquot:6789: comm syz.5.1487: Failed to acquire dquot type 0
[   88.504312][ T3886] EXT4-fs (loop5): Remounting filesystem read-only
[   88.504630][ T3886] EXT4-fs error (device loop5): ext4_do_update_inode:5226: inode #16: comm syz.5.1487: corrupted inode contents
[   88.504775][ T3886] EXT4-fs (loop5): Remounting filesystem read-only
[   88.504790][ T3886] EXT4-fs error (device loop5): ext4_dirty_inode:6091: inode #16: comm syz.5.1487: mark_inode_dirty error
[   88.504922][ T3886] EXT4-fs (loop5): Remounting filesystem read-only
[   88.504943][ T3886] EXT4-fs error (device loop5): ext4_do_update_inode:5226: inode #16: comm syz.5.1487: corrupted inode contents
[   88.505255][ T3886] EXT4-fs (loop5): Remounting filesystem read-only
[   88.505276][ T3886] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #16: comm syz.5.1487: mark_inode_dirty error
[   88.505439][ T3886] EXT4-fs (loop5): Remounting filesystem read-only
[   88.505478][ T3886] EXT4-fs error (device loop5): ext4_do_update_inode:5226: inode #16: comm syz.5.1487: corrupted inode contents
[   88.505630][ T3886] EXT4-fs (loop5): Remounting filesystem read-only
[   88.505644][ T3886] EXT4-fs error (device loop5) in ext4_orphan_del:305: Corrupt filesystem
[   88.505790][ T3886] EXT4-fs (loop5): Remounting filesystem read-only
[   88.505812][ T3886] EXT4-fs error (device loop5): ext4_do_update_inode:5226: inode #16: comm syz.5.1487: corrupted inode contents
[   88.505961][ T3886] EXT4-fs (loop5): Remounting filesystem read-only
[   88.505976][ T3886] EXT4-fs error (device loop5): ext4_truncate:4313: inode #16: comm syz.5.1487: mark_inode_dirty error
[   88.506127][ T3886] EXT4-fs (loop5): Remounting filesystem read-only
[   88.506143][ T3886] EXT4-fs error (device loop5) in ext4_process_orphan:347: Corrupt filesystem
[   88.506273][ T3886] EXT4-fs (loop5): Remounting filesystem read-only
[   88.506447][ T3886] EXT4-fs (loop5): 1 truncate cleaned up
[   88.700012][ T3886] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[   88.700208][ T3886] ext4 filesystem being mounted at /193/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   88.773568][ T2044] EXT4-fs (loop5): unmounting filesystem.
[   88.812214][ T3899] incfs: Options parsing error. -22
[   88.812251][ T3899] incfs: mount failed -22
[   88.916853][ T3909] loop3: detected capacity change from 0 to 16
[   88.917418][ T3909] erofs: (device loop3): mounted with root inode @ nid 36.
[   88.964450][ T3913] Non-string source
[   89.798868][ T3946] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1511'.
[   89.808056][ T3946] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1511'.
[   89.818034][ T3946] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1511'.
[   89.827566][ T3946] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check.
[   89.872872][ T3950] usb usb8: usbfs: process 3950 (syz.3.1515) did not claim interface 0 before use
[   89.961034][ T3959] loop3: detected capacity change from 0 to 512
[   89.970000][ T3959] EXT4-fs: Ignoring removed nobh option
[   89.992629][ T3959] EXT4-fs error (device loop3): ext4_do_update_inode:5226: inode #3: comm syz.3.1520: corrupted inode contents
[   90.012335][ T3959] EXT4-fs (loop3): Remounting filesystem read-only
[   90.019604][ T3959] EXT4-fs error (device loop3): ext4_dirty_inode:6091: inode #3: comm syz.3.1520: mark_inode_dirty error
[   90.031708][ T3959] EXT4-fs (loop3): Remounting filesystem read-only
[   90.038638][ T3959] EXT4-fs error (device loop3): ext4_do_update_inode:5226: inode #3: comm syz.3.1520: corrupted inode contents
[   90.051011][ T3959] EXT4-fs (loop3): Remounting filesystem read-only
[   90.057953][ T3959] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #3: comm syz.3.1520: mark_inode_dirty error
[   90.069749][ T3959] EXT4-fs (loop3): Remounting filesystem read-only
[   90.076930][ T3959] __quota_error: 16 callbacks suppressed
[   90.076947][ T3959] Quota error (device loop3): write_blk: dquota write failed
[   90.090584][ T3959] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[   90.103819][ T3959] EXT4-fs error (device loop3): ext4_acquire_dquot:6789: comm syz.3.1520: Failed to acquire dquot type 0
[   90.115968][ T3959] EXT4-fs (loop3): Remounting filesystem read-only
[   90.123192][ T3959] EXT4-fs error (device loop3): ext4_do_update_inode:5226: inode #16: comm syz.3.1520: corrupted inode contents
[   90.135920][ T3959] EXT4-fs (loop3): Remounting filesystem read-only
[   90.142678][ T3959] EXT4-fs error (device loop3): ext4_dirty_inode:6091: inode #16: comm syz.3.1520: mark_inode_dirty error
[   90.155033][ T3959] EXT4-fs (loop3): Remounting filesystem read-only
[   90.169967][ T3959] EXT4-fs error (device loop3): ext4_do_update_inode:5226: inode #16: comm syz.3.1520: corrupted inode contents
[   90.191748][ T3959] EXT4-fs (loop3): Remounting filesystem read-only
[   90.213625][ T3959] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #16: comm syz.3.1520: mark_inode_dirty error
[   90.225862][ T3959] EXT4-fs (loop3): Remounting filesystem read-only
[   90.232862][ T3959] EXT4-fs error (device loop3): ext4_do_update_inode:5226: inode #16: comm syz.3.1520: corrupted inode contents
[   90.261721][ T3959] EXT4-fs (loop3): Remounting filesystem read-only
[   90.268390][ T3959] EXT4-fs error (device loop3) in ext4_orphan_del:305: Corrupt filesystem
[   90.287277][ T3959] EXT4-fs (loop3): Remounting filesystem read-only
[   90.301497][ T3959] EXT4-fs error (device loop3): ext4_do_update_inode:5226: inode #16: comm syz.3.1520: corrupted inode contents
[   90.323146][ T3959] EXT4-fs (loop3): Remounting filesystem read-only
[   90.329896][ T3959] EXT4-fs error (device loop3): ext4_truncate:4313: inode #16: comm syz.3.1520: mark_inode_dirty error
[   90.401704][ T3959] EXT4-fs (loop3): Remounting filesystem read-only
[   90.408596][ T3959] EXT4-fs error (device loop3) in ext4_process_orphan:347: Corrupt filesystem
[   90.430946][ T3959] EXT4-fs (loop3): Remounting filesystem read-only
[   90.448014][ T3959] EXT4-fs (loop3): 1 truncate cleaned up
[   90.461504][ T3959] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[   90.471786][ T3959] ext4 filesystem being mounted at /331/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   90.644374][  T277] EXT4-fs (loop3): unmounting filesystem.
[   90.784877][ T3980] netlink: 176 bytes leftover after parsing attributes in process `syz.1.1525'.
[   90.996322][   T28] audit: type=1400 audit(2000000286.348:943): avc:  denied  { write } for  pid=3987 comm="syz.0.1529" name="attr" dev="proc" ino=30458 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[   91.078689][   T28] audit: type=1400 audit(2000000286.378:944): avc:  denied  { add_name } for  pid=3987 comm="syz.0.1529" name="fscreate" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[   91.105307][   T28] audit: type=1400 audit(2000000286.378:945): avc:  denied  { create } for  pid=3987 comm="syz.0.1529" name="fscreate" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=file permissive=1
[   91.127638][   T28] audit: type=1400 audit(2000000286.378:946): avc:  denied  { associate } for  pid=3987 comm="syz.0.1529" name="fscreate" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[   91.433109][ T3982] loop3: detected capacity change from 0 to 131072
[   91.440362][ T3982] F2FS-fs (loop3): Test dummy encryption mode enabled
[   91.448800][ T3982] F2FS-fs (loop3): invalid crc value
[   91.460516][ T3982] F2FS-fs (loop3): Found nat_bits in checkpoint
[   91.490596][ T3982] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   91.560673][ T3998] loop5: detected capacity change from 0 to 256
[   91.573773][   T28] audit: type=1400 audit(2000000286.928:947): avc:  denied  { mount } for  pid=3997 comm="syz.5.1532" name="/" dev="loop5" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[   91.608950][   T28] audit: type=1400 audit(2000000286.958:948): avc:  denied  { watch watch_reads } for  pid=3997 comm="syz.5.1532" path="/201/file0/file0/file0" dev="loop5" ino=1048651 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=file permissive=1
[   91.646476][   T28] audit: type=1400 audit(2000000286.998:949): avc:  denied  { unmount } for  pid=2044 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[   91.701700][   T28] audit: type=1400 audit(2000000287.058:950): avc:  denied  { append } for  pid=4005 comm="syz.5.1536" name="001" dev="devtmpfs" ino=182 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[   91.905511][ T4022] x_tables: duplicate underflow at hook 4
[   92.136317][ T4046] loop5: detected capacity change from 0 to 2048
[   92.153269][ T4046] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[   92.172722][ T2044] EXT4-fs (loop5): unmounting filesystem.
[   92.433066][ T4079] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1567'.
[   92.515365][ T4075] loop3: detected capacity change from 0 to 40427
[   92.536422][ T4075] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[   92.550772][ T4075] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[   92.572319][ T4075] F2FS-fs (loop3): invalid crc value
[   92.607899][ T4075] F2FS-fs (loop3): Found nat_bits in checkpoint
[   92.676660][ T4104] loop4: detected capacity change from 0 to 512
[   92.689773][ T4104] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   92.705089][ T4075] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[   92.712452][ T4075] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   92.727513][ T4104] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c018, mo2=0002]
[   92.751583][ T4104] System zones: 1-12
[   92.776885][ T4104] EXT4-fs (loop4): 1 truncate cleaned up
[   92.777135][ T4111] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1581'.
[   92.796507][ T4111] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1581'.
[   92.799119][ T4104] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[   92.836395][  T279] EXT4-fs (loop4): unmounting filesystem.
[   93.018220][ T4132] overlayfs: failed to clone upperpath
[   93.111218][ T4140] loop4: detected capacity change from 0 to 512
[   93.158627][ T4140] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[   93.167775][ T4140] ext4 filesystem being mounted at /224/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   93.200386][  T279] EXT4-fs (loop4): unmounting filesystem.
[   93.231277][ T4152] overlayfs: conflicting lowerdir path
[   93.239366][ T4152] overlayfs: overlay with incompat feature 'volatile' cannot be mounted
[   93.925151][ T4183] loop4: detected capacity change from 0 to 40427
[   93.949534][ T4183] F2FS-fs (loop4): fault_injection options not supported
[   93.957089][ T4183] F2FS-fs (loop4): heap/no_heap options were deprecated
[   93.970373][ T4183] F2FS-fs (loop4): Image doesn't support compression
[   93.978100][ T4183] F2FS-fs (loop4): invalid crc value
[   93.985391][ T4183] F2FS-fs (loop4): Found nat_bits in checkpoint
[   94.040424][ T4183] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   94.407595][ T4183] syz.4.1611: attempt to access beyond end of device
[   94.407595][ T4183] loop4: rw=2049, sector=77824, nr_sectors = 2304 limit=40427
[   94.439165][ T4183] syz.4.1611: attempt to access beyond end of device
[   94.439165][ T4183] loop4: rw=2049, sector=80128, nr_sectors = 2440 limit=40427
[   94.461113][ T4183] syz.4.1611: attempt to access beyond end of device
[   94.461113][ T4183] loop4: rw=2049, sector=82568, nr_sectors = 2544 limit=40427
[   94.485501][ T4183] syz.4.1611: attempt to access beyond end of device
[   94.485501][ T4183] loop4: rw=2049, sector=85112, nr_sectors = 2744 limit=40427
[   94.508415][ T4183] syz.4.1611: attempt to access beyond end of device
[   94.508415][ T4183] loop4: rw=2049, sector=87856, nr_sectors = 2720 limit=40427
[   94.529179][ T4183] syz.4.1611: attempt to access beyond end of device
[   94.529179][ T4183] loop4: rw=2049, sector=90576, nr_sectors = 2080 limit=40427
[   94.562625][ T4183] syz.4.1611: attempt to access beyond end of device
[   94.562625][ T4183] loop4: rw=2049, sector=92656, nr_sectors = 6488 limit=40427
[   94.606743][ T4183] syz.4.1611: attempt to access beyond end of device
[   94.606743][ T4183] loop4: rw=2049, sector=99144, nr_sectors = 2048 limit=40427
[   94.696707][ T4183] syz.4.1611: attempt to access beyond end of device
[   94.696707][ T4183] loop4: rw=2049, sector=101192, nr_sectors = 4040 limit=40427
[   94.720126][ T3377] kworker/u4:92: attempt to access beyond end of device
[   94.720126][ T3377] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   95.170741][ T4235] loop3: detected capacity change from 0 to 131072
[   95.204957][ T4235] F2FS-fs (loop3): Wrong CP boundary, start(512) end(198144) blocks(1024)
[   95.221360][   T28] kauditd_printk_skb: 13 callbacks suppressed
[   95.221375][   T28] audit: type=1400 audit(2000000290.568:964): avc:  denied  { relabelfrom } for  pid=4265 comm="syz.4.1645" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[   95.229784][ T4235] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[   95.275943][   T28] audit: type=1400 audit(2000000290.568:965): avc:  denied  { relabelto } for  pid=4265 comm="syz.4.1645" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[   95.297115][ T4235] F2FS-fs (loop3): invalid crc value
[   95.317067][ T4235] F2FS-fs (loop3): Found nat_bits in checkpoint
[   95.357685][ T4235] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[   95.365047][ T4235] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[   95.435115][   T28] audit: type=1400 audit(2000000290.788:966): avc:  denied  { read write } for  pid=4234 comm="syz.3.1633" name="file1" dev="loop3" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   95.476093][ T4293] loop4: detected capacity change from 0 to 2048
[   95.478449][   T28] audit: type=1400 audit(2000000290.818:967): avc:  denied  { open } for  pid=4234 comm="syz.3.1633" path="/349/file0/file1" dev="loop3" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   95.532597][ T4293] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[   95.536845][   T28] audit: type=1400 audit(2000000290.878:968): avc:  denied  { ioctl } for  pid=4234 comm="syz.3.1633" path="/349/file0/file1" dev="loop3" ino=7 ioctlcmd=0x660b scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   95.595988][  T279] EXT4-fs (loop4): unmounting filesystem.
[   95.647949][   T28] audit: type=1400 audit(2000000290.998:969): avc:  denied  { getopt } for  pid=4297 comm="syz.5.1666" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   95.869950][   T28] audit: type=1400 audit(2000000291.218:970): avc:  denied  { ioctl } for  pid=4313 comm="syz.5.1663" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=31542 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[   95.958962][   T28] audit: type=1400 audit(2000000291.308:971): avc:  denied  { write } for  pid=4317 comm="syz.5.1667" name="mcfilter6" dev="proc" ino=4026533008 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[   96.116535][   T28] audit: type=1400 audit(2000000291.468:972): avc:  denied  { read } for  pid=4324 comm="syz.0.1670" name="rtc0" dev="devtmpfs" ino=263 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[   96.187705][ T4322] loop5: detected capacity change from 0 to 40427
[   96.195182][ T4322] F2FS-fs (loop5): fault_injection options not supported
[   96.203333][ T4322] F2FS-fs (loop5): invalid crc value
[   96.222489][ T4322] F2FS-fs (loop5): Found nat_bits in checkpoint
[   96.292050][ T4322] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[   96.601846][ T4357] loop5: detected capacity change from 0 to 256
[   96.626789][ T4357] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x36e06c6e, utbl_chksum : 0xe619d30d)
[   96.657531][   T28] audit: type=1400 audit(2000000292.008:973): avc:  denied  { add_name } for  pid=4356 comm="syz.5.1683" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   96.897586][ T4367] loop3: detected capacity change from 0 to 2048
[   96.913709][ T4367] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[   96.923527][ T4366] bridge0: port 1(bridge_slave_0) entered blocking state
[   96.930675][ T4366] bridge0: port 1(bridge_slave_0) entered disabled state
[   96.939182][ T4366] device bridge_slave_0 entered promiscuous mode
[   96.949109][ T4366] bridge0: port 2(bridge_slave_1) entered blocking state
[   96.949633][  T277] EXT4-fs (loop3): unmounting filesystem.
[   96.956826][ T4366] bridge0: port 2(bridge_slave_1) entered disabled state
[   96.970677][ T4366] device bridge_slave_1 entered promiscuous mode
[   97.092849][ T4366] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.100196][ T4366] bridge0: port 2(bridge_slave_1) entered forwarding state
[   97.107674][ T4366] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.115005][ T4366] bridge0: port 1(bridge_slave_0) entered forwarding state
[   97.176558][ T3305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   97.202267][ T3305] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.209832][ T3305] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.226834][ T3305] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   97.241832][ T3305] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.249174][ T3305] bridge0: port 1(bridge_slave_0) entered forwarding state
[   97.275421][ T3305] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   97.307188][ T3305] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.314912][ T3305] bridge0: port 2(bridge_slave_1) entered forwarding state
[   97.343654][ T3391] device bridge_slave_1 left promiscuous mode
[   97.349861][ T3391] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.371991][ T3391] device bridge_slave_0 left promiscuous mode
[   97.374156][ T4384] loop0: detected capacity change from 0 to 40427
[   97.378863][ T3391] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.398586][ T4384] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[   97.403970][ T4382] loop3: detected capacity change from 0 to 40427
[   97.407475][ T4384] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[   97.415709][ T4382] F2FS-fs (loop3): invalid crc value
[   97.428346][ T3391] device veth0_vlan left promiscuous mode
[   97.434761][ T4382] F2FS-fs (loop3): Found nat_bits in checkpoint
[   97.441298][ T4384] F2FS-fs (loop0): invalid crc value
[   97.466411][ T4384] F2FS-fs (loop0): Found nat_bits in checkpoint
[   97.482239][ T4382] F2FS-fs (loop3): Start checkpoint disabled!
[   97.501541][ T4382] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[   97.527020][ T4384] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[   97.535593][ T4384] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   97.550495][ T3305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   97.559212][ T3305] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   97.570573][ T3305] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   97.579007][ T3305] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   97.600816][ T3305] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   97.609970][ T3305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   97.622763][ T4366] device veth0_vlan entered promiscuous mode
[   97.629607][ T3305] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   97.638209][ T3305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   97.655653][ T4366] device veth1_macvtap entered promiscuous mode
[   97.672040][ T3305] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   97.680047][ T3305] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   97.692777][ T3305] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   97.711818][ T3305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   97.720154][ T3305] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   97.753696][ T3305] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   97.771226][ T3305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   97.792184][ T3305] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   97.814829][ T3305] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   98.318200][ T4438] loop0: detected capacity change from 0 to 16
[   98.360261][ T4438] erofs: (device loop0): mounted with root inode @ nid 36.
[   98.524959][ T4408] loop3: detected capacity change from 0 to 40427
[   98.577315][ T4408] F2FS-fs (loop3): fault_injection options not supported
[   98.674961][ T4408] F2FS-fs (loop3): invalid crc value
[   98.699371][ T4408] F2FS-fs (loop3): Found nat_bits in checkpoint
[   98.891568][ T4408] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   99.030494][ T4495] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1719'.
[   99.098259][ T4482] loop5: detected capacity change from 0 to 40427
[   99.108185][ T4482] F2FS-fs (loop5): fault_type options not supported
[   99.116093][ T4482] F2FS-fs (loop5): invalid crc value
[   99.123458][ T4482] F2FS-fs (loop5): Found nat_bits in checkpoint
[   99.171660][ T4482] F2FS-fs (loop5): Start checkpoint disabled!
[   99.180827][ T4482] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[   99.267181][ T4482] F2FS-fs (loop5): ino:10, start:1, end:8193, need to trigger GC to reclaim enough free segment when checkpoint is enabled
[   99.280553][ T4513] 9pnet_fd: Insufficient options for proto=fd
[   99.392490][ T4518] tun0: tun_chr_ioctl cmd 1074025675
[   99.400571][ T4518] tun0: persist enabled
[   99.406171][ T4518] tun0: tun_chr_ioctl cmd 1074025675
[   99.413656][ T4518] tun0: persist disabled
[   99.499684][ T4534] loop5: detected capacity change from 0 to 128
[   99.538610][ T4534] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   99.549141][ T4534] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   99.552802][  T299] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   99.572713][ T4542] loop3: detected capacity change from 0 to 128
[   99.582578][ T3300] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[   99.591166][ T3300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   99.607099][ T4543] syz.4.1740[4543] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   99.607174][ T4543] syz.4.1740[4543] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   99.623177][ T3300] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[   99.662018][ T3300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   99.682685][ T3300] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   99.701866][ T3300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   99.710369][ T3300] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   99.738767][ T3300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   99.760814][ T4543] bridge0: port 3(vlan2) entered blocking state
[   99.782659][ T4543] bridge0: port 3(vlan2) entered disabled state
[   99.814957][ T4559] bridge0: port 3(syz_tun) entered blocking state
[   99.828036][ T4559] bridge0: port 3(syz_tun) entered disabled state
[   99.856935][ T4559] device syz_tun entered promiscuous mode
[   99.895111][ T4559] bridge0: port 3(syz_tun) entered blocking state
[   99.901808][ T4559] bridge0: port 3(syz_tun) entered forwarding state
[  100.074052][ T4578] capability: warning: `syz.0.1756' uses 32-bit capabilities (legacy support in use)
[  100.104245][ T4585] SELinux:  Context system_u:object_r:login_exec_t:s0 is not valid (left unmapped).
[  100.394338][ T4612] loop5: detected capacity change from 0 to 512
[  100.403196][ T4613] bridge0: port 3(syz_tun) entered blocking state
[  100.420243][ T4613] bridge0: port 3(syz_tun) entered disabled state
[  100.420566][ T4612] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  100.458350][ T4613] device syz_tun entered promiscuous mode
[  100.473896][ T4613] bridge0: port 3(syz_tun) entered blocking state
[  100.480388][ T4613] bridge0: port 3(syz_tun) entered forwarding state
[  100.495914][ T4612] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -2
[  100.504315][ T4612] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #13: comm syz.5.1770: invalid indirect mapped block 2683928664 (level 1)
[  100.519539][ T4612] EXT4-fs (loop5): Remounting filesystem read-only
[  100.531747][ T4612] EXT4-fs (loop5): 1 truncate cleaned up
[  100.537529][ T4612] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  100.571776][ T4612] EXT4-fs (loop5): shut down requested (1)
[  100.585529][ T4366] EXT4-fs (loop5): unmounting filesystem.
[  100.627381][ T4601] loop4: detected capacity change from 0 to 40427
[  100.641592][ T4626] tmpfs: Unknown parameter 'nolazytime1'
[  100.656769][ T4601] F2FS-fs (loop4): fault_type options not supported
[  100.672579][   T28] kauditd_printk_skb: 18 callbacks suppressed
[  100.672595][   T28] audit: type=1400 audit(2000000296.028:992): avc:  denied  { map } for  pid=4631 comm="syz.5.1779" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=179 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  100.704942][ T4601] F2FS-fs (loop4): invalid crc value
[  100.744054][ T4601] F2FS-fs (loop4): Found nat_bits in checkpoint
[  100.802319][ T4601] F2FS-fs (loop4): Start checkpoint disabled!
[  100.819818][ T4601] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  100.917444][ T4601] F2FS-fs (loop4): ino:10, start:1, end:8193, need to trigger GC to reclaim enough free segment when checkpoint is enabled
[  100.984974][   T28] audit: type=1400 audit(2000000296.338:993): avc:  denied  { bind } for  pid=4658 comm="syz.0.1791" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  101.017721][   T28] audit: type=1400 audit(2000000296.368:994): avc:  denied  { read } for  pid=4658 comm="syz.0.1791" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  101.047593][ T4478] bio_check_eod: 6 callbacks suppressed
[  101.047612][ T4478] kworker/u4:149: attempt to access beyond end of device
[  101.047612][ T4478] loop4: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  101.068395][   T28] audit: type=1400 audit(2000000296.428:995): avc:  denied  { setopt } for  pid=4658 comm="syz.0.1791" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  101.098453][   T28] audit: type=1400 audit(2000000296.438:996): avc:  denied  { write } for  pid=4658 comm="syz.0.1791" path="socket:[33065]" dev="sockfs" ino=33065 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  101.276742][ T4645] loop3: detected capacity change from 0 to 40427
[  101.296780][ T4645] F2FS-fs (loop3): invalid crc value
[  101.308322][ T4645] F2FS-fs (loop3): Found nat_bits in checkpoint
[  101.329461][ T4676] loop4: detected capacity change from 0 to 1024
[  101.369495][ T4645] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  101.389111][ T4676] EXT4-fs error (device loop4): ext4_orphan_get:1426: comm syz.4.1792: bad orphan inode 2304
[  101.401204][ T4676] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  101.423984][   T28] audit: type=1400 audit(2000000296.778:997): avc:  denied  { watch } for  pid=4673 comm="syz.4.1792" path="/263/bus/control" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[  101.463808][  T279] EXT4-fs (loop4): unmounting filesystem.
[  101.492294][ T4645] syz.3.1784: attempt to access beyond end of device
[  101.492294][ T4645] loop3: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  101.549361][  T277] syz-executor: attempt to access beyond end of device
[  101.549361][  T277] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  101.588787][   T28] audit: type=1400 audit(2000000296.938:998): avc:  denied  { read } for  pid=4683 comm="syz.4.1799" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  101.617477][ T4686] loop5: detected capacity change from 0 to 1024
[  101.624991][ T4686] EXT4-fs: Ignoring removed oldalloc option
[  101.676352][ T4686] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  101.708446][ T4366] EXT4-fs (loop5): unmounting filesystem.
[  101.953244][ T4680] loop0: detected capacity change from 0 to 40427
[  101.961226][ T4680] F2FS-fs (loop0): fault_injection options not supported
[  101.981559][ T4680] F2FS-fs (loop0): heap/no_heap options were deprecated
[  102.003168][ T4711] loop5: detected capacity change from 0 to 1024
[  102.011560][ T4680] F2FS-fs (loop0): Image doesn't support compression
[  102.023923][ T4680] F2FS-fs (loop0): invalid crc value
[  102.043748][ T4711] EXT4-fs error (device loop5): ext4_orphan_get:1426: comm syz.5.1811: bad orphan inode 2304
[  102.043970][ T4680] F2FS-fs (loop0): Found nat_bits in checkpoint
[  102.054676][ T4711] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  102.096004][ T4366] EXT4-fs (loop5): unmounting filesystem.
[  102.162138][ T4680] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  102.477043][   T28] audit: type=1326 audit(2000000297.828:999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4738 comm="syz.5.1818" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fafe9f8e969 code=0x0
[  102.510488][ T4744] fuse: Bad value for 'fd'
[  102.550780][   T28] audit: type=1400 audit(2000000297.878:1000): avc:  denied  { write } for  pid=84 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  102.599775][ T4680] syz.0.1797: attempt to access beyond end of device
[  102.599775][ T4680] loop0: rw=2049, sector=77824, nr_sectors = 4200 limit=40427
[  102.615031][   T28] audit: type=1400 audit(2000000297.878:1001): avc:  denied  { remove_name } for  pid=84 comm="syslogd" name="messages" dev="tmpfs" ino=6 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  102.623701][ T4680] syz.0.1797: attempt to access beyond end of device
[  102.623701][ T4680] loop0: rw=2049, sector=82024, nr_sectors = 2088 limit=40427
[  102.663321][ T4680] syz.0.1797: attempt to access beyond end of device
[  102.663321][ T4680] loop0: rw=2049, sector=84112, nr_sectors = 2072 limit=40427
[  102.690067][ T4680] syz.0.1797: attempt to access beyond end of device
[  102.690067][ T4680] loop0: rw=2049, sector=86184, nr_sectors = 2752 limit=40427
[  102.717967][ T4680] syz.0.1797: attempt to access beyond end of device
[  102.717967][ T4680] loop0: rw=2049, sector=88936, nr_sectors = 3368 limit=40427
[  102.755195][ T4680] syz.0.1797: attempt to access beyond end of device
[  102.755195][ T4680] loop0: rw=2049, sector=92304, nr_sectors = 5272 limit=40427
[  102.804878][  T275] syz-executor: attempt to access beyond end of device
[  102.804878][  T275] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  103.016189][   T39] hid-generic C5C3:0004:0081.0013: item fetching failed at offset 3/4
[  103.031162][   T39] hid-generic: probe of C5C3:0004:0081.0013 failed with error -22
[  103.044339][ T4820] netlink: '+}[@': attribute type 13 has an invalid length.
[  103.080476][ T4820] gretap0: refused to change device tx_queue_len
[  103.107510][ T4820] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  103.505279][ T4855] loop3: detected capacity change from 0 to 1024
[  103.547388][ T4855] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  103.573086][ T4840] loop5: detected capacity change from 0 to 40427
[  103.579766][ T4840] F2FS-fs (loop5): heap/no_heap options were deprecated
[  103.580540][ T4840] F2FS-fs (loop5): invalid crc value
[  103.581689][ T4840] F2FS-fs (loop5): Found nat_bits in checkpoint
[  103.605995][  T277] EXT4-fs (loop3): unmounting filesystem.
[  103.639770][ T4840] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  103.811748][ T4870] loop3: detected capacity change from 0 to 128
[  103.877074][  T372] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  103.913604][ T4870] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  103.931671][ T4870] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  103.974686][ T4870] device gretap1 left promiscuous mode
[  104.011965][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[  104.025610][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  104.036435][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[  104.074514][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  104.115955][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  104.151944][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  104.201663][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  104.218380][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  104.237966][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): veth3: link becomes ready
[  104.247218][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): veth2: link becomes ready
[  104.462993][ T4923] tipc: Enabling of bearer <eth:s> rejected, failed to enable media
[  104.577371][ T4939] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  104.592095][ T4939] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  104.708295][ T4953] loop4: detected capacity change from 0 to 128
[  104.742488][ T4957] overlayfs: missing 'lowerdir'
[  104.770880][ T4960] loop5: detected capacity change from 0 to 256
[  104.779647][ T4962] loop0: detected capacity change from 0 to 256
[  104.788929][ T4960] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  104.819772][ T4962] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x1aabf3fb, utbl_chksum : 0xe619d30d)
[  104.887546][ T4970] netlink: 'syz.5.1907': attribute type 8 has an invalid length.
[  104.910854][ T4974] cgroup: Unknown subsys name '¬§@﬽æì¦4*oäÂÒ£hÓîºoþüíUÜ'
[  104.984061][ T4985] loop5: detected capacity change from 0 to 1024
[  105.020570][ T4985] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  105.065515][ T4366] EXT4-fs (loop5): unmounting filesystem.
[  105.120804][ T5001] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1124 sclass=netlink_route_socket pid=5001 comm=syz.0.1910
[  105.329141][ T5022] loop5: detected capacity change from 0 to 2048
[  105.377285][ T5022] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  105.392857][ T5022] EXT4-fs (loop5): shut down requested (1)
[  105.406906][ T4366] EXT4-fs (loop5): unmounting filesystem.
[  105.420866][ T5032] loop3: detected capacity change from 0 to 128
[  105.447789][ T5032] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  105.460951][ T5039] loop0: detected capacity change from 0 to 256
[  105.468754][ T5032] ext4 filesystem being mounted at /387/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  105.499361][  T277] EXT4-fs (loop3): unmounting filesystem.
[  105.530832][ T5039] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  105.734744][ T5059] cgroup: Unknown subsys name '¬§@﬽æì¦4*oäÂÒ£hÓîºoþüíUÜ'
[  105.842746][ T5070] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  105.891983][ T5070] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  105.935800][   T28] kauditd_printk_skb: 22 callbacks suppressed
[  105.935817][   T28] audit: type=1400 audit(2000000301.288:1024): avc:  denied  { read } for  pid=5079 comm="syz.4.1945" name="binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  105.936047][ T5080] binder: 5079:5080 ioctl 4018620d 0 returned -22
[  105.951993][   T28] audit: type=1400 audit(2000000301.288:1025): avc:  denied  { open } for  pid=5079 comm="syz.4.1945" path="/dev/binderfs/binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  105.996746][   T28] audit: type=1400 audit(2000000301.288:1026): avc:  denied  { ioctl } for  pid=5079 comm="syz.4.1945" path="/dev/binderfs/binder0" dev="binder" ino=13 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  106.346802][ T5116] loop4: detected capacity change from 0 to 256
[  106.408240][   T28] audit: type=1326 audit(2000000301.758:1027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5046 comm="syz.5.1929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fafe9f8e969 code=0x7fc00000
[  106.449630][   T28] audit: type=1400 audit(2000000301.798:1028): avc:  denied  { read } for  pid=5125 comm="syz.0.1962" name="usbmon0" dev="devtmpfs" ino=159 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  106.495763][   T28] audit: type=1400 audit(2000000301.798:1029): avc:  denied  { open } for  pid=5125 comm="syz.0.1962" path="/dev/usbmon0" dev="devtmpfs" ino=159 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  106.538325][   T28] audit: type=1400 audit(2000000301.888:1030): avc:  denied  { shutdown } for  pid=5131 comm="syz.5.1969" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  106.971134][ T5169] loop5: detected capacity change from 0 to 4096
[  106.979202][ T5169] EXT4-fs (loop5): Test dummy encryption mode enabled
[  106.992285][ T5169] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a042c018, mo2=0003]
[  107.000960][ T5169] System zones: 0-5
[  107.006297][ T5169] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  107.041552][   T28] audit: type=1400 audit(2000000302.388:1031): avc:  denied  { setattr } for  pid=5168 comm="syz.5.1984" name=".pending_reads" dev="loop5" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  107.074442][ T4366] EXT4-fs (loop5): unmounting filesystem.
[  107.101041][ T5182] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1991'.
[  107.130514][   T28] audit: type=1400 audit(2000000302.448:1032): avc:  denied  { lock } for  pid=5180 comm="syz.4.1990" path="socket:[34897]" dev="sockfs" ino=34897 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[  107.143631][ T5182] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1991'.
[  107.240447][   T28] audit: type=1400 audit(2000000302.588:1033): avc:  denied  { append } for  pid=5204 comm="syz.0.1999" name="kvm" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  107.306196][ T5212] x_tables: duplicate underflow at hook 4
[  107.323324][ T5215] loop3: detected capacity change from 0 to 256
[  107.358575][ T5221] loop4: detected capacity change from 0 to 256
[  107.391765][ T5223] netlink: 277 bytes leftover after parsing attributes in process `syz.1.2009'.
[  107.500334][ T5235] loop5: detected capacity change from 0 to 8192
[  107.508895][ T5235] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  107.631198][ T5257] loop5: detected capacity change from 0 to 8192
[  107.655312][ T4366] FAT-fs (loop5): error, corrupted directory (invalid entries)
[  107.663059][ T4366] FAT-fs (loop5): Filesystem has been set read-only
[  107.669839][ T4366] FAT-fs (loop5): error, corrupted directory (invalid entries)
[  107.739002][ T5270] sch_tbf: burst 0 is lower than device gretap0 mtu (1476) !
[  108.006905][ T5278] loop4: detected capacity change from 0 to 40427
[  108.015029][ T5278] F2FS-fs (loop4): invalid crc value
[  108.034422][ T5278] F2FS-fs (loop4): Found nat_bits in checkpoint
[  108.051614][ T5283] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.058760][ T5283] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.066728][ T5283] device bridge_slave_0 entered promiscuous mode
[  108.070152][ T5278] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  108.084225][ T5283] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.091581][ T5283] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.099574][ T5283] device bridge_slave_1 entered promiscuous mode
[  108.106557][  T279] bio_check_eod: 1 callbacks suppressed
[  108.106575][  T279] syz-executor: attempt to access beyond end of device
[  108.106575][  T279] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  108.192536][ T5283] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.199921][ T5283] bridge0: port 2(bridge_slave_1) entered forwarding state
[  108.207331][ T5283] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.214391][ T5283] bridge0: port 1(bridge_slave_0) entered forwarding state
[  108.248174][ T3302] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  108.271366][ T3302] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.279057][ T3302] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.290123][ T3302] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  108.298439][ T3302] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.305527][ T3302] bridge0: port 1(bridge_slave_0) entered forwarding state
[  108.314880][ T3302] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  108.323244][ T3302] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.330392][ T3302] bridge0: port 2(bridge_slave_1) entered forwarding state
[  108.338489][  T447] device bridge_slave_1 left promiscuous mode
[  108.345017][  T447] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.352901][  T447] device bridge_slave_0 left promiscuous mode
[  108.359167][  T447] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.367755][  T447] device veth1_macvtap left promiscuous mode
[  108.373983][  T447] device veth0_vlan left promiscuous mode
[  108.461937][ T5296] loop0: detected capacity change from 0 to 256
[  108.482157][ T4808] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  108.522839][ T4808] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  108.539452][ T4808] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  108.554552][ T5283] device veth0_vlan entered promiscuous mode
[  108.568396][ T3302] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  108.580539][ T3302] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  108.607013][ T3302] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  108.638874][ T3302] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  108.650771][ T5283] device veth1_macvtap entered promiscuous mode
[  108.687091][ T3302] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  108.698131][ T3302] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  108.899121][ T5336] netlink: 'syz.3.2059': attribute type 4 has an invalid length.
[  108.908339][ T5336] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2059'.
[  108.957843][ T5347] loop4: detected capacity change from 0 to 512
[  108.988375][ T5347] EXT4-fs (loop4): 1 orphan inode deleted
[  109.001813][ T3302] EXT4-fs error (device loop4): ext4_release_dquot:6812: comm kworker/u4:25: Failed to release dquot type 1
[  109.013471][  T297] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  109.026760][ T5347] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  109.036174][ T5347] ext4 filesystem being mounted at /310/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  109.072597][ T3302] EXT4-fs error (device loop4): ext4_release_dquot:6812: comm kworker/u4:25: Failed to release dquot type 1
[  109.090674][  T279] EXT4-fs (loop4): unmounting filesystem.
[  109.136678][ T5371] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2071'.
[  109.201500][  T297] usb 7-1: Using ep0 maxpacket: 8
[  109.207821][  T297] usb 7-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping
[  109.233521][  T297] usb 7-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[  109.248649][  T297] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  109.259041][  T297] usb 7-1: Product: syz
[  109.263620][  T297] usb 7-1: Manufacturer: syz
[  109.268250][  T297] usb 7-1: SerialNumber: syz
[  109.275340][  T297] usb 7-1: config 0 descriptor??
[  109.493268][  T288] usb 7-1: USB disconnect, device number 2
[  109.500383][ T5418] syz.0.2094[5418] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  109.500505][ T5418] syz.0.2094[5418] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  109.580419][ T5427] loop0: detected capacity change from 0 to 1024
[  109.623401][ T5427] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  109.643055][  T275] EXT4-fs (loop0): unmounting filesystem.
[  110.032453][ T5443] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2103'.
[  110.101125][ T5453] loop6: detected capacity change from 0 to 1024
[  110.113368][ T5453] EXT4-fs (loop6): revision level too high, forcing read-only mode
[  110.122091][ T5453] EXT4-fs (loop6): orphan cleanup on readonly fs
[  110.141527][ T5453] EXT4-fs error (device loop6): ext4_ext_check_inode:520: inode #3: comm syz.6.2108: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 2(4), depth 0(0)
[  110.161234][ T5460] loop4: detected capacity change from 0 to 128
[  110.163730][ T5453] EXT4-fs error (device loop6): ext4_quota_enable:6983: comm syz.6.2108: Bad quota inode: 3, type: 0
[  110.179531][ T5453] EXT4-fs warning (device loop6): ext4_enable_quotas:7024: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix.
[  110.195310][ T5460] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  110.204828][ T5460] ext4 filesystem being mounted at /317/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  110.211525][ T5453] EXT4-fs (loop6): Cannot turn on quotas: error -117
[  110.222403][ T5453] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  110.257423][  T279] EXT4-fs (loop4): unmounting filesystem.
[  110.275595][ T5453] syz.6.2108[5453] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  110.275678][ T5453] syz.6.2108[5453] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  110.290286][ T5453] EXT4-fs (loop6): revision level too high, forcing read-only mode
[  110.337569][ T5283] EXT4-fs (loop6): unmounting filesystem.
[  110.429282][ T5488] loop6: detected capacity change from 0 to 256
[  110.454620][ T5488] FAT-fs (loop6): bogus number of FAT sectors
[  110.460821][ T5488] FAT-fs (loop6): Can't find a valid FAT filesystem
[  110.520243][ T5494] tmpfs: Unknown parameter 'nolazytimeun'
[  110.637630][ T5510] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2133'.
[  110.821738][ T5523] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2139'.
[  110.883658][ T5529] loop0: detected capacity change from 0 to 1024
[  110.899545][ T5529] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869)
[  110.911318][ T5529] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a800e12d, mo2=0002]
[  110.920522][ T5529] System zones: 0-1, 2-3, 4-36, 98-101, 102-102
[  110.928284][ T5529] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  110.960092][  T275] EXT4-fs (loop0): unmounting filesystem.
[  111.013806][ T5537] loop0: detected capacity change from 0 to 1024
[  111.054600][ T5537] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[  111.080696][ T5537] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  111.111729][ T5537] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (59422!=20869)
[  111.143349][ T5537] journal_init_common: Cannot get buffer for journal superblock
[  111.151060][ T5537] EXT4-fs (loop0): Could not load journal inode
[  111.457142][ T5566] fuse: Bad value for 'fd'
[  111.512276][   T28] kauditd_printk_skb: 17 callbacks suppressed
[  111.512292][   T28] audit: type=1401 audit(2000000306.868:1049): op=setxattr invalid_context=""
[  111.770790][ T5605] loop6: detected capacity change from 0 to 512
[  111.778774][ T5605] EXT4-fs: Ignoring removed mblk_io_submit option
[  111.796371][ T5605] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  111.856254][ T5283] EXT4-fs (loop6): unmounting filesystem.
[  112.230953][ T5631] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2187'.
[  112.264118][ T5633] loop4: detected capacity change from 0 to 1024
[  112.274676][ T5633] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869)
[  112.301969][ T5633] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a800e12d, mo2=0002]
[  112.319374][ T5633] System zones: 0-1, 2-3, 4-36, 98-101, 102-102
[  112.329860][ T5636] device batadv_slave_1 entered promiscuous mode
[  112.338857][ T5633] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  112.374892][  T279] EXT4-fs (loop4): unmounting filesystem.
[  112.418695][ T5635] device batadv_slave_1 left promiscuous mode
[  112.456873][ T5650] loop3: detected capacity change from 0 to 2048
[  112.473726][ T5650] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  112.483182][ T5650] ext4 filesystem being mounted at /456/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  112.501007][   T28] audit: type=1400 audit(2000000307.848:1050): avc:  denied  { append } for  pid=5649 comm="syz.3.2195" name="file0" dev="loop3" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  112.522209][ T5650] fs-verity: sha512 using implementation "sha512-avx2"
[  112.539395][  T277] EXT4-fs (loop3): unmounting filesystem.
[  112.668076][   T28] audit: type=1400 audit(2000000308.018:1051): avc:  denied  { name_bind } for  pid=5677 comm="syz.1.2206" src=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1
[  112.690319][ T5678] syz.1.2206 (5678) used greatest stack depth: 20928 bytes left
[  113.109574][ T5703] loop6: detected capacity change from 0 to 40427
[  113.161587][ T5703] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12
[  113.169542][ T5703] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  113.181397][   T28] audit: type=1400 audit(2000000308.508:1052): avc:  denied  { mount } for  pid=5712 comm="syz.4.2222" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  113.242420][ T5703] F2FS-fs (loop6): Found nat_bits in checkpoint
[  113.296513][ T5703] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  113.303675][ T5703] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  113.366494][   T28] audit: type=1400 audit(2000000308.508:1053): avc:  denied  { mounton } for  pid=5712 comm="syz.4.2222" path="/341/file0" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=dir permissive=1
[  113.435358][   T28] audit: type=1326 audit(2000000308.518:1054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5707 comm="syz.3.2221" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f568a58e969 code=0x0
[  113.591638][   T28] audit: type=1400 audit(2000000308.568:1055): avc:  denied  { unmount } for  pid=279 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  113.981879][ T5761] device veth0 entered promiscuous mode
[  113.992317][ T5760] device veth0 left promiscuous mode
[  114.238528][ T5777] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2242'.
[  114.262262][ T5777] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2242'.
[  114.483706][ T5794] SELinux:  Context system_u:object_r:man_t:s0 is not valid (left unmapped).
[  114.493351][   T28] audit: type=1400 audit(2000000309.848:1056): avc:  denied  { relabelto } for  pid=5793 comm="syz.3.2250" name="472" dev="tmpfs" ino=2491 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:man_t:s0"
[  114.541507][   T28] audit: type=1400 audit(2000000309.848:1057): avc:  denied  { associate } for  pid=5793 comm="syz.3.2250" name="472" dev="tmpfs" ino=2491 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:man_t:s0"
[  114.572825][ T5748] loop6: detected capacity change from 0 to 131072
[  114.581284][ T5748] F2FS-fs (loop6): Test dummy encryption mode enabled
[  114.592959][   T28] audit: type=1400 audit(2000000309.938:1058): avc:  denied  { write } for  pid=277 comm="syz-executor" name="472" dev="tmpfs" ino=2491 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:man_t:s0"
[  114.619396][ T5748] F2FS-fs (loop6): invalid crc value
[  114.626929][ T5798] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2251'.
[  114.636523][ T5798] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2251'.
[  114.651333][ T5748] F2FS-fs (loop6): Found nat_bits in checkpoint
[  114.719844][ T5748] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  114.745423][ T5748] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni"
[  114.878547][ T5822] loop3: detected capacity change from 0 to 8192
[  114.907912][ T5822]  loop3: p2 p3 p4
[  114.916695][ T5822] loop3: p3 size 100663552 extends beyond EOD, truncated
[  114.936039][ T5822] loop3: p4 size 81920 extends beyond EOD, truncated
[  115.072762][ T5836] loop0: detected capacity change from 0 to 16
[  115.110541][ T5836] erofs: (device loop0): mounted with root inode @ nid 36.
[  115.123954][ T5836] erofs: (device loop0): z_erofs_do_map_blocks: invalid logical cluster 0 at nid 36
[  115.134161][ T5836] syz.0.2268: attempt to access beyond end of device
[  115.134161][ T5836] loop0: rw=0, sector=296, nr_sectors = 8 limit=16
[  115.149383][ T5836] erofs: (device loop0): z_erofs_read_folio: failed to read, err [-117]
[  115.158332][ T5836] erofs: (device loop0): erofs_readdir: fail to readdir of logical block 0 of nid 36
[  115.170633][ T5836] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  115.180613][ T5836] erofs: (device loop0): z_erofs_read_folio: failed to read, err [-117]
[  115.227733][ T5844] hub 2-0:1.0: USB hub found
[  115.234053][ T5844] hub 2-0:1.0: 1 port detected
[  115.386901][ T5863] SELinux:  unknown common Ee
[  115.395495][ T5863] SELinux: failed to load policy
[  115.789011][ T5905] loop3: detected capacity change from 0 to 2048
[  115.813164][ T5905] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  115.841864][  T277] EXT4-fs (loop3): unmounting filesystem.
[  116.266654][ T3317] Bluetooth: hci0: Frame reassembly failed (-84)
[  116.314999][ T5937] loop0: detected capacity change from 0 to 2048
[  116.373179][  T299] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  116.447980][ T5944] loop0: detected capacity change from 0 to 512
[  116.466632][ T5944] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[  116.486898][ T5944] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem
[  116.521597][ T5944] EXT4-fs (loop0): warning: checktime reached, running e2fsck is recommended
[  116.527812][ T5954] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2319'.
[  116.536234][ T5944] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002]
[  116.548468][ T5944] System zones: 0-2, 18-18, 34-34
[  116.554788][ T5944] EXT4-fs warning (device loop0): ext4_update_dynamic_rev:1087: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  116.571187][ T5944] EXT4-fs (loop0): 1 truncate cleaned up
[  116.582593][ T5944] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  116.642816][  T275] EXT4-fs (loop0): unmounting filesystem.
[  116.722853][   T28] kauditd_printk_skb: 23 callbacks suppressed
[  116.722869][   T28] audit: type=1326 audit(2000000312.078:1082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5968 comm="syz.1.2327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec8378e969 code=0x7ffc0000
[  116.757249][   T28] audit: type=1326 audit(2000000312.118:1083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5968 comm="syz.1.2327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fec8378e969 code=0x7ffc0000
[  116.782821][   T28] audit: type=1326 audit(2000000312.118:1084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5968 comm="syz.1.2327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec8378e969 code=0x7ffc0000
[  116.808141][   T28] audit: type=1326 audit(2000000312.118:1085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5968 comm="syz.1.2327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=188 compat=0 ip=0x7fec8378e969 code=0x7ffc0000
[  116.834627][   T28] audit: type=1326 audit(2000000312.118:1086): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5968 comm="syz.1.2327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec8378e969 code=0x7ffc0000
[  116.859590][   T28] audit: type=1326 audit(2000000312.118:1087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5968 comm="syz.1.2327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=189 compat=0 ip=0x7fec8378e969 code=0x7ffc0000
[  116.886237][   T28] audit: type=1326 audit(2000000312.118:1088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5968 comm="syz.1.2327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec8378e969 code=0x7ffc0000
[  116.910807][   T28] audit: type=1326 audit(2000000312.118:1089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5968 comm="syz.1.2327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=192 compat=0 ip=0x7fec8378e969 code=0x7ffc0000
[  116.945297][   T28] audit: type=1326 audit(2000000312.118:1090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5968 comm="syz.1.2327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec8378e969 code=0x7ffc0000
[  117.312739][ T6011] loop0: detected capacity change from 0 to 128
[  117.333751][ T6011] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  117.342666][ T6011] ext4 filesystem being mounted at /419/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  117.369225][ T6011] fscrypt (loop0, inode 12): Mutually exclusive encryption flags (0x1f)
[  117.385419][  T275] EXT4-fs (loop0): unmounting filesystem.
[  117.441237][   T28] audit: type=1400 audit(2000000312.788:1091): avc:  denied  { read } for  pid=6028 comm="syz.0.2354" path="socket:[37349]" dev="sockfs" ino=37349 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  117.631541][   T24] usb 4-1: new full-speed USB device number 11 using dummy_hcd
[  117.822368][   T24] usb 4-1: not running at top speed; connect to a high speed hub
[  117.830814][   T24] usb 4-1: config 95 has an invalid interface number: 1 but max is 0
[  117.839069][   T24] usb 4-1: config 95 has no interface number 0
[  117.845413][   T24] usb 4-1: config 95 interface 1 has no altsetting 0
[  117.853721][   T24] usb 4-1: New USB device found, idVendor=0763, idProduct=2031, bcdDevice=ad.3f
[  117.863101][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  117.871191][   T24] usb 4-1: Product: syz
[  117.875442][   T24] usb 4-1: Manufacturer: syz
[  117.880051][   T24] usb 4-1: SerialNumber: syz
[  118.102133][   T24] usb 4-1: USB disconnect, device number 11
[  118.271553][ T5934] Bluetooth: hci0: command 0x1003 tx timeout
[  118.271556][   T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  118.284144][ T5931] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[  118.312480][  T299] udevd[299]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:95.1/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  118.330047][ T6039] overlayfs: The uuid=off requires a single fs for lower and upper, falling back to uuid=on.
[  118.454899][ T6053] loop4: detected capacity change from 0 to 2048
[  118.481840][ T6053] ext2: Unknown parameter 'permit_directio'
[  118.841699][ T6078] loop4: detected capacity change from 0 to 512
[  118.870647][ T6078] EXT4-fs warning (device loop4): ext4_multi_mount_protect:298: Invalid MMP block in superblock
[  119.045117][ T6095] incfs: Options parsing error. -22
[  119.050496][ T6095] incfs: mount failed -22
[  119.068210][ T6099] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2386'.
[  119.491651][ T6115] loop6: detected capacity change from 0 to 2048
[  119.641019][ T6117] loop6: detected capacity change from 0 to 2048
[  119.702638][ T6117]  loop6: p1 < > p4
[  119.707878][ T6117] loop6: p4 size 8388608 extends beyond EOD, truncated
[  119.766243][ T6126] input: syz1 as /devices/virtual/input/input17
[  120.226511][ T6166] SELinux: failed to load policy
[  120.271342][ T6179] loop3: detected capacity change from 0 to 128
[  120.351517][    C1] ==================================================================
[  120.359627][    C1] BUG: KASAN: use-after-free in __run_timers+0x32b/0x9a0
[  120.366861][    C1] Write of size 8 at addr ffff88811d518a00 by task syz-executor/277
[  120.375408][    C1] 
[  120.377732][    C1] CPU: 1 PID: 277 Comm: syz-executor Not tainted 6.1.134-syzkaller-00034-g7b89b57429c2 #0
[  120.387801][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  120.398218][    C1] Call Trace:
[  120.401594][    C1]  <IRQ>
[  120.404450][    C1]  __dump_stack+0x21/0x24
[  120.409054][    C1]  dump_stack_lvl+0xee/0x150
[  120.413676][    C1]  ? __cfi_dump_stack_lvl+0x8/0x8
[  120.418880][    C1]  ? update_rq_clock+0x536/0x5c0
[  120.423969][    C1]  ? __run_timers+0x32b/0x9a0
[  120.428849][    C1]  print_address_description+0x71/0x210
[  120.434674][    C1]  print_report+0x4a/0x60
[  120.439086][    C1]  kasan_report+0x122/0x150
[  120.443609][    C1]  ? __run_timers+0x32b/0x9a0
[  120.448413][    C1]  __asan_report_store8_noabort+0x17/0x20
[  120.454152][    C1]  __run_timers+0x32b/0x9a0
[  120.458679][    C1]  ? sched_clock+0x9/0x10
[  120.463020][    C1]  ? sched_clock_cpu+0x6e/0x250
[  120.468038][    C1]  ? calc_index+0x200/0x200
[  120.472542][    C1]  ? kvm_sched_clock_read+0x18/0x40
[  120.477776][    C1]  run_timer_softirq+0x6a/0xf0
[  120.482665][    C1]  handle_softirqs+0x1d7/0x600
[  120.487437][    C1]  __irq_exit_rcu+0x52/0xf0
[  120.491959][    C1]  irq_exit_rcu+0x9/0x10
[  120.496397][    C1]  sysvec_apic_timer_interrupt+0xa9/0xc0
[  120.502061][    C1]  </IRQ>
[  120.505072][    C1]  <TASK>
[  120.508090][    C1]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[  120.514203][    C1] RIP: 0010:memset_erms+0x0/0x10
[  120.519160][    C1] Code: 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 f3 48 ab 89 d1 f3 aa 4c 89 c8 c3 90 <49> 89 f9 40 88 f0 48 89 d1 f3 aa 4c 89 c8 c3 90 49 89 fa 40 0f b6
[  120.538898][    C1] RSP: 0018:ffffc9000da3f810 EFLAGS: 00000202
[  120.545234][    C1] RAX: ffffffff84dcfd01 RBX: 0000000000000048 RCX: ffffffff84dcfdec
[  120.553647][    C1] RDX: 0000000000000048 RSI: 0000000000000000 RDI: ffffc9000da3f888
[  120.561811][    C1] RBP: ffffc9000da3f830 R08: dffffc0000000000 R09: fffff52001b47f1a
[  120.569859][    C1] R10: fffff52001b47f1a R11: 1ffff92001b47f11 R12: ffff88813a90ba50
[  120.577919][    C1] R13: dffffc0000000000 R14: 0000000000000000 R15: ffffc9000da3f888
[  120.585980][    C1]  ? mas_empty_area_rev+0x1751/0x17a0
[  120.591447][    C1]  ? mas_store+0x8c/0x330
[  120.595872][    C1]  ? memset+0x35/0x40
[  120.600293][    C1]  mas_store+0x8c/0x330
[  120.604539][    C1]  ? clear_nonspinnable+0x60/0x60
[  120.609770][    C1]  ? slab_post_alloc_hook+0x6d/0x2d0
[  120.615500][    C1]  ? __cfi_mas_store+0x10/0x10
[  120.620346][    C1]  ? up_write+0x7b/0x290
[  120.624718][    C1]  ? anon_vma_fork+0xa3/0x510
[  120.629593][    C1]  ? anon_vma_name+0x4c/0x70
[  120.634351][    C1]  copy_mm+0xeeb/0x19b0
[  120.638696][    C1]  ? copy_signal+0x630/0x630
[  120.643282][    C1]  ? _raw_spin_lock+0x8e/0xe0
[  120.648062][    C1]  ? __cfi__raw_spin_lock+0x10/0x10
[  120.653271][    C1]  ? __init_rwsem+0x12c/0x240
[  120.658035][    C1]  ? copy_signal+0x4ea/0x630
[  120.662736][    C1]  copy_process+0x12a8/0x3470
[  120.667419][    C1]  ? idle_dummy+0x10/0x10
[  120.671805][    C1]  ? __count_memcg_events+0x8f/0xe0
[  120.676999][    C1]  kernel_clone+0x23a/0x810
[  120.681495][    C1]  ? __cfi_kernel_clone+0x10/0x10
[  120.686779][    C1]  __x64_sys_clone+0x168/0x1b0
[  120.691534][    C1]  ? __cfi___x64_sys_clone+0x10/0x10
[  120.696901][    C1]  ? fpregs_assert_state_consistent+0xb1/0xe0
[  120.702960][    C1]  x64_sys_call+0x990/0x9a0
[  120.707568][    C1]  do_syscall_64+0x4c/0xa0
[  120.711985][    C1]  ? clear_bhb_loop+0x15/0x70
[  120.716678][    C1]  ? clear_bhb_loop+0x15/0x70
[  120.721380][    C1]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  120.727384][    C1] RIP: 0033:0x7f568a5851d3
[  120.731903][    C1] Code: 1f 84 00 00 00 00 00 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00
[  120.751694][    C1] RSP: 002b:00007ffd7f52ac08 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  120.760644][    C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f568a5851d3
[  120.768733][    C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[  120.777088][    C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001
[  120.785418][    C1] R10: 0000555580ce97d0 R11: 0000000000000246 R12: 0000000000000001
[  120.793429][    C1] R13: 00000000000927c0 R14: 000000000001d5da R15: 00007ffd7f52ada0
[  120.801498][    C1]  </TASK>
[  120.804604][    C1] 
[  120.806938][    C1] Allocated by task 5931:
[  120.811368][    C1]  kasan_set_track+0x4b/0x70
[  120.815950][    C1]  kasan_save_alloc_info+0x25/0x30
[  120.821230][    C1]  __kasan_kmalloc+0x95/0xb0
[  120.825996][    C1]  __kmalloc+0xb1/0x1e0
[  120.830172][    C1]  hci_alloc_dev_priv+0x27/0x1bd0
[  120.835287][    C1]  hci_uart_tty_ioctl+0x3c8/0xa00
[  120.840455][    C1]  tty_ioctl+0x8ef/0xc60
[  120.844711][    C1]  __se_sys_ioctl+0x12f/0x1b0
[  120.849493][    C1]  __x64_sys_ioctl+0x7b/0x90
[  120.854188][    C1]  x64_sys_call+0x58b/0x9a0
[  120.858712][    C1]  do_syscall_64+0x4c/0xa0
[  120.863225][    C1]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  120.869226][    C1] 
[  120.871710][    C1] Freed by task 5931:
[  120.875671][    C1]  kasan_set_track+0x4b/0x70
[  120.880259][    C1]  kasan_save_free_info+0x31/0x50
[  120.885279][    C1]  ____kasan_slab_free+0x132/0x180
[  120.890473][    C1]  __kasan_slab_free+0x11/0x20
[  120.895432][    C1]  slab_free_freelist_hook+0xc2/0x190
[  120.901071][    C1]  __kmem_cache_free+0xb7/0x1b0
[  120.905921][    C1]  kfree+0x6f/0xf0
[  120.909645][    C1]  hci_release_dev+0x13ad/0x1500
[  120.914827][    C1]  bt_host_release+0x82/0x90
[  120.919487][    C1]  device_release+0xa4/0x1d0
[  120.924072][    C1]  kobject_put+0x19d/0x280
[  120.928501][    C1]  put_device+0x1f/0x30
[  120.932648][    C1]  hci_dev_cmd+0x265/0x720
[  120.937058][    C1]  hci_sock_ioctl+0x41e/0x7f0
[  120.941727][    C1]  sock_do_ioctl+0x101/0x310
[  120.946303][    C1]  sock_ioctl+0x4d8/0x6e0
[  120.950632][    C1]  __se_sys_ioctl+0x12f/0x1b0
[  120.955314][    C1]  __x64_sys_ioctl+0x7b/0x90
[  120.959916][    C1]  x64_sys_call+0x58b/0x9a0
[  120.964602][    C1]  do_syscall_64+0x4c/0xa0
[  120.969039][    C1]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  120.975053][    C1] 
[  120.977367][    C1] Last potentially related work creation:
[  120.983072][    C1]  kasan_save_stack+0x3a/0x60
[  120.987758][    C1]  __kasan_record_aux_stack+0xb6/0xc0
[  120.993145][    C1]  kasan_record_aux_stack_noalloc+0xb/0x10
[  120.999138][    C1]  insert_work+0x51/0x300
[  121.003742][    C1]  __queue_work+0x9b1/0xd30
[  121.008290][    C1]  queue_work_on+0xd2/0x140
[  121.012798][    C1]  __hci_cmd_sync_sk+0xa3e/0xcf0
[  121.017856][    C1]  hci_cmd_sync_status+0x53/0x120
[  121.022890][    C1]  hci_dev_cmd+0x628/0x720
[  121.027397][    C1]  hci_sock_ioctl+0x41e/0x7f0
[  121.032128][    C1]  sock_do_ioctl+0x101/0x310
[  121.036929][    C1]  sock_ioctl+0x4d8/0x6e0
[  121.041268][    C1]  __se_sys_ioctl+0x12f/0x1b0
[  121.046383][    C1]  __x64_sys_ioctl+0x7b/0x90
[  121.050995][    C1]  x64_sys_call+0x58b/0x9a0
[  121.055616][    C1]  do_syscall_64+0x4c/0xa0
[  121.060380][    C1]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  121.066299][    C1] 
[  121.068621][    C1] Second to last potentially related work creation:
[  121.075444][    C1]  kasan_save_stack+0x3a/0x60
[  121.080217][    C1]  __kasan_record_aux_stack+0xb6/0xc0
[  121.085605][    C1]  kasan_record_aux_stack_noalloc+0xb/0x10
[  121.091593][    C1]  insert_work+0x51/0x300
[  121.095925][    C1]  __queue_work+0x9b1/0xd30
[  121.100604][    C1]  queue_work_on+0xd2/0x140
[  121.105192][    C1]  hci_cmd_timeout+0x191/0x200
[  121.109952][    C1]  process_one_work+0x71f/0xc40
[  121.114790][    C1]  worker_thread+0xa29/0x11f0
[  121.119565][    C1]  kthread+0x281/0x320
[  121.123637][    C1]  ret_from_fork+0x1f/0x30
[  121.128228][    C1] 
[  121.130542][    C1] The buggy address belongs to the object at ffff88811d518000
[  121.130542][    C1]  which belongs to the cache kmalloc-8k of size 8192
[  121.144713][    C1] The buggy address is located 2560 bytes inside of
[  121.144713][    C1]  8192-byte region [ffff88811d518000, ffff88811d51a000)
[  121.158339][    C1] 
[  121.160679][    C1] The buggy address belongs to the physical page:
[  121.167193][    C1] page:ffffea0004754600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11d518
[  121.177652][    C1] head:ffffea0004754600 order:3 compound_mapcount:0 compound_pincount:0
[  121.186056][    C1] flags: 0x4000000000010200(slab|head|zone=1)
[  121.192168][    C1] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100043500
[  121.200909][    C1] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000
[  121.209831][    C1] page dumped because: kasan: bad access detected
[  121.216334][    C1] page_owner tracks the page as allocated
[  121.222077][    C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5920, tgid 5919 (syz.6.2306), ts 116141906099, free_ts 116115692484
[  121.245290][    C1]  post_alloc_hook+0x1f5/0x210
[  121.250316][    C1]  prep_new_page+0x1c/0x110
[  121.254818][    C1]  get_page_from_freelist+0x2c6e/0x2ce0
[  121.260359][    C1]  __alloc_pages+0x19e/0x3a0
[  121.265061][    C1]  alloc_slab_page+0x6e/0xf0
[  121.269676][    C1]  new_slab+0x98/0x3d0
[  121.273737][    C1]  ___slab_alloc+0x6f6/0xb50
[  121.278421][    C1]  __slab_alloc+0x5e/0xa0
[  121.282754][    C1]  __kmem_cache_alloc_node+0x203/0x2c0
[  121.288219][    C1]  __kmalloc_node+0xa1/0x1e0
[  121.292812][    C1]  get_callchain_buffers+0x175/0x350
[  121.298273][    C1]  check_helper_call+0x57eb/0x61c0
[  121.303449][    C1]  do_check+0x627d/0xf060
[  121.307785][    C1]  do_check_common+0x11ae/0x1950
[  121.312742][    C1]  bpf_check+0x3de0/0x10d50
[  121.317983][    C1]  bpf_prog_load+0x1071/0x15a0
[  121.322799][    C1] page last free stack trace:
[  121.328063][    C1]  free_unref_page_prepare+0x742/0x750
[  121.333718][    C1]  free_unref_page+0x8f/0x530
[  121.338414][    C1]  __free_pages+0x67/0x100
[  121.342841][    C1]  __free_slab+0xca/0x1a0
[  121.347363][    C1]  __unfreeze_partials+0x160/0x190
[  121.352523][    C1]  put_cpu_partial+0xa9/0x100
[  121.357500][    C1]  __slab_free+0x1c4/0x280
[  121.362187][    C1]  ___cache_free+0xbf/0xd0
[  121.366749][    C1]  qlist_free_all+0xc6/0x140
[  121.371882][    C1]  kasan_quarantine_reduce+0x14a/0x170
[  121.377619][    C1]  __kasan_slab_alloc+0x24/0x80
[  121.382469][    C1]  slab_post_alloc_hook+0x4f/0x2d0
[  121.387669][    C1]  kmem_cache_alloc+0x16e/0x330
[  121.392645][    C1]  getname_flags+0xb9/0x500
[  121.397268][    C1]  __se_sys_newfstatat+0xdf/0x380
[  121.402481][    C1]  __x64_sys_newfstatat+0x9b/0xb0
[  121.407601][    C1] 
[  121.409932][    C1] Memory state around the buggy address:
[  121.415556][    C1]  ffff88811d518900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  121.423724][    C1]  ffff88811d518980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  121.431779][    C1] >ffff88811d518a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  121.439850][    C1]                    ^
[  121.443987][    C1]  ffff88811d518a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  121.452080][    C1]  ffff88811d518b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  121.460326][    C1] ==================================================================
[  121.468471][    C1] Disabling lock debugging due to kernel taint
[  121.475158][    C1] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
[  121.486994][    C1] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[  121.495605][    C1] CPU: 1 PID: 277 Comm: syz-executor Tainted: G    B              6.1.134-syzkaller-00034-g7b89b57429c2 #0
[  121.507438][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  121.517986][    C1] RIP: 0010:__queue_work+0x575/0xd30
[  121.523312][    C1] Code: 39 2b 0f 84 b9 00 00 00 e8 58 ce 28 00 4c 89 ff e8 90 7d a8 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 dc 1f 6d 00 49 8b 7d 00 e8 73 79
[  121.542951][    C1] RSP: 0018:ffffc900001b0c70 EFLAGS: 00010046
[  121.549114][    C1] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff88810e2e8000
[  121.557202][    C1] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff
[  121.565379][    C1] RBP: ffffc900001b0d08 R08: fffffffffffffffb R09: 0000000000000007
[  121.573570][    C1] R10: ffffed1023aa3139 R11: 1ffff11023aa3139 R12: dffffc0000000000
[  121.581578][    C1] R13: 0000000000000000 R14: ffff88811d5189c8 R15: 0000000000000008
[  121.589674][    C1] FS:  0000555580ce9500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[  121.598728][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  121.605704][    C1] CR2: 00007f568b2e56c0 CR3: 000000012fc7f000 CR4: 00000000003506a0
[  121.613798][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  121.621978][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  121.630139][    C1] Call Trace:
[  121.633440][    C1]  <IRQ>
[  121.636316][    C1]  delayed_work_timer_fn+0x61/0x80
[  121.641498][    C1]  ? __cfi_delayed_work_timer_fn+0x10/0x10
[  121.647330][    C1]  call_timer_fn+0x46/0x2a0
[  121.651945][    C1]  ? __cfi_delayed_work_timer_fn+0x10/0x10
[  121.657772][    C1]  __run_timers+0x667/0x9a0
[  121.662301][    C1]  ? calc_index+0x200/0x200
[  121.666969][    C1]  ? kvm_sched_clock_read+0x18/0x40
[  121.672288][    C1]  run_timer_softirq+0x6a/0xf0
[  121.677340][    C1]  handle_softirqs+0x1d7/0x600
[  121.682393][    C1]  __irq_exit_rcu+0x52/0xf0
[  121.687175][    C1]  irq_exit_rcu+0x9/0x10
[  121.691435][    C1]  sysvec_apic_timer_interrupt+0xa9/0xc0
[  121.697176][    C1]  </IRQ>
[  121.700121][    C1]  <TASK>
[  121.703233][    C1]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[  121.709350][    C1] RIP: 0010:memset_erms+0x0/0x10
[  121.714415][    C1] Code: 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 f3 48 ab 89 d1 f3 aa 4c 89 c8 c3 90 <49> 89 f9 40 88 f0 48 89 d1 f3 aa 4c 89 c8 c3 90 49 89 fa 40 0f b6
[  121.734231][    C1] RSP: 0018:ffffc9000da3f810 EFLAGS: 00000202
[  121.740326][    C1] RAX: ffffffff84dcfd01 RBX: 0000000000000048 RCX: ffffffff84dcfdec
[  121.748515][    C1] RDX: 0000000000000048 RSI: 0000000000000000 RDI: ffffc9000da3f888
[  121.756616][    C1] RBP: ffffc9000da3f830 R08: dffffc0000000000 R09: fffff52001b47f1a
[  121.764624][    C1] R10: fffff52001b47f1a R11: 1ffff92001b47f11 R12: ffff88813a90ba50
[  121.773317][    C1] R13: dffffc0000000000 R14: 0000000000000000 R15: ffffc9000da3f888
[  121.781315][    C1]  ? mas_empty_area_rev+0x1751/0x17a0
[  121.786723][    C1]  ? mas_store+0x8c/0x330
[  121.788378][ T6166] loop6: detected capacity change from 0 to 9621
[  121.791095][    C1]  ? memset+0x35/0x40
[  121.791129][    C1]  mas_store+0x8c/0x330
[  121.805842][    C1]  ? clear_nonspinnable+0x60/0x60
[  121.810944][    C1]  ? slab_post_alloc_hook+0x6d/0x2d0
[  121.816268][    C1]  ? __cfi_mas_store+0x10/0x10
[  121.821056][    C1]  ? up_write+0x7b/0x290
[  121.825411][    C1]  ? anon_vma_fork+0xa3/0x510
[  121.830105][    C1]  ? anon_vma_name+0x4c/0x70
[  121.834709][    C1]  copy_mm+0xeeb/0x19b0
[  121.838968][    C1]  ? copy_signal+0x630/0x630
[  121.843825][    C1]  ? _raw_spin_lock+0x8e/0xe0
[  121.848521][    C1]  ? __cfi__raw_spin_lock+0x10/0x10
[  121.853777][    C1]  ? __init_rwsem+0x12c/0x240
[  121.858635][    C1]  ? copy_signal+0x4ea/0x630
[  121.863328][    C1]  copy_process+0x12a8/0x3470
[  121.868075][    C1]  ? idle_dummy+0x10/0x10
[  121.872417][    C1]  ? __count_memcg_events+0x8f/0xe0
[  121.877710][    C1]  kernel_clone+0x23a/0x810
[  121.882218][    C1]  ? __cfi_kernel_clone+0x10/0x10
[  121.887710][    C1]  __x64_sys_clone+0x168/0x1b0
[  121.892530][    C1]  ? __cfi___x64_sys_clone+0x10/0x10
[  121.897998][    C1]  ? fpregs_assert_state_consistent+0xb1/0xe0
[  121.904413][    C1]  x64_sys_call+0x990/0x9a0
[  121.908924][    C1]  do_syscall_64+0x4c/0xa0
[  121.913342][    C1]  ? clear_bhb_loop+0x15/0x70
[  121.918121][    C1]  ? clear_bhb_loop+0x15/0x70
[  121.922802][    C1]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  121.928906][    C1] RIP: 0033:0x7f568a5851d3
[  121.933667][    C1] Code: 1f 84 00 00 00 00 00 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00
[  121.953272][    C1] RSP: 002b:00007ffd7f52ac08 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  121.961772][    C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f568a5851d3
[  121.969831][    C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[  121.978076][    C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001
[  121.986217][    C1] R10: 0000555580ce97d0 R11: 0000000000000246 R12: 0000000000000001
[  121.994447][    C1] R13: 00000000000927c0 R14: 000000000001d5da R15: 00007ffd7f52ada0
[  122.002627][    C1]  </TASK>
[  122.005674][    C1] Modules linked in:
[  122.009769][    C1] ---[ end trace 0000000000000000 ]---
[  122.015221][    C1] RIP: 0010:__queue_work+0x575/0xd30
[  122.020816][    C1] Code: 39 2b 0f 84 b9 00 00 00 e8 58 ce 28 00 4c 89 ff e8 90 7d a8 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 dc 1f 6d 00 49 8b 7d 00 e8 73 79
[  122.040790][    C1] RSP: 0018:ffffc900001b0c70 EFLAGS: 00010046
[  122.046900][    C1] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff88810e2e8000
[  122.054885][    C1] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff
[  122.063066][    C1] RBP: ffffc900001b0d08 R08: fffffffffffffffb R09: 0000000000000007
[  122.071134][    C1] R10: ffffed1023aa3139 R11: 1ffff11023aa3139 R12: dffffc0000000000
[  122.079106][    C1] R13: 0000000000000000 R14: ffff88811d5189c8 R15: 0000000000000008
[  122.087086][    C1] FS:  0000555580ce9500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[  122.096168][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  122.102782][    C1] CR2: 00007f568b2e56c0 CR3: 000000012fc7f000 CR4: 00000000003506a0
[  122.110847][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  122.118832][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  122.126981][    C1] Kernel panic - not syncing: Fatal exception in interrupt
[  122.134442][    C1] Kernel Offset: disabled
[  122.138768][    C1] Rebooting in 86400 seconds..