last executing test programs:

8.105420578s ago: executing program 0 (id=1241):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000280)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x101c08a, &(0x7f0000000140)=ANY=[@ANYBLOB="73686f72746e616d653d6d697865642c696f636861727365743d6d6163696e7569742c756e695f786c6174653d302c756e695f786c6174653d312c636865636b3d7374726963742c6e6f6e756d7461696c3d302c757466383d302c6572726f72733d636f6e74696e75652c757466383d312c636865636b3d7374726963742c73686f72746e616d653d6d697865642c757466383d302c73686f72746e616d653d77696e39352c636f6465706167653d3835302c757466383d302c726f6469722c73686f72746e616d653d77696e39352c002e49ca7ed0d74fcf028411a2f5bbe6c30d22519564b40f534f2384be645b15ac045d8cbdbfd98936436cee7a001671f3ae75da93cebbbef7430c70af99e978128ceba02fff2e428662506fba0fa1de7dcf3c11ffd54b2f90162ddd606949b41f86f7433a70dd352c3b1c"], 0x6, 0x2d1, &(0x7f0000000740)="$eJzs3T9rZFUUAPDzkvm3rjBTWIngAy2sls22NhNkA2IqlxRqocHNguQFYQMB/+C4la2NhYWfQBD8IDZ+A8FWsHOVhSvvn/NiJmMmOBE3v1+Tw733vHvey03yUuTkvReODu/n8eDRpz/FaJTFxjSm8TiLSWxE6/M4ZfplAAD/Z49Til9T7dxFz54dyiJitN7SAIA1Of/nf96Je/Pw+ysrDQBYk3tvvf3G9u7u3TfzfBQ7R1+c7JW/2Zcf6/ntB/FBFHEQt2McTyKqF4V+VG8LZbiTUpr18tIkXj6aneyVmUfv/tBcf/uXiCp/K8YxqYZSSr02SDuv797dymud/FlZxzPN/tMy/06M47lm/+Ztpc2/syA/9gbxykud+m/FOH58Pz6MIu6Xe9+sCyjzP9vK89fSV7998k5ZVZmfzU72htW6ubR5pZ8YAAAAAAAAAAAAAAAAAAAAAACearea3jnDyCd/1D0Am/47m0/K+X7krcnp/jx1ftZeqNsfKKU0S/FN25/ndp7nqVk4z+/F871uY0EAAAAAAAAAAAAAAAAAAAC4vo4/+vhwvygOHl46uBHzkbYbQC8ifr8XcdkrTzsjL0YV9M4rddjsuV8UG014ek2vOxKb7ZosYmkZ5U1c/rEcrrL4xpmam+Db71bdffTPa/qL9/o3g/Z0He5ni5/hMNqRUXNIvh5E5yAN4oJ7Dc6bSrHK8RssnBqvfO+Dm1UwW7ImsmWFvfpz/eSakezvdzGonmpRHPTb4K+p/vH8y3rx2bjQeY5RnX72e0WmWwcAAAAAAAAAAAAAAAAAAKzV/K9/F0w+Wpq6kYZrKwsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAArtT8//+vEMya5AssHsTD4//4FgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALgG/gwAAP//QIpUKg==")
bpf$OBJ_GET_MAP(0x7, &(0x7f00000003c0)=@generic={&(0x7f0000000380)='./file1\x00', 0x0, 0x10}, 0x18)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000780)={@remote, @multicast1}, &(0x7f0000000800)=0xc)
open(&(0x7f0000000100)='./file1\x00', 0x109042, 0x88)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000080)=0xf)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000140)={0x1, 0x6}, 0x4)
socket$nl_netfilter(0x10, 0x3, 0xc)

6.794859986s ago: executing program 0 (id=1250):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='kfree\x00', r1}, 0x18)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)

6.152780415s ago: executing program 0 (id=1251):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='kmem_cache_free\x00', r3}, 0x10)
write$cgroup_subtree(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="8fedcb5d07081175f37538e408"], 0xfdef)

5.348237896s ago: executing program 0 (id=1254):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0x7, &(0x7f0000000300)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='kmem_cache_free\x00', r2}, 0x10)
write$cgroup_subtree(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="8fedcb5d07081175f37538e408"], 0xfdef)

5.331989806s ago: executing program 2 (id=1255):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0x7, &(0x7f0000000300)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='kmem_cache_free\x00', r2}, 0x10)
write$cgroup_subtree(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="8fedcb5d07081175f37538e408"], 0xfdef)

4.889139472s ago: executing program 0 (id=1256):
r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
ioctl$BLKROTATIONAL(r0, 0x127e, &(0x7f0000000340))
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
pipe(&(0x7f0000000180))
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r2}, 0x10)
syz_emit_ethernet(0x4a, &(0x7f0000000fc0)={@multicast, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x3c, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @local, {[], {{0xf5, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000080000000100ef0000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0x8, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000e00000850000001b000000b700000000fa000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r4}, 0x18)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmsg$tipc(r5, &(0x7f0000004440)={&(0x7f0000000ec0)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x3, 0x2}}, 0x10, &(0x7f0000000980)=[{&(0x7f0000000f00)="34cbf9c55466da0eadc249236ab3cbf316717306be4c08c8c7da1f1ee04ab4b4eac14995ebdf620ff778a4e3452587e42a3c6aa1bd35dfd99f23b525893bc3b5f9f3bed1986bf8d0dddd7c5cdada611f9bf641e421ed71a842d84fa289a542f941d6e06b2b14e2a706ce30acf7d82f224f3e30cadd9d15f3dddbb29dbeb9f68fb68bedb91e0b1ef48832778fe36699c7ebf101659a8f476c4a065eac71d6d1e7fafc6f25ec2c9a8f431fe347a2d30e912c5b2397613ce784637ec71e37566eb0548b461f71028459c6f137c18737d58b56949d022bf1eaf486692bb76836a233c7879d740ad0beaf5159d3380442824f536a41bb22d08fe53952b9c6fed2605d53311c71b455655f96ea6a87e41e9211e90170b0a2b1a2098175ebcd33d517085d224122264cddadd82a3d11bc4a33ce66108b22b1abc6243d306d8f6b8a2ddb5373c190d8f859a3174a200936b079f85edcac7fc03fb993ec0ff8b83f1fd3f1b888d192d99c7ede5d381784d25410cccf1b0bf26a54f065e1e3ec59cc5704fb658fc980a0ac4287ef884ee82007554be3f1e163c81468d0c26c95e3e12393776e32800bb4f086f19080c4fca3d72e8569a5627ce98f2ae0bdb3ec42c23847d47e10b1c58da7e9cea990da842d96e3a51ed7d892f7b28a10486424a69a9109ebd4d7d5a3768400ac000a6d7556ca192e5cd45efb82001ac7b53e03036b6019a07ffb545cd3853e077f08a015f6232488c1139a9409c95ed005261e36b307406ba5714ef395129345866109341feb6c7c458ce08c147a983b46375ddb3621cee0312ba1a434bcd6081e1a8ae8b6d518988b9965faf9aff86df8173b93342cceaec357a100e59b4d66553633626b0b12e9622b8f8fdfe26545b87c57f8ce8609fb8e19b0f6d1cd64e8de85c7327f543b2f38cf3086b57f85e1aaa4add723e4bc4e3ea2c27acec1e545ae3fc870bd42422f6eaf17a1f82699c9cadf224ea1e5d1705b49118d91cc3731aeed60e41bf15a9613aeda8e63a29bc7a95b2d993d23269a310b91f69d16a71243c0f4080d3359f5ddd63c7032bef14ab25eb7df4b28b2132bcbf94a281c8f5de79885a6d679f145fca292b599bb09a1864726d86b65d4781408320b968e2224c23ce7a56d8892970043737ae47f071aaeb219716bc21e3304e301eb5cd32aea951a70621eb870214a72e6c474c3a20f5bd8e089ba16326cc9a80a1a4f5f0e8f58629e20b1c73eb8af330744b187a5cfdb410466378313700ca44eb6dcbc8f3d70f58e134202546f0b1a3b61a298f2a1184b1533bdad308fa2f960087e0f239d2ccbaee3889ddc1a2bea2183b98854d255a6f708909134fab83f42f13e7604f602e264f4a3b2b2a08c673c7ce2813218159b472d3b20ecbf26dd2f7b3ba5298a4ff7444ea0936e098c126f590b05e7697ed8a3d52ba1abc7285de2f160b9b081cb775a5ab77aad1bb98d47e3da53fc4c11d4db47de1e4e6f56ad671f5d8389b33260cc546e4f0bf34fec9b2abd209e6b89e6e381367774676ed6e6eaffe42b07241c276f3c84f17a0762de83eb769bdf28991ddbc23758f01c9ecfba4ab2ca2118fcedd7adde9ff47f643c13e3ad2f13b576985128f233e329fe269d5745cd2b30e5762452a4ff58fdec30623175f8d575ced1c43411e2869aadbe6f1e79a010bca334cb08d545bc2808f359b7777d1bb5675ee210574b9f72cdeb071e07eeaa0988086213a37a972647cf21d3a3bcbd7359da327bacad41b93c5e0e494669109dddcec781774f248f5663e4fac187d42ffccf68335de2adac4f8d3e1bf04b95a9464960186ed019773ffeda18f9827a61edc5fc4088eb0965cb1bd8af1185aa3972b8f73839b4611e303bcbc1f84a330f60fa0a7795ea3cffe0e338406533e12c7deef0b5906c513eab4619a8f02fdd65dcfb7297ef971c4601ad079f7ad38278ae3ff455b37d5492af546975535450693fd4593c8157b3fdb16fd3a106d2f1509d1c06dabb8933269d790a1c5e5f7bdd4a57e1e670d7043cfed88c365b5f8eefe530ef7da5322df981723332c088fce89c2ceee23b420f64332243b9c606d67d538810a94e0ffbd37a119d8fc4d6caec0def40e62613873c74feabde63e12cb2016c1d35cf1bb95bf59e01a63be8825cb3118b74b106f21eef5ee2f41e5fb39fdde058050f780d98ced247c66fc3a03ba04edaf14d698859ba303d511cf0845dc5e269aef2287770a247fd5ae1299b45819ff41725f9da3e4dab7770eb83992b53ae9a9de69e764f6e3aee3e27cfb1bacf531a91605894ae209da6d25872fb54bf36b2ed450b51aa8ee4875b9bc7e55753f61e12a323d301faceb2ecff0686b1359343a94774a6a098dc2df440725cd8331f527d4e22f8090d8879ef4765849705b99465d7ebdf661b81c303d13b87270dc1f227d5954fcbc93bbce6fde2a1f8d573d9cd8130c173a14706f1e9dabc4d16a5b003dd3239faf91769e25cf007b0623141e4e57f11746cd62f20d73956fa84c6a12e1756b6671a64bd7a474ba425907e1a61ba6d2ffa1149165a713a141bfec0f1af51afebdb84d5f14eb51acc284403627d6ce48fd028dc04e00ed963de37f85d155c33e2b4ceb09044c4f1c7791348216b674a8831a232a638f8bfb396fabbe1f880944bc5dcac55df8abc78f804306c88617acfd4adfbb5a055d3d3e91abb763ad84e701cc5679498e04600570f4b2e57c70542043dc590ab363215e6ab3f0bd89383748783d01c9227229edac723d4e2eaa061a44f2630691f25ca6093775183fdf432e01322203dd654b336670116a6a52a27ff2032b1103a4e4be0cc2fb05b24352d72e374e90cc3db2a5a691c7f6b8d1058d7730433c742d8ce52074318b1bce9bb104cf90c8b7f65293c2b74434661444f38d94d977e03433440517f6155a3cad2621c5502dd6148b867a40e6a40be4c8265ec2164b5257f06da1784e98991f42003ced4ba67c23b8c654b542d2d31168fd853cf56cc2c464d7a8a9fbcd2715968788f8527c597ab5f917753c1f1708d2c19972373c5a22af71847de22b9f1e9d38a04ea4dd291da3099cb836a696350bf1263c3c275c27b8b82f604625451a24490b0b5367c2fd05e699546ddf17709d2e2c2710f4361d9dd6e2de2b4353b7f4f8141f6f989dc1a798a974565978e4f9ec0c59a7dbc04bcab072c8513b9ca782c22cdd31fb116c10081740fd8f7d0cbd5c54f1069297f20b45d79bb9ace8e851a655fedf47b2dc76fd30b9ba9f09c9b50d6910ffcdec7078c36fe1e9b19dbb110197496349560a43c0ab42b4ce286643e73a92246ecb71e95ce0d54114772f8477c7d5604c1a52d2f680c5868cf08a2688dd9fef492a01836112cec824483e77da93d104a9e18d06bddf9a4007740a0537ac1a5e09900acc65d52680212a15b68b0ef887228e06f533c1ca95b8f9d81b9fc6608cb5bacf4b867922999c69d46048ec3f408866789f49fcb176fc99ed9d3e6c357ed2e3ce2665925773e5d86c2ceaf8f18519a00d9d2e19e9a6b16af0a53fd7df6974f5db00494460e7f3de6ff6b642859335e020513bb525adddabf0d7d6ae85e7e56e32ca8acc07fe86b7b445358966ba3914c1dfa7b814d9e846ff02a6a8c8f5713a0f727024b5d1ea7e4ce7c64f9b24dd3337a3df33714c5404403b0304b25a66fe3ac85083965877117b3d721e7922f0ac7e278feeb8dc09f58cbcfbb81b11d4699737f37ac240a24b9c4b2b587e68974f7ca5561856f32e389d32056f7d58e4de24c11bd5c5afaa441120370d0c48341e1b8146a6bbca8c15f23c155d2533e97a8e6496bc00533ec83be8488d020708d97385a03bcbf57cadc2c1e575e1ac134cdb5047f3f88eae0230751626cea1c85da9b74ddace668afebb2dc66d302ddf3c5f8f21ac0c0535d00839457e7cac9282a8e49d018b077e38ea512cf28eacff5d98e880abfb5af2e7c039d2e1f1edaad2642963ef29d715f754e2715caa6af046a298b285e3582d903be726b608619332e1a82be48b0f5adf6838f41ff776e5290de8269794bce8fb971267d036bd6bd30e42df918125d573ced78263251bcae2b7b40f1ba855b4f2472312ea8752c4a0e09468bd25615a6c00a9b44c484c5507b8400537f20890e9499ec94ed2b6aeff21e57c6e8a93d80097f85ac9316b03a5f768721bf7d041bb9a6a03eabd615e3c4d74f56c429d53b8fec4b5e86c5b311a6cd4a86f03e04dab25ad65b68a8b8d9053993fd2440ff2b81768213084c831d31a0f8c646aff9090b5463cbee452abd6318340ec41b50f1deba7ffb60b326751de3f6dbf9b17714299233d5c43071367ece2e53212e7f4e084fea60850d4d16908d9bbbb531fbf72143fdb62d1b40afde3d0b2ac2c94c32e456bbef62f8d677e332aec8ccc8eedbac61e7b89b32d57157a39ad5c456258d9c36db0edc82c2baead990ee78007ed89c8f450e92d5e209cc25f7c13f5909ca404fddbdbeff89cc42350c91e9f1fdf9753c6e95f71257f8cbb97838684461cd1244c938b9939a4e9c7727902b6f1a5434e0a06d3fc221771dd87572ae801c5ce6886122f0c91dae57440ffc7ace4e8e0041a1d245103aaadbfc2ecff622228daed2b0cd30f7f59b2617f6f0571ee4403d84e652d78b8e64d5450b6483ef70582dcda9351f2dddd3a4ac84f514f708d3af6242501bd041beae78e6b29b517b534148ea91ef85653fec824d6ddb0c0fa2555ab2564ba29227b1046b48a11ee0e6aafda9d0b80b0f05a8d057cbeb16264cb579aea3ba2b2000052d03c77844ab7c81be3110a36a27aeffe0ad5a8a7385a1913a64fb2db630e8fc8017828cea60f327c3a510b441d94d32584e55f7c2320d89b2ba3d44d832b8e7c5f45442de9ef37d057e6d0c6664e8d74e23f18336d41a3e38c2cda49050cb32ca7040a388c75741ac07d3befc714df35dc92ff70ad041cf17b70a971c142bb89ecfe25290750e989c8666560a61b62fdc4fadef7f30b6269a669ef99be7e7ba7ddddf99949fedc0c331796988c6eedb5c66cbe2870a2affce0b550c3411a2aaf302481ee93398c0fbc0c815cfe1e78bf8fed7f19f2c2dae17a4533aa85f6b787f8072adda379118d76dbba3cebfc4c8aacbb1f79a28ec3a0ec99816e3c8721ddcde1ce73b0704063474", 0xe50}, {0x0}, {0x0}, {0x0}, {&(0x7f0000000780)="1b6cf3b484bd833f85140cb9e48b75cde2cd4f5e993944845dd7cfd7e524230d3314c7ea9c66b57f7ad1840f01382c3aee059be34acfa05ec04c818dbd6d3b196eba1b2cde4d2fb199ec1e30584d2a6d0d56ea1dbe", 0x55}, {&(0x7f0000001d80)="a3dbe47863a4de517c325da1352acc0bb918aed876b14cf3820fbed7c4d9c4b6ad848598aaba08437f3bd3f4b480330789589cf19f767d5d210baddace6716cd914206d57bab3f740a265cf94337e411b0a52442fc792640d3460739276c1f336d4fb92f162f7e2c91567b40d6319aa5a1f6cdc819aaab0910c09835a346a8506e5487b753673c4e04da9777f3770855859fcd3b55e6d19145f5a79ec19e6414b016a8bb2aa172137eb52bd08d6009ee05bddba4ce6fac8ce61c86ddc990a3430fa57d7027914ab721996255ae60f96d654f79d6fbd810707533f482fc65b95b923f2939eec1b2a50ec136ac1f25c9894679120629ba0c7838f613599268d78aeace03574ef41cccf17b6cf304ad78862ae907c186a4ae22243e9c4589af7369b0e8ba0d58e3fe90021232da69e07aa40b1bffd5b28989e8b4b8d423aa64831d774103ad5d0a04008adff9390993ccf87b32c68bd5e7bf1fecc38512b213e06d4a1ffb11217e01ab2d1186b1b98b4f574a100b6717f483275a20e8443a9acfa59b82926aed0da0f3b036e3efcfaecedb50dedeec704c7708effdf30c20aecd116d868b8b2acf54f88f0588c0f208f0a64495febf2ff938f74bfdd20e49ab24f75374a52a44286f7e8d222a4280020b2ba23199353751e7449d37cd1c37ff83a8a452c18c5e11e568f89ff2ae576f2046055b5b652ceca6ce120175bb69a2654e9d5332f6929e88ef458854ad93d7ed3562baa5e97c72014fe1b8660859ba2df258aff909fab3df9d27bf22e6152a0d34b53176777a94fc6c4b1e3e102899921490294c5723ddf6963e9ed6931a5374d1fa0d1680a6c453962cea512439dff66fd45faa2930b4393b524965bb3c7e1f9a86f8f771c36e7184bbebe84a8b7e41fddbcfa8b6221f3702632e149dc56da158fe387331e16a6bc2ff5e10b156e67b601d57b35998afc0822e4cf7374405bf7eb691c98705500f273e963eaf2c123c5ef5fec415eead26ca4dc73da83fe451c6ed213dbed4ef31803e2658ce8928537a802ae9ed9c73a0ec1f34afc1943f540947728e16722fa32a5e9f3eb44dbb83d05dae1786079fff25843ed1031b73916a0c79f801663e2a6e0ccc661d3d361afddbe02bcc7bc62a22e8430e156952279342d285f4e20a2454d01c421e4cce85a073df6b64392d390a2d82ca5d36f123d88ea330751230552f8d51f868fbf1de5ea0fd656575c290441299dd56d2b1662059db2131ceded65d7aee8fef6bb0e7cf8340064f55c1fe7496eec6522a06224c18daa55a3fab07ecbb3751be01498a189902e5d13ce56bf6a1f8971a4423def792e4e2884057cfac46b45fa94a2472099db1a2ea0606fc3d39c447f73a7b69876e0166dc0a71d580ea350b77430e8aec48808b2acc75e3e2b62115277c5703a4585e175939147c90e91240d06f6150c18fd2feb8e6c7283230e65f30bd3e61c8665c6d467f3f964b22564c1aaf406be4dfb1a33c29d5bcb891360ee6204962bd2f7515621e620bc75ab65f4515ecfbcce5035ee405c7721cf4c3cb998d6d148afccf449851e0fc4c0ca33d34ff9b40c02bc199c2139b1f9bb8e1ff8b3fe827401945e7e1d8761272fd78a13710ffa4bfcf52e51be4ae7bfd1d9cd5a41978e49d01f9b881e4512e4a92d5ffeeecbd1ab3766432c8383542468a91ca6b12751b8526b0838b95907c98e1f31dd1fa3b93b2573d0d123c7a9321f6ab709c2769bef90294236558788bb828220ed2757c78445716b788fb417438afffd2d1e4e5678824bcb26c953837e340c7d36c0df8b821fb0bb7b009f996aadde04984d52fdf0652585a0309f6ef66c86f968c43fa9c57c72b715cf4a509e4125ffe8cff000659051d70782b5b56fbdee904980f74c4e2e81862b2d5be4f2afb0978f48569f6423f7319d014a9f2d1bc32771954113e723813554b375005808adda659a791064c3a23c2ff013e092b671eff3cc25ae50321441162a80298fbb50b8e0a8a3892e6915547c72508034c1a5fbb22729e19587c6c5ef2ae1d5c5bcc5c3335df0f95a956a6d944f88e65cf9882f9c65df0d4bb838c16f84e26d58e31bf49ef83605bed8e796edcf112d70e10859bdb4c0f38423908e4782757ec21a6ee7539d898c8911ffc71f734032e2f7000bdd41a6ffe018a098dee52002ed9dcd8e11890ecef4b05dd93f807d8a6dc5f3c8a94a948397cb8f543610a0533282a1067d008ac810a582d077bcec926f4191ed7429b89ec4fd991473ced0f3d0c1cf41180f013181c4000729bc6514f383d3cd9e855d52b85153e2c00983cdb22b71b633557b6d9a5cea65ad58bce9b27d7d7f855991375e6fdde5fecd5bef79b62760420862418157836a730c5b3c9f2b11550a3f7850578e9f03a4d8f9825f70fe6f8489087291528c105afd2ab6a68ff0a9133d11fd0c16aef69eddf18291db1970e39af8531ee006a6dee6e6098d207d2f659ee27202b3f7494538a6c10f5aae62ab45331ac3a3bf289c8ca55a17ff7a5dc61f6f34b3ef551c5aa2d7649b8c03b6ccf4a35f424b20e95237ece9810ccf9a9db53239f478813f0d0729bfa9c88cfd8b2fd68413b11dc5b9bd996be5b4a39e3dd4d80f1d92110b503bd4202d5f3ecefbb270211110b8bfedc7525f27ed4f0611f78a8341328f7b07b945dfc2c1987c1af1734dc7ede704235f687a2a4924da7a72ff30da1d040024f7a95b2ae87d663f756a06c7a036d568b472bb9d684660e14944a06002ddae87cef14dec5fc2909d50dedc744eb03c14ef68169e12a87ff4d59cef962297e0d3dffd72bf445a66338c4d86b0ae52cef6a2ce944913bb0d4d0949588523312cc16f0075b4edd95dd8192810db181873cba5c8db82b5465099c536c8929a799e438e626b16edb2adbbc718c9ca2e5cf96be389245e13bba02c9c01ef177b0c806e44a535cc9cf15e82d3caf102ec0f7efe1e24aa90a2123aa24c136aa7b44f65583f3c6b7644abf73bc75151210d59307ea06eb7273d5b0c10a2b25049c1b997950dda3ffcf56b508f10b68f439f1bcf0b7543a395b69a41b6af751b1957422d14d3b29afcdb4f91eb053b1fe66ced8bbd019a089cccc5e18ff8042ef460c4aaa449b8438d6ca95e7fe27ad6747009f75afce3e4d1b02d6125eab3873dd821703598bd2a421fd8ebc56033374c7088353980b9bfe02cb3efbfc4b39be69e84519c5292384a60840d05af4acaa0089da4291cabaf90d632e38d50697f9f6a2bbd4cb538185c7114cae99247c82b1eaac48b6e3508eb0786c5dacdc414e07924ebc75d662aff77849f4b14ef20df2e21eb67445e225649cc66fd7545cdb50a2554a7a4df33f53f14bd8fe566e70e56dcebe1fd89545af0926216aafc15407629b3d34604fa433ae42800b401f4ab6abb0bdf81f75b3cbc800915b14abb07d4ce18c62534ed7c22a415619d3398dc272cfbeaae3f985fa0797d66b30458a1f7684db79131c757cb8bc193f019253fbd10a271f6a8d020dc62bb460a75bc18f3eb01a0a0cca6b67a3c385299388b7524dc44df9e02e76366fa535ec4a11d445070bd3ce2dbd4a86d82f35519db8b4c1d73fd160f1e2f9090d175465a4fbacd7db715732a5a880f6376d0445c2cedbe5fa630aca4cbd63b04e109a08681ddfab30f7e9488e0f45d456dca52284474c333482b9e95f1af4eba74c1a8846d7444005ae35a77ba13003f97a470159610e5cd7de10a608061e93b9fae82c6bdf97177f5106a545890321d9e5e392f64c6339d7f85975c7a630dfeeb10b41293197fa7fb195074b7c3f83e1b12ecd0b24da71743cc36fadfc59f9e5d566184f7db4d1b9c752b1719b5dcfba7a544c81425560b37e6ee165858f4b2d7ac64464062f6e944b5a04c3695d59c2cf1cc0c99b95b24b2f686e454526d40bbe2e7c7a441d2b741e11882390fb2b2f8e55889d4878a31dc3dbec6eb78917e4f12eb6948cfec00b81836ce42ab9c39ff5157b130c42ad7750212570f2c482cc49ccb07e36ab5efdfdbc959df0de613e0b679e3bdce5e72f8390f4e48d12111252d9f15b43b135784d47e20ce4c1fc2c78a70f35f0d7cd1a473fff6275ae9432324f4d985358b017acaa64288dce2fe068940ca9ed9182c4c708eaf6d4397c8e3791bfd44453f588946e2fd8779da929e2625a33362379193526daea71e0dc495189822ae6757dc7bfb71162ec504a44bed3bc86c063229f77e62b46b64a67f6dbe4030dd64ab7fbf0b2cf3009b93e8dae850764aebdda1f5243797a7735255a532b316c7918e294d792bbbd1c07511562d801b5070790fb32c9f481a88a02c306f986cd2768ee27f83def09e43342d4fe303049e887d0ca33a0edfae73780ef5455bdd7d49b815e915b2df0db5a6746517360383588f8234af79cc313264e0673f7b2af1021edf20251beb22e13eb4047a476a91004887449ad39c505eecf1380de4c0ae2c8b23f717ae5a8e26be6023777121b743852132176f6218b3e1d407b70fc2a8898c179ad1096f93ba890593359160721788877427dcd4acc6245f5436ba931787728284edda17c1b74d9569152e2e438434c5cd866bf1780800a452dea3e9c1dd8e274a61d2cb54ad7234cd96edb50711021b054667a7561e9a7ef99efaf38fca93c8cb5598ff5bafa16d78821365646eb8d1e57463fb81615ed267c7a287e6ad9c0574ee43a90df77447d17527bc923881b6d95daa274983060bc9b43953678571c1c253863575741fa4f0c151e586c87e6b0c700a07316af652674ceeda55661fd1734d31a2dbf3f56dc5cfc95fb28b43fb1ceefc0753b46f7dc6ffd3803a8d11009f8b592637fc98dc429fcf1584d8f3f036196ead86d65382fcfe7f648c7d23650cfb714e700ed7c28a819acd9106fc7450aa2f4230b4cbae23225b559b857f0d5bf2489b20cc88fbd9c52a09a09469170684e3f172bafa70ca5dfeb353ce85af8063c8e4de5b06172d93a932b2ea09ca97c901300eec7655ade984320a46798b61e843ef1130a128a52f423e65c76c371b2904300d6964467600b4b1dcbc4b24cd668a82c08605aacf93800e8e18c79383e7a2af0da466d20611b605114db830c20640bac2ed6be0f42a2a844f353766e609fb2da8c7d9c4d7b3d8198714e1cbd4282bdbd7b67c5c8fe7684f5ade65d30e02954c2b7c2025cd5e2cabc6317db38eebdf8a5a97e1af50d9f47208a789c43aae6b07a9affb9e21ae6d4c6f3ceeed15e8e87c632d5ac89a32f202cd1bff581476c7a280e4ef3f0205ac9bcfbfd62ca97c8542336f78c0286a9cec55e40cb3a82f8ea8fa0dbdc109ce85d8362bb8603ea4ef6228311b2de84b8fa5f6e8ffc7c6ffd5d1a8b02f0dde2d6651cc4f0194aba138a4ea87f2099b4f59f65982cdeda33eccf0a54590056f5fb259b5d849e124f540c5f75b0edd5ba43ef836018208ab2968029ad12a6889738d51ec1c4001f566a2f75c8fd93468e3d6cd162368bd8729ada6c95d5c658fef1daa4ee30e02bc8ef956dd5a354256fb193c883fe6d7304823ad4d3698d414226f5eecf6e3eab141ab9333afc3f1aae51acee447f847012913290d60a3bb539a3d6bf77a794c17b0e3d07bb954fc5f7383f404dd97fb5d2ff029d7598fb215891d4778dced62a5462993a67642a50ecb555f1703aaf31b9573d90692ed4fc00bfac77976e4ac3f0155c69582ea0050c8d40aa12a2bfe79ad5266388bb4181c57a00c232a4dfcc3483e45d07082b99f68eb0758b8b3523ecae36969b636153be694f57bc8902", 0x1000}], 0x6}, 0x0)
r6 = syz_usb_connect$cdc_ncm(0x0, 0x8f, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109027d0002010080000904000001020d0000052406000105240000000d240f0103000000fd0000000406241aff072908241c0101090000142413099f33760bf14377323063f9c8a04d113905241510000905810300020800040904010000020d00000904010102020d0000090582020002e1ad00090503020002"], 0x0)
syz_usb_control_io$cdc_ncm(r6, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_usb_control_io$cdc_ncm(r6, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r6, 0x0, &(0x7f0000000000)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x100, 0x70, 0x8, 0x1, 0x7, 0x104, 0x0, 0x0, 0x8000, 0x8, 0x100, 0x9}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r6, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r6, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000080)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
socket(0x1e, 0x1, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xe0, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffdc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0b00000007000000010001004900000001000000ec3e40aa7f64e23716a2bcade8dd54a92d8e92c8f9c49d0af5e09c9d24f4f64882252356990a8732ff6f8964b8f86e26fdc09219544751412fe5", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
epoll_create1(0x80000)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000440)={r7, &(0x7f0000000380)="8ec3c493b8e6d5a752ecd7d7433a44efe7181be9ba347eddb861044569f5527b90f2477c5994e025e8f862bf4dcbe9bd6f75a9e0e1db8026c179772365a7e94092928277b0c7462cdd0e410943d2c26ae8e779489da42fa15f806d4c430e8f221c921ca0df546d7a501adecee07139984fb5af03ea6fb7ab106b6a8d832cbded8b2fc5", &(0x7f0000000600)=""/172}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r7, <r8=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r9}, 0x10)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r7, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20)

4.830025053s ago: executing program 2 (id=1257):
r0 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000340)={0x0, &(0x7f0000000000)=[@uexit={0x0, 0x18, 0x6}, @cpuid={0x2, 0x18, {0x1, 0xdd1b}}, @code={0x1, 0x6f, {"3e0f01b70f00000066ba4200edb9df0800000f32c744240008000000c7442402f3ffffffc7442406000000000f0114240f7902f39066baf80cb80de62186ef66bafc0cb000ee8f29c001e40f01c366baf80cb82e212c88ef66bafc0c66ed"}}, @cpuid={0x2, 0x18, {0x1, 0xfffffe01}}, @code={0x1, 0x61, {"66b836008ee0c4817c29edf3420f2a0e66b86b000f00d8c48219b644cc002e66f244af263e260f320f23e5c744240083a36c89c744240209000000c7442406000000000f011c24f3470f0383c746a508"}}, @uexit={0x0, 0x18, 0x4b9}, @uexit={0x0, 0x18, 0x1}, @uexit={0x0, 0x18, 0x8}, @cpuid={0x2, 0x18, {0x3, 0x9}}, @cpuid={0x2, 0x18, {0x800}}, @code={0x1, 0x8f, {"c7442400cf330000c744240200000100c7442406000000000f011c24c744240020000000c744240247000000c7442406000000000f011c24c4620af5be000000002e0f01da420f78a00b0000006566440f3880300fd20948b800900000000000000f23c00f21f835030007000f23f80f20e035040000000f22e0470f01c5"}}, @cpuid={0x2, 0x18, {0xfffffffd, 0x4102}}, @uexit={0x0, 0x18, 0x6}, @uexit={0x0, 0x18, 0x40}, @code={0x1, 0x65, {"b914090000b808000000ba000000000f30f4430ff2250a000000440f20c03504000000440f22c0c4c2fd23dcc46115e2c00f20c035040000000f22c00f01c8440f21a1b959090000b804000000ba000000000f30"}}, @uexit={0x0, 0x18, 0x24c3}, @cpuid={0x2, 0x18, {0x10, 0x219c}}, @uexit={0x0, 0x18, 0xc}], 0x314})
ioctl$KVM_SET_FPU(r0, 0x41a0ae8d, &(0x7f0000000380)={'\x00', 0x0, 0x1, 0x4, 0x0, 0x0, 0x2, 0x3000, '\x00', 0x6f})
ioctl$KVM_RUN(r0, 0xae80, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000005c0), 0x2, 0x0)
statx(0xffffffffffffff9c, &(0x7f0000000600)='./file0\x00', 0x0, 0x800, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, <r2=>0x0})
mount$fuse(0x0, &(0x7f0000000540)='./file0\x00', &(0x7f0000000580), 0x18010a0, &(0x7f0000000740)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@default_permissions}, {@blksize={'blksize', 0x3d, 0x200}}, {@default_permissions}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x409891a5}}], [{@dont_measure}]}})
fremovexattr(r0, &(0x7f0000000840)=@known='trusted.syz\x00')
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d00)={0x18, 0x33, &(0x7f00000008c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x7}, {}, {}, [@alu={0x4, 0x0, 0x1d, 0x1, 0x7, 0x18, 0xffffffffffffffff}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, 0x1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x400}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, 0x1}}, @map_idx={0x18, 0x1, 0x5, 0x0, 0x5}, @cb_func={0x18, 0xb, 0x4, 0x0, 0xfffffffffffffffd}, @generic={0x8, 0x3, 0xd, 0x401, 0xa29c}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000a80)='syzkaller\x00', 0x7fffffff, 0xa5, &(0x7f0000000ac0)=""/165, 0x41100, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000b80)={0x0, 0x3}, 0x8, 0x10, &(0x7f0000000bc0)={0x2, 0x1, 0x0, 0x800}, 0x10, 0x0, 0x0, 0xa, &(0x7f0000000c00)=[0xffffffffffffffff, 0xffffffffffffffff, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x1], &(0x7f0000000c40)=[{0x1, 0x1, 0x5, 0x6}, {0x5, 0x4, 0x5, 0xa}, {0x4, 0x3, 0x2, 0xb}, {0x5, 0x2, 0x8, 0x9}, {0x0, 0x4, 0xe, 0x3}, {0x2, 0x4, 0xf, 0x6}, {0x2, 0x2, 0x7, 0x9}, {0x4, 0x4, 0x0, 0xb}, {0x3, 0x1, 0x7, 0x7}, {0x4, 0x3, 0x4, 0xa}], 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000dc0)={&(0x7f0000000880)='xen_mc_entry_alloc\x00', r3, 0x0, 0x6}, 0x18)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000e00)='./file0\x00', 0x220000, 0x1)
r5 = openat$cgroup_ro(r4, &(0x7f0000000e40)='devices.list\x00', 0x0, 0x0)
ioctl$KVM_RUN(r0, 0xae80, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001240)={r3, 0xe0, &(0x7f0000001140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000f80)=[0x0, 0x0, 0x0], ""/16, <r6=>0x0, 0x0, 0x0, 0x0, 0x3, 0x5, &(0x7f0000000fc0)=[0x0, 0x0, 0x0], &(0x7f0000001000)=[0x0, 0x0, 0x0, 0x0, 0x0], <r7=>0x0, 0x34, &(0x7f0000001040)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000001080), &(0x7f00000010c0), 0x8, 0x17, 0x8, 0x8, &(0x7f0000001100)}}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000013c0)={0x6, 0x10, &(0x7f0000000e80)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2ce, 0x0, 0x0, 0x0, 0x5}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [@func={0x85, 0x0, 0x1, 0x0, 0x5}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000f00)='GPL\x00', 0x101, 0xd, &(0x7f0000000f40)=""/13, 0x41100, 0x51, '\x00', r6, 0x25, r4, 0x8, &(0x7f0000001280)={0x9, 0x1}, 0x8, 0x10, &(0x7f00000012c0)={0x3, 0x0, 0x0, 0xfff}, 0x10, 0x0, 0x0, 0x8, &(0x7f0000001300)=[r4, r4, r5, r4, r5, r5, r3, r5, r4], &(0x7f0000001340)=[{0x5, 0x1, 0x9, 0x8}, {0x5, 0x2, 0x9, 0xc}, {0x1, 0x1, 0x8, 0xc}, {0x5, 0x5, 0xf}, {0x2, 0x4, 0x2, 0x1}, {0x5, 0x3, 0x7, 0xa}, {0x2, 0x4, 0xa}, {0x1, 0x4, 0xf, 0x6}], 0x10, 0x75, @void, @value}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000001480)={r5, r6, 0x25, 0xf, @void}, 0x10)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001500), r5)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r5, &(0x7f00000015c0)={&(0x7f00000014c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000001580)={&(0x7f0000001540)={0x24, r8, 0x100, 0x70bd2a, 0x25dfdbfc, {}, [@ETHTOOL_A_CHANNELS_COMBINED_COUNT={0x8, 0x9, 0x9}, @ETHTOOL_A_CHANNELS_TX_COUNT={0x8, 0x7, 0x4446}]}, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x400)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r5, &(0x7f0000001700)={&(0x7f0000001600)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000016c0)={&(0x7f0000001640)={0x4c, r8, 0x100, 0x70bd25, 0x25dfdbfd, {}, [@ETHTOOL_A_COALESCE_TX_USECS_IRQ={0x8, 0x8, 0x5}, @ETHTOOL_A_COALESCE_USE_CQE_MODE_TX={0x5, 0x18, 0x1}, @ETHTOOL_A_COALESCE_TX_MAX_FRAMES_LOW={0x8, 0x11, 0x5}, @ETHTOOL_A_COALESCE_TX_MAX_FRAMES_LOW={0x8, 0x11, 0x200}, @ETHTOOL_A_COALESCE_STATS_BLOCK_USECS={0x8, 0xa, 0xd}, @ETHTOOL_A_COALESCE_TX_MAX_FRAMES={0x8, 0x7, 0x4}, @ETHTOOL_A_COALESCE_PKT_RATE_LOW={0x8, 0xd, 0x8}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40000}, 0x4000000)
ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82)
socket$nl_route(0x10, 0x3, 0x0)
r9 = socket$unix(0x1, 0x5, 0x0)
connect$unix(r9, &(0x7f0000001740)=@abs={0x1, 0x0, 0x4e20}, 0x6e)
r10 = bpf$OBJ_GET_MAP(0x7, &(0x7f00000019c0)=@generic={&(0x7f0000001980)='./file0\x00', 0x0, 0x10}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000001a80)={0x11, 0x4, &(0x7f00000017c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x7}, [@call={0x85, 0x0, 0x0, 0xd1}]}, &(0x7f0000001800)='GPL\x00', 0x101, 0x90, &(0x7f0000001840)=""/144, 0x41000, 0x0, '\x00', r6, @fallback=0x7f857bb9384c4418, 0xffffffffffffffff, 0x8, &(0x7f0000001900)={0x6, 0x3}, 0x8, 0x10, &(0x7f0000001940)={0x4, 0x10, 0x41d, 0x3}, 0x10, r7, r4, 0x3, &(0x7f0000001a00)=[r4, r5, r4, r4, r10], &(0x7f0000001a40)=[{0x5, 0x2, 0xf, 0x9}, {0x4, 0x5, 0x9, 0xa}, {0x2, 0x3, 0x8, 0x2}], 0x10, 0x4, @void, @value}, 0x94)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r11 = syz_genetlink_get_family_id$mptcp(&(0x7f0000001b80), r5)
sendmsg$MPTCP_PM_CMD_REMOVE(r1, &(0x7f0000001c80)={&(0x7f0000001b40)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000001c40)={&(0x7f0000001bc0)={0x70, r11, 0x8, 0x70bd26, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0xa0ef69c5}, @MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0xe}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r6}]}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0xf2}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x1}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x5}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x8}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x3}, @MPTCP_PM_ATTR_SUBFLOWS={0x8}]}, 0x70}, 0x1, 0x0, 0x0, 0x1}, 0x20008045)
ioctl$KVM_SET_XCRS(r0, 0x4188aea7, &(0x7f0000001cc0)={0x4, 0x8, [{0x1b3c, 0x0, 0x9c3}, {0x5, 0x0, 0x6}, {0x3, 0x0, 0xf5c9}, {0x81, 0x0, 0x9}]})
setsockopt$inet6_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f0000001d40), 0x4)
sendmsg$NFULNL_MSG_CONFIG(r5, &(0x7f0000001e40)={&(0x7f0000001d80)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000001e00)={&(0x7f0000001dc0)={0x24, 0x1, 0x4, 0x801, 0x0, 0x0, {0x1, 0x0, 0x7}, [@NFULA_CFG_FLAGS={0x6, 0x6, 0x1, 0x0, 0x2}, @NFULA_CFG_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x7}]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x22008891)

4.756014724s ago: executing program 2 (id=1258):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[], 0x48)
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
creat(0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001780)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, 0x0, 0x0)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', &(0x7f00000004c0), 0x100)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xb, &(0x7f0000000280)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000380)={{0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x28}}, {0x20000010304, @dev}, 0x4, {0x2, 0x4e20, @multicast1=0xe000cc02}})
r6 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
readv(r6, &(0x7f0000000800)=[{0x0}, {&(0x7f0000000340)=""/48, 0x30}, {0x0, 0x3000}], 0x3)
lsetxattr$security_selinux(&(0x7f0000000040)='.\x00', &(0x7f0000000000), &(0x7f0000000080)='system_u:object_r:iptables_conf_t:s0\x00', 0x25, 0x0)

4.521867297s ago: executing program 4 (id=1259):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_msfilter(r1, 0x0, 0x29, 0x0, 0x5000)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x18)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r4)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x0)
writev(r3, &(0x7f0000000040)=[{&(0x7f0000000100)="89e7ee2c78dad9b4", 0x8}], 0x1)

4.31990903s ago: executing program 4 (id=1260):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_msfilter(r1, 0x0, 0x29, 0x0, 0x5000)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x18)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r4)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x0)
writev(r3, &(0x7f0000000040)=[{&(0x7f0000000100)="89e7ee2c78dad9b4b473fec9", 0xc}], 0x1)

4.136002942s ago: executing program 1 (id=1262):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[], 0x48)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
creat(0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001780)=ANY=[@ANYBLOB="02000000040000000600000005000000"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', &(0x7f00000004c0), 0x100)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xb, &(0x7f0000000280)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000380)={{0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x28}}, {0x20000010304, @dev}, 0x4, {0x2, 0x4e20, @multicast1=0xe000cc02}})
r6 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
readv(r6, &(0x7f0000000800)=[{0x0}, {&(0x7f0000000340)=""/48, 0x30}, {0x0, 0x3000}], 0x3)
lsetxattr$security_selinux(&(0x7f0000000040)='.\x00', &(0x7f0000000000), &(0x7f0000000080)='system_u:object_r:iptables_conf_t:s0\x00', 0x25, 0x0)

4.060349894s ago: executing program 4 (id=1263):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = memfd_create(0x0, 0x0)
write$binfmt_misc(r1, &(0x7f0000000180)="e5", 0x1)
execveat(r1, 0x0, 0x0, 0x0, 0x1000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x7)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000500)={[{@discard}, {@abort}, {@dioread_lock}, {@norecovery}, {@nombcache}, {@lazytime}, {@noload}, {@usrquota}, {@noauto_da_alloc}, {@resuid}, {@init_itable_val}, {@jqfmt_vfsv1}]}, 0xfe, 0x558, &(0x7f0000000c00)="$eJzs3U1rG0cfAPD/ynbenOeJAyG0PRRDDk1JI8d2X1LoIT2WNjTQ3lNhb0ywHAVLDrEbaHJoLr2UUCilgdIP0HuPoV+gnyLQBkIJpj30orLyylFsyZZtpVaq3w82mdldaXY0+x/PaCQUwMAaz/4pRLwcEV8nEcdajg1HfnB87bzVJ7dmsi2Jev2TP5JI8n3N85P8/9E881JE/PJlxJnC5nKryyvzpXI5XczzE7WF6xPV5ZWzVxdKc+lcem1qevr8W9NT777zds/q+vqlv777+MEH5786tfrtT4+O30viQhzNj7XWYw9ut2bGYzx/TUbiwoYTJ3tQWD9J9vsC2JWhPM5HIusDjsVQHvXAf98XEVEHBlQi/mFANccBzbl9j+bBL4zH769NgDbXf3jtvZE41JgbHVlNnpkZZfPdsR6Un5Xx8+/372Vb9O59CIBt3b4TEeeGhzf3f0ne/+3euS7O2VjGDvu/+g4vCWjxIBv/vNFu/FNYH/9Em/HPaJvY3Y3t47/wqAfFdJSN/95rO/5dX7QaG8pz/2uM+UaSK1fLada3/T8iTsfIwSy/1XrO+dWHHfup1vFftmXlN8eC+XU8Gj747GNmS7XSXurc6vGdiFfajn+T9fZP2rR/9npc6rKMk+n9Vzsd277+z1f9x4jX2rb/0xWtZOv1yYnG/TDRvCs2+/PuyV87lb/f9c/a/8jW9R9LWtdrqzsv44dDf6edju32/j+QfNpIH8j33SzVaouTEQeSjzbvn3r62Ga+eX5W/9Ontu7/2t3/hyPisy7rf/fE3Y6n9kP7z+6o/XeeePjh5993Kr+79n+zkTqd7+mm/+v2Avfy2gEAAAAAAEC/KUTE0UgKxfV0oVAsrn2+40QcKZQr1dqZK5Wla7PR+K7sWIwUmivdoy2fh5jMPw/bzE9tyE9HxPGI+GbocCNfnKmUZ/e78gAAAAAAAAAAAAAAAAAAANAnRjt8/z/z29B+Xx3w3PnJbxhc28Z/L37pCehL/v7D4BL/MLjEPwwu8Q+DS/zD4BL/MLjEPwwu8Q8AAAAAAAAAAAAAAAAAAAAAAAAAAAA9denixWyrrz65NZPlZ28sL81XbpydTavzxYWlmeJMZfF6ca5SmSunxZnKwnbPV65Urk9OxdLNiVparU1Ul1cuL1SWrtUuX10ozaWX05F/pVYAAAAAAAAAAAAAAAAAAADwYqkur8yXyuV0UUJiV4nh/rgMibVEM7D3/IT72y8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQKt/AgAA//+jgjYy")
mkdir(&(0x7f00000004c0)='./bus\x00', 0x92)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
syz_genetlink_get_family_id$ieee802154(0x0, 0xffffffffffffffff)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0xd0)
getdents64(r2, &(0x7f0000000f80)=""/4096, 0x1000)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfdc5e000)
r4 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00')
getdents(r4, &(0x7f0000000ec0)=""/4096, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, @void, @value}, 0x94)
ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000080)={0x81, 0x537, 0x7fffffff, 0xa1, 0x14, "c644c0000000000000144800"})
syz_socket_connect_nvme_tcp()
dup(0xffffffffffffffff)
syz_mount_image$msdos(&(0x7f0000000100), &(0x7f0000000600)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xa0c406, &(0x7f0000000b80)=ANY=[@ANYBLOB="646f747300000000732c646d6173a594e5e0d4ee303030303032fd33a1ddfe6717c3d234e02f47303038302c6e6f646f74732cb7f973636172642c6e66733d6e6f73", @ANYRESDEC, @ANYRESOCT=0x0], 0x1, 0x2a2, &(0x7f0000001140)="$eJzs3M9r02AYwPGn6dZ0k/04CXrxQS96CbMe1UOVDcSC0q2iHoSMZVpa25EUbUUwZ0/7O4ZHb4L4D+y/8DYE2WknI22zNOu633Wt3fcDI++b5323J3nJeNKSbD1ff1ta9axVuyZGWsUQ8WVHZFaKsisRblOtdiraL/cz4sutuXfbnxdfvHyczeXm86oL2aU7GVWdvvb9/ccv13/ULj37Om2asjn7aut35ufm5c0rW3+W3hQ9LaakUq2prcvVas1eLju6UvRKlurTsmN7jhYrnuPuia+Wq2trDbUrK1OTa67jeWpXGmpIQ2tVTYdZVdSyLJ2abLbTcoGkTjyjsJHP29lOfz7Z34wwDFw3azcXdmLf1VDYGExGAABgkA6u/41ozG79b3TX/yJH1P+fwlHT33rW/56evv5PSlT/l5xW/V9zG2q/tovx+h+H6q7/j8f4N8ngLBJ+rPNgT8h1sxO9J1H/AwAAAAAAAAAAAAAAAAAAAADwP9gJgpkgCGaaW0NEgrBvikgy1u8x9UI9Wz+q4usfxH7McIEPWX+MgNiDe2mRX369UC8kWtt2fOFRbn5OW2IP/m3X64VkFL/djuve+LhMhvFMz3hKbt5ox5uxh09y8fh6vTAhK4dm7vfrFAAAAAAAMPIsjcxGO9MS3d9blprSHW/dv7dbfufzAe28GqgZH5OrY+d5JAAAAAAA4CBe40PJLpcd93wayXP8W6duiJxu+t3A7EsaSRE5Ykx+UWTwJ2pfw5ShSGOUG/f69guDhEh7z3j4z6DrKgAAAAAwWjr3Ayefy9f7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD0x5neImYcb/CgjxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYFn8DAAD//8DvvIM=")

3.659483169s ago: executing program 2 (id=1264):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x1000, 0x2})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)

3.61873304s ago: executing program 2 (id=1267):
r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200c080}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x3c, 0x4, 0x8, 0x201, 0x0, 0x0, {0x5, 0x0, 0x2}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x5}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x40)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_START_NAN(r0, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x6c, r1, 0x1, 0x70bd2c, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x3}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x5}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x3}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0xd}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x1}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x8}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x8c}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x62}, @NL80211_ATTR_BANDS={0x8}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x6e}]}, 0x6c}, 0x1, 0x0, 0x0, 0x48000}, 0x1)
r3 = socket(0x2c, 0x4, 0x4)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x13, &(0x7f00000002c0)=0x2291, 0x4)
write$P9_RSTATFS(r0, &(0x7f0000000300)={0x43, 0x9, 0x1, {0x39c, 0xf52c, 0x40, 0xc42, 0x8, 0x0, 0x6, 0x80}}, 0x43)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000380)=<r4=>0x0)
sched_setaffinity(r4, 0x8, &(0x7f00000003c0)=0x1000)
socket$igmp6(0xa, 0x3, 0x2)
syz_genetlink_get_family_id$devlink(&(0x7f0000000400), r3)
setsockopt$inet6_int(r3, 0x29, 0x49, &(0x7f0000000440)=0x8, 0x4)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0)
r5 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000004c0), 0x40200, 0x0)
ioctl$int_in(r5, 0x5421, &(0x7f0000000500))
socket$nl_route(0x10, 0x3, 0x0)
syz_usb_connect(0x4, 0x4a8, &(0x7f0000000540)={{0x12, 0x1, 0x250, 0x3d, 0xd9, 0x1a, 0x40, 0x403, 0xfc0d, 0xc964, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x496, 0x1, 0x7, 0x7, 0x80, 0x9, [{{0x9, 0x4, 0xae, 0x8, 0xb, 0x94, 0x4f, 0xbb, 0xad, [@hid_hid={0x9, 0x21, 0x8, 0x8, 0x1, {0x22, 0xf50}}], [{{0x9, 0x5, 0x5, 0x3, 0x40, 0xb, 0x5, 0x1b, [@generic={0x7a, 0x31, "b50d47826973faa5e3a05c4db2d77a496d8b1bf40f64ce55add1dcb6177d3acd8b49860660907a2df784bf9020ded2f48df9df20762cd546f9aa8e9689399dba052b2ab9ae8c825501bf3b99af566e3f946fd57b0981800ee30961278fe8faf976738a71499fbf11d4c69a793989899e0b4c4c03b77bc110"}]}}, {{0x9, 0x5, 0x2, 0x1d, 0x200, 0x0, 0x0, 0xc, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x6, 0x8}, @generic={0xde, 0xb, "74623c1d055bd876a5283859efb13678a880e36eea4d51892701a99518e3b9afb8f388e464c483c7a6a88266fd1771e34ca566c07370a990f5a7dabe24eab03c577998ef694ac072ec89c66fb805eddd7aa2f13ad194b9db23ce978c578b0163497a0df8a0abc27b023c6e7b0f4fa1be8a6d1a6236ab59226f13e6f486fa9e006f0f84c92c735aca7673efe61a4f9e221c9b2fe6e6478c6e0086001c85776838b01ad845e2f9611e23c1ed5b7ea301a49f60c55d605691391468d87dd04418b52117ff6381c009fd8be0e2f495d3d4b94875c013632cdb320d14bf14"}]}}, {{0x9, 0x5, 0x8, 0x0, 0x27ad9cc431d61b75, 0x5, 0xa, 0xf, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0xfa, 0xc41}]}}, {{0x9, 0x5, 0xd, 0x2, 0x20, 0xfb, 0x4, 0x2, [@generic={0x3a, 0xe, "3a3ef7f6b843c8880a70a35b78511526627de541a1221078178499cf5186c37fc4e92c206411b7df8fb1bc56d20abb2b145985dcb0e13e64"}]}}, {{0x9, 0x5, 0x5, 0x1, 0x200, 0x5, 0x8, 0x7, [@generic={0xbf, 0x2, "eea338028fe4f67f1df3d0ed78e5fd638259f94a0d067d16f2962f34d96965c1cb56ac1ca00ed2aa78479e4aee5ce699f44b3f3f92922b5dc76db7e0539812d72f4992fbb55efd1753e39c52d7e7a24b26d4a9809e315d82ed8fa4b0cc4519dd4d2c699592cadc230ff2ca5ce5c62490aecd5a2bf6708eb8f0a57b8ec6ddf25e298692fa71a47d33c798729a2c0ef009f33f5fefdaba0eb7e031279b6b40209316bb97a8aa0c6ee0232fd604a2c90d127c50c9eae267a669d75e73490d"}]}}, {{0x9, 0x5, 0x8, 0x0, 0x8, 0x2, 0x4, 0xdc}}, {{0x9, 0x5, 0x80, 0x3, 0x3ef, 0x40, 0xa1, 0xf0}}, {{0x9, 0x5, 0x9, 0x0, 0x20, 0xfd, 0x4, 0x1}}, {{0x9, 0x5, 0x1, 0x10, 0x3ff, 0x8, 0x7, 0x3, [@generic={0xff, 0x4, "ca5e367c3baa800c6da1a6bc81e1d0ae9c3a6f7ecb39bd2f2fb9265ba99d24a9c6bb9da97df5af3e7bfb70ed56f0116ddec8ae528fba461db5cac23532a8c7b4a66d12bd7bf2479efb5cb46775ef077851ed100e32ad903acb3c00531f03bde88b87ca64f37bbf05aef15f015fce525a50bd04608735b2bf9073a00f5a78a2016d0d696eae738de712a5b76c6d3f7287af99ac0c5b667244f3e50e4b9bd30b2010e990b80fc8e66b48d407c1bcc69e9eecedb53c1b02a87a7c60b80d9e95b1c7fdbb88b8fac594056cdb375fa237d54ea494f9cb82662cf4814e2cbabcb02d9ebcee19c3ab1bad262a997e0bb94bbe68b86cb508303cc7a3f214de7500"}, @generic={0x9e, 0x8, "12bbbbf92495e1ba8d9213800f4246e70d2683fa10daa84c66d750cc8f0a5df7b13720b289b37069b01a3b9b5dead283e65b700ad2a88d8e65c2bce62666f941eca0df11010901c8c4d3247c1424f31113041fce44eeaf1dd3ec1ecc348a62e51a50dc60a0e581f2506140d51a2c7a3138959d52db5bf4932aab7669428761464d5a426d5ecdcb05cb075af11388f8358b66ec109937b2de12bda64e"}]}}, {{0x9, 0x5, 0x2, 0x8, 0x8, 0x6, 0xdf, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0x1, 0xd}, @uac_iso={0x7, 0x25, 0x1, 0x0, 0x31, 0x5fc}]}}, {{0x9, 0x5, 0xf, 0x4, 0x20, 0x1, 0x9, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x5, 0x8}, @uac_iso={0x7, 0x25, 0x1, 0x80, 0x40, 0x3ad}]}}]}}]}}]}}, &(0x7f0000000f40)={0xa, &(0x7f0000000a00)={0xa, 0x6, 0x110, 0xf8, 0x7, 0x9, 0xff, 0x5}, 0xf6, &(0x7f0000000a40)={0x5, 0xf, 0xf6, 0x1, [@generic={0xf1, 0x10, 0x2, "9c75602e36e2509e82b290609d912071c175017091ee8288583bb3559ba34a809586fc8f1e16f928fb73c4aa70e0771199c2c9b2e5a498893e1895171b8c6a100c2f94ff73cd80adc803d103ea7d2a6148c400ada1e58a0e935e563ef5c9a422b939866402e33f6d4acba604a7e255976be105cb7ebf22843cc57d4bef91a5a02d98dc851c9206a92808cadc4654cf0338289743cf9e94eebeef76d95fda8f9e169ad723efff5c2309feef897f44150b5894c3392ca400d74dd1d4697b612e7c454c85489834330bb43cf0f65834d14a511841527ff388853443984f2572b0abb12590f98947330baac728d2e634"}]}, 0x9, [{0x3d, &(0x7f0000000b40)=@string={0x3d, 0x3, "900637fb066bdf9e64c6a1ed988b4d644ab57e679b70dae3316122ed0531561bbcc8f5d1adc4f9786ec4151b829b1e4dd6693e4e186299ab07d3c4"}}, {0x50, &(0x7f0000000b80)=@string={0x50, 0x3, "3f38529585e6454790cb5181e3414f5717a8617eafa511d703bc6c7b1116315dc447f2fcc1edf6e217ef9cf8a637741e808e0456421dc13c5945a504c39fba78b5632314887746d83d3d80a872c6"}}, {0x4, &(0x7f0000000c00)=@lang_id={0x4, 0x3, 0x41e}}, {0x4, &(0x7f0000000c40)=@lang_id={0x4, 0x3, 0x809}}, {0xf1, &(0x7f0000000c80)=@string={0xf1, 0x3, "e25023ecf8bdb101ff68ac41df9c70db75558c45e337ca36af43b657c8d15c98fd7ad1c25d651a2a13da68be970ec44430016123c1f3118bb44f8b1b264970ef754ed350d267e30eb7df49c7427527a86d5ebe18caeeb23b009ad0a43b37394284359b67a143247f867da8b8f459044469cd7b66539353e4995264ab3465418ed0d058ae329f98047aae0fd604ceb57974559c683f9e7b83403498270ef0bf7438e22624edb33f2d1fec33c12456bb8d3e3481d2076df30e45458b4eff5948037596dadf86678bc3b63ef79d09f17244673f14e674af524d937437605e6ea8a7050c03175c92f6735ddfa4c63b8bbf"}}, {0xa1, &(0x7f0000000d80)=@string={0xa1, 0x3, "1f884c21b6b8b44f196a3b78bb3d8eb374a55ddb42500359e14293fad7afd0d0b4fb8eb4eb7c920e89a49d1d7c5be09bd8428e092b78e7d9100157c09ae0b93e0d290c1ed2f630ff29781390c3ef24e66086705c7b46f42b49be25f50b07557d78da31bf540caf4cff6a0c6a780bf3add7b9648c9bdb2a6fbbd60f5d318492be71a033adffcb93b310881d3d710ecd52b42467bd5ffa81e1f180ea89260503"}}, {0xd, &(0x7f0000000e40)=@string={0xd, 0x3, "5caf8059271d0f07f868dd"}}, {0x54, &(0x7f0000000e80)=@string={0x54, 0x3, "a9b3e443d83481b9fd801632cfb5db121453548b4802ba261d446b7dd9724d91730be679e68ba6ad4e2a15427bf7426ef51861e5a33a478e003035e69439a8cabc588953e3fa8cf67e6e4b5130bf2ca17b30"}}, {0x4, &(0x7f0000000f00)=@lang_id={0x4, 0x3, 0x443}}]})
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001000), 0xe6040, 0x0)
close_range(r6, r5, 0x0)
ioctl$KVM_SET_MEMORY_ATTRIBUTES(r5, 0x4020aed2, &(0x7f0000001040)={0xdddd1800, 0xc000})
r7 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000001080), 0x44201, 0x0)
ioctl$BTRFS_IOC_QGROUP_LIMIT(r7, 0x8030942b, &(0x7f00000010c0)={0x39, {0x0, 0x0, 0x5000, 0x4, 0x6}})
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r3, 0x8983, &(0x7f0000001100)={0x7, 'veth1_to_bond\x00', {0x10000}, 0x8})
getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000001140)={{{@in=@dev, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0}}, {{@in=@broadcast}, 0x0, @in=@initdev}}, &(0x7f0000001240)=0xe8)
quotactl_fd$Q_QUOTAON(r3, 0xffffffff80000200, r8, &(0x7f0000001280)='./file0\x00')
r9 = syz_clone(0x82000, &(0x7f00000012c0)="74840fbde9ff547f9743a26fc4d8a49339056fed4b8daff1c8f88b12c158f0e4e9b1041412d93ed0098f7b5d2f2a6a442574efdd6d74d69bc670de3cdc30d306167be5ef85e4033b78f95c681fc8a023bdc9d46a61aa073659775cde955f258a245613a7269d105f8f43ad690aea14a099560b00ef84f91efc4abd40f9b715ffa848c9dec7aeb90fd733878cc2dea0a0291872ab1b8cb72b43", 0x99, &(0x7f0000001380), &(0x7f00000013c0), &(0x7f0000001400)="d709ed9242541930aa9d3cb767b2a3d6658f3c64b99214b7222b610116606550577c662d78cdb1fe06d2521df2762ddbba3d885964596275dc59118fe812f68a70a78981575957a9a0332d22711dd1018ab932c0eb5fe477eab6e165b9a99cc8b2407c820c3cb670a3586b9e5d1683c35fad25c1bf36f6bbd9669ce39858cbc45c6c44eed763eee081029fe23a3acbb3b23006c46dbe5bff")
syz_open_procfs$namespace(r9, &(0x7f00000014c0)='ns/mnt\x00')
syz_clone3(&(0x7f0000001740)={0x50020000, &(0x7f0000001500), &(0x7f0000001540), &(0x7f0000001580), {0x1d}, &(0x7f00000015c0)=""/171, 0xab, &(0x7f0000001680)=""/86, &(0x7f0000001700)=[r4, r9, r4, r4, r9], 0x5, {r0}}, 0x58)
socket$packet(0x11, 0x3, 0x300)

2.711123172s ago: executing program 1 (id=1268):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[], 0x48}}, 0x4025)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', <r2=>0x0})
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="300000001c00c9242bbd7000fbdbdf2507000000", @ANYRES32=r2, @ANYBLOB="80001e0a0a000200aa"], 0x30}, 0x1, 0x0, 0x0, 0xc0041}, 0x0)
sendmsg$TIPC_NL_LINK_SET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=ANY=[], 0x50}}, 0x0)
sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0x2100000000000000)

2.484410806s ago: executing program 4 (id=1269):
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c6261636b67726f756e645f67633d6f6e2c6e6f757365725f78617474722c6e6f71756f74612c64697361626c655f726f6c6c5f666f72776172642c67635f6d657267652c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c646973636172645f756e69743d73656374696f6e2c636865636b706f696e743d64697361626c652c6e6f696e6c696e655f64656e7472792c00ec6da92d1c80a6c720380e3c2c55bf27596d2776ce408c4bb19b149757508e1c7e919c6c2047023baa412d14fa75c8cac6e5f103e13ea52708af0a7c5da8af4ecb6612"], 0x2, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
ioctl$F2FS_IOC_SET_PIN_FILE(0xffffffffffffffff, 0x4004f50d, &(0x7f0000000180)=0xfffffff9)
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000003})
syz_mount_image$vfat(&(0x7f0000000440), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000007900)=ANY=[@ANYBLOB="73686f72746e616d653d77696e6e742c756e695f786c6174653d312c756e695f786c6174653d302c6e6f6e756d7461696c3d302c73686f72746e616d653d6c6f7765722c757466383d302c757466383d312c726f6469722c636865636b3d7374726963742c756e695f786c6174653d312c73686f72746e616d653d77696e39352c696f636861727365743d63703935302c636f6465706167653d3835352c696f636861727365743d63703836322c73686f72746e616d653d6d697865642c646d61736b3d30303030303030303030303030303030303030303130302c757466383d312c756e695f786c6174653d302c696f636861727365743d69736f383835392d362c73686f72746e616d653d6d008000002c6e6e6f6e75008361690400312c73686f72746e616d6577696e39352c726f6469722c757466383d302c696f636861727365743d6575632d6a702c757466383d312c757466383d302c726f6f74636f6e746578743d73746166665f752c009d54d2aaf6d06f18be776bb0ffac7a5551d56f69676c5a4b4e936050f5015a88410ba0676d48b0d307dfb550ec405bfcf6345121e4ef37982c969e2ff5915d729aa2982209cd4f06a1b6fa7ff4d2a7ce636cbde5339573fbd7c5ff9ff4481d415a136dba0a11246055ee1246a02b888f9aa72f3e876b621297de4e141d9700eee76208a6b62fc18d5dce7a798b1920830452b000dfc54ce2735b49179188ca936edb03581e240974fc368283677a20dc700c5f6d3995b3ea4611d52f2dafd6a9e8ad74e3b18058a210222bd6486148f7a294c215544f477f891c", @ANYRESDEC, @ANYRES8=0x0, @ANYRESHEX], 0x6, 0x2e6, &(0x7f00000000c0)="$eJzs3btrZGUUAPBzJ/NSi0lhJYIXtLBazIKVTYLsgpjKJcVqocHdBckEIYGIDxy3EjstLP0LBGH/EButLAVbwc4VFj757iMzk71kZ2Unovn9iuTM/c6Ze+4jyU2Rk/eePzy4Vcadu5/9GuNxEb3tUcT9IjajF60vYsn21wEA/JfdTyn+SLWO5V++Wn5dLL7orbk3AGA9HvHzv9GvPt7MGfcurjcAYD1u3Hz7zZ3d3WtvleU4rh9+ebKXf8XPn+v1nTvxQUzjdrwSk3gQUT0oDKJ6Wsjh9ZTSrF9mm/HS4exkL1cevvtj8/47v0dU9Vsxic1q0+nTRlX/xu61rbK2UD/LfTzd7H8711+NSTz7TVu8VH+1oz72hvHyiwv9X4lJ/PR+fBjTuFU1Ma//fKssX0/f/vnpO7m9XF/MTvZGVd5c2mh3PrjgawQAAAAAAAAAAAAAAAAAAAAAwP/PlWZ2ziiq+T15UzN/Z+NBfjGIsrW5PJ+nrj8dCDyfDxS9lNIsxXcppZ9frVfL1CTO6/vxXL8ZLAgAAAAAAAAAAAAAAAAAAACX3PHHnxzsT6e3j55I0E4D6EfEXzci/un7bC9seSFOl+51JY+afe5Pp70mXM7pL26JjTaniDi3jXwQT+i0PCp46qGec9CLo+9/6KzKR3Tcj66lcQ6GnUttMOjY1+MHHw3q89iZ095dB/tF9zkcnXY4zhcuzl64YXTvfRBntgzb63k2ub0VVzucYRuMcxft0uSxT8vwmSqYnZMTxXlfF6/9tnQ4RZxJHlYTNzrLB03QdTbqe2Ol+znGdfnD3ysK0zoAAAAAAAAAAAAAAAAAAGCt5n/927F499zSXhqtrS0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuFDz//+/StBfLl6hahhHx//WsQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB5/B0AAP//ukFM+Q==")
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
write$UHID_INPUT2(0xffffffffffffffff, &(0x7f0000000040)={0xc, {0xb, "8ed990db29436e7cfd37e4"}}, 0x11)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)

2.416024866s ago: executing program 1 (id=1271):
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x5, 0xb}, 0x0)
socket(0x10, 0x3, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff", @ANYBLOB, @ANYBLOB], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x1, 0x102)
write$P9_RREMOVE(r4, &(0x7f00000002c0)={0x7, 0x7b, 0x2}, 0x7)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x6e, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r5}, 0x10)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
r7 = dup(r6)
connect$bt_rfcomm(r7, &(0x7f00000008c0)={0x1f, @none, 0x6}, 0xa)
bind$bt_l2cap(r6, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@ipv4_newrule={0x1c, 0x20, 0x301, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a}}, 0x1c}}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000040000850000007200000095"], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x1ffffffffffffe12, &(0x7f0000000680)=ANY=[@ANYRESDEC=r3, @ANYRESHEX=r5, @ANYRESDEC=r5, @ANYRESDEC=r5], 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdb1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0b00000005000000000400000900000001000000", @ANYRES32, @ANYBLOB="0000000000000000000000000000000002000038397a3f9cf6147d9f1157d0884100", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)

1.486756379s ago: executing program 3 (id=1273):
syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000500)='./file0\x00', 0x200001, &(0x7f0000000300)={[{@usrquota}, {@barrier}, {@nogrpid}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1000}}]}, 0x1, 0x511, &(0x7f0000001300)="$eJzs3V9rLGcZAPBnJtlj0pOSVL2ohdZiKzlFz27S2DZ40R5BvCtU6v0xJJsQssmG7KY9CUVSxGtBRAteeeWN4AcQpB9BCgW9FxVF9By98EIdmdnJOcm6e5J49s9p8vvBu/PO7M48z7ubnZ2ZdzITwJX1fETcioiJiHgpImbL6WlZ4qhT8tfdu/veal6SyLK3/5pEUk6Lonb8GHG9nG2qM+ipdXC4tdJo1PfK8Vp7e7fWOji8ubm9slHfqO8sLS2+uvza8ivLCwNpZ96u17/+xx99/2ffeP1XX373d7f/fOM7eb4z5fOddgxe5z2p5O/FfZMRsTeMYGMwUbanMu5EAAA4l3z77dMR8YVi+382JoqtuYJNOgAAALgksjdm4l9JRAYAAABcWm8U58AmabU833cm0rRa7ZzD+9l4Im00W+0vrTf3d9Y658rORSVd32zUF8pzaueikuTji0X9wfjLXeNLEfFURPxwdroYr642G2vjPvgBAAAAV8T1rv3/f8x29v8BAACAS2Zu3AkAAAAAQ9dv/z8ZcR4AAADA8Py//f/fG3AeAAAAwFC89eabecmO73+99s7B/lbznZtr9dZWdXt/tbra3NutbjSbG8U1+7bPWl6j2dz9Suzs36m16612rXVweHu7ub/Tvr156hbYAAAAwAg99fkPf5tExNFXp4uSu5Y/TPSZwbUC4NJIL/LiPwwvD2D0+v3Mn9tbg8kDGL3JcScAjM/RuBMAxu3UpT56bBScPHnn1DGDXw8vJwAAYLDmP9e7/z/fBaiMOzlgqC7U/w9cKo/c/w98Yl2w//+jYeUBjF7FFgBceWfd6qPvxTvO3f+fZWcuCwAAGKqZoiRptewLnIk0rVYjniz+1b+SrG826gsRcSsifjNb+VQ+vljMmbg9IAAAAAAAAAAAAAAAAAAAAAAAAACcU5YlkQEAAACXWkT6p6S8/9f87Isz3ccHriX/nC2GEfHuT97+8Z2VdntvMZ/+t/vT2x+U018exxEMAAAAoNvxfvrxfjwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADNK9u++tHpdRxv3L1yJirlf8yZgqhlNRiYgn/p7E5In5koiYGED8o/cj4ule8ZM8rZgrs+iOn0bE9GjiP5tlWc/41wcQH66yD/P1z61e3780ni+Gvb//k2V5VP3Xf+n99d9En/Xfk+eM8czHv6j1jf9+xDOTvdc/x/GTPvFf6LXAHm/Kt791eNgvfvbTiPmevz/JqVi19vZurXVweHNze2WjvlHfWVpafHX5teVXlhdq65uNevnYM8YPnv3lf7om/TvrKNoffeLPndH+F/NK5WRjusOUwT6+c/cznWqlaxFF/Bsv9P78n35I/Pxv4ovl70D+/Pxx/ahTP+m5n3/03IOxa6eey+Ov9Wn/WZ//jZ6t/V8vffO7vz/nSwGAEWgdHG6tNBr1vaFXPsiybFSx+lTSGGf0q16ZejzSuGhl+vFIY6SVQRzZAgAAHjcPNvrHnQkAAAAAAAAAAAAAAAAAAABcXa2DSId9ObHumEfjaSoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwEP9NwAA///V0OIl")

1.428015639s ago: executing program 2 (id=1274):
syz_usb_connect(0x3, 0x64, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000cb8be7406d04230848390102030109025200010000000009044000000e0100000a240608000b020102000600040007000300390c2402050302", @ANYRESOCT=0x0], 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed074479000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
ioctl$KVM_GET_CPUID2(0xffffffffffffffff, 0xc008ae91, &(0x7f00000003c0)={0x5, 0x0, [{}, {}, {}, {}, {}]})
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f0000000380), 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
pipe2$9p(0x0, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x41)
rmdir(0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000100000000010000010000f876c51a26", @ANYRES32=0x1, @ANYBLOB="00000400"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
ptrace(0x8, r1)
bind$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2c}}, 0x10)
connect$inet(r4, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10)
sendmmsg$inet(r4, &(0x7f0000000c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="2000000000000000000000000700000001440e05"], 0x20}}], 0x1, 0x0)
mount$bpf(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000001c0), 0x1810010, &(0x7f0000000700)=ANY=[@ANYBLOB="6e6f6d616e642c007ac33f1b8d34621101821acf26064a8f79480d8977e7854ad731f57671b0201926d7fa196361be2a2c8c107e5a50431d2f26c7fe23ef8b00be4c2af64851a5e93a84313a20c32d77250b5575b599555ba2e79a2cdc3e54f9108df178e8b8fda6fb3c8c09d8feb85f0d04c5aaf612bd81433205cc48357f81b662da4fb1f7fe877618ac7a3a79a9a3d346803b13c1af97be56b15d4a4508a4badf1d39535a2510319ea5c70200ac1fac7edd89b66f190608c355c3b517f0e22f2bbc6073434215e699ea73b91374235d"])
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r0}, 0x18)
waitid$P_PIDFD(0x3, 0xffffffffffffffff, 0x0, 0x8, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

1.42729773s ago: executing program 1 (id=1275):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[], 0x48)
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
creat(0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001780)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, 0x0, 0x0)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', &(0x7f00000004c0), 0x100)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xb, &(0x7f0000000280)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000380)={{0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x28}}, {0x20000010304, @dev}, 0x4, {0x2, 0x4e20, @multicast1=0xe000cc02}})
r6 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
readv(r6, &(0x7f0000000800)=[{0x0}, {&(0x7f0000000340)=""/48, 0x30}, {0x0, 0x3000}], 0x3)
lsetxattr$security_selinux(&(0x7f0000000040)='.\x00', &(0x7f0000000000), &(0x7f0000000080)='system_u:object_r:iptables_conf_t:s0\x00', 0x25, 0x0)

1.355666421s ago: executing program 3 (id=1276):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='kmem_cache_free\x00', r3}, 0x10)
write$cgroup_subtree(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="8fedcb5d07081175f37538e408"], 0xfdef)

1.326601501s ago: executing program 3 (id=1277):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x1000, 0x2})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)

1.272021692s ago: executing program 3 (id=1278):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000340)={'ip6_vti0\x00', &(0x7f0000000440)={'ip6gre0\x00', <r1=>0x0, 0x29, 0x80, 0x1, 0x6, 0x6d, @private0={0xfc, 0x0, '\x00', 0x1}, @mcast1, 0x7, 0x20, 0x5}})
r2 = syz_btf_id_by_name$bpf_lsm(&(0x7f0000000540)='bpf_lsm_verify_prog\x00')
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x2, 0xb, &(0x7f0000000e80)=ANY=[@ANYBLOB="1800000002000000000000000700000018120000", @ANYRES32, @ANYBLOB="0000000000000020b703000000000000850000000c000000b70000000000000018540000080000000000080000000000852000000100000095000000000000006b9900701507c3b91e6209b86e41d2dd581ad9b3c38f3e3d581d5f681648390bde4821854bfc28d8a50d2f8035c9f88bdb5e7427e991f6d63cd3d3c77362922e1828233aa3fa4483748554cc211cd76960b7"], &(0x7f0000000280)='GPL\x00', 0x3, 0x77, &(0x7f00000002c0)=""/119, 0x41000, 0x60, '\x00', r1, @fallback=0x21, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x6, 0x2}, 0x8, 0x10, &(0x7f0000000500)={0x0, 0x5, 0x80000000, 0xfffffbff}, 0x10, r2, 0xffffffffffffffff, 0x5, &(0x7f0000000580)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f00000005c0)=[{0x3, 0x5, 0xb, 0xc}, {0x3, 0x3, 0xe, 0x9}, {0x3, 0x3, 0x4, 0x3}, {0x3, 0x1, 0x5, 0x1}, {0x1, 0x5, 0x3, 0x7}], 0x10, 0x1, @void, @value}, 0x94)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00'}, 0x10)
bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r3}, 0x8)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
move_mount(0xffffffffffffff9c, &(0x7f0000000800)='./bus\x00', r4, &(0x7f0000000840)='./file0\x00', 0x64)

1.009582995s ago: executing program 4 (id=1279):
r0 = syz_open_dev$mouse(&(0x7f0000000040), 0x6, 0x103000)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140))
openat(r0, 0x0, 0x101042, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="0000000000000000210000000000000000a30000046a6e9f780764926e59cc4218b8609b66ed7ffb3f0fb3b6aea72fae6837d1d1a9b5af964fc7b37cf1cd05222fab289526a5ddf218a194fc8d56dc75939f1b6eb85fe4c93f56dbc67f2e5f68fa43c13200037602ea0533b9dc73c38a27bb87a3e1fe7710431c5590c5c3067b4c04031a26459d8785d6d95958a4c0690dd117ad04b9c44010ae245d6589ef4b1e97774e4250888b9943a22c5c8a2105a00a64d78faa9138df14fd872a69f546cb5f15301fad3c07", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/11], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', 0xffffffffffffffff, 0x0, 0x81}, 0x18)
r2 = syz_open_dev$usbfs(&(0x7f0000000080), 0x1ff, 0x402)
r3 = dup(r2)
ioctl$USBDEVFS_CONTROL(r3, 0xc0185500, &(0x7f0000000000)={0x23, 0x3, 0x4, 0x1, 0x0, 0x1, 0x0})
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x14, &(0x7f0000000080)=0x8000, 0x4)
sendto$packet(0xffffffffffffffff, &(0x7f0000000180)="0b03feff4f00020002004788aa96a13bb1000011000088ca1a00", 0x1fffc, 0x0, &(0x7f0000000140), 0x14)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000280)={'ip6tnl0\x00', &(0x7f0000000300)={'ip6_vti0\x00', 0x0, 0x29, 0x9, 0x3, 0x3, 0x53, @mcast1, @empty, 0x10, 0x20, 0x0, 0x80200}})
connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sched_switch\x00'}, 0x10)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x4e23, @multicast2}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f0000000180)="96bc1480bb58", 0x6}], 0x2, &(0x7f0000000040)=[@ip_tos_u8={{0x11, 0x0, 0x7}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @loopback}}}], 0x38}, 0x40010)

945.801196ms ago: executing program 3 (id=1280):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000280)={0x0, &(0x7f0000000380)})
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0xc0ed000e, &(0x7f0000000dc0)={[{@jqfmt_vfsold}, {@sysvgroups}, {@nodiscard}, {@noload}, {@mblk_io_submit}, {@commit={'commit', 0x3d, 0x5}}, {@init_itable_val={'init_itable', 0x3d, 0x601}}, {@journal_dev={'journal_dev', 0x3d, 0x2}}]}, 0x1, 0x45a, &(0x7f0000000940)="$eJzs3M9vFFUcAPDvzLblt62IP0DQKhqJP1pafsjBi0YTDpqY6AHjqbYLqSzU0JoIIVo94NGQeDfe/QOMJ70Y9WTiVe+GhBguoKc1szMDS9ktXbplofv5JLP73syD974z83bezNttAH1rNHtJIrZGxJ8RMZxnby4wmr9du3J++t8r56eTqNff+SdplLt65fx0WbT8d1vyTL1e5De0qPfC+xFTtVr1TJEfXzj10fj82XMvzZ6aOlE9UT09eeTIwQN7hg5PHupKnFlcV3d9Ord759H3Lr41feziB79+l7V3a7G9OY5uGc33bkvPdruyHtvWlE4GetgQOlKJiOxwDTb6/3BUYtP1bcPxxhc9bRywpur1er3V9bmwWAfWsSR63QKgN8oLfXb/Wy53aehxT7j8an4DlMV9rVjyLQOR5oknB5fc33bTaEQcW/zvm2yJNXoOAQDQ7Mds/PNiq/FfGo/kiaHs5YFiDmUkIh6MiO0R8VBE7IiIhyMaZR+NiMc6rH/pDMmt45/00h0HtwLZ+O+VYm7r5vFfWhYZqRS5bY34B5Pjs7Xq/mKf7IvBDcdnk+rEMnX89PofX7Xb1jz+y5as/nIsWLTj0sCSB3QzUwtTq4m52eXPI3YNtIo/iXIaJ4mInRGx6w7rmH2+/YTQ7eNfRhfmmerfRjyXH//FWBJ/KWk7Pznx8uHJQ+Mbo1bdP16eFbf67fcLb7erf1Xxd0F2/De3PP+vxz+SbIyYP3vuZGO+dr7zOi789WXbe5oOz/+j24rzfyh5t7FiqNjwydTCwpmJiKHkzVvXT97438p8WT6Lf9/e1v1/e9zYE49HxO6I2BMRT2Q3hUXbn4qIpyNi7zLx//LaMx92Hv8yT+W7KIt/5nbHP5qPf+eJysmff+g8/lJ2/A82UvuKNSv5/FtpA1ez7wAAAOB+kTa+A5+kY9fTaTo2ln+Hf0dsTmtz8wsvHJ/7+PRM/l35kRhMyyddw03PQyeKZ8NlfnJJ/kDx3PjryqZGfmx6rjbT6+Chz21p0/8zf1d63Tpgzfm9FvQv/R/6l/4P/SnR/6Gv6f/Qv1r1/8/alh77fk0bA9xVrv/Qv1bQ/xfzt/ajAuD+5PoP/Uv/h77U9rfx6ap+8i+x7hOR3hPNWP+JgRX/MYsOEvXhvP9naza0LNPrTyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDu+D8AAP//Yz/jTQ==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
mknod(0x0, 0x800, 0x5)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
quotactl$Q_SYNC(0xffffffff80000102, 0x20, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x40, &(0x7f0000000340), 0x0, 0x4f7, &(0x7f0000000540)="$eJzs3c9vI1cdAPDvTOJNmqZNCpUKCOhSCgtarZ1426jqqVxAqKqEqDhxSEPijaLYcRQ7pQkrNfkfkKjEAcGJMwckDpV64ojgBre9LAekBVagDRIHo/GPbHZjJ2HXsVX785FGM2/eeL7vrTXveb9J/AIYW1cj4iAirkTEexEx1z6ftLd4q7Vl1z24f3v16P7t1SQajXf/kTTrs3Nx4jWZZ9v3nI6I738n4kfJ6bi1vf3NlXK5tNMuF+qV7UJtb//GRmVlvbRe2ioWlxaXFt64+Xqxb319ufKbe9/eePsHH//uS3f/dPDNn2TNmm3XnexHP7W6njuOk5mMiLcvI9gQTLT7c2XYDeGJpBHxmYh4pfn8z8VE8928mC6PNQDwKdBozEVj7mQZABh1aTMHlqT5di5gNtI0n2/l8F6MmbRcrdWv36rubq21cmXzkUtvbZRLC+1c4Xzkkqy8+GF2/LBcjEfLNyPihYj46dQzzXJ+9eJ5BgCgv559bP7/91Rr/gcARtz0eRcsD6YdAMDgnDv/AwAjx/wPAOPH/A8A48f8DwDjx/wPAOPmTmf+nxh2SwCAgfjeO+9kW+Oo/f3Xa+/v7W5W37+xVqpt5iu7q/nV6s52fr1aXS+X8qvVynn3K1er24uvxe4HhXqpVi/U9vaXK9Xdrfpy83u9l0u5gfQKADjLCy9/8pckIg7efKa5xYm1HMzVMNrSYTcAGBo5fxhfvoUbxpf/4wPnreXZ81eEP3qCYI0Pn+BFQL9d+7z8P4wr+X8YX/L/ML7k/2F8NRpJrzX/0+NLAICRIscPDPTn/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAiZpvb/IlymubzEc9FxHzkklsb5dJCRDwfEX+eyk1l5cWhthgAeHrp35L2+l/X5l6dfbz2SvKfqeY+In7883d/9sFKvb6zmJ3/5/H5+kft88VhtB8AOE9nnu7M4x0P7t9e7WyDbM+9b7UWF83iHrW3Vs1kTGa7P05HLiJm/pW0ym3Z55WJPsQ/OIyIz3Xrf9LMjcy3Vz59PH4W+7mBxk8fiZ8261r77N/is6fuPNUz5nlrvcK4+CQbf97q9vylcbW5n+66+PF0c4R6ep3x7+jU+Nd53qebY0238e/qRWO89vvv9qw7jPjCZLf4yXH8pEf8Vy8Y/84Xv/xKr7rGLyOuRff4J2MV6pXtQm1v/8ZGZWW9tF7aKhaXFpcW3rj5erHQzFEXOpnq0/7+5vXne/b/1xEzPeJPn9P/r53Z68bxAPyr/773w6/0in8Y8Y2vdn//XzwjfjYnfv3M+A+tzPy25/LdWfy1Vv8P/9/3//oF49/96/7aBS8FAAagtre/uVIul3b6epCLPt/wxEFySW12MOIH2efxp73PS+2UWddr/vCLj1/KKofe074cDHlgAi7dw4d+2C0BAAAAAAAAAAAAAAB6ufQ/J0qH3UMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABG2f8CAAD//zwQyy8=")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000007c0)='./file2\x00', 0x0, &(0x7f0000000e80)={[{@jqfmt_vfsv1}, {@nouid32}, {@block_validity}, {@norecovery}, {@auto_da_alloc}, {@dioread_lock}]}, 0x3, 0x546, &(0x7f0000000f80)="$eJzs3dFrZFcZAPDv3mR2s7upmaoPtWAttrJbdSdJ47bBh6og+lRQKz4Ja0wmIWSSWZJJuwmLTfFVEES04Is++SL4BwjSF99FKNR3UVGkZvVBoe2VO3Onm0xmkhRncpfk94Oz9557Zu73nQlz5tyZu/cGcGE9GRE3ImIsIp6JiKlie1qU2OuU/HH39+8t5iWJLHvp7SSSYlt3X5eL5bXiaRMR8Y2vRnw3ORp3a2d3baHRqG8W9enWevJOlu3eXF1fWKmv1Dfm5mafm39+/tb8zFD6WY2IF77815/88JdfeeG3n33lT7f/fuN7eVr/zbJXo6cfw9TpeqX9WnSNR8TmKIKVZLzdw45bJecCAMDx8vn+hyPik+35/1SMtWdzAAAAwHmSfWEy3kkiMgAAAODcSiNiMpK0VpzvO1mcsXotIj4aV9NGc6v1meXm9sZS3hZRjUq6vNqoz8RE+9yBalSSvD5bnGPbrT/bU5+LiEcj4sdTV9r12mKzsVT2lx8AAABwQVzrOf7/91Sa1mpF417JyQEAAADDUy07AQAAAGDkHP8DAADA+VfN+tyh66h09JkAAAAAI/C1F1/MS9a9//XSyzvba82Xby7Vt9Zq69uLtcXm5p3aSrO50r5m3/pJ+2s0m3c+Fxvbd6db9a3W9NbO7u315vZG6/bqoVtgAwAAAGfo0U+88cckIvY+f6VdcpeKtkpENnbwweNlZAiMygc6p+cvo8sDOHsHP9+vlJgHcPZM6eHiqpSdAFC6k/4D0MCTd34//FwAAIDRuP6xwb//v71camrAiBW//yenugAIcK6MlZ0AUJrO73/vZR1lZwOcpcpxMwAHBXDupcP5/f+EUwkTAwoAAJRssl2StFYcB0xGmtZqEY+0bwtYSZZXG/WZiPhQRLw1Vbmc12fbz0zM5gEAAAAAAAAAAAAAAAAAAAAAAADglLIsiQwAAAA41yLSv3XvzHV96unJ3u8HLiX/mWovI+KVn73007sLrdbmbL79n+9vb71ebH+2jG8wAAAAgF7d4/TucTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADNP9/XuL97Msy/bvLZ5l3H98KSKqRfyidFrGY6K9nIhKRFz9VxLjB56XRMTYEOLvvRYRj/WLn+RpRbXI4lD8SxFpRFwZVvz4gPGjE//aEOLDRfZGPv58sd/7L40n28v+77/xovy/Bo9/6fvj39iA8e+RQTutHK4+/uavpwfGfy3i8fH+4083fpLvr0/8p07Zx+98c3d3UFv2i4jr/ca/5HCs6db6nemtnd2bq+sLK/WV+sbc3Oxz88/P35qfmV5ebdSLf/vG+NHHf/Peg9q7R/p/9Zjxt93/Aa//06fs/7tv3t3/SGe15y8Tlfh5lt14qv/f/7F88emj8buffZ8qPgfyev4apq9/q2/8J371hycG5Zb3f2lA/yd6+n+5p/83Ttn/Z77+/T+f8qEAwBnY2tldW2g06ptWDq5E9aFI4+FdyeedpaeRRBL5yluHmhbKT6yz8mrxHltodN9tQ9rz74qDo1EmX9J4BAAAjM6DSX9vS1JOQgAAAAAAAAAAAAAAAAAAAHABnXgZsEFNaUQ82PLtHxxzNbLemHvldBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Fj/CwAA//8GI9aV")
socket$inet(0x2, 0x2, 0x0)
pipe(&(0x7f00000007c0))
vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000040)="83e9f6af6acc00f0b3c98911b1f51c6dd60cc2c7fe8557", 0x17}, {&(0x7f0000000380)="eea08933a6cbcc21fe332fbdd86d7bea76df1782a2be9a6ebf96b7bd1a96b8bf3aa95889edec3d1be509e1cf9c2515e71fd291569c59bf7ce5a26b0200ea941ba16a2101a70c93136d354aafc1cc395274458463a6f797ca6aa73698102835e8ab6cca70454380b1ad1cafea00bda2ea2b4af0be5903de2c9a6ec5ba4b5fb303bd37c845f7944c60eea077364608878a723da6e17bf4836f2e7215ad510c7df7e99d7e4f8840269eed29873439c1bad5ece705b72698116051054a9cefd037791418bd410efbd96bad07a4ef", 0xcc}], 0x2, 0xf)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_emit_ethernet(0x4a, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x200000000000009)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0))

528.234532ms ago: executing program 1 (id=1281):
openat$kvm(0xffffffffffffff9c, 0x0, 0x101040, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r0 = socket$netlink(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$netlink(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001d80)=[{&(0x7f00000005c0)={0x28, 0x2e, 0x503, 0x0, 0x0, "", [@nested={0x18, 0x0, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0xc, 0xf, 0x0, 0x0, @u64}]}]}, 0x28}], 0x1}, 0x0)
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x1008002, &(0x7f0000000100)={[{@grpquota}, {@delalloc}, {@resuid}, {@debug}, {@dioread_nolock}, {@jqfmt_vfsold}, {@nomblk_io_submit}, {@noauto_da_alloc}]}, 0x1, 0x5d8, &(0x7f00000005c0)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000bc0)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x5, 0x2, 0x0, @void, @value, @void, @value}, 0x50)
r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000c80)={0xffffffffffffffff}, 0x4)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000d00)={{r2}, &(0x7f0000000c40), &(0x7f0000000cc0)=r3}, 0x20)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x64, 0x6, 0x7e0, 0x628, 0x3f8, 0x3f8, 0x0, 0x628, 0x710, 0x710, 0x710, 0x710, 0x710, 0x6, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @mcast1, [], [], 'veth1\x00', 'syz_tun\x00'}, 0x11e, 0xa8, 0x1d0, 0x1f000000, {0x0, 0x7}}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0x0, 'unconfined\x00'}}}, {{@uncond, 0x0, 0x1e0, 0x228, 0x7400, {}, [@common=@rt={{0x138}, {0x0, [], 0x0, 0x0, 0x0, [@dev, @empty, @remote, @private2, @private1, @dev, @loopback, @mcast2, @local, @loopback, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast2, @loopback, @local, @private1, @dev]}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@remote, 'nr0\x00'}}}, {{@ipv6={@empty, @private0, [], [], 'sit0\x00', 'sit0\x00'}, 0x0, 0xf0, 0x118, 0x0, {}, [@common=@dst={{0x48}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00', 0x0, {0x68}}}, {{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv4=@private, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}}}, {{@uncond, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x840)
r4 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
fcntl$lock(r4, 0x5, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f00000002c0)={@ifindex, 0xe, 0x1, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000d40)='blkio.bfq.time_recursive\x00', 0x275a, 0x0)
close(r5)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0x3, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_DETACH(0x1c, &(0x7f00000002c0)=ANY=[@ANYRES32=r5], 0x20)
ioctl$SNAPSHOT_PLATFORM_SUPPORT(r4, 0x330f, 0xfce)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x90}}, 0x0)
symlink(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
r7 = userfaultfd(0x1)
ioctl$UFFDIO_API(r7, 0xc018aa3f, &(0x7f0000000000))
read(r7, &(0x7f0000000140)=""/238, 0xee)
ioctl$UFFDIO_REGISTER(r7, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
close(r7)
r8 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000003, 0x12, r8, 0x8000000)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x0, &(0x7f0000000080), 0x200000, 0x4)

192.061257ms ago: executing program 4 (id=1282):
link(&(0x7f0000000080)='./file0\x00', 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000))
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x11, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
pipe2$9p(&(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r3}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x1, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
fsmount(r6, 0x0, 0x0)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000140)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)

132.828578ms ago: executing program 1 (id=1283):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='kfree\x00', r1}, 0x18)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

131.040118ms ago: executing program 0 (id=1284):
r0 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @remote}, 0x10)
sendmmsg$inet(r0, &(0x7f0000005240), 0x4000095, 0x0)
getsockopt$inet_int(r0, 0x0, 0x17, 0x0, &(0x7f00000000c0)=0x3)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socket$igmp(0x2, 0x3, 0x2)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000000e0000000000000600000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000004000000000000000b29c229c270685746650f00ca02266070681917a0eae0c34d94d35cd6a5d3d8fe68262b023c979b54583e0b64e62adf23c56b647f29de6c6ea65d50a95eae5db57c5b4839249417d424fde6900199529896a64ed3119acf5ffffc5c479578724a33370877070c47b4f980a6b7f7656ef6ff8e910508c8d0d372100886a13202bdf8c07ce4b004e87128def924aefb980b1d0f1970af7ed2d4ec133270f08cd40a57d7d7baea05a141d829bdf15e45a4312b3b53f826a125f471ce89a0dd96761240dfd27c9150ad9f1980729b1c2c8586ea290a7bacb"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="000000005f2bad230da5821a14000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b7000000000000009500000000000000"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x2d)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f00000018c0), 0xffffffffffffffff)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r7, 0x8933, 0x0)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r10, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f0000000140)=[{0x20, 0x0, 0x0, 0xfffff028}, {0x6, 0x0, 0x0, 0xffffffff}]}, 0x10)
sendmmsg(r9, &(0x7f000000f780)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40840)
ioctl$sock_SIOCGIFINDEX_802154(r8, 0x8933, 0x0)
sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x20000000}, 0x8860)
bind$bt_l2cap(r1, &(0x7f0000000040)={0x1f, 0x0, @none, 0x4, 0x2}, 0x2d)

0s ago: executing program 3 (id=1285):
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7}}, @call={0x85, 0x0, 0x0, 0x8}]}, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0x2, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000030000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000540)='fib6_table_lookup\x00', r3}, 0x10)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000540)='fib6_table_lookup\x00', r5}, 0x10)
sendto$inet6(r4, 0x0, 0x0, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0xffd0}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x66, 0x8}, @initr0, @exit, @alu={0x6, 0x0, 0x3, 0xa, 0x0, 0x2}, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0xff5c, &(0x7f0000000340)=""/222, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)
bpf$PROG_BIND_MAP(0x23, &(0x7f0000000200)={r6, r0}, 0xc)

kernel console output (not intermixed with test programs):

ted capacity change from 0 to 16
[  232.489400][ T2635] loop0: detected capacity change from 0 to 512
[  232.505979][ T2637] erofs: (device loop1): mounted with root inode @ nid 36.
[  232.553227][ T2635] EXT4-fs (loop0): Ignoring removed mblk_io_submit option
[  232.577523][ T2635] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  232.633885][ T2598] syz.3.627[2598] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  232.633960][ T2598] syz.3.627[2598] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  232.654403][ T2635] EXT4-fs (loop0): 1 truncate cleaned up
[  232.671444][ T2635] EXT4-fs (loop0): mounted filesystem without journal. Opts: i_version,mblk_io_submit,debug_want_extra_isize=0x0000000000000068,lazytime,discard,data_err=abort,,errors=continue. Quota mode: none.
[  232.763189][ T2649] netlink: 12 bytes leftover after parsing attributes in process `syz.4.640'.
[  233.062596][    T6] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  233.462887][    T6] usb 3-1: config 0 has an invalid interface number: 64 but max is 0
[  233.471344][    T6] usb 3-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config
[  233.481912][    T6] usb 3-1: config 0 has no interface number 0
[  233.532871][ T2657] loop0: detected capacity change from 0 to 256
[  233.551266][ T2657] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  233.642671][    T6] usb 3-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=39.48
[  233.655939][    T6] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  233.671488][    T6] usb 3-1: Product: syz
[  233.679870][    T6] usb 3-1: Manufacturer: syz
[  233.689672][    T6] usb 3-1: SerialNumber: syz
[  233.703967][    T6] usb 3-1: config 0 descriptor??
[  233.719326][ T2655] loop1: detected capacity change from 0 to 40427
[  233.736484][ T2655] F2FS-fs (loop1): invalid crc value
[  233.746266][ T2655] F2FS-fs (loop1): Found nat_bits in checkpoint
[  233.947172][   T30] audit: type=1400 audit(1748999583.818:1140): avc:  denied  { remount } for  pid=2656 comm="syz.0.643" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  234.123447][ T2650] syz.2.642[2650] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  234.124862][ T2650] syz.2.642[2650] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  234.189635][   T30] audit: type=1400 audit(1748999583.858:1141): avc:  denied  { remove_name } for  pid=2656 comm="syz.0.643" name="file0" dev="loop0" ino=1048652 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  234.312824][ T2655] F2FS-fs (loop1): Start checkpoint disabled!
[  234.320365][   T30] audit: type=1400 audit(1748999583.858:1142): avc:  denied  { rename } for  pid=2656 comm="syz.0.643" name="file0" dev="loop0" ino=1048652 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  235.551566][   T30] audit: type=1400 audit(1748999583.858:1143): avc:  denied  { rmdir } for  pid=2656 comm="syz.0.643" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop0" ino=1048651 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  235.622799][ T2655] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  235.697444][   T30] audit: type=1326 audit(1748999583.958:1144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2656 comm="syz.0.643" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0603be969 code=0x7ffc0000
[  235.744820][   T30] audit: type=1326 audit(1748999583.958:1145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2656 comm="syz.0.643" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0603be969 code=0x7ffc0000
[  235.768504][   T30] audit: type=1326 audit(1748999583.968:1146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2656 comm="syz.0.643" exe="/root/syz-executor" sig=0 arch=c000003e syscall=136 compat=0 ip=0x7fb0603be969 code=0x7ffc0000
[  235.832637][   T20] usb 4-1: Found UVC 0.00 device syz (046d:0823)
[  235.840958][   T20] usb 4-1: No valid video chain found.
[  235.885574][   T20] usb 4-1: USB disconnect, device number 8
[  235.987244][ T2678] serio: Serial port tty28
[  236.022196][ T2655] attempt to access beyond end of device
[  236.022196][ T2655] loop1: rw=2049, want=45104, limit=40427
[  236.094733][   T10] attempt to access beyond end of device
[  236.094733][   T10] loop1: rw=2049, want=45120, limit=40427
[  236.215068][ T2684] usb usb8: usbfs: process 2684 (syz.0.651) did not claim interface 0 before use
[  236.409314][ T2686] loop1: detected capacity change from 0 to 16
[  236.425328][ T2686] erofs: (device loop1): mounted with root inode @ nid 36.
[  236.762706][    T6] usb 3-1: Found UVC 0.00 device syz (046d:0823)
[  237.295520][ T2692] loop3: detected capacity change from 0 to 512
[  237.468968][ T2692] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  237.745478][ T2692] EXT4-fs (loop3): 1 truncate cleaned up
[  237.751180][ T2692] EXT4-fs (loop3): mounted filesystem without journal. Opts: usrjquota=,mb_optimize_scan=0x0000000000000001,debug_want_extra_isize=0x0000000000000068,nombcache,block_validity,data_err=abort,,errors=continue. Quota mode: none.
[  238.028883][    T6] usb 3-1: No valid video chain found.
[  238.039194][    T6] usb 3-1: USB disconnect, device number 10
[  238.112598][  T472] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  238.780346][ T2709] loop2: detected capacity change from 0 to 40427
[  239.123044][ T2709] F2FS-fs (loop2): fault_injection options not supported
[  239.156551][ T2709] F2FS-fs (loop2): invalid crc value
[  239.243569][ T2709] F2FS-fs (loop2): Found nat_bits in checkpoint
[  239.262618][  T472] usb 1-1: config 0 has an invalid interface number: 64 but max is 0
[  239.270727][  T472] usb 1-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config
[  239.283623][  T472] usb 1-1: config 0 has no interface number 0
[  239.362682][ T2709] F2FS-fs (loop2): Start checkpoint disabled!
[  239.375401][ T2709] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  239.384334][   T30] kauditd_printk_skb: 2 callbacks suppressed
[  239.384351][   T30] audit: type=1400 audit(1748999589.258:1149): avc:  denied  { ioctl } for  pid=2726 comm="syz.3.665" path="socket:[23138]" dev="sockfs" ino=23138 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  239.448484][ T2727] netlink: 'syz.3.665': attribute type 4 has an invalid length.
[  239.472695][  T472] usb 1-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=39.48
[  239.473261][ T2727] netlink: 'syz.3.665': attribute type 4 has an invalid length.
[  239.492011][  T472] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  239.497972][ T2724] loop1: detected capacity change from 0 to 40427
[  239.511165][ T2723] loop4: detected capacity change from 0 to 40427
[  239.519200][ T2724] F2FS-fs (loop1): invalid crc value
[  239.524167][  T472] usb 1-1: Product: syz
[  239.537691][  T472] usb 1-1: Manufacturer: syz
[  239.542394][  T472] usb 1-1: SerialNumber: syz
[  239.547967][ T2724] F2FS-fs (loop1): Found nat_bits in checkpoint
[  239.550203][  T472] usb 1-1: config 0 descriptor??
[  239.563056][ T2732] serio: Serial port tty26
[  239.579703][ T2723] F2FS-fs (loop4): invalid crc value
[  239.598284][ T2724] F2FS-fs (loop1): Start checkpoint disabled!
[  239.609290][ T2724] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  239.620577][ T2723] F2FS-fs (loop4): Found nat_bits in checkpoint
[  239.678578][   T30] audit: type=1400 audit(1748999589.548:1150): avc:  denied  { read } for  pid=2736 comm="syz.2.666" name="msr" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  239.702441][ T2723] F2FS-fs (loop4): Start checkpoint disabled!
[  239.704364][ T2737] binder: 2736:2737 ioctl 800448f0 200000000100 returned -22
[  239.720572][ T2723] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  239.722753][   T30] audit: type=1400 audit(1748999589.568:1151): avc:  denied  { open } for  pid=2736 comm="syz.2.666" path="/dev/cpu/0/msr" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  239.747269][ T2737] loop2: detected capacity change from 0 to 2048
[  239.759805][   T30] audit: type=1400 audit(1748999589.568:1152): avc:  denied  { set_context_mgr } for  pid=2736 comm="syz.2.666" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  239.795594][   T30] audit: type=1400 audit(1748999589.568:1153): avc:  denied  { write } for  pid=2736 comm="syz.2.666" name="binder0" dev="binder" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  239.796723][ T2706] syz.0.658[2706] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  239.826793][   T30] audit: type=1400 audit(1748999589.568:1154): avc:  denied  { map } for  pid=2736 comm="syz.2.666" path="/dev/binderfs/binder0" dev="binder" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  239.845931][ T2706] syz.0.658[2706] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  239.866247][   T30] audit: type=1400 audit(1748999589.588:1155): avc:  denied  { call } for  pid=2736 comm="syz.2.666" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  239.899259][ T2737] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  240.158629][ T2724] attempt to access beyond end of device
[  240.158629][ T2724] loop1: rw=2049, want=45104, limit=40427
[  240.193712][ T2723] attempt to access beyond end of device
[  240.193712][ T2723] loop4: rw=2049, want=45104, limit=40427
[  240.227682][ T1708] attempt to access beyond end of device
[  240.227682][ T1708] loop1: rw=2049, want=45120, limit=40427
[  240.277059][ T1708] attempt to access beyond end of device
[  240.277059][ T1708] loop4: rw=2049, want=45120, limit=40427
[  240.449752][ T2749] loop2: detected capacity change from 0 to 40427
[  240.677347][ T2749] F2FS-fs (loop2): invalid crc value
[  240.683897][ T2749] F2FS-fs (loop2): Found nat_bits in checkpoint
[  240.738893][ T2749] F2FS-fs (loop2): Start checkpoint disabled!
[  240.746066][ T2749] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  240.963302][ T2749] attempt to access beyond end of device
[  240.963302][ T2749] loop2: rw=2049, want=45104, limit=40427
[  240.988593][    T8] attempt to access beyond end of device
[  240.988593][    T8] loop2: rw=2049, want=45120, limit=40427
[  241.003205][   T30] audit: type=1400 audit(1748999590.878:1156): avc:  denied  { mount } for  pid=2767 comm="syz.1.675" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  241.162802][   T30] audit: type=1400 audit(1748999591.028:1157): avc:  denied  { unmount } for  pid=283 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  241.439948][ T2774] loop2: detected capacity change from 0 to 16
[  241.462261][ T2774] erofs: (device loop2): mounted with root inode @ nid 36.
[  241.989618][ T2783] serio: Serial port tty28
[  242.011229][ T2772] loop1: detected capacity change from 0 to 40427
[  242.021509][ T2772] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  242.029415][ T2772] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  242.053650][ T2772] F2FS-fs (loop1): invalid crc value
[  242.078850][ T2772] F2FS-fs (loop1): Found nat_bits in checkpoint
[  242.112623][  T472] usb 1-1: Found UVC 0.00 device syz (046d:0823)
[  242.120397][  T472] usb 1-1: No valid video chain found.
[  242.147795][ T2772] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  242.148250][  T472] usb 1-1: USB disconnect, device number 5
[  242.155057][ T2772] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  242.259744][ T2785] loop2: detected capacity change from 0 to 40427
[  242.273107][ T2785] F2FS-fs (loop2): invalid crc value
[  242.280760][ T2785] F2FS-fs (loop2): Found nat_bits in checkpoint
[  242.319809][ T2785] F2FS-fs (loop2): Start checkpoint disabled!
[  242.328165][ T2785] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  242.354776][ T2791] loop0: detected capacity change from 0 to 40427
[  242.394260][  T580] attempt to access beyond end of device
[  242.394260][  T580] loop2: rw=2049, want=45104, limit=40427
[  242.407649][ T2791] F2FS-fs (loop0): invalid crc value
[  242.414847][ T2791] F2FS-fs (loop0): Found nat_bits in checkpoint
[  242.465697][ T2791] F2FS-fs (loop0): Start checkpoint disabled!
[  242.495018][ T2791] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  242.686879][  T580] attempt to access beyond end of device
[  242.686879][  T580] loop0: rw=2049, want=45104, limit=40427
[  242.692103][ T2811] nr0: tun_chr_ioctl cmd 1074025677
[  242.704304][ T2811] nr0: linktype set to 6
[  242.714619][ T2811] syz.2.688 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  243.196741][   T30] audit: type=1400 audit(1748999593.058:1158): avc:  denied  { mounton } for  pid=2818 comm="syz.0.689" path="/122/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  243.201311][ T2823] incfs_lookup_dentry err:-5
[  243.223960][ T2823] incfs: Can't find or create .index dir in ./file0
[  243.231067][ T2823] incfs: mount failed -5
[  243.328768][ T2828] loop0: detected capacity change from 0 to 2048
[  243.701338][ T2828] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  243.757220][ T2828] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  243.776197][ T2828] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 34 with error 28
[  243.788874][ T2828] EXT4-fs (loop0): This should not happen!! Data will be lost
[  243.788874][ T2828] 
[  243.799153][ T2828] EXT4-fs (loop0): Total free blocks count 0
[  243.805462][ T2828] EXT4-fs (loop0): Free/Dirty block details
[  243.823387][ T2828] EXT4-fs (loop0): free_blocks=2415919104
[  243.868479][ T2828] EXT4-fs (loop0): dirty_blocks=48
[  243.904481][ T2828] EXT4-fs (loop0): Block reservation details
[  243.974314][ T2828] EXT4-fs (loop0): i_reserved_data_blocks=3
[  244.246741][ T2848] loop2: detected capacity change from 0 to 2048
[  244.308750][ T2848] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  244.388869][ T2848] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  244.413192][ T2856] serio: Serial port tty28
[  244.435043][ T2848] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 34 with error 28
[  244.488393][ T2845] loop1: detected capacity change from 0 to 40427
[  244.495366][ T2848] EXT4-fs (loop2): This should not happen!! Data will be lost
[  244.495366][ T2848] 
[  244.505152][ T2848] EXT4-fs (loop2): Total free blocks count 0
[  244.511179][ T2848] EXT4-fs (loop2): Free/Dirty block details
[  244.517347][ T2848] EXT4-fs (loop2): free_blocks=2415919104
[  244.523330][ T2848] EXT4-fs (loop2): dirty_blocks=48
[  244.528592][ T2848] EXT4-fs (loop2): Block reservation details
[  244.539694][ T2848] EXT4-fs (loop2): i_reserved_data_blocks=3
[  244.545771][ T2845] F2FS-fs (loop1): invalid crc value
[  244.552352][ T2845] F2FS-fs (loop1): Found nat_bits in checkpoint
[  244.558959][   T30] kauditd_printk_skb: 70 callbacks suppressed
[  244.558971][   T30] audit: type=1326 audit(1748999594.428:1229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2847 comm="syz.2.698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa08e21e969 code=0x7ffc0000
[  244.613640][   T30] audit: type=1326 audit(1748999594.458:1230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2847 comm="syz.2.698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa08e21e969 code=0x7ffc0000
[  244.656999][ T2845] F2FS-fs (loop1): Start checkpoint disabled!
[  244.675471][   T30] audit: type=1326 audit(1748999594.518:1231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2847 comm="syz.2.698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa08e21e969 code=0x7ffc0000
[  244.698935][ T2845] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  244.755026][   T30] audit: type=1326 audit(1748999594.518:1232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2847 comm="syz.2.698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa08e21e969 code=0x7ffc0000
[  244.806466][   T30] audit: type=1326 audit(1748999594.518:1233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2847 comm="syz.2.698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa08e21e969 code=0x7ffc0000
[  244.861453][ T1708] attempt to access beyond end of device
[  244.861453][ T1708] loop1: rw=2049, want=45104, limit=40427
[  244.883481][   T30] audit: type=1326 audit(1748999594.518:1234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2847 comm="syz.2.698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fa08e21d41f code=0x7ffc0000
[  244.908251][   T30] audit: type=1326 audit(1748999594.518:1235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2847 comm="syz.2.698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa08e21e969 code=0x7ffc0000
[  244.933003][   T30] audit: type=1326 audit(1748999594.518:1236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2847 comm="syz.2.698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa08e21e969 code=0x7ffc0000
[  244.957066][   T30] audit: type=1326 audit(1748999594.528:1237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2847 comm="syz.2.698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa08e21e969 code=0x7ffc0000
[  244.981430][   T30] audit: type=1326 audit(1748999594.528:1238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2847 comm="syz.2.698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa08e21e969 code=0x7ffc0000
[  245.033215][ T2865] loop2: detected capacity change from 0 to 16
[  245.049855][ T2865] erofs: (device loop2): mounted with root inode @ nid 36.
[  245.166928][ T2871] loop1: detected capacity change from 0 to 256
[  248.544569][ T2899] loop1: detected capacity change from 0 to 256
[  248.587682][ T2899] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  248.852676][   T39] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  248.904763][ T2902] loop2: detected capacity change from 0 to 40427
[  248.993867][ T2902] F2FS-fs (loop2): invalid crc value
[  249.012618][ T2902] F2FS-fs (loop2): Found nat_bits in checkpoint
[  249.130358][ T2902] F2FS-fs (loop2): Start checkpoint disabled!
[  249.152441][ T2902] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  249.232823][   T39] usb 4-1: config 0 has an invalid interface number: 64 but max is 0
[  249.246558][   T39] usb 4-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config
[  249.297045][   T39] usb 4-1: config 0 has no interface number 0
[  249.333997][  T580] attempt to access beyond end of device
[  249.333997][  T580] loop2: rw=2049, want=40984, limit=40427
[  249.503029][   T39] usb 4-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=39.48
[  249.522499][   T39] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  249.534048][ T2912] loop0: detected capacity change from 0 to 256
[  249.542330][   T39] usb 4-1: Product: syz
[  249.549014][   T39] usb 4-1: Manufacturer: syz
[  249.553832][   T39] usb 4-1: SerialNumber: syz
[  249.562958][   T39] usb 4-1: config 0 descriptor??
[  249.580083][ T2912] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  250.100192][   T30] kauditd_printk_skb: 16 callbacks suppressed
[  250.100220][   T30] audit: type=1326 audit(1748999599.958:1255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2911 comm="syz.0.717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0603be969 code=0x7ffc0000
[  250.150960][ T2904] syz.3.715[2904] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  250.151755][ T2904] syz.3.715[2904] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  250.758320][   T30] audit: type=1326 audit(1748999599.958:1256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2911 comm="syz.0.717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0603be969 code=0x7ffc0000
[  250.812639][   T30] audit: type=1326 audit(1748999599.968:1257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2911 comm="syz.0.717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=136 compat=0 ip=0x7fb0603be969 code=0x7ffc0000
[  250.973069][   T30] audit: type=1326 audit(1748999599.968:1258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2911 comm="syz.0.717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0603be969 code=0x7ffc0000
[  251.340645][ T2925] sit: non-ECT from 0.0.0.0 with TOS=0x3
[  251.625319][   T30] audit: type=1326 audit(1748999599.968:1259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2911 comm="syz.0.717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0603be969 code=0x7ffc0000
[  253.092638][   T39] usb 4-1: Found UVC 0.00 device syz (046d:0823)
[  253.105476][   T39] usb 4-1: No valid video chain found.
[  253.141624][   T39] usb 4-1: USB disconnect, device number 9
[  253.260977][ T2926] loop0: detected capacity change from 0 to 40427
[  253.287705][ T2926] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  253.304044][ T2941] netlink: 12 bytes leftover after parsing attributes in process `syz.2.716'.
[  253.317004][ T2926] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  253.362894][ T2926] F2FS-fs (loop0): invalid crc value
[  253.389204][ T2926] F2FS-fs (loop0): Found nat_bits in checkpoint
[  253.466436][ T2926] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  253.481977][ T2926] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  253.637273][ T1708] attempt to access beyond end of device
[  253.637273][ T1708] loop0: rw=1, want=45112, limit=40427
[  254.086529][ T2968] loop2: detected capacity change from 0 to 40427
[  254.107335][ T2968] F2FS-fs (loop2): invalid crc value
[  254.124401][ T2968] F2FS-fs (loop2): Found nat_bits in checkpoint
[  254.202655][ T2968] F2FS-fs (loop2): Start checkpoint disabled!
[  254.231831][ T2968] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  254.324207][   T30] audit: type=1400 audit(1748999604.198:1260): avc:  denied  { bind } for  pid=2975 comm="syz.3.732" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  254.359932][   T30] audit: type=1400 audit(1748999604.198:1261): avc:  denied  { setopt } for  pid=2975 comm="syz.3.732" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  254.670235][   T10] attempt to access beyond end of device
[  254.670235][   T10] loop2: rw=2049, want=45104, limit=40427
[  254.780143][ T2983] netlink: 12 bytes leftover after parsing attributes in process `syz.3.733'.
[  256.225631][ T3000] loop3: detected capacity change from 0 to 512
[  256.351925][ T3000] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  256.382707][ T3000] ext4 filesystem being mounted at /156/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  256.564074][ T3011] loop1: detected capacity change from 0 to 512
[  256.738898][ T3013] loop2: detected capacity change from 0 to 2048
[  256.923792][ T3011] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  256.955653][ T3011] ext4 filesystem being mounted at /151/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  256.978427][  T904]  loop2: p1 < > p3
[  256.983752][  T904] loop2: p3 size 134217728 extends beyond EOD, truncated
[  257.028447][ T3013]  loop2: p1 < > p3
[  257.038416][ T3013] loop2: p3 size 134217728 extends beyond EOD, truncated
[  257.688380][  T904] udevd[904]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory
[  257.690648][ T1725] udevd[1725]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  257.708930][ T3013] loop2: detected capacity change from 0 to 512
[  257.792739][  T904] udevd[904]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory
[  257.803951][ T1725] udevd[1725]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  257.852646][   T26] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  258.112602][   T26] usb 5-1: Using ep0 maxpacket: 16
[  258.242640][   T26] usb 5-1: config 2 has an invalid interface number: 4 but max is 0
[  258.250859][   T26] usb 5-1: config 2 has no interface number 0
[  258.257031][   T26] usb 5-1: config 2 interface 4 altsetting 0 has a duplicate endpoint with address 0x1, skipping
[  258.267833][   T26] usb 5-1: config 2 interface 4 altsetting 0 endpoint 0x6 has invalid maxpacket 512, setting to 64
[  258.485128][   T26] usb 5-1: New USB device found, idVendor=0499, idProduct=1018, bcdDevice=b2.da
[  258.494411][   T26] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  258.503729][   T26] usb 5-1: Product: syz
[  258.508031][   T26] usb 5-1: Manufacturer: syz
[  258.513902][   T26] usb 5-1: SerialNumber: syz
[  258.553113][ T3045] loop2: detected capacity change from 0 to 1024
[  258.689510][   T26] usb 5-1: invalid MIDI in EP 0
[  258.706646][   T26] snd-usb-audio: probe of 5-1:2.4 failed with error -22
[  258.940817][   T26] usb 5-1: USB disconnect, device number 8
[  258.960978][ T3045] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  258.972124][ T3045] ext4 filesystem being mounted at /160/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  259.439531][ T3050] netlink: 12 bytes leftover after parsing attributes in process `syz.3.749'.
[  259.769505][   T30] audit: type=1326 audit(1748999609.638:1262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3060 comm="syz.2.751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa08e21e969 code=0x7ffc0000
[  259.831823][   T30] audit: type=1326 audit(1748999609.638:1263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3060 comm="syz.2.751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa08e21e969 code=0x7ffc0000
[  259.855298][   T30] audit: type=1326 audit(1748999609.638:1264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3060 comm="syz.2.751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa08e21e969 code=0x7ffc0000
[  259.879243][   T30] audit: type=1326 audit(1748999609.688:1265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3060 comm="syz.2.751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa08e21e969 code=0x7ffc0000
[  259.902907][   T30] audit: type=1326 audit(1748999609.698:1266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3060 comm="syz.2.751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa08e21e969 code=0x7ffc0000
[  259.927050][   T30] audit: type=1326 audit(1748999609.698:1267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3060 comm="syz.2.751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa08e21e969 code=0x7ffc0000
[  259.951116][   T30] audit: type=1326 audit(1748999609.698:1268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3060 comm="syz.2.751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa08e21e969 code=0x7ffc0000
[  259.985137][   T30] audit: type=1326 audit(1748999609.698:1269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3060 comm="syz.2.751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa08e21e969 code=0x7ffc0000
[  259.993386][ T3070] loop4: detected capacity change from 0 to 40427
[  260.019246][   T30] audit: type=1326 audit(1748999609.698:1270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3060 comm="syz.2.751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fa08e21e969 code=0x7ffc0000
[  260.044629][ T3070] F2FS-fs (loop4): invalid crc value
[  260.044665][ T3077] loop3: detected capacity change from 0 to 2048
[  260.050113][   T30] audit: type=1326 audit(1748999609.698:1271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3060 comm="syz.2.751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa08e21e969 code=0x7ffc0000
[  260.081640][ T3070] F2FS-fs (loop4): Found nat_bits in checkpoint
[  260.090693][ T3077] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  260.122621][  T292] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  260.124331][ T3070] F2FS-fs (loop4): Start checkpoint disabled!
[  260.137398][ T3070] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  260.205469][    T8] attempt to access beyond end of device
[  260.205469][    T8] loop4: rw=2049, want=40984, limit=40427
[  260.674286][ T3091] loop0: detected capacity change from 0 to 256
[  260.704590][  T292] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  260.723964][  T292] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0
[  260.734514][  T292] usb 3-1: config 0 interface 0 has no altsetting 0
[  260.741229][  T292] usb 3-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.00
[  260.750480][  T292] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  260.794809][  T292] usb 3-1: config 0 descriptor??
[  261.274020][  T292] logitech-djreceiver 0003:046D:C534.0003: unknown main item tag 0x0
[  261.282198][  T292] logitech-djreceiver 0003:046D:C534.0003: unknown main item tag 0x0
[  261.293888][  T292] logitech-djreceiver 0003:046D:C534.0003: unknown main item tag 0x0
[  261.302060][  T292] logitech-djreceiver 0003:046D:C534.0003: unknown main item tag 0x0
[  261.487321][ T3061] loop2: detected capacity change from 0 to 1024
[  261.651601][ T3061] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=f00cc01c, mo2=0002]
[  261.663948][ T3061] System zones: 0-1, 3-36
[  261.723243][ T3061] EXT4-fs (loop2): mounted filesystem without journal. Opts: i_version,debug_want_extra_isize=0x0000000000000088,resuid=0x0000000000000000,max_batch_time=0x0000000000000003,lazytime,usrquota,debug,data_err=abort,,errors=continue. Quota mode: writeback.
[  261.804732][   T26] usb 3-1: USB disconnect, device number 11
[  261.841382][ T3118] loop0: detected capacity change from 0 to 2048
[  261.931293][ T3114] loop1: detected capacity change from 0 to 40427
[  261.938990][ T3118] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  261.962200][ T3114] F2FS-fs (loop1): invalid crc value
[  261.990081][ T3114] F2FS-fs (loop1): Found nat_bits in checkpoint
[  261.991735][ T3118] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  262.011444][ T3118] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 34 with error 28
[  262.024077][ T3118] EXT4-fs (loop0): This should not happen!! Data will be lost
[  262.024077][ T3118] 
[  262.033978][ T3118] EXT4-fs (loop0): Total free blocks count 0
[  262.040000][ T3118] EXT4-fs (loop0): Free/Dirty block details
[  262.046221][ T3118] EXT4-fs (loop0): free_blocks=2415919104
[  262.052006][ T3118] EXT4-fs (loop0): dirty_blocks=48
[  262.058419][ T3118] EXT4-fs (loop0): Block reservation details
[  262.064455][ T3118] EXT4-fs (loop0): i_reserved_data_blocks=3
[  262.081647][ T3114] F2FS-fs (loop1): Start checkpoint disabled!
[  262.100723][ T3114] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  262.208706][    T8] attempt to access beyond end of device
[  262.208706][    T8] loop1: rw=2049, want=40976, limit=40427
[  262.350222][ T3129] loop4: detected capacity change from 0 to 128
[  262.405919][ T3133] loop0: detected capacity change from 0 to 256
[  262.453520][ T3133] exfat: Deprecated parameter 'namecase'
[  262.499976][ T3133] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x6dfb6af6, utbl_chksum : 0xe619d30d)
[  262.702585][  T307] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  262.787815][ T3149] loop1: detected capacity change from 0 to 40427
[  262.873140][ T3149] F2FS-fs (loop1): invalid crc value
[  262.973376][ T3149] F2FS-fs (loop1): Found nat_bits in checkpoint
[  263.068033][ T3149] F2FS-fs (loop1): Start checkpoint disabled!
[  263.075240][ T3149] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  263.150608][ T3149] attempt to access beyond end of device
[  263.150608][ T3149] loop1: rw=2049, want=45104, limit=40427
[  263.162608][  T307] usb 5-1: Using ep0 maxpacket: 16
[  263.174237][  T558] attempt to access beyond end of device
[  263.174237][  T558] loop1: rw=2049, want=45120, limit=40427
[  263.282694][  T307] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  263.299804][  T307] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  263.318177][  T307] usb 5-1: config 0 interface 0 has no altsetting 0
[  263.329106][  T307] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  263.338983][ T3159] loop1: detected capacity change from 0 to 2048
[  263.340149][  T307] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  263.356535][  T307] usb 5-1: config 0 descriptor??
[  263.436390][ T3159] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  263.458914][ T3159] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  263.478504][ T3159] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 34 with error 28
[  263.491285][ T3159] EXT4-fs (loop1): This should not happen!! Data will be lost
[  263.491285][ T3159] 
[  263.501454][ T3159] EXT4-fs (loop1): Total free blocks count 0
[  263.576465][ T3159] EXT4-fs (loop1): Free/Dirty block details
[  263.582475][ T3159] EXT4-fs (loop1): free_blocks=2415919104
[  263.589302][ T3159] EXT4-fs (loop1): dirty_blocks=48
[  263.594659][ T3159] EXT4-fs (loop1): Block reservation details
[  263.600823][ T3159] EXT4-fs (loop1): i_reserved_data_blocks=3
[  263.788322][ T3183] loop1: detected capacity change from 0 to 512
[  263.821924][ T3171] loop3: detected capacity change from 0 to 40427
[  263.844269][  T307] hid (null): unknown global tag 0xc
[  263.853235][  T307] hid (null): report_id 0 is invalid
[  263.858602][ T3171] F2FS-fs (loop3): invalid crc value
[  263.864298][  T307] hid (null): unknown global tag 0xe
[  263.870645][ T3171] F2FS-fs (loop3): Found nat_bits in checkpoint
[  263.883819][ T3183] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  263.903197][ T3183] ext4 filesystem being mounted at /161/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  263.922664][ T3171] F2FS-fs (loop3): Start checkpoint disabled!
[  263.996186][ T3171] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  264.254337][    T8] attempt to access beyond end of device
[  264.254337][    T8] loop3: rw=2049, want=40976, limit=40427
[  264.697779][ T3199] loop2: detected capacity change from 0 to 4096
[  264.735880][ T3199] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  265.301337][  T307] usb 5-1: USB disconnect, device number 9
[  265.418538][ T3207] loop3: detected capacity change from 0 to 40427
[  265.441896][ T3207] F2FS-fs (loop3): invalid crc value
[  265.474054][ T3207] F2FS-fs (loop3): Found nat_bits in checkpoint
[  265.571630][ T3207] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  265.611290][ T3223] loop2: detected capacity change from 0 to 4096
[  265.688433][ T3212] loop4: detected capacity change from 0 to 40427
[  265.718813][ T3223] EXT4-fs (loop2): Test dummy encryption mode enabled
[  265.748655][ T3212] F2FS-fs (loop4): invalid crc value
[  265.832974][ T3226] attempt to access beyond end of device
[  265.832974][ T3226] loop3: rw=2049, want=45104, limit=40427
[  265.838517][ T3212] F2FS-fs (loop4): Found nat_bits in checkpoint
[  265.851154][ T3223] EXT4-fs (loop2): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000008000000,noauto_da_alloc,dioread_nolock,test_dummy_encryption,nobarrier,nodelalloc,minixdf,debug_want_extra_isize=0x0000000000000040,,errors=continue. Quota mode: writeback.
[  265.851435][   T30] kauditd_printk_skb: 156 callbacks suppressed
[  265.851449][   T30] audit: type=1400 audit(1748999615.718:1428): avc:  denied  { unlink } for  pid=3206 comm="syz.3.795" name="file0" dev="loop3" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1
[  265.905890][   T30] audit: type=1400 audit(1748999615.778:1429): avc:  denied  { map } for  pid=3206 comm="syz.3.795" path="/dev/ashmem" dev="devtmpfs" ino=265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  265.965386][ T3221] loop0: detected capacity change from 0 to 40427
[  266.010802][ T3212] F2FS-fs (loop4): Start checkpoint disabled!
[  266.018820][ T3221] F2FS-fs (loop0): invalid crc value
[  266.024862][ T3212] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  266.052462][ T3237] SELinux:  policydb magic number 0x7665642f does not match expected magic number 0xf97cff8c
[  266.080135][ T3237] SELinux: failed to load policy
[  266.089618][  T282] attempt to access beyond end of device
[  266.089618][  T282] loop3: rw=2049, want=40976, limit=40427
[  266.101867][ T3221] F2FS-fs (loop0): Found nat_bits in checkpoint
[  266.165759][ T3238] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni"
[  266.176486][ T3238] bridge0: adding interface bridge0 with same address as a received packet (addr:aa:aa:aa:aa:aa:1c, vlan:0)
[  266.212631][   T30] audit: type=1400 audit(1748999616.048:1430): avc:  denied  { ioctl } for  pid=3222 comm="syz.2.801" path="socket:[25189]" dev="sockfs" ino=25189 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  266.243785][ T3232] loop1: detected capacity change from 0 to 2048
[  266.268902][ T3221] F2FS-fs (loop0): Start checkpoint disabled!
[  266.280978][ T3221] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  266.289859][ T3232]  loop1: p1 < > p3
[  266.305363][ T3232] loop1: p3 size 134217728 extends beyond EOD, truncated
[  266.414110][  T558] attempt to access beyond end of device
[  266.414110][  T558] loop0: rw=2049, want=40976, limit=40427
[  266.458656][  T904] udevd[904]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory
[  266.541646][ T3255] loop4: detected capacity change from 0 to 256
[  266.558770][ T3253] loop2: detected capacity change from 0 to 1024
[  266.669303][ T3259] loop1: detected capacity change from 0 to 512
[  266.985252][ T3253] EXT4-fs (loop2): Ignoring removed bh option
[  267.323358][ T3253] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c80ce018, mo2=0000]
[  267.342592][ T3259] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  267.353919][ T3259] ext4 filesystem being mounted at /165/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  267.378698][ T3253] EXT4-fs error (device loop2): ext4_map_blocks:630: inode #3: block 2: comm syz.2.808: lblock 2 mapped to illegal pblock 2 (length 1)
[  267.407415][ T3253] Quota error (device loop2): qtree_write_dquot: dquota write failed
[  267.416789][ T3253] EXT4-fs error (device loop2): ext4_map_blocks:630: inode #3: block 48: comm syz.2.808: lblock 0 mapped to illegal pblock 48 (length 1)
[  267.432312][ T3253] Quota error (device loop2): v2_write_file_info: Can't write info structure
[  267.442731][ T3253] EXT4-fs error (device loop2): ext4_acquire_dquot:6195: comm syz.2.808: Failed to acquire dquot type 0
[  267.454447][ T3253] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5866: Corrupt filesystem
[  267.467514][ T3253] EXT4-fs error (device loop2): ext4_evict_inode:283: inode #11: comm syz.2.808: mark_inode_dirty error
[  267.497847][ T3253] EXT4-fs warning (device loop2): ext4_evict_inode:286: couldn't mark inode dirty (err -117)
[  267.508383][ T3253] EXT4-fs (loop2): 1 orphan inode deleted
[  267.514695][ T3253] EXT4-fs (loop2): mounted filesystem without journal. Opts: usrquota,noblock_validity,bh,max_batch_time=0x00000000000008c9,debug,inlinecrypt,,errors=continue. Quota mode: writeback.
[  267.533011][ T1708] EXT4-fs error (device loop2): ext4_map_blocks:630: inode #3: block 1: comm kworker/u4:9: lblock 1 mapped to illegal pblock 1 (length 1)
[  267.591218][ T1708] Quota error (device loop2): remove_tree: Can't read quota data block 1
[  267.603712][ T3253] EXT4-fs error (device loop2): ext4_map_blocks:630: inode #2: block 16: comm syz.2.808: lblock 0 mapped to illegal pblock 16 (length 1)
[  267.766711][ T1708] EXT4-fs error (device loop2): ext4_release_dquot:6231: comm kworker/u4:9: Failed to release dquot type 0
[  267.801468][ T3253] EXT4-fs error (device loop2): ext4_map_blocks:630: inode #2: block 16: comm syz.2.808: lblock 0 mapped to illegal pblock 16 (length 1)
[  267.879990][  T284] EXT4-fs error (device loop2): __ext4_get_inode_loc:4352: comm syz-executor: Invalid inode table block 1 in block_group 0
[  267.898829][  T284] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5866: Corrupt filesystem
[  267.911903][  T284] EXT4-fs error (device loop2): ext4_quota_off:6501: inode #3: comm syz-executor: mark_inode_dirty error
[  268.006925][   T30] audit: type=1326 audit(1748999617.878:1431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3282 comm="syz.1.817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda2f822969 code=0x7ffc0000
[  268.054499][   T30] audit: type=1326 audit(1748999617.878:1432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3282 comm="syz.1.817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda2f822969 code=0x7ffc0000
[  268.094553][   T30] audit: type=1326 audit(1748999617.878:1433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3282 comm="syz.1.817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=113 compat=0 ip=0x7fda2f822969 code=0x7ffc0000
[  268.143656][   T30] audit: type=1326 audit(1748999617.878:1434): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3282 comm="syz.1.817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda2f822969 code=0x7ffc0000
[  268.211498][ T3280] loop0: detected capacity change from 0 to 40427
[  268.225909][ T3280] F2FS-fs (loop0): invalid crc value
[  268.232501][ T3280] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109)
[  268.243154][ T3288] netlink: 12 bytes leftover after parsing attributes in process `syz.2.815'.
[  268.267108][ T3280] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0
[  268.273903][ T3280] F2FS-fs (loop0): Start checkpoint disabled!
[  268.280780][ T3280] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  268.375715][ T1708] attempt to access beyond end of device
[  268.375715][ T1708] loop0: rw=2049, want=45112, limit=40427
[  268.949334][ T3302] loop1: detected capacity change from 0 to 256
[  269.148482][ T3298] loop0: detected capacity change from 0 to 40427
[  269.160004][ T3298] F2FS-fs (loop0): invalid crc value
[  269.168918][ T3298] F2FS-fs (loop0): Found nat_bits in checkpoint
[  269.201716][ T3298] F2FS-fs (loop0): Start checkpoint disabled!
[  269.209125][ T3298] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  269.317319][ T3313] loop3: detected capacity change from 0 to 512
[  269.505474][ T3313] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  269.517088][ T3313] ext4 filesystem being mounted at /174/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  269.772830][ T1333] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  270.178860][ T1708] attempt to access beyond end of device
[  270.178860][ T1708] loop0: rw=2049, want=40976, limit=40427
[  270.610850][ T1333] usb 5-1: config 0 has an invalid interface number: 64 but max is 0
[  270.620022][ T1333] usb 5-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config
[  270.630737][ T1333] usb 5-1: config 0 has no interface number 0
[  270.986005][ T1333] usb 5-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=39.48
[  271.026147][ T1333] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  271.036491][ T1333] usb 5-1: Product: syz
[  271.040973][ T1333] usb 5-1: Manufacturer: syz
[  271.043867][ T3332] loop1: detected capacity change from 0 to 1024
[  271.046127][ T1333] usb 5-1: SerialNumber: syz
[  271.057599][ T1333] usb 5-1: config 0 descriptor??
[  271.067273][ T3332] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  271.080729][ T3332] __quota_error: 10 callbacks suppressed
[  271.080747][ T3332] Quota error (device loop1): find_tree_dqentry: Getting block too big (134217730 >= 6)
[  271.096623][ T3332] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0
[  271.106288][ T3332] EXT4-fs error (device loop1): ext4_acquire_dquot:6195: comm syz.1.830: Failed to acquire dquot type 1
[  271.117685][ T1252] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  271.118739][ T3332] Quota error (device loop1): find_tree_dqentry: Getting block too big (134217730 >= 6)
[  271.135107][ T3332] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0
[  271.144831][ T3332] EXT4-fs error (device loop1): ext4_acquire_dquot:6195: comm syz.1.830: Failed to acquire dquot type 1
[  271.163341][ T3332] overlayfs: failed to resolve './bus': -2
[  271.212683][  T399] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  271.229751][ T3335] loop1: detected capacity change from 0 to 16
[  271.263947][ T3335] erofs: (device loop1): mounted with root inode @ nid 36.
[  271.307601][ T3317] syz.4.825[3317] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  271.307677][ T3317] syz.4.825[3317] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  271.372642][ T1252] usb 4-1: Using ep0 maxpacket: 16
[  271.612803][  T399] usb 1-1: config 0 has an invalid interface number: 64 but max is 0
[  271.637837][  T399] usb 1-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config
[  271.729499][  T399] usb 1-1: config 0 has no interface number 0
[  271.963204][  T399] usb 1-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=39.48
[  272.004799][  T399] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  272.077242][  T399] usb 1-1: Product: syz
[  272.117565][  T399] usb 1-1: Manufacturer: syz
[  272.198751][  T399] usb 1-1: SerialNumber: syz
[  272.280677][  T399] usb 1-1: config 0 descriptor??
[  273.313984][ T3330] syz.0.827[3330] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  273.314640][ T3330] syz.0.827[3330] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  273.344435][ T3351] loop2: detected capacity change from 0 to 256
[  273.464414][ T1252] usb 4-1: config 0 has no interfaces?
[  273.499770][ T3356] netlink: 12 bytes leftover after parsing attributes in process `syz.1.833'.
[  273.530279][   T30] audit: type=1400 audit(1748999623.398:1445): avc:  denied  { listen } for  pid=3353 comm="syz.4.837" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  273.562659][ T1252] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  273.576784][ T1252] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  273.587068][   T30] audit: type=1400 audit(1748999623.458:1446): avc:  denied  { mounton } for  pid=3353 comm="syz.4.837" path="/157/file0" dev="incremental-fs" ino=862 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  273.610818][ T1252] usb 4-1: Manufacturer: syz
[  273.612803][ T1333] usb 5-1: Found UVC 0.00 device syz (046d:0823)
[  273.616732][   T30] audit: type=1400 audit(1748999623.458:1447): avc:  denied  { getattr } for  pid=3353 comm="syz.4.837" name="/" dev="incremental-fs" ino=862 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  273.622363][ T1333] usb 5-1: No valid video chain found.
[  273.647664][ T1252] usb 4-1: config 0 descriptor??
[  273.665075][ T1333] usb 5-1: USB disconnect, device number 10
[  273.886124][ T1252] usb 4-1: can't set config #0, error -71
[  274.170603][ T1252] usb 4-1: USB disconnect, device number 10
[  274.345156][ T3363] loop3: detected capacity change from 0 to 512
[  274.625564][ T3363] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  274.637557][ T3363] ext4 filesystem being mounted at /176/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  274.909253][ T3374] tipc: Enabling of bearer <eth:syzk> rejected, failed to enable media
[  274.941212][   T30] audit: type=1326 audit(1748999624.808:1448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3375 comm="syz.1.842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda2f822969 code=0x7ffc0000
[  274.964834][  T399] usb 1-1: Found UVC 0.00 device syz (046d:0823)
[  274.971824][  T399] usb 1-1: No valid video chain found.
[  274.979960][   T30] audit: type=1326 audit(1748999624.818:1449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3375 comm="syz.1.842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fda2f822969 code=0x7ffc0000
[  275.005640][   T30] audit: type=1326 audit(1748999624.818:1450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3375 comm="syz.1.842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda2f822969 code=0x7ffc0000
[  275.026382][  T399] usb 1-1: USB disconnect, device number 6
[  275.201669][ T3381] loop2: detected capacity change from 0 to 40427
[  275.227141][ T3381] F2FS-fs (loop2): invalid crc value
[  275.257168][ T3381] F2FS-fs (loop2): Found nat_bits in checkpoint
[  275.305982][ T3381] F2FS-fs (loop2): Start checkpoint disabled!
[  275.313168][ T3381] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  275.420110][ T3398] loop0: detected capacity change from 0 to 16
[  275.428666][ T3381] attempt to access beyond end of device
[  275.428666][ T3381] loop2: rw=2049, want=45104, limit=40427
[  275.448160][   T10] attempt to access beyond end of device
[  275.448160][   T10] loop2: rw=2049, want=45112, limit=40427
[  275.460751][ T3398] erofs: (device loop0): mounted with root inode @ nid 36.
[  275.678341][ T3406] loop2: detected capacity change from 0 to 256
[  276.147185][ T3415] netlink: 12 bytes leftover after parsing attributes in process `syz.3.853'.
[  276.195255][ T3417] loop4: detected capacity change from 0 to 256
[  276.226036][ T3417] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  276.591835][ T3421] loop2: detected capacity change from 0 to 256
[  276.646323][ T3421] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  277.901295][ T3430] tipc: Enabling of bearer <eth:syzkaller> rejected, failed to enable media
[  278.130953][ T3444] loop3: detected capacity change from 0 to 16
[  278.211206][ T3440] loop2: detected capacity change from 0 to 512
[  278.218741][ T3444] erofs: (device loop3): mounted with root inode @ nid 36.
[  278.412697][   T30] kauditd_printk_skb: 37 callbacks suppressed
[  278.412752][   T30] audit: type=1400 audit(1748999628.208:1488): avc:  denied  { ioctl } for  pid=3443 comm="syz.0.862" path="socket:[25771]" dev="sockfs" ino=25771 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  278.573189][ T3440] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback.
[  278.585795][ T3440] ext4 filesystem being mounted at /180/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  278.682181][ T3457] loop4: detected capacity change from 0 to 256
[  279.669545][ T3473] tipc: Enabling of bearer <eth:syzkaller> rejected, failed to enable media
[  279.731401][ T3482] loop1: detected capacity change from 0 to 16
[  279.744773][ T3482] erofs: (device loop1): mounted with root inode @ nid 36.
[  280.450373][ T3492] loop1: detected capacity change from 0 to 256
[  280.491544][ T3480] loop4: detected capacity change from 0 to 40427
[  280.503506][ T3492] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  280.524223][ T3480] F2FS-fs (loop4): Unrecognized mount option "00000000000000000003H0*iBG��	��'Aw簥`I��G�G�R��?��z�M�
[  280.524223][ T3480] �L����w�e����2�[9f���Bm�a��rP(h�jm�"�#�EIcrX�|�EԋV��B����O$�Ү���g�G��L���4�B^��i[*3oWĴ�.��Fy6�Q��{�t��"S'5-�"�P�5�g�m��]/�_:g�i+
i-�������O�" or missing value
[  280.546865][ T3494] tipc: Enabling of bearer <eth:syzkall> rejected, failed to enable media
[  280.663092][ T3496] loop3: detected capacity change from 0 to 256
[  281.099755][ T3507] loop3: detected capacity change from 0 to 128
[  281.142121][ T3507] FAT-fs (loop3): Directory bread(block 32) failed
[  281.148946][ T3507] FAT-fs (loop3): Directory bread(block 33) failed
[  281.155752][ T3507] FAT-fs (loop3): Directory bread(block 34) failed
[  281.162351][ T3507] FAT-fs (loop3): Directory bread(block 35) failed
[  281.169118][ T3507] FAT-fs (loop3): Directory bread(block 36) failed
[  281.175841][ T3507] FAT-fs (loop3): Directory bread(block 37) failed
[  281.182642][ T3507] FAT-fs (loop3): Directory bread(block 38) failed
[  281.189303][ T3507] FAT-fs (loop3): Directory bread(block 39) failed
[  281.196111][ T3507] FAT-fs (loop3): Directory bread(block 40) failed
[  281.202761][ T3507] FAT-fs (loop3): Directory bread(block 41) failed
[  281.351760][ T3507] FAT-fs (loop3): error, corrupted directory (invalid entries)
[  281.359443][ T3507] FAT-fs (loop3): Filesystem has been set read-only
[  282.008502][ T3511] loop0: detected capacity change from 0 to 256
[  282.982019][ T3529] loop0: detected capacity change from 0 to 16
[  283.066490][ T3529] erofs: (device loop0): mounted with root inode @ nid 36.
[  283.606511][ T3541] netlink: 8 bytes leftover after parsing attributes in process `syz.4.890'.
[  283.635112][ T3541] loop4: detected capacity change from 0 to 256
[  283.642830][ T3541] exfat: Unknown parameter ''
[  283.988483][ T3548] loop2: detected capacity change from 0 to 256
[  284.136324][ T3548] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  284.451257][ T3570] loop1: detected capacity change from 0 to 16
[  284.470110][ T3568] netlink: 12 bytes leftover after parsing attributes in process `syz.0.897'.
[  284.543337][ T3570] erofs: (device loop1): mounted with root inode @ nid 36.
[  284.677464][ T3560] loop4: detected capacity change from 0 to 40427
[  284.763578][ T3560] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  284.772981][ T3560] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  284.796204][ T3560] F2FS-fs (loop4): invalid crc value
[  284.825218][ T3560] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 39874397669)
[  284.846669][ T3560] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  284.927364][ T3560] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  284.934726][ T3560] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  285.052773][   T30] audit: type=1400 audit(1748999634.898:1489): avc:  denied  { setattr } for  pid=3559 comm="syz.4.896" path="/165/bus/file1" dev="loop4" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  285.275816][ T3560] attempt to access beyond end of device
[  285.275816][ T3560] loop4: rw=2049, want=81136, limit=40427
[  285.299835][ T3560] attempt to access beyond end of device
[  285.299835][ T3560] loop4: rw=2049, want=81920, limit=40427
[  285.338889][ T3560] attempt to access beyond end of device
[  285.338889][ T3560] loop4: rw=2049, want=52088, limit=40427
[  285.541915][ T3605] loop0: detected capacity change from 0 to 256
[  285.776261][ T3610] loop0: detected capacity change from 0 to 128
[  285.823369][ T3610] FAT-fs (loop0): Directory bread(block 32) failed
[  285.830061][ T3610] FAT-fs (loop0): Directory bread(block 33) failed
[  285.836814][ T3610] FAT-fs (loop0): Directory bread(block 34) failed
[  285.843482][ T3610] FAT-fs (loop0): Directory bread(block 35) failed
[  285.850389][ T3610] FAT-fs (loop0): Directory bread(block 36) failed
[  285.857073][ T3610] FAT-fs (loop0): Directory bread(block 37) failed
[  285.863859][ T3610] FAT-fs (loop0): Directory bread(block 38) failed
[  285.870499][ T3610] FAT-fs (loop0): Directory bread(block 39) failed
[  285.877378][ T3610] FAT-fs (loop0): Directory bread(block 40) failed
[  285.884075][ T3610] FAT-fs (loop0): Directory bread(block 41) failed
[  286.047048][ T3610] FAT-fs (loop0): error, corrupted directory (invalid entries)
[  286.054818][ T3610] FAT-fs (loop0): Filesystem has been set read-only
[  286.818562][ T3617] tipc: Enabling of bearer <eth:syzkall> rejected, failed to enable media
[  286.867539][   T30] audit: type=1326 audit(1748999636.738:1490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3623 comm="syz.2.914" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa08e21e969 code=0x0
[  286.890518][ T3609] loop4: detected capacity change from 0 to 40427
[  286.950649][ T3609] F2FS-fs (loop4): invalid crc value
[  286.957405][   T30] audit: type=1400 audit(1748999636.828:1491): avc:  denied  { bind } for  pid=3625 comm="syz.0.916" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  286.995536][ T3609] F2FS-fs (loop4): Found nat_bits in checkpoint
[  287.005082][   T30] audit: type=1400 audit(1748999636.878:1492): avc:  denied  { map } for  pid=3625 comm="syz.0.916" path="socket:[26850]" dev="sockfs" ino=26850 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  287.030121][   T30] audit: type=1400 audit(1748999636.878:1493): avc:  denied  { read accept } for  pid=3625 comm="syz.0.916" path="socket:[26850]" dev="sockfs" ino=26850 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  287.066862][ T3629] netlink: 12 bytes leftover after parsing attributes in process `syz.3.915'.
[  287.079667][   T30] audit: type=1326 audit(1748999636.948:1494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3625 comm="syz.0.916" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0603be969 code=0x7ffc0000
[  287.103636][   T30] audit: type=1326 audit(1748999636.948:1495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3625 comm="syz.0.916" exe="/root/syz-executor" sig=0 arch=c000003e syscall=225 compat=0 ip=0x7fb0603be969 code=0x7ffc0000
[  287.126472][ T3609] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  287.170077][   T30] audit: type=1326 audit(1748999636.948:1496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3625 comm="syz.0.916" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0603be969 code=0x7ffc0000
[  287.208129][ T3609] attempt to access beyond end of device
[  287.208129][ T3609] loop4: rw=2049, want=45160, limit=40427
[  287.223088][   T30] audit: type=1400 audit(1748999637.098:1497): avc:  denied  { setopt } for  pid=3608 comm="syz.4.905" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  287.496417][  T285] attempt to access beyond end of device
[  287.496417][  T285] loop4: rw=2049, want=45168, limit=40427
[  287.638583][ T3635] loop0: detected capacity change from 0 to 40427
[  287.653494][ T3635] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  287.661298][ T3635] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  287.671062][ T3635] F2FS-fs (loop0): invalid crc value
[  287.678930][ T3635] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 39874397669)
[  287.697530][ T3635] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  287.783119][ T3635] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  287.790629][ T3635] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  288.489662][  T580] attempt to access beyond end of device
[  288.489662][  T580] loop0: rw=1048577, want=80160, limit=40427
[  288.518581][  T580] attempt to access beyond end of device
[  288.518581][  T580] loop0: rw=1048577, want=81920, limit=40427
[  288.555418][  T580] attempt to access beyond end of device
[  288.555418][  T580] loop0: rw=1048577, want=53248, limit=40427
[  288.604791][ T3659] netlink: 72 bytes leftover after parsing attributes in process `syz.1.924'.
[  288.615285][   T30] audit: type=1400 audit(1748999638.488:1498): avc:  denied  { execute_no_trans } for  pid=3656 comm="syz.1.924" path="/190/file0" dev="tmpfs" ino=1062 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  289.016608][ T3635] attempt to access beyond end of device
[  289.016608][ T3635] loop0: rw=2049, want=65344, limit=40427
[  289.034963][ T3635] attempt to access beyond end of device
[  289.034963][ T3635] loop0: rw=2049, want=67608, limit=40427
[  289.119561][ T3671] loop2: detected capacity change from 0 to 512
[  289.282659][   T39] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  289.358664][ T3671] EXT4-fs (loop2): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000007,nodiscard,auto_da_alloc,,errors=continue. Quota mode: writeback.
[  289.375541][ T3671] ext4 filesystem being mounted at /190/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  289.406469][ T3671] EXT4-fs error (device loop2): ext4_do_update_inode:5234: inode #2: comm syz.2.925: corrupted inode contents
[  289.419825][ T3671] EXT4-fs error (device loop2): ext4_dirty_inode:6070: inode #2: comm syz.2.925: mark_inode_dirty error
[  289.432625][ T3671] EXT4-fs error (device loop2): ext4_do_update_inode:5234: inode #2: comm syz.2.925: corrupted inode contents
[  289.446024][ T3671] EXT4-fs error (device loop2): __ext4_ext_dirty:183: inode #2: comm syz.2.925: mark_inode_dirty error
[  289.533232][ T3674] fuse: Bad value for 'fd'
[  289.596346][  T580] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[  289.607767][  T580] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  289.624284][  T580] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[  289.633669][  T580] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  289.642014][  T580] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  289.650621][  T580] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  289.659279][  T580] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  289.675238][  T580] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  289.782643][   T39] usb 5-1: config 0 has an invalid interface number: 64 but max is 0
[  289.794101][   T39] usb 5-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config
[  289.816292][   T39] usb 5-1: config 0 has no interface number 0
[  289.911355][ T3688] loop2: detected capacity change from 0 to 2048
[  289.950791][ T3688] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  289.966196][ T3688] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  289.976909][ T3689] netlink: 12 bytes leftover after parsing attributes in process `syz.1.932'.
[  289.981942][ T3688] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 34 with error 28
[  289.990556][   T39] usb 5-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=39.48
[  290.003045][ T3688] EXT4-fs (loop2): This should not happen!! Data will be lost
[  290.003045][ T3688] 
[  290.022071][ T3688] EXT4-fs (loop2): Total free blocks count 0
[  290.028704][ T3688] EXT4-fs (loop2): Free/Dirty block details
[  290.034843][ T3688] EXT4-fs (loop2): free_blocks=2415919104
[  290.042355][ T3688] EXT4-fs (loop2): dirty_blocks=48
[  290.047598][   T39] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  290.048195][ T3688] EXT4-fs (loop2): Block reservation details
[  290.062234][ T3688] EXT4-fs (loop2): i_reserved_data_blocks=3
[  290.068434][   T39] usb 5-1: Product: syz
[  290.068588][   T30] kauditd_printk_skb: 77 callbacks suppressed
[  290.068601][   T30] audit: type=1326 audit(1748999639.938:1576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3685 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f37119ca927 code=0x7ffc0000
[  290.078533][   T39] usb 5-1: Manufacturer: syz
[  290.079924][   T30] audit: type=1326 audit(1748999639.938:1577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3685 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f371196fb39 code=0x7ffc0000
[  290.129340][   T30] audit: type=1326 audit(1748999639.938:1578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3685 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7f37119d3969 code=0x7ffc0000
[  290.152448][   T39] usb 5-1: SerialNumber: syz
[  290.157996][   T30] audit: type=1326 audit(1748999639.948:1579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3685 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f37119ca927 code=0x7ffc0000
[  290.165485][   T39] usb 5-1: config 0 descriptor??
[  290.188268][  T399] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  290.196846][  T399] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  290.198108][   T30] audit: type=1326 audit(1748999639.948:1580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3685 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f371196fb39 code=0x7ffc0000
[  290.228273][   T30] audit: type=1326 audit(1748999639.948:1581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3685 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7f37119d3969 code=0x7ffc0000
[  290.251905][   T30] audit: type=1326 audit(1748999639.948:1582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3687 comm="syz.2.934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa08e21e969 code=0x7ffc0000
[  290.276288][   T30] audit: type=1326 audit(1748999639.948:1583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3687 comm="syz.2.934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa08e21e969 code=0x7ffc0000
[  290.297363][  T399] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  290.308622][   T30] audit: type=1326 audit(1748999639.998:1584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3685 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f37119ca927 code=0x7ffc0000
[  290.331857][   T30] audit: type=1326 audit(1748999639.998:1585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3685 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f371196fb39 code=0x7ffc0000
[  290.436406][ T3667] syz.4.927[3667] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  290.436750][ T3667] syz.4.927[3667] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  291.199833][  T399] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  291.248512][  T399] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  292.242048][ T3724] loop2: detected capacity change from 0 to 2048
[  292.794274][ T3726] loop0: detected capacity change from 0 to 512
[  292.825485][   T39] usb 5-1: Found UVC 0.00 device syz (046d:0823)
[  293.006198][ T3737] loop4: detected capacity change from 0 to 512
[  293.012606][   T39] usb 5-1: No valid video chain found.
[  293.033081][   T39] usb 5-1: USB disconnect, device number 11
[  293.043779][ T3740] loop1: detected capacity change from 0 to 512
[  293.060213][ T3724] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_lock,usrjquota=,quota,norecovery,auto_da_alloc,noquota,grpquota,barrier=0x0000000000000000,grpjquota=,jqfmt=vfsold,,errors=continue. Quota mode: writeback.
[  293.094322][ T3726] EXT4-fs (loop0): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000007,nodiscard,auto_da_alloc,,errors=continue. Quota mode: writeback.
[  293.110712][ T3726] ext4 filesystem being mounted at /180/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  293.123712][ T3726] EXT4-fs error (device loop0): ext4_do_update_inode:5234: inode #2: comm syz.0.944: corrupted inode contents
[  293.135824][ T3726] EXT4-fs error (device loop0): ext4_dirty_inode:6070: inode #2: comm syz.0.944: mark_inode_dirty error
[  293.147247][ T3726] EXT4-fs error (device loop0): ext4_do_update_inode:5234: inode #2: comm syz.0.944: corrupted inode contents
[  293.159412][ T3726] EXT4-fs error (device loop0): __ext4_ext_dirty:183: inode #2: comm syz.0.944: mark_inode_dirty error
[  293.172609][ T3726] EXT4-fs (loop0): re-mounted. Opts: (null). Quota mode: writeback.
[  293.181814][ T3737] EXT4-fs (loop4): bad geometry: block count 204800 exceeds size of device (256 blocks)
[  293.198411][ T3731] netlink: 8 bytes leftover after parsing attributes in process `syz.3.941'.
[  293.317090][ T3724] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.942: bg 0: block 234: padding at end of block bitmap is not set
[  293.359204][ T3724] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1324 with error 28
[  293.389555][ T3740] EXT4-fs (loop1): mounted filesystem without journal. Opts: i_version,nodiscard,min_batch_time=0x00000000000003ff,,errors=continue. Quota mode: none.
[  293.426457][ T3724] EXT4-fs (loop2): This should not happen!! Data will be lost
[  293.426457][ T3724] 
[  293.436208][ T3724] EXT4-fs (loop2): Total free blocks count 0
[  293.449234][ T3724] EXT4-fs (loop2): Free/Dirty block details
[  293.455389][ T3724] EXT4-fs (loop2): free_blocks=0
[  293.460340][ T3724] EXT4-fs (loop2): dirty_blocks=1328
[  293.466738][ T3724] EXT4-fs (loop2): Block reservation details
[  293.472883][ T3724] EXT4-fs (loop2): i_reserved_data_blocks=83
[  293.548424][ T3740] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[  293.611462][ T3750] sch_fq: defrate 2147483649 ignored.
[  293.650720][ T3750] fuse: Bad value for 'user_id'
[  293.954829][ T3762] netlink: 'syz.2.953': attribute type 30 has an invalid length.
[  294.038002][ T3759] loop1: detected capacity change from 0 to 512
[  294.045019][ T3757] loop0: detected capacity change from 0 to 2048
[  294.096194][ T3757] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  294.119116][ T3757] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  294.158592][ T3759] EXT4-fs (loop1): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000001000,nodiscard,quota,,errors=continue. Quota mode: writeback.
[  294.174468][ T3772] loop2: detected capacity change from 0 to 256
[  294.188393][ T3757] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 34 with error 28
[  294.212194][ T3759] ext4 filesystem being mounted at /196/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  294.222713][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  294.223006][ T3757] EXT4-fs (loop0): This should not happen!! Data will be lost
[  294.223006][ T3757] 
[  294.240282][ T3757] EXT4-fs (loop0): Total free blocks count 0
[  294.246432][ T3757] EXT4-fs (loop0): Free/Dirty block details
[  294.252477][ T3757] EXT4-fs (loop0): free_blocks=2415919104
[  294.258382][ T3757] EXT4-fs (loop0): dirty_blocks=48
[  294.263601][ T3757] EXT4-fs (loop0): Block reservation details
[  294.269590][ T3757] EXT4-fs (loop0): i_reserved_data_blocks=3
[  294.382311][ T3760] netlink: 96 bytes leftover after parsing attributes in process `syz.1.952'.
[  294.492252][ T3786] loop2: detected capacity change from 0 to 256
[  294.938404][ T3787] loop0: detected capacity change from 0 to 256
[  294.948998][ T3791] loop4: detected capacity change from 0 to 512
[  295.004860][ T3787] FAT-fs (loop0): bogus logical sector size 511
[  295.011175][ T3787] FAT-fs (loop0): Can't find a valid FAT filesystem
[  295.249873][ T3791] EXT4-fs (loop4): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000007,nodiscard,auto_da_alloc,,errors=continue. Quota mode: writeback.
[  295.266687][ T3791] ext4 filesystem being mounted at /175/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  295.390427][ T3791] EXT4-fs error (device loop4): ext4_do_update_inode:5234: inode #2: comm syz.4.959: corrupted inode contents
[  295.403248][ T3791] EXT4-fs error (device loop4): ext4_dirty_inode:6070: inode #2: comm syz.4.959: mark_inode_dirty error
[  295.415014][ T3791] EXT4-fs error (device loop4): ext4_do_update_inode:5234: inode #2: comm syz.4.959: corrupted inode contents
[  295.426904][ T3791] EXT4-fs error (device loop4): __ext4_ext_dirty:183: inode #2: comm syz.4.959: mark_inode_dirty error
[  295.678542][ T3802] netlink: 8 bytes leftover after parsing attributes in process `syz.3.962'.
[  296.575694][ T3804] loop0: detected capacity change from 0 to 256
[  296.642595][   T30] kauditd_printk_skb: 154 callbacks suppressed
[  296.642611][   T30] audit: type=1326 audit(1748999646.498:1740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3805 comm="syz.3.967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37119d3969 code=0x7ffc0000
[  296.704496][   T30] audit: type=1326 audit(1748999646.498:1741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3805 comm="syz.3.967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f37119d3969 code=0x7ffc0000
[  296.727935][   T30] audit: type=1326 audit(1748999646.498:1742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3805 comm="syz.3.967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f37119d39a3 code=0x7ffc0000
[  296.751133][   T30] audit: type=1326 audit(1748999646.498:1743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3805 comm="syz.3.967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f37119d241f code=0x7ffc0000
[  296.797275][   T30] audit: type=1326 audit(1748999646.508:1744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3805 comm="syz.3.967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f37119d39f7 code=0x7ffc0000
[  296.849393][   T30] audit: type=1326 audit(1748999646.508:1745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3805 comm="syz.3.967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f37119d22d0 code=0x7ffc0000
[  296.880942][   T30] audit: type=1326 audit(1748999646.508:1746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3805 comm="syz.3.967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f37119d25ca code=0x7ffc0000
[  296.938297][   T30] audit: type=1326 audit(1748999646.568:1747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3805 comm="syz.3.967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37119d3969 code=0x7ffc0000
[  296.994968][   T30] audit: type=1326 audit(1748999646.578:1748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3805 comm="syz.3.967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f37119d3969 code=0x7ffc0000
[  297.049239][ T3824] loop1: detected capacity change from 0 to 2048
[  297.236215][ T3824] EXT4-fs (loop1): Unrecognized mount option "obj_type=t	G�Ep����=����a.�S��) ��.%�;~��^��7�t�}���E�i�" or missing value
[  297.350992][   T30] audit: type=1326 audit(1748999646.578:1749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3805 comm="syz.3.967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37119d3969 code=0x7ffc0000
[  297.457757][ T3827] syz.2.972[3827] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  297.457836][ T3827] syz.2.972[3827] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  297.481104][ T3827] input: syz1 as /devices/virtual/input/input6
[  297.512188][ T3824] fuse: Unknown parameter '0x0000000000000008'
[  297.536018][ T3824] fuse: Unknown parameter '0x0000000000000008'
[  297.654660][ T3832] loop1: detected capacity change from 0 to 128
[  298.163293][ T3837] loop0: detected capacity change from 0 to 256
[  298.513904][ T3837] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  298.599913][ T3842] netlink: 16 bytes leftover after parsing attributes in process `syz.1.977'.
[  299.592633][ T3842] loop1: detected capacity change from 0 to 40427
[  299.609196][ T3842] F2FS-fs (loop1): Unrecognized mount option "usrquota=user_xattr" or missing value
[  299.663950][ T3857] loop0: detected capacity change from 0 to 2048
[  299.739169][ T3857] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  300.058467][ T3877] netlink: 24 bytes leftover after parsing attributes in process `syz.0.985'.
[  300.389404][ T3875] loop1: detected capacity change from 0 to 40427
[  300.413058][ T3875] F2FS-fs (loop1): invalid crc value
[  300.426057][ T3875] F2FS-fs (loop1): Found nat_bits in checkpoint
[  300.470446][ T3875] F2FS-fs (loop1): Start checkpoint disabled!
[  300.478126][ T3875] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  300.723633][ T1708] handle_bad_sector: 4 callbacks suppressed
[  300.723651][ T1708] attempt to access beyond end of device
[  300.723651][ T1708] loop1: rw=2049, want=45104, limit=40427
[  300.980845][ T3885] loop2: detected capacity change from 0 to 40427
[  301.117385][ T3885] F2FS-fs (loop2): invalid crc value
[  301.133595][ T3885] F2FS-fs (loop2): Found nat_bits in checkpoint
[  301.248751][ T3885] F2FS-fs (loop2): Start checkpoint disabled!
[  301.275181][ T3885] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  301.326196][ T3890] loop4: detected capacity change from 0 to 40427
[  301.351364][   T10] attempt to access beyond end of device
[  301.351364][   T10] loop2: rw=2049, want=40976, limit=40427
[  301.385277][ T3890] F2FS-fs (loop4): invalid crc value
[  301.392931][ T3890] F2FS-fs (loop4): Found nat_bits in checkpoint
[  302.692681][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  302.788384][ T3918] loop1: detected capacity change from 0 to 512
[  304.245190][ T3912] netlink: 8 bytes leftover after parsing attributes in process `syz.3.995'.
[  305.209991][ T3890] F2FS-fs (loop4): Start checkpoint disabled!
[  305.288812][ T3918] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  305.300408][ T3918] ext4 filesystem being mounted at /203/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  305.409886][   T30] kauditd_printk_skb: 111 callbacks suppressed
[  305.409903][   T30] audit: type=1400 audit(1748999655.278:1861): avc:  denied  { connect } for  pid=3924 comm="syz.2.996" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  305.524633][ T3926] device bridge1 entered promiscuous mode
[  305.604644][ T3933] loop1: detected capacity change from 0 to 256
[  305.868480][ T3946] loop4: detected capacity change from 0 to 128
[  305.909562][ T3946] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  305.951138][ T3946] ext4 filesystem being mounted at /181/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  306.027020][   T30] audit: type=1326 audit(1748999655.898:1862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3950 comm="syz.2.1007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa08e21e969 code=0x7ffc0000
[  306.106499][ T3951] loop2: detected capacity change from 0 to 2048
[  306.108407][   T30] audit: type=1326 audit(1748999655.948:1863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3950 comm="syz.2.1007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fa08e21e969 code=0x7ffc0000
[  306.136466][   T30] audit: type=1326 audit(1748999655.948:1864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3950 comm="syz.2.1007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fa08e21e9a3 code=0x7ffc0000
[  306.160204][   T30] audit: type=1326 audit(1748999655.948:1865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3950 comm="syz.2.1007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fa08e21d41f code=0x7ffc0000
[  306.183700][   T30] audit: type=1326 audit(1748999655.978:1866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3950 comm="syz.2.1007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fa08e21e9f7 code=0x7ffc0000
[  306.207724][   T30] audit: type=1326 audit(1748999655.978:1867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3950 comm="syz.2.1007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa08e21d2d0 code=0x7ffc0000
[  306.231933][   T30] audit: type=1326 audit(1748999655.978:1868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3950 comm="syz.2.1007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa08e21e56b code=0x7ffc0000
[  306.279600][   T30] audit: type=1326 audit(1748999656.038:1869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3950 comm="syz.2.1007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fa08e21d5ca code=0x7ffc0000
[  306.314961][ T3951] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  306.352647][   T30] audit: type=1326 audit(1748999656.038:1870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3950 comm="syz.2.1007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fa08e21d5ca code=0x7ffc0000
[  307.011704][ T3966] loop1: detected capacity change from 0 to 4096
[  307.022742][ T3966] EXT4-fs (loop1): Test dummy encryption mode enabled
[  307.032885][ T3966] EXT4-fs (loop1): mounted filesystem without journal. Opts: resgid=0x0000000000000000,bsddf,dioread_nolock,test_dummy_encryption,nobarrier,nodelalloc,sb=0x0000000000000003,init_itable,,errors=continue. Quota mode: writeback.
[  307.061131][ T3962] loop2: detected capacity change from 0 to 40427
[  307.135538][ T3962] F2FS-fs (loop2): invalid crc value
[  307.143926][ T3962] F2FS-fs (loop2): Found nat_bits in checkpoint
[  307.186171][ T3962] F2FS-fs (loop2): Start checkpoint disabled!
[  307.197618][ T3962] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  307.246819][    T8] attempt to access beyond end of device
[  307.246819][    T8] loop2: rw=2049, want=40976, limit=40427
[  307.618107][ T3982] loop2: detected capacity change from 0 to 512
[  308.815796][ T3982] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  308.827023][ T3982] ext4 filesystem being mounted at /211/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  310.686886][ T4005] loop4: detected capacity change from 0 to 256
[  314.312599][ T4043] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1033'.
[  314.449087][    T6] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  314.593080][ T4058] loop0: detected capacity change from 0 to 512
[  315.723986][   T30] kauditd_printk_skb: 56 callbacks suppressed
[  315.724004][   T30] audit: type=1400 audit(1748999665.598:1927): avc:  denied  { ioctl } for  pid=4051 comm="syz.1.1038" path="socket:[27276]" dev="sockfs" ino=27276 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  315.755406][   T30] audit: type=1400 audit(1748999665.598:1928): avc:  denied  { map } for  pid=4051 comm="syz.1.1038" path="socket:[28025]" dev="sockfs" ino=28025 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[  315.939254][ T4058] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  315.950392][ T4058] ext4 filesystem being mounted at /201/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  316.171859][ T4075] xt_bpf: check failed: parse error
[  316.177182][    T6] usb 3-1: device descriptor read/all, error -71
[  316.185059][   T30] audit: type=1400 audit(1748999666.058:1929): avc:  denied  { bind } for  pid=4071 comm="syz.4.1044" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  316.209806][   T30] audit: type=1400 audit(1748999666.078:1930): avc:  denied  { setopt } for  pid=4071 comm="syz.4.1044" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  316.343769][ T4080] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1048'.
[  316.353023][ T4080] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1048'.
[  316.690483][ T4088] syz.2.1049[4088] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  316.691597][ T4088] syz.2.1049[4088] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  316.742608][  T472] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  316.871007][ T4069] loop1: detected capacity change from 0 to 40427
[  316.889502][ T4069] F2FS-fs (loop1): invalid crc value
[  316.900508][ T4069] F2FS-fs (loop1): Found nat_bits in checkpoint
[  317.034952][ T4069] F2FS-fs (loop1): Start checkpoint disabled!
[  317.127626][  T472] usb 5-1: device descriptor read/64, error -71
[  317.214628][ T4069] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  317.522640][  T472] usb 5-1: device descriptor read/64, error -71
[  317.783659][    T8] attempt to access beyond end of device
[  317.783659][    T8] loop1: rw=2049, want=40976, limit=40427
[  318.109710][  T472] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  318.199853][ T4099] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1052'.
[  318.249290][ T4117] loop2: detected capacity change from 0 to 512
[  318.303301][ T4116] bridge0: port 2(bridge_slave_1) entered disabled state
[  318.310561][ T4116] bridge0: port 1(bridge_slave_0) entered disabled state
[  318.482763][  T472] usb 5-1: device descriptor read/64, error -71
[  318.537580][ T4117] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  318.549193][ T4117] ext4 filesystem being mounted at /222/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  318.970154][  T472] usb 5-1: device descriptor read/64, error -71
[  319.122672][  T472] usb usb5-port1: attempt power cycle
[  319.332645][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  319.742701][  T472] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  320.671894][  T472] usb 5-1: device not accepting address 14, error -71
[  322.067635][   T30] audit: type=1400 audit(1748999670.928:1931): avc:  denied  { watch watch_reads } for  pid=4148 comm="syz.3.1068" path="/233" dev="tmpfs" ino=1255 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  324.231422][ T4172] loop0: detected capacity change from 0 to 512
[  324.467715][ T4172] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  324.480599][ T4172] ext4 filesystem being mounted at /209/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  324.724282][   T30] audit: type=1400 audit(1748999674.598:1932): avc:  denied  { create } for  pid=4178 comm="syz.3.1076" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  324.784850][ T4184] loop1: detected capacity change from 0 to 256
[  324.842332][ T4184] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  325.678555][ T4195] loop0: detected capacity change from 0 to 256
[  325.981002][ T4170] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1074'.
[  327.569782][ T4204] loop1: detected capacity change from 0 to 40427
[  327.635301][ T4217] loop0: detected capacity change from 0 to 40427
[  327.655428][ T4204] F2FS-fs (loop1): invalid crc value
[  327.669927][ T4217] F2FS-fs (loop0): invalid crc value
[  327.679457][ T4217] F2FS-fs (loop0): Found nat_bits in checkpoint
[  327.686863][ T4204] F2FS-fs (loop1): Found nat_bits in checkpoint
[  327.738555][ T4217] F2FS-fs (loop0): Start checkpoint disabled!
[  327.745649][ T4217] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  327.762705][ T4204] F2FS-fs (loop1): Start checkpoint disabled!
[  327.779653][ T4204] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  327.878516][  T580] attempt to access beyond end of device
[  327.878516][  T580] loop0: rw=2049, want=40976, limit=40427
[  328.506448][  T472] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  328.787424][ T4236] loop0: detected capacity change from 0 to 512
[  329.076218][ T4236] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  329.087821][ T4236] ext4 filesystem being mounted at /215/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  329.443079][  T355] attempt to access beyond end of device
[  329.443079][  T355] loop1: rw=2049, want=45104, limit=40427
[  329.754439][ T4249] binder: BINDER_SET_CONTEXT_MGR already set
[  329.760494][ T4249] binder: 4248:4249 ioctl 4018620d 200000000040 returned -16
[  329.792809][  T472] usb 5-1: config 0 has an invalid interface number: 64 but max is 0
[  329.806608][  T472] usb 5-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config
[  329.996229][  T472] usb 5-1: config 0 has no interface number 0
[  330.452871][  T472] usb 5-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=39.48
[  330.607611][  T472] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  331.113416][ T4268] loop1: detected capacity change from 0 to 256
[  331.151703][ T4268] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  331.220409][  T472] usb 5-1: Product: syz
[  331.228901][  T472] usb 5-1: Manufacturer: syz
[  331.238806][  T472] usb 5-1: SerialNumber: syz
[  331.250494][  T472] usb 5-1: config 0 descriptor??
[  331.272598][  T472] usb 5-1: can't set config #0, error -71
[  331.279511][  T472] usb 5-1: USB disconnect, device number 16
[  331.292460][ T4273] loop4: detected capacity change from 0 to 512
[  331.417857][ T4257] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1097'.
[  331.763830][   T30] audit: type=1326 audit(1748999681.618:1933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4267 comm="syz.1.1100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda2f822969 code=0x7ffc0000
[  331.917847][ T4273] EXT4-fs error (device loop4): ext4_do_update_inode:5234: inode #16: comm syz.4.1102: corrupted inode contents
[  332.525510][ T4273] EXT4-fs error (device loop4): ext4_dirty_inode:6070: inode #16: comm syz.4.1102: mark_inode_dirty error
[  332.552539][   T30] audit: type=1326 audit(1748999681.618:1934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4267 comm="syz.1.1100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda2f822969 code=0x7ffc0000
[  332.591433][ T4273] EXT4-fs error (device loop4): ext4_do_update_inode:5234: inode #16: comm syz.4.1102: corrupted inode contents
[  332.604839][   T30] audit: type=1326 audit(1748999681.628:1935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4267 comm="syz.1.1100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=136 compat=0 ip=0x7fda2f822969 code=0x7ffc0000
[  332.628731][   T30] audit: type=1326 audit(1748999681.628:1936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4267 comm="syz.1.1100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda2f822969 code=0x7ffc0000
[  332.629604][ T4273] EXT4-fs error (device loop4): __ext4_ext_dirty:183: inode #16: comm syz.4.1102: mark_inode_dirty error
[  332.652186][   T30] audit: type=1326 audit(1748999681.628:1937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4267 comm="syz.1.1100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda2f822969 code=0x7ffc0000
[  332.688115][   T30] audit: type=1400 audit(1748999682.358:1938): avc:  denied  { connect } for  pid=4280 comm="syz.3.1104" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  332.707930][   T30] audit: type=1326 audit(1748999682.408:1939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4280 comm="syz.3.1104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37119d3969 code=0x7ffc0000
[  332.731400][   T30] audit: type=1326 audit(1748999682.408:1940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4280 comm="syz.3.1104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f37119d3969 code=0x7ffc0000
[  332.755577][   T30] audit: type=1326 audit(1748999682.408:1941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4280 comm="syz.3.1104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37119d3969 code=0x7ffc0000
[  332.786506][   T30] audit: type=1326 audit(1748999682.408:1942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4280 comm="syz.3.1104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=25 compat=0 ip=0x7f37119d3969 code=0x7ffc0000
[  332.823035][ T4273] EXT4-fs error (device loop4): ext4_do_update_inode:5234: inode #16: comm syz.4.1102: corrupted inode contents
[  332.911790][ T4291] loop0: detected capacity change from 0 to 512
[  333.129969][ T4273] EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem
[  333.206695][ T4273] EXT4-fs error (device loop4): ext4_do_update_inode:5234: inode #16: comm syz.4.1102: corrupted inode contents
[  333.244437][ T4291] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  333.256046][ T4291] ext4 filesystem being mounted at /218/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  333.284715][ T4291] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1106'.
[  333.450044][ T4273] EXT4-fs error (device loop4): ext4_truncate:4304: inode #16: comm syz.4.1102: mark_inode_dirty error
[  333.477821][ T4273] EXT4-fs error (device loop4) in ext4_process_orphan:347: Corrupt filesystem
[  333.513797][ T4273] EXT4-fs (loop4): 1 truncate cleaned up
[  333.520188][ T4273] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  333.609591][ T4273] ext4 filesystem being mounted at /195/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  333.655885][ T4276] loop2: detected capacity change from 0 to 40427
[  333.680485][ T4276] F2FS-fs (loop2): fault_injection options not supported
[  333.702757][ T4276] F2FS-fs (loop2): invalid crc value
[  333.714532][ T4276] F2FS-fs (loop2): invalid crc value
[  333.726114][ T4276] F2FS-fs (loop2): Failed to get valid F2FS checkpoint
[  333.854899][ T4273] overlayfs: conflicting options: nfs_export=on,metacopy=on
[  333.861631][ T4301] binder: BINDER_SET_CONTEXT_MGR already set
[  333.868542][ T4301] binder: 4300:4301 ioctl 4018620d 200000000040 returned -16
[  335.417660][ T4319] loop0: detected capacity change from 0 to 16
[  335.453421][ T4319] erofs: (device loop0): mounted with root inode @ nid 36.
[  336.799263][ T4341] binder: BINDER_SET_CONTEXT_MGR already set
[  336.812982][ T4341] binder: 4340:4341 ioctl 4018620d 200000000040 returned -16
[  336.848689][ T4344] loop2: detected capacity change from 0 to 256
[  336.893267][ T4342] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1116'.
[  336.915989][ T4344] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  337.090009][ T4345] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1119'.
[  337.493324][   T30] kauditd_printk_skb: 6 callbacks suppressed
[  337.493350][   T30] audit: type=1326 audit(1748999687.348:1949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4343 comm="syz.2.1121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa08e21e969 code=0x7ffc0000
[  338.299662][ T4359] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1126'.
[  338.324257][   T30] audit: type=1326 audit(1748999687.348:1950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4343 comm="syz.2.1121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa08e21e969 code=0x7ffc0000
[  338.328943][ T4359] device bridge_slave_1 left promiscuous mode
[  338.348509][   T30] audit: type=1326 audit(1748999687.358:1951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4343 comm="syz.2.1121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=136 compat=0 ip=0x7fa08e21e969 code=0x7ffc0000
[  338.377888][   T30] audit: type=1326 audit(1748999687.358:1952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4343 comm="syz.2.1121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa08e21e969 code=0x7ffc0000
[  338.412669][ T4359] bridge0: port 2(bridge_slave_1) entered disabled state
[  339.382625][   T30] audit: type=1326 audit(1748999687.358:1953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4343 comm="syz.2.1121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa08e21e969 code=0x7ffc0000
[  339.643004][ T4359] device bridge_slave_0 left promiscuous mode
[  339.653824][ T4359] bridge0: port 1(bridge_slave_0) entered disabled state
[  339.787547][ T4357] loop4: detected capacity change from 0 to 40427
[  340.075450][ T4357] F2FS-fs (loop4): invalid crc value
[  340.104311][ T4357] F2FS-fs (loop4): Found nat_bits in checkpoint
[  341.059908][ T4357] F2FS-fs (loop4): Start checkpoint disabled!
[  341.674739][ T4401] netlink: 136 bytes leftover after parsing attributes in process `syz.2.1138'.
[  341.793236][ T4411] loop4: detected capacity change from 0 to 256
[  341.832223][ T4392] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1134'.
[  341.868170][ T4411] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  342.028463][ T4417] loop2: detected capacity change from 0 to 256
[  342.045404][ T4417] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x89cb6648, utbl_chksum : 0xe619d30d)
[  342.237238][   T30] audit: type=1326 audit(1748999692.098:1954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4410 comm="syz.4.1141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2cec749969 code=0x7ffc0000
[  342.592743][   T30] audit: type=1326 audit(1748999692.098:1955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4410 comm="syz.4.1141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2cec749969 code=0x7ffc0000
[  342.880531][   T30] audit: type=1326 audit(1748999692.108:1956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4410 comm="syz.4.1141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=136 compat=0 ip=0x7f2cec749969 code=0x7ffc0000
[  343.227784][ T4426] loop2: detected capacity change from 0 to 256
[  343.281968][   T30] audit: type=1326 audit(1748999692.108:1957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4410 comm="syz.4.1141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2cec749969 code=0x7ffc0000
[  343.308518][   T30] audit: type=1326 audit(1748999692.108:1958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4410 comm="syz.4.1141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2cec749969 code=0x7ffc0000
[  343.333984][ T4426] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  343.413555][   T30] audit: type=1400 audit(1748999693.288:1959): avc:  denied  { setopt } for  pid=4429 comm="syz.1.1147" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  345.384732][ T4440] loop4: detected capacity change from 0 to 256
[  345.427473][ T4440] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  345.454756][   T30] audit: type=1326 audit(1748999694.538:1960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4423 comm="syz.2.1145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa08e21e969 code=0x7ffc0000
[  345.502332][   T30] audit: type=1326 audit(1748999694.538:1961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4423 comm="syz.2.1145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa08e21e969 code=0x7ffc0000
[  345.526149][   T30] audit: type=1326 audit(1748999694.548:1962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4423 comm="syz.2.1145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=136 compat=0 ip=0x7fa08e21e969 code=0x7ffc0000
[  345.549942][   T30] audit: type=1326 audit(1748999694.548:1963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4423 comm="syz.2.1145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa08e21e969 code=0x7ffc0000
[  345.602715][   T30] audit: type=1326 audit(1748999694.548:1964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4423 comm="syz.2.1145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa08e21e969 code=0x7ffc0000
[  347.365170][ T4463] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1157'.
[  347.552567][  T584] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  348.419862][ T4484] loop0: detected capacity change from 0 to 256
[  348.621543][ T4484] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  349.604228][  T584] usb 1-1: device not accepting address 7, error -71
[  349.861723][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  349.861761][   T30] audit: type=1326 audit(1748999699.718:1966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4481 comm="syz.0.1162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0603be969 code=0x7ffc0000
[  350.686445][   T30] audit: type=1326 audit(1748999699.718:1967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4481 comm="syz.0.1162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0603be969 code=0x7ffc0000
[  350.732931][   T30] audit: type=1326 audit(1748999699.728:1968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4481 comm="syz.0.1162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=136 compat=0 ip=0x7fb0603be969 code=0x7ffc0000
[  350.758208][   T30] audit: type=1326 audit(1748999699.728:1969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4481 comm="syz.0.1162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0603be969 code=0x7ffc0000
[  350.932876][   T30] audit: type=1326 audit(1748999699.728:1970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4481 comm="syz.0.1162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0603be969 code=0x7ffc0000
[  351.332606][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  351.349328][ T4511] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1168'.
[  351.585117][ T4517] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1169'.
[  351.619605][ T4519] kvm: emulating exchange as write
[  351.674089][ T4521] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  351.741792][ T4523] loop2: detected capacity change from 0 to 1024
[  351.794881][ T4525] loop4: detected capacity change from 0 to 1024
[  351.848165][ T4523] EXT4-fs (loop2): mounted filesystem without journal. Opts: nombcache,journal_dev=0x0000000000000006,dioread_lock,norecovery,block_validity,barrier,noload,dioread_lock,noauto_da_alloc,,errors=continue. Quota mode: none.
[  351.870703][ T4525] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869)
[  351.901927][ T4525] EXT4-fs (loop4): mounted filesystem without journal. Opts: nombcache,nobarrier,norecovery,errors=remount-ro,max_dir_size_kb=0x0000000000000008,. Quota mode: writeback.
[  351.906412][ T4519] overlayfs: workdir and upperdir must reside under the same mount
[  351.932321][ T4525] EXT4-fs error (device loop4): htree_dirblock_to_tree:1112: inode #2: block 48: comm syz.4.1173: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=16, rec_len=5, size=1024 fake=0
[  351.979453][   T30] audit: type=1326 audit(1748999701.838:1971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4524 comm="syz.4.1173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2cec749969 code=0x7ffc0000
[  352.008469][   T30] audit: type=1326 audit(1748999701.838:1972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4524 comm="syz.4.1173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2cec749969 code=0x7ffc0000
[  352.038604][   T30] audit: type=1326 audit(1748999701.838:1973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4524 comm="syz.4.1173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2cec749969 code=0x7ffc0000
[  352.076862][   T30] audit: type=1326 audit(1748999701.838:1974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4524 comm="syz.4.1173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2cec749969 code=0x7ffc0000
[  352.421862][   T30] audit: type=1326 audit(1748999701.838:1975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4524 comm="syz.4.1173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2cec749969 code=0x7ffc0000
[  353.048031][ T4556] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  353.066350][ T4555] tipc: Resetting bearer <eth:syzkaller0>
[  353.084019][ T4555] tipc: Disabling bearer <eth:syzkaller0>
[  354.359287][ T4581] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1185'.
[  354.483913][ T4587] loop0: detected capacity change from 0 to 128
[  354.571289][ T4587] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  354.597729][ T4587] ext4 filesystem being mounted at /236/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  354.704160][ T4588] loop4: detected capacity change from 0 to 40427
[  354.724266][ T4588] F2FS-fs (loop4): invalid crc value
[  354.738298][ T4588] F2FS-fs (loop4): Found nat_bits in checkpoint
[  354.778715][ T4588] F2FS-fs (loop4): Start checkpoint disabled!
[  354.785724][ T4588] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  354.970132][   T10] attempt to access beyond end of device
[  354.970132][   T10] loop4: rw=2049, want=45104, limit=40427
[  356.556316][ T4623] loop2: detected capacity change from 0 to 16
[  356.673947][ T4623] erofs: (device loop2): mounted with root inode @ nid 36.
[  356.776503][ T4627] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  356.845677][ T4626] tipc: Resetting bearer <eth:syzkaller0>
[  356.861024][ T4626] tipc: Disabling bearer <eth:syzkaller0>
[  356.977912][ T4638] loop0: detected capacity change from 0 to 512
[  357.476620][ T4638] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  357.488269][ T4638] ext4 filesystem being mounted at /239/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  357.517465][ T4638] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1205'.
[  357.759038][ T4646] loop4: detected capacity change from 0 to 256
[  357.808133][ T4646] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[  357.904930][ T4646] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1208'.
[  357.957270][ T4646] A link change request failed with some changes committed already. Interface vlan0 may have been left with an inconsistent configuration, please check.
[  358.028386][ T4656] loop1: detected capacity change from 0 to 256
[  358.054158][ T4646] exFAT-fs (loop4): hint_cluster is invalid (17)
[  358.178955][ T4659] loop2: detected capacity change from 0 to 512
[  358.839945][ T4659] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  358.851096][ T4659] ext4 filesystem being mounted at /256/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  358.863747][ T4659] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1222'.
[  358.887285][   T30] kauditd_printk_skb: 90 callbacks suppressed
[  358.887300][   T30] audit: type=1400 audit(1748999708.758:2066): avc:  denied  { relabelfrom } for  pid=4673 comm="syz.0.1217" name="" dev="pipefs" ino=30117 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[  359.008448][   T20] usb 5-1: new full-speed USB device number 17 using dummy_hcd
[  359.139706][ T4687] FAULT_INJECTION: forcing a failure.
[  359.139706][ T4687] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  359.351763][   T30] audit: type=1326 audit(1748999709.218:2067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4690 comm="syz.0.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0603be969 code=0x7ffc0000
[  359.390129][ T4687] CPU: 1 PID: 4687 Comm: syz.2.1221 Not tainted 5.15.184-syzkaller-00129-g4032a894ccb2 #0
[  359.400061][ T4687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  359.410218][ T4687] Call Trace:
[  359.413516][ T4687]  <TASK>
[  359.416490][ T4687]  __dump_stack+0x21/0x30
[  359.420835][ T4687]  dump_stack_lvl+0xee/0x150
[  359.425458][ T4687]  ? show_regs_print_info+0x20/0x20
[  359.430668][ T4687]  ? __schedule+0xb76/0x14c0
[  359.435296][ T4687]  dump_stack+0x15/0x20
[  359.439468][ T4687]  should_fail+0x3c1/0x510
[  359.443894][ T4687]  should_fail_usercopy+0x1a/0x20
[  359.448930][ T4687]  _copy_from_user+0x20/0xd0
[  359.453620][ T4687]  __sys_bpf+0x233/0x730
[  359.457871][ T4687]  ? bpf_link_show_fdinfo+0x310/0x310
[  359.463260][ T4687]  ? asm_sysvec_reschedule_ipi+0x1b/0x20
[  359.468908][ T4687]  __x64_sys_bpf+0x7c/0x90
[  359.473332][ T4687]  x64_sys_call+0x4b9/0x9a0
[  359.477843][ T4687]  do_syscall_64+0x4c/0xa0
[  359.482274][ T4687]  ? clear_bhb_loop+0x50/0xa0
[  359.486958][ T4687]  ? clear_bhb_loop+0x50/0xa0
[  359.491647][ T4687]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  359.497556][ T4687] RIP: 0033:0x7fa08e21e969
[  359.501982][ T4687] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  359.522123][ T4687] RSP: 002b:00007fa08c887038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  359.530560][ T4687] RAX: ffffffffffffffda RBX: 00007fa08e445fa0 RCX: 00007fa08e21e969
[  359.538546][ T4687] RDX: 0000000000000080 RSI: 0000200000000600 RDI: 0000000000000005
[  359.546531][ T4687] RBP: 00007fa08c887090 R08: 0000000000000000 R09: 0000000000000000
[  359.554606][ T4687] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  359.562784][ T4687] R13: 0000000000000001 R14: 00007fa08e445fa0 R15: 00007fffd5187738
[  359.570773][ T4687]  </TASK>
[  359.622473][ T4695] binder: 4694:4695 ioctl c0306201 0 returned -14
[  359.629081][   T30] audit: type=1326 audit(1748999709.258:2068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4690 comm="syz.0.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0603be969 code=0x7ffc0000
[  359.696608][ T4699] loop0: detected capacity change from 0 to 16
[  359.713205][   T30] audit: type=1326 audit(1748999709.258:2069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4690 comm="syz.0.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb0603be969 code=0x7ffc0000
[  359.776780][   T30] audit: type=1326 audit(1748999709.258:2070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4690 comm="syz.0.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0603be969 code=0x7ffc0000
[  359.801729][ T4699] erofs: (device loop0): mounted with root inode @ nid 36.
[  359.835377][   T30] audit: type=1326 audit(1748999709.258:2071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4690 comm="syz.0.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0603be969 code=0x7ffc0000
[  359.878002][   T30] audit: type=1326 audit(1748999709.258:2072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4690 comm="syz.0.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=77 compat=0 ip=0x7fb0603be969 code=0x7ffc0000
[  359.902010][   T30] audit: type=1326 audit(1748999709.258:2073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4690 comm="syz.0.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0603be969 code=0x7ffc0000
[  359.925871][   T30] audit: type=1326 audit(1748999709.258:2074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4690 comm="syz.0.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0603be969 code=0x7ffc0000
[  359.949719][   T30] audit: type=1326 audit(1748999709.258:2075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4690 comm="syz.0.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fb0603bd41f code=0x7ffc0000
[  360.142738][   T20] usb 5-1: config 0 interface 0 altsetting 10 endpoint 0x81 has invalid wMaxPacketSize 0
[  360.153353][   T20] usb 5-1: config 0 interface 0 has no altsetting 0
[  360.197709][   T20] usb 5-1: New USB device found, idVendor=046d, idProduct=c225, bcdDevice= 0.00
[  360.211293][   T20] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  360.320102][ T4717] loop0: detected capacity change from 0 to 512
[  360.367328][ T4716] netlink: 136 bytes leftover after parsing attributes in process `syz.2.1234'.
[  360.430223][   T20] usb 5-1: config 0 descriptor??
[  360.562444][ T4717] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  360.574109][ T4717] ext4 filesystem being mounted at /249/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  360.601482][ T4717] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1232'.
[  360.742351][ T4724] overlayfs: failed to clone upperpath
[  361.077080][ T4729] UDC core: couldn't find an available UDC or it's busy: -16
[  361.196436][ T4729] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  361.211469][ T4734] binder: 4733:4734 ioctl c0306201 0 returned -14
[  361.569060][ T4664] loop4: detected capacity change from 0 to 512
[  361.597650][ T4741] loop0: detected capacity change from 0 to 256
[  361.604137][ T4664] EXT4-fs error (device loop4): ext4_orphan_get:1401: inode #15: comm syz.4.1214: casefold flag without casefold feature
[  361.615932][ T4738] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  361.617465][ T4664] EXT4-fs error (device loop4): ext4_orphan_get:1406: comm syz.4.1214: couldn't read orphan inode 15 (err -117)
[  361.635857][ T4664] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  361.636259][ T4737] tipc: Resetting bearer <eth:syzkaller0>
[  361.667322][ T4737] tipc: Disabling bearer <eth:syzkaller0>
[  362.705088][ T4764] syz.3.1248[4764] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  362.705174][ T4764] syz.3.1248[4764] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  363.217080][ T4770] SELinux: security_context_str_to_sid(user_u) failed for (dev ?, type ?) errno=-22
[  363.300816][ T4773] binder: 4772:4773 ioctl c0306201 0 returned -14
[  363.473789][ T4770] SELinux: security_context_str_to_sid(user_u) failed for (dev incremental-fs, type incremental-fs) errno=-22
[  364.158900][ T4779] binder: 4778:4779 ioctl c0306201 0 returned -14
[  364.214400][   T20] usbhid 5-1:0.0: can't add hid device: -71
[  364.220569][   T20] usbhid: probe of 5-1:0.0 failed with error -71
[  364.228285][   T20] usb 5-1: USB disconnect, device number 17
[  365.222524][  T472] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  365.270650][ T4799] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  365.286079][ T4798] tipc: Resetting bearer <eth:syzkaller0>
[  365.317489][ T4798] tipc: Disabling bearer <eth:syzkaller0>
[  365.426598][ T4801] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  365.441467][ T4800] tipc: Resetting bearer <eth:syzkaller0>
[  365.483566][ T4800] tipc: Disabling bearer <eth:syzkaller0>
[  365.630961][ T4808] loop4: detected capacity change from 0 to 1024
[  366.030511][ T4811] binder: 4810:4811 ioctl c0306201 0 returned -14
[  366.066326][   T30] kauditd_printk_skb: 10 callbacks suppressed
[  366.066342][   T30] audit: type=1326 audit(1748999715.938:2086): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4816 comm="syz.3.1266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37119d3969 code=0x7ffc0000
[  366.069983][ T4808] EXT4-fs (loop4): mounted filesystem without journal. Opts: discard,abort,dioread_lock,norecovery,nombcache,lazytime,noload,usrquota,noauto_da_alloc,resuid=0x0000000000000000,init_itable=0x0000000000000000,jqfmt=vfsv1,,errors=continue. Quota mode: writeback.
[  366.082833][   T30] audit: type=1326 audit(1748999715.938:2087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4816 comm="syz.3.1266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37119d3969 code=0x7ffc0000
[  366.132617][  T472] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  366.154450][   T30] audit: type=1326 audit(1748999715.938:2088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4816 comm="syz.3.1266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f37119d3969 code=0x7ffc0000
[  366.154651][   T30] audit: type=1326 audit(1748999715.938:2089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4816 comm="syz.3.1266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37119d3969 code=0x7ffc0000
[  366.154683][   T30] audit: type=1326 audit(1748999715.938:2090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4816 comm="syz.3.1266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37119d3969 code=0x7ffc0000
[  366.154710][   T30] audit: type=1326 audit(1748999715.968:2091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4816 comm="syz.3.1266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f37119d3969 code=0x7ffc0000
[  366.154736][   T30] audit: type=1326 audit(1748999715.968:2092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4816 comm="syz.3.1266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37119d3969 code=0x7ffc0000
[  366.154763][   T30] audit: type=1326 audit(1748999715.968:2093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4816 comm="syz.3.1266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37119d3969 code=0x7ffc0000
[  366.154792][   T30] audit: type=1326 audit(1748999716.028:2094): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4816 comm="syz.3.1266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f37119d3969 code=0x7ffc0000
[  366.154817][   T30] audit: type=1326 audit(1748999716.028:2095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4816 comm="syz.3.1266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37119d3969 code=0x7ffc0000
[  366.235812][ T4808] overlayfs: conflicting lowerdir path
[  366.323474][  T472] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  366.323551][  T472] usb 1-1: Product: syz
[  366.964638][  T472] usb 1-1: Manufacturer: syz
[  366.964659][  T472] usb 1-1: SerialNumber: syz
[  366.985100][ T4826] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1268'.
[  367.152884][ T4826] device bridge_slave_0 entered promiscuous mode
[  367.182887][ T4829] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1268'.
[  368.444346][ T4836] loop4: detected capacity change from 0 to 40427
[  368.509235][ T4836] F2FS-fs (loop4): invalid crc value
[  368.536554][ T4836] F2FS-fs (loop4): Found nat_bits in checkpoint
[  368.562556][  T365] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  368.592642][ T4836] F2FS-fs (loop4): Start checkpoint disabled!
[  368.599430][ T4836] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  368.691655][    T8] attempt to access beyond end of device
[  368.691655][    T8] loop4: rw=2049, want=40976, limit=40427
[  368.772639][  T472] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[  368.779556][  T472] cdc_ncm 1-1:1.0: dwNtbInMaxSize=8 is too small. Using 2048
[  368.791077][  T472] cdc_ncm 1-1:1.0: setting rx_max = 2048
[  369.057932][  T472] cdc_ncm 1-1:1.0: setting tx_max = 60
[  369.111957][  T472] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM, 42:42:42:42:42:42
[  369.134098][  T472] usb 1-1: USB disconnect, device number 9
[  369.142642][  T365] usb 3-1: config 0 has an invalid interface number: 64 but max is 0
[  369.165110][ T4867] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1281'.
[  369.174143][  T365] usb 3-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config
[  369.186301][  T472] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM
[  369.199907][  T365] usb 3-1: config 0 has no interface number 0
[  369.207550][ T4867] loop1: detected capacity change from 0 to 1024
[  369.294923][ T4867] EXT4-fs (loop1): Quota format mount options ignored when QUOTA feature is enabled
[  369.309228][ T4867] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option
[  369.316865][ T4867] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  369.337099][ T4867] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  369.354691][ T4867] System zones: 0-1, 3-36
[  369.363464][ T4867] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,delalloc,resuid=0x0000000000000000,debug,dioread_nolock,jqfmt=vfsold,nomblk_io_submit,noauto_da_alloc,,errors=continue. Quota mode: writeback.
[  369.372612][  T365] usb 3-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=39.48
[  369.407128][ T4867] xt_SECMARK: invalid security context 'unconfined'
[  369.410751][  T365] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  369.434329][  T365] usb 3-1: Product: syz
[  369.442915][  T365] usb 3-1: Manufacturer: syz
[  369.497917][  T365] usb 3-1: SerialNumber: syz
[  369.508758][  T365] usb 3-1: config 0 descriptor??
[  369.960713][ T4846] syz.2.1274[4846] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  369.961167][ T4846] syz.2.1274[4846] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  370.180091][  T472] ==================================================================
[  370.199687][  T472] BUG: KASAN: use-after-free in __list_del_entry_valid+0xa6/0x120
[  370.207684][  T472] Read of size 8 at addr ffff88812741cc70 by task kworker/1:7/472
[  370.215498][  T472] 
[  370.217835][  T472] CPU: 1 PID: 472 Comm: kworker/1:7 Not tainted 5.15.184-syzkaller-00129-g4032a894ccb2 #0
[  370.227730][  T472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  370.237899][  T472] Workqueue: wg-crypt-wg0 wg_packet_tx_worker
[  370.244156][  T472] Call Trace:
[  370.247436][  T472]  <TASK>
[  370.250573][  T472]  __dump_stack+0x21/0x30
[  370.255028][  T472]  dump_stack_lvl+0xee/0x150
[  370.259753][  T472]  ? show_regs_print_info+0x20/0x20
[  370.264956][  T472]  ? load_image+0x3a0/0x3a0
[  370.269475][  T472]  print_address_description+0x7f/0x2c0
[  370.275036][  T472]  ? __list_del_entry_valid+0xa6/0x120
[  370.280507][  T472]  kasan_report+0xf1/0x140
[  370.284931][  T472]  ? __list_del_entry_valid+0xa6/0x120
[  370.290397][  T472]  __asan_report_load8_noabort+0x14/0x20
[  370.296041][  T472]  __list_del_entry_valid+0xa6/0x120
[  370.301336][  T472]  process_one_work+0x453/0xba0
[  370.306212][  T472]  worker_thread+0xa59/0x1200
[  370.310892][  T472]  ? _raw_spin_lock_irqsave+0xb0/0x110
[  370.316367][  T472]  kthread+0x411/0x500
[  370.320460][  T472]  ? worker_clr_flags+0x190/0x190
[  370.325518][  T472]  ? kthread_blkcg+0xd0/0xd0
[  370.330231][  T472]  ret_from_fork+0x1f/0x30
[  370.334665][  T472]  </TASK>
[  370.337984][  T472] 
[  370.340392][  T472] Allocated by task 472:
[  370.344626][  T472]  __kasan_kmalloc+0xda/0x110
[  370.349309][  T472]  __kmalloc+0x13d/0x2c0
[  370.353568][  T472]  kvmalloc_node+0x242/0x330
[  370.358167][  T472]  alloc_netdev_mqs+0x8d/0xc90
[  370.362937][  T472]  alloc_etherdev_mqs+0x34/0x40
[  370.367808][  T472]  usbnet_probe+0x219/0x2860
[  370.372407][  T472]  usb_probe_interface+0x5ff/0xae0
[  370.377552][  T472]  really_probe+0x285/0x970
[  370.382062][  T472]  __driver_probe_device+0x198/0x280
[  370.387351][  T472]  driver_probe_device+0x54/0x3e0
[  370.392375][  T472]  __device_attach_driver+0x2a6/0x460
[  370.397753][  T472]  bus_for_each_drv+0x175/0x200
[  370.402627][  T472]  __device_attach+0x2a2/0x400
[  370.407400][  T472]  device_initial_probe+0x1a/0x20
[  370.412420][  T472]  bus_probe_device+0xc0/0x1e0
[  370.417183][  T472]  device_add+0xb31/0xed0
[  370.421507][  T472]  usb_set_configuration+0x19c2/0x1f10
[  370.426973][  T472]  usb_generic_driver_probe+0x91/0x150
[  370.432433][  T472]  usb_probe_device+0x148/0x260
[  370.437363][  T472]  really_probe+0x285/0x970
[  370.441857][  T472]  __driver_probe_device+0x198/0x280
[  370.447148][  T472]  driver_probe_device+0x54/0x3e0
[  370.452249][  T472]  __device_attach_driver+0x2a6/0x460
[  370.457610][  T472]  bus_for_each_drv+0x175/0x200
[  370.462453][  T472]  __device_attach+0x2a2/0x400
[  370.467294][  T472]  device_initial_probe+0x1a/0x20
[  370.472309][  T472]  bus_probe_device+0xc0/0x1e0
[  370.477062][  T472]  device_add+0xb31/0xed0
[  370.481381][  T472]  usb_new_device+0xd06/0x1620
[  370.486136][  T472]  hub_event+0x27d8/0x42c0
[  370.490628][  T472]  process_one_work+0x6be/0xba0
[  370.495474][  T472]  worker_thread+0xa59/0x1200
[  370.500146][  T472]  kthread+0x411/0x500
[  370.504205][  T472]  ret_from_fork+0x1f/0x30
[  370.508611][  T472] 
[  370.510924][  T472] Freed by task 472:
[  370.514799][  T472]  kasan_set_track+0x4a/0x70
[  370.519385][  T472]  kasan_set_free_info+0x23/0x40
[  370.524311][  T472]  ____kasan_slab_free+0x125/0x160
[  370.529410][  T472]  __kasan_slab_free+0x11/0x20
[  370.534168][  T472]  slab_free_freelist_hook+0xc2/0x190
[  370.539534][  T472]  kfree+0xc4/0x270
[  370.543336][  T472]  kvfree+0x35/0x40
[  370.547133][  T472]  netdev_freemem+0x3f/0x60
[  370.551626][  T472]  netdev_release+0x7f/0xb0
[  370.556302][  T472]  device_release+0x96/0x1c0
[  370.560888][  T472]  kobject_put+0x18a/0x270
[  370.565298][  T472]  put_device+0x1f/0x30
[  370.569514][  T472]  free_netdev+0x34b/0x450
[  370.573929][  T472]  usbnet_disconnect+0x24b/0x3a0
[  370.578855][  T472]  usb_unbind_interface+0x212/0x8c0
[  370.584047][  T472]  device_release_driver_internal+0x4c1/0x760
[  370.590110][  T472]  device_release_driver+0x19/0x20
[  370.595337][  T472]  bus_remove_device+0x2dd/0x340
[  370.600291][  T472]  device_del+0x696/0xe90
[  370.604719][  T472]  usb_disable_device+0x3a8/0x750
[  370.609753][  T472]  usb_disconnect+0x31e/0x850
[  370.614424][  T472]  hub_event+0x190c/0x42c0
[  370.618839][  T472]  process_one_work+0x6be/0xba0
[  370.623685][  T472]  worker_thread+0xd7b/0x1200
[  370.628357][  T472]  kthread+0x411/0x500
[  370.632424][  T472]  ret_from_fork+0x1f/0x30
[  370.636836][  T472] 
[  370.639147][  T472] Last potentially related work creation:
[  370.644847][  T472]  kasan_save_stack+0x3a/0x60
[  370.649521][  T472]  __kasan_record_aux_stack+0xd2/0x100
[  370.654969][  T472]  kasan_record_aux_stack_noalloc+0xb/0x10
[  370.660767][  T472]  insert_work+0x51/0x310
[  370.665086][  T472]  __queue_work+0x8e5/0xc60
[  370.669581][  T472]  queue_work_on+0xd2/0x140
[  370.674078][  T472]  usbnet_link_change+0x176/0x1a0
[  370.679096][  T472]  usbnet_probe+0x1dfd/0x2860
[  370.683771][  T472]  usb_probe_interface+0x5ff/0xae0
[  370.688880][  T472]  really_probe+0x285/0x970
[  370.693397][  T472]  __driver_probe_device+0x198/0x280
[  370.698791][  T472]  driver_probe_device+0x54/0x3e0
[  370.703803][  T472]  __device_attach_driver+0x2a6/0x460
[  370.709253][  T472]  bus_for_each_drv+0x175/0x200
[  370.714098][  T472]  __device_attach+0x2a2/0x400
[  370.718940][  T472]  device_initial_probe+0x1a/0x20
[  370.724051][  T472]  bus_probe_device+0xc0/0x1e0
[  370.728811][  T472]  device_add+0xb31/0xed0
[  370.733129][  T472]  usb_set_configuration+0x19c2/0x1f10
[  370.738584][  T472]  usb_generic_driver_probe+0x91/0x150
[  370.744038][  T472]  usb_probe_device+0x148/0x260
[  370.748879][  T472]  really_probe+0x285/0x970
[  370.753373][  T472]  __driver_probe_device+0x198/0x280
[  370.758650][  T472]  driver_probe_device+0x54/0x3e0
[  370.763679][  T472]  __device_attach_driver+0x2a6/0x460
[  370.769040][  T472]  bus_for_each_drv+0x175/0x200
[  370.773881][  T472]  __device_attach+0x2a2/0x400
[  370.778636][  T472]  device_initial_probe+0x1a/0x20
[  370.783653][  T472]  bus_probe_device+0xc0/0x1e0
[  370.788413][  T472]  device_add+0xb31/0xed0
[  370.792735][  T472]  usb_new_device+0xd06/0x1620
[  370.797520][  T472]  hub_event+0x27d8/0x42c0
[  370.801941][  T472]  process_one_work+0x6be/0xba0
[  370.806802][  T472]  worker_thread+0xa59/0x1200
[  370.811482][  T472]  kthread+0x411/0x500
[  370.815552][  T472]  ret_from_fork+0x1f/0x30
[  370.819990][  T472] 
[  370.822310][  T472] The buggy address belongs to the object at ffff88812741c000
[  370.822310][  T472]  which belongs to the cache kmalloc-4k of size 4096
[  370.836362][  T472] The buggy address is located 3184 bytes inside of
[  370.836362][  T472]  4096-byte region [ffff88812741c000, ffff88812741d000)
[  370.849918][  T472] The buggy address belongs to the page:
[  370.855539][  T472] page:ffffea00049d0600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x127418
[  370.865768][  T472] head:ffffea00049d0600 order:3 compound_mapcount:0 compound_pincount:0
[  370.874079][  T472] flags: 0x4000000000010200(slab|head|zone=1)
[  370.880158][  T472] raw: 4000000000010200 dead000000000100 dead000000000122 ffff888100043380
[  370.888739][  T472] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
[  370.897305][  T472] page dumped because: kasan: bad access detected
[  370.903705][  T472] page_owner tracks the page as allocated
[  370.909413][  T472] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 285, ts 22622599368, free_ts 0
[  370.927687][  T472]  post_alloc_hook+0x192/0x1b0
[  370.932497][  T472]  prep_new_page+0x1c/0x110
[  370.937004][  T472]  get_page_from_freelist+0x2cc5/0x2d50
[  370.942547][  T472]  __alloc_pages+0x18f/0x440
[  370.947131][  T472]  new_slab+0xa1/0x4d0
[  370.951276][  T472]  ___slab_alloc+0x381/0x810
[  370.955849][  T472]  __slab_alloc+0x49/0x90
[  370.960195][  T472]  kmem_cache_alloc_trace+0x146/0x270
[  370.965574][  T472]  kobject_uevent_env+0x272/0x700
[  370.970596][  T472]  kobject_uevent+0x1d/0x30
[  370.975200][  T472]  device_add+0xa40/0xed0
[  370.979537][  T472]  netdev_register_kobject+0x179/0x320
[  370.984987][  T472]  register_netdevice+0xdfa/0x13a0
[  370.990115][  T472]  wg_newlink+0x4f1/0x7a0
[  370.994438][  T472]  rtnl_newlink+0x112d/0x17b0
[  370.999124][  T472]  rtnetlink_rcv_msg+0x9e4/0xb90
[  371.004046][  T472] page_owner free stack trace missing
[  371.009393][  T472] 
[  371.011698][  T472] Memory state around the buggy address:
[  371.017307][  T472]  ffff88812741cb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  371.025350][  T472]  ffff88812741cb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  371.033413][  T472] >ffff88812741cc00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  371.041460][  T472]                                                              ^
[  371.049154][  T472]  ffff88812741cc80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  371.057197][  T472]  ffff88812741cd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  371.065240][  T472] ==================================================================
[  371.073279][  T472] Disabling lock debugging due to kernel taint
[  371.266925][   T30] kauditd_printk_skb: 35 callbacks suppressed
[  371.266949][   T30] audit: type=1400 audit(1748999721.138:2131): avc:  denied  { read } for  pid=83 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[  371.415055][   T30] audit: type=1400 audit(1748999721.198:2132): avc:  denied  { search } for  pid=83 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  371.438722][   T30] audit: type=1400 audit(1748999721.198:2133): avc:  denied  { write } for  pid=83 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  371.461383][   T30] audit: type=1400 audit(1748999721.198:2134): avc:  denied  { add_name } for  pid=83 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  371.483359][   T30] audit: type=1400 audit(1748999721.198:2135): avc:  denied  { create } for  pid=83 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  371.505280][   T30] audit: type=1400 audit(1748999721.208:2136): avc:  denied  { append open } for  pid=83 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  371.529686][   T30] audit: type=1400 audit(1748999721.208:2137): avc:  denied  { getattr } for  pid=83 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  372.002636][  T365] usb 3-1: Found UVC 0.00 device syz (046d:0823)
[  372.009205][  T365] usb 3-1: No valid video chain found.
[  372.016008][  T365] usb 3-1: USB disconnect, device number 14