last executing test programs:

45.41925007s ago: executing program 2 (id=158):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3ff}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
dup(r2)

45.117084534s ago: executing program 2 (id=168):
syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000))
pipe2$9p(&(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_9p2000}]}})

44.435622979s ago: executing program 2 (id=169):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0xa, 0x4, 0x4, 0xc, 0x0, 0xffffffffffffffff, 0x6}, 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000001340)=@base={0xb, 0x8, 0x2, 0x9, 0x1}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007b00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='mmap_lock_acquire_returned\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x11, 0x32}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6}, 0x70)

44.398084783s ago: executing program 2 (id=170):
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c6261636b67726f756e645f67633d6f6e2c6e6f757365725f78617474722c6e6f71756f74612c64697361626c655f726f6c6c5f666f72776172642c67635f6d657267652c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c646973636172645f756e69743d73656374696f6e2c636865636b706f696e743d64697361626c652c6e6f696e6c696e655f64656e7472792c00ec6da92d1c80a6c720380e3c2c55bf27596d2776ce408c4bb19b149757508e1c7e919c6c2047023baa412d14fa75c8cac6e5f103e13ea52708af0a7c5da8af4ecb6612"], 0x2, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
mknodat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc000, 0x3)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x1000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x4008, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
linkat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file1\x00', 0xffffffffffffff9c, &(0x7f00000003c0)='./file0/file2\x00', 0x0)

43.706367698s ago: executing program 2 (id=185):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000040000000400000009"], 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000001180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r0}, &(0x7f0000000040), &(0x7f0000000300)}, 0x20)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000400)={r1}, 0xc)

43.342147537s ago: executing program 2 (id=191):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000020b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x0)
flistxattr(r2, 0x0, 0x0)

43.327972909s ago: executing program 32 (id=191):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000020b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x0)
flistxattr(r2, 0x0, 0x0)

5.375779256s ago: executing program 1 (id=1012):
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401)
r1 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = fcntl$dupfd(r0, 0x406, r0)
ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x3, 0x0, 0x0, 0x7995}, 0xfcb5, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0})
readv(r1, &(0x7f0000000880)=[{&(0x7f00000030c0)=""/4096, 0x1000}], 0x1)

5.21333161s ago: executing program 1 (id=1013):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000001ec0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$inet6_udp_int(r1, 0x11, 0x67, &(0x7f0000000940)=0x28, 0x4)
sendto$inet6(r1, 0x0, 0x0, 0x400ad80, &(0x7f0000000080)={0xa, 0x4621, 0x0, @local}, 0x1c)
sendmmsg$inet6(r1, &(0x7f0000006780)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3ab706204ee39c9dae21a1718ee351ebc92d2f0d482a863ae5c0b4d768ffe745af2c53a083d9b761b", 0xfff7}], 0x1}, 0xb00}], 0x1, 0x0)

5.117485447s ago: executing program 3 (id=1016):
r0 = gettid()
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000009c0000000b"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000500000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffc3, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000380)='sys_enter\x00', r2}, 0x18)
rt_sigtimedwait(&(0x7f0000000080)={[0x3ff]}, 0x0, 0x0, 0x8)
tkill(r0, 0x7)

5.066160441s ago: executing program 1 (id=1017):
r0 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffc000/0x3000)=nil, 0x3000}, 0x1})
syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000180)="5e73663bf4082f7c6cbecbf09d6dd7be5a06dfd64563f329c16f799d1836bfc45a7badc8faed24bb77c848723a43602d1fe0d236c062e105ec77ffd00fb243c3111dda42112650cc", 0x0, 0xfe2a)
ppoll(&(0x7f0000000280)=[{r1}], 0x1, 0x0, 0x0, 0x0)

5.014732145s ago: executing program 3 (id=1018):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000005000000020000000010"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000001000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b70300000000ffff850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[], 0x154}, 0x1, 0x0, 0x0, 0x28008000}, 0x0)

4.994227157s ago: executing program 3 (id=1020):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000680)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r1}, 0x10)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000940))

4.926026753s ago: executing program 3 (id=1021):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000340)='\x00', 0x9801)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f0000000080)='./file0/../file0/../file0/../file0\x00', &(0x7f00000000c0)='./file0\x00')

4.925861513s ago: executing program 3 (id=1022):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000b80)=0x400, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r0, &(0x7f00000003c0)="25d7", 0x2, 0x8014, 0x0, 0x0)

4.924958443s ago: executing program 3 (id=1032):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000400)={r0, 0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_udp_int(r1, 0x11, 0x67, &(0x7f0000000040)=0x456, 0x4)

4.866998588s ago: executing program 33 (id=1032):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000400)={r0, 0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_udp_int(r1, 0x11, 0x67, &(0x7f0000000040)=0x456, 0x4)

3.781033995s ago: executing program 1 (id=1035):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='./file0/../file0/../file0/../file0\x00')

3.749443708s ago: executing program 1 (id=1037):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
unshare(0x22000400)
fcntl$lock(r0, 0x6, &(0x7f0000002000)={0x1, 0x0, 0x200, 0x2})
fcntl$lock(r0, 0x26, &(0x7f00000031c0)={0x1, 0x0, 0x0, 0x5})
fcntl$lock(r0, 0x26, &(0x7f0000000080))
fcntl$lock(r0, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x3})

3.642205446s ago: executing program 1 (id=1026):
r0 = syz_clone3(&(0x7f0000001880)={0x100000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000500000002"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x18)
tgkill(r0, r0, 0x21)
wait4(r0, 0x0, 0x40000000, 0x0)

3.608848769s ago: executing program 34 (id=1026):
r0 = syz_clone3(&(0x7f0000001880)={0x100000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000500000002"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x18)
tgkill(r0, r0, 0x21)
wait4(r0, 0x0, 0x40000000, 0x0)

3.193551762s ago: executing program 6 (id=1046):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='consume_skb\x00', r0}, 0x10)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$tipc(r1, &(0x7f0000004440)={&(0x7f0000000ec0)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x2}}, 0x10, &(0x7f0000004340)=[{&(0x7f0000000f00)="34cbf9c55466da0eadc249236ab3cbf316717306be4c08c8c7da1f1ee04ab4b4eac14995ebdf620ff778a4e3452587e42a3c6aa1bd35dfd99f23b525893bc3b5f9f3bed1986bf8d0dddd7c5cdada611f9bf641e421ed71a842d84fa289a542f941d6e06b2b14e2a706ce30acf7d82f224f3e30cadd9d15f3dddbb29dbeb9f68fb68bedb91e0b1ef48832778fe36699c7ebf101659a8f476c4a065eac71d6d1e7fafc6f25ec2c9a8f431fe347a2d30e912c5b2397613ce784637ec71e37566eb0548b461f71028459c6f137c18737d58b56949d022bf1eaf486692bb76836a233c7879d740ad0beaf5159d3380442824f536a41bb22d08fe53952b9c6fed2605d53311c71b455655f96ea6a87e41e9211e90170b0a2b1a2098175ebcd33d517085d224122264cddadd82a3d11bc4a33ce66108b22b1abc6243d306d8f6b8a2ddb5373c190d8f859a3174a200936b079f85edcac7fc03fb993ec0ff8b83f1fd3f1b888d192d99c7ede5d381784d25410cccf1b0bf26a54f065e1e3ec59cc5704fb658fc980a0ac4287ef884ee82007554be3f1e163c81468d0c26c95e3e12393776e32800bb4f086f19080c4fca3d72e8569a5627ce98f2ae0bdb3ec42c23847d47e10b1c58da7e9cea990da842d96e3a51ed7d892f7b28a10486424a69a9109ebd4d7d5a3768400ac000a6d7556ca192e5cd45efb82001ac7b53e03036b6019a07ffb545cd3853e077f08a015f6232488c1139a9409c95ed005261e36b307406ba5714ef395129345866109341feb6c7c458ce08c147a983b46375ddb3621cee0312ba1a434bcd6081e1a8ae8b6d518988b9965faf9aff86df8173b93342cceaec357a100e59b4d66553633626b0b12e9622b8f8fdfe26545b87c57f8ce8609fb8e19b0f6d1cd64e8de85c7327f543b2f38cf3086b57f85e1aaa4add723e4bc4e3ea2c27acec1e545ae3fc870bd42422f6eaf17a1f82699c9cadf224ea1e5d1705b49118d91cc3731aeed60e41bf15a9613aeda8e63a29bc7a95b2d993d23269a310b91f69d16a71243c0f4080d3359f5ddd63c7032bef14ab25eb7df4b28b2132bcbf94a281c8f5de79885a6d679f145fca292b599bb09a1864726d86b65d4781408320b968e2224c23ce7a56d8892970043737ae47f071aaeb219716bc21e3304e301eb5cd32aea951a70621eb870214a72e6c474c3a20f5bd8e089ba16326cc9a80a1a4f5f0e8f58629e20b1c73eb8af330744b187a5cfdb410466378313700ca44eb6dcbc8f3d70f58e134202546f0b1a3b61a298f2a1184b1533bdad308fa2f960087e0f239d2ccbaee3889ddc1a2bea2183b98854d255a6f708909134fab83f42f13e7604f602e264f4a3b2b2a08c673c7ce2813218159b472d3b20ecbf26dd2f7b3ba5298a4ff7444ea0936e098c126f590b05e7697ed8a3d52ba1abc7285de2f160b9b081cb775a5ab77aad1bb98d47e3da53fc4c11d4db47de1e4e6f56ad671f5d8389b33260cc546e4f0bf34fec9b2abd209e6b89e6e381367774676ed6e6eaffe42b07241c276f3c84f17a0762de83eb769bdf28991ddbc23758f01c9ecfba4ab2ca2118fcedd7adde9ff47f643c13e3ad2f13b576985128f233e329fe269d5745cd2b30e5762452a4ff58fdec30623175f8d575ced1c43411e2869aadbe6f1e79a010bca334cb08d545bc2808f359b7777d1bb5675ee210574b9f72cdeb071e07eeaa0988086213a37a972647cf21d3a3bcbd7359da327bacad41b93c5e0e494669109dddcec781774f248f5663e4fac187d42ffccf68335de2adac4f8d3e1bf04b95a9464960186ed019773ffeda18f9827a61edc5fc4088eb0965cb1bd8af1185aa3972b8f73839b4611e303bcbc1f84a330f60fa0a7795ea3cffe0e338406533e12c7deef0b5906c513eab4619a8f02fdd65dcfb7297ef971c4601ad079f7ad38278ae3ff455b37d5492af546975535450693fd4593c8157b3fdb16fd3a106d2f1509d1c06dabb8933269d790a1c5e5f7bdd4a57e1e670d7043cfed88c365b5f8eefe530ef7da5322df981723332c088fce89c2ceee23b420f64332243b9c606d67d538810a94e0ffbd37a119d8fc4d6caec0def40e62613873c74feabde63e12cb2016c1d35cf1bb95bf59e01a63be8825cb3118b74b106f21eef5ee2f41e5fb39fdde058050f780d98ced247c66fc3a03ba04edaf14d698859ba303d511cf0845dc5e269aef2287770a247fd5ae1299b45819ff41725f9da3e4dab7770eb83992b53ae9a9de69e764f6e3aee3e27cfb1bacf531a91605894ae209da6d25872fb54bf36b2ed450b51aa8ee4875b9bc7e55753f61e12a323d301faceb2ecff0686b1359343a94774a6a098dc2df440725cd8331f527d4e22f8090d8879ef4765849705b99465d7ebdf661b81c303d13b87270dc1f227d5954fcbc93bbce6fde2a1f8d573d9cd8130c173a14706f1e9dabc4d16a5b003dd3239faf91769e25cf007b0623141e4e57f11746cd62f20d73956fa84c6a12e1756b6671a64bd7a474ba425907e1a61ba6d2ffa1149165a713a141bfec0f1af51afebdb84d5f14eb51acc284403627d6ce48fd028dc04e00ed963de37f85d155c33e2b4ceb09044c4f1c7791348216b674a8831a232a638f8bfb396fabbe1f880944bc5dcac55df8abc78f804306c88617acfd4adfbb5a055d3d3e91abb763ad84e701cc5679498e04600570f4b2e57c70542043dc590ab363215e6ab3f0bd89383748783d01c9227229edac723d4e2eaa061a44f2630691f25ca6093775183fdf432e01322203dd654b336670116a6a52a27ff2032b1103a4e4be0cc2fb05b24352d72e374e90cc3db2a5a691c7f6b8d1058d7730433c742d8ce52074318b1bce9bb104cf90c8b7f65293c2b74434661444f38d94d977e03433440517f6155a3cad2621c5502dd6148b867a40e6a40be4c8265ec2164b5257f06da1784e98991f42003ced4ba67c23b8c654b542d2d31168fd853cf56cc2c464d7a8a9fbcd2715968788f8527c597ab5f917753c1f1708d2c19972373c5a22af71847de22b9f1e9d38a04ea4dd291da3099cb836a696350bf1263c3c275c27b8b82f604625451a24490b0b5367c2fd05e699546ddf17709d2e2c2710f4361d9dd6e2de2b4353b7f4f8141f6f989dc1a798a974565978e4f9ec0c59a7dbc04bcab072c8513b9ca782c22cdd31fb116c10081740fd8f7d0cbd5c54f1069297f20b45d79bb9ace8e851a655fedf47b2dc76fd30b9ba9f09c9b50d6910ffcdec7078c36fe1e9b19dbb110197496349560a43c0ab42b4ce286643e73a92246ecb71e95ce0d54114772f8477c7d5604c1a52d2f680c5868cf08a2688dd9fef492a01836112cec824483e77da93d104a9e18d06bddf9a4007740a0537ac1a5e09900acc65d52680212a15b68b0ef887228e06f533c1ca95b8f9d81b9fc6608cb5bacf4b867922999c69d46048ec3f408866789f49fcb176fc99ed9d3e6c357ed2e3ce2665925773e5d86c2ceaf8f18519a00d9d2e19e9a6b16af0a53fd7df6974f5db00494460e7f3de6ff6b642859335e020513bb525adddabf0d7d6ae85e7e56e32ca8acc07fe86b7b445358966ba3914c1dfa7b814d9e846ff02a6a8c8f5713a0f727024b5d1ea7e4ce7c64f9b24dd3337a3df33714c5404403b0304b25a66fe3ac85083965877117b3d721e7922f0ac7e278feeb8dc09f58cbcfbb81b11d4699737f37ac240a24b9c4b2b587e68974f7ca5561856f32e389d32056f7d58e4de24c11bd5c5afaa441120370d0c48341e1b8146a6bbca8c15f23c155d2533e97a8e6496bc00533ec83be8488d020708d97385a03bcbf57cadc2c1e575e1ac134cdb5047f3f88eae0230751626cea1c85da9b74ddace668afebb2dc66d302ddf3c5f8f21ac0c0535d00839457e7cac9282a8e49d018b077e38ea512cf28eacff5d98e880abfb5af2e7c039d2e1f1edaad2642963ef29d715f754e2715caa6af046a298b285e3582d903be726b608619332e1a82be48b0f5adf6838f41ff776e5290de8269794bce8fb971267d036bd6bd30e42df918125d573ced78263251bcae2b7b40f1ba855b4f2472312ea8752c4a0e09468bd25615a6c00a9b44c484c5507b8400537f20890e9499ec94ed2b6aeff21e57c6e8a93d80097f85ac9316b03a5f768721bf7d041bb9a6a03eabd615e3c4d74f56c429d53b8fec4b5e86c5b311a6cd4a86f03e04dab25ad65b68a8b8d9053993fd2440ff2b81768213084c831d31a0f8c646aff9090b5463cbee452abd6318340ec41b50f1deba7ffb60b326751de3f6dbf9b17714299233d5c43071367ece2e53212e7f4e084fea60850d4d16908d9bbbb531fbf72143fdb62d1b40afde3d0b2ac2c94c32e456bbef62f8d677e332aec8ccc8eedbac61e7b89b32d57157a39ad5c456258d9c36db0edc82c2baead990ee78007ed89c8f450e92d5e209cc25f7c13f5909ca404fddbdbeff89cc42350c91e9f1fdf9753c6e95f71257f8cbb97838684461cd1244c938b9939a4e9c7727902b6f1a5434e0a06d3fc221771dd87572ae801c5ce6886122f0c91dae57440ffc7ace4e8e0041a1d245103aaadbfc2ecff622228daed2b0cd30f7f59b2617f6f0571ee4403d84e652d78b8e64d5450b6483ef70582dcda9351f2dddd3a4ac84f514f708d3af6242501bd041beae78e6b29b517b534148ea91ef85653fec824d6ddb0c0fa2555ab2564ba29227b1046b48a11ee0e6aafda9d0b80b0f05a8d057cbeb16264cb579aea3ba2b2000052d03c77844ab7c", 0xd4d}], 0x1}, 0x0)

3.177194774s ago: executing program 6 (id=1047):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000030000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x18}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10)
getitimer(0x0, &(0x7f000001a300))

3.134958187s ago: executing program 6 (id=1049):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000740)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r1}, 0x9)
r2 = add_key$keyring(&(0x7f0000000340), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$restrict_keyring(0xa, r2, &(0x7f0000000300)='asymmetric\x00', &(0x7f0000000400)='ex\x0f\xac\xd1\xeb\xf4\xd8&w\xef\x9f`T3%\xfa\xbf\xef\xeb\x8e1w\xfd')

3.121775948s ago: executing program 6 (id=1050):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TCFLSH(r0, 0x400455c8, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
ioctl$sock_bt_hci(r1, 0x400448de, &(0x7f0000000440))

1.383576948s ago: executing program 4 (id=1065):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f00000008c0)={0xc0})
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x100)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

1.370371609s ago: executing program 4 (id=1066):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x44})
readv(r1, &(0x7f0000002140)=[{&(0x7f00000000c0)=""/4096, 0x1000}], 0x1)

1.004199019s ago: executing program 6 (id=1071):
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r0 = gettid()
process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)
mremap(&(0x7f000046d000/0x4000)=nil, 0x4000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
madvise(&(0x7f000042f000/0x800000)=nil, 0x800000, 0x15)

521.125118ms ago: executing program 4 (id=1072):
r0 = syz_open_dev$loop(&(0x7f0000000440), 0x7, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.effective_cpus\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000005c0)={r1, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}})
r2 = syz_open_dev$loop(&(0x7f0000000300), 0x8f, 0x0)
ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f0000001280)={r1, 0x0, {0x2a12, 0x80010000, 0x0, 0x0, 0x20000000000008, 0x0, 0x0, 0xe, 0x0, "fee8a2ab78fc179fd1f8a0e91ddaaca7ca64c6a4b4e00d9683dda1af01000000deff1200100000000000000000000000000800", "2809e8dbe1b22d0000cbc8deff3c7540f476779e0117613dd40700000300000000000002f8000000000000000800000000faffffff00", "e7460000102000000000e4440000002000000000000000000000008bd02800", [0xe4]}})
ioctl$LOOP_CHANGE_FD(r2, 0x4c06, r0)

520.611348ms ago: executing program 0 (id=1083):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x50)

520.264218ms ago: executing program 6 (id=1073):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000), 0x20000328)
getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, 0x0, &(0x7f0000000080))
getsockopt$IPT_SO_GET_ENTRIES(r0, 0x0, 0x41, 0x0, &(0x7f0000000dc0)=0xf0)

457.212073ms ago: executing program 7 (id=1074):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x5)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe2000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, 0x0}], 0x1, 0x56, &(0x7f00000000c0)=[@vmwrite={0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x800000c}], 0x1)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_GET_NESTED_STATE(r2, 0xc080aebe, &(0x7f0000002240)={{0x0, 0x0, 0xffdd, {0x0, 0x1000}}})

445.425824ms ago: executing program 4 (id=1075):
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$inet_opts(r0, 0x0, 0xd, &(0x7f00000008c0)=';', 0x1)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000200)=0x632a, 0x4)
setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000000)=0xb2, 0x4)
sendmmsg$inet6(r0, &(0x7f0000000e00)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c, 0x0}}], 0x1, 0x0)
recvmmsg(r0, &(0x7f0000003880)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=""/13, 0xd}}], 0x1, 0x12141, 0x0)

391.568948ms ago: executing program 4 (id=1077):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10)
getegid()

347.182282ms ago: executing program 4 (id=1078):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x304e29ea162c174f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x18)
r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io(r1, &(0x7f0000000840)={0x2c, &(0x7f0000000700)={0x20, 0xd, 0x7, {0x7, 0xe, "c1b033c736"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)

346.098371ms ago: executing program 5 (id=1090):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000180)='netlink_extack\x00', r0}, 0x10)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@newqdisc={0x78, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x3c, 0x2, [@TCA_FQ_CODEL_LIMIT={0x8, 0x2, 0x10}, @TCA_FQ_CODEL_LIMIT={0x8, 0x2, 0x2}, @TCA_FQ_CODEL_INTERVAL={0x8, 0x3, 0x6400}, @TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x3}, @TCA_FQ_CODEL_ECN, @TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x8}, @TCA_FQ_CODEL_ECN={0x8}]}}, @TCA_RATE={0x6, 0x5, {0x4}}]}, 0x78}, 0x1, 0x0, 0x0, 0x40}, 0x0)

309.513525ms ago: executing program 0 (id=1079):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x6, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000e50000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300001e334185850000007300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

282.038807ms ago: executing program 5 (id=1080):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r1, 0x1, 0x28, &(0x7f0000000000)=0x6a, 0x4)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'ip6_vti0\x00', <r2=>0x0})
sendto$packet(r0, &(0x7f0000000180)="10030600e0fc020004004788aa96a13bb100001100007fca1a00", 0x10608, 0x0, &(0x7f0000000140)={0x11, 0x0, r2}, 0x14)

281.384877ms ago: executing program 0 (id=1082):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'veth0_to_team\x00', <r2=>0x0})
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000240)='kfree\x00', r3}, 0x10)
sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000400)={0x30, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_PRIVFLAGS_FLAGS={0x10, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x4}, @ETHTOOL_A_BITSET_SIZE={0x8}]}, @ETHTOOL_A_PRIVFLAGS_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x24000011}, 0x0)

251.085399ms ago: executing program 7 (id=1084):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000004c0)=@bpf_lsm={0x6, 0x6, &(0x7f0000000040)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x2, 0xdd, &(0x7f00000001c0)=""/221, 0x0, 0x20}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="68000000180001002dbd7000fcdbdf2502201428ff00ff05"], 0x68}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000000000000001000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000280)='netlink_extack\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)=ANY=[], 0x114}], 0x1, 0x0, 0x0, 0x4000000}, 0x8040)

239.99871ms ago: executing program 0 (id=1085):
syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x20, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000840)={[{@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0xc)
getdents64(r0, 0x0, 0x31)

199.988794ms ago: executing program 5 (id=1086):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x0)
r1 = openat$incfs(r0, &(0x7f0000000000)='.pending_reads\x00', 0x0, 0x0)
ioctl$TIOCL_GETKMSGREDIRECT(r1, 0x40106726, &(0x7f00000000c0))

199.493024ms ago: executing program 0 (id=1087):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000010000000a00000008"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000200), &(0x7f0000000240)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f0000000680)='sched_switch\x00', r2, 0x0, 0x2000000000010000}, 0x18)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f00000002c0)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffc}, [@call={0x85, 0x0, 0x0, 0x36}]}, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x100, 0x8, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)

177.813405ms ago: executing program 7 (id=1088):
r0 = openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="09000000070000002a00000005"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
write$selinux_access(r0, &(0x7f00000002c0)={'system_u:object_r:gpg_agent_exec_t:s0', 0x20, 'unconfined', 0x20, 0x3}, 0x46)

177.462395ms ago: executing program 5 (id=1089):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_opts(r0, 0x29, 0x4d, &(0x7f0000000140)=ANY=[@ANYRESDEC], 0x8)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r1, &(0x7f0000000100)={0xa, 0xffff, 0x0, @mcast2, 0x9}, 0x1c)
sendto$inet6(r1, &(0x7f0000000300), 0x5aa, 0x0, 0x0, 0xfffffffffffffdfd)
recvmmsg(r0, &(0x7f0000006fc0)=[{{&(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev}}}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000180)=""/126, 0x7e}, {&(0x7f0000001500)=""/4096, 0x1000}], 0x2, &(0x7f0000000200)=""/61, 0x3d}, 0x6}, {{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000240)=""/221, 0xdd}, {&(0x7f0000000340)=""/20, 0x14}, {&(0x7f0000000380)=""/254, 0xfe}, {&(0x7f0000000540)=""/193, 0xc1}, {&(0x7f0000002500)=""/4096, 0x1000}, {&(0x7f0000000640)=""/110, 0x6e}, {&(0x7f00000006c0)=""/143, 0x8f}], 0x7, &(0x7f00000008c0)=""/28, 0x1c}, 0x33}, {{&(0x7f0000000900)=@phonet, 0x80, &(0x7f0000000980)=[{&(0x7f0000003500)=""/4096, 0x1000}], 0x1, &(0x7f00000009c0)=""/103, 0x67}, 0x3c}, {{&(0x7f0000000a40)=@ieee802154={0x24, @short}, 0x80, &(0x7f0000000b00)=[{&(0x7f0000000ac0)=""/22, 0x16}], 0x1, &(0x7f0000000b40)=""/23, 0x8}, 0x9}, {{&(0x7f0000000b80)=@l2tp6, 0x80, &(0x7f0000000c40)=[{&(0x7f0000000c00)=""/9, 0x9}], 0x1, &(0x7f0000000c80)=""/38, 0x26}, 0x10}, {{0x0, 0x0, &(0x7f00000010c0)=[{&(0x7f0000000cc0)=""/60, 0x3c}, {&(0x7f0000000d00)=""/75, 0x4b}, {&(0x7f0000000d80)=""/41, 0x29}, {&(0x7f0000000dc0)=""/199, 0xc7}, {&(0x7f0000000ec0)=""/144, 0x90}, {&(0x7f0000000f80)=""/77, 0x4d}, {&(0x7f0000001000)=""/179, 0xb3}], 0x7, &(0x7f0000001140)=""/58, 0x3a}, 0x101}, {{&(0x7f0000001180)=@phonet, 0x80, &(0x7f0000006880)=[{&(0x7f0000001200)=""/112, 0x70}, {&(0x7f0000001280)=""/120, 0x78}, {&(0x7f0000001300)=""/157, 0x9d}, {&(0x7f0000004500)=""/4096, 0x1000}, {&(0x7f00000013c0)=""/3, 0x3}, {&(0x7f0000005580)=""/123, 0x7b}, {&(0x7f0000005600)=""/127, 0x7f}, {&(0x7f0000005680)=""/4096, 0x1000}, {&(0x7f0000006680)=""/248, 0xf8}, {&(0x7f0000006780)=""/229, 0xe5}], 0xa}, 0x8}, {{&(0x7f0000006940)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @remote}}}, 0x80, &(0x7f0000006ec0)=[{&(0x7f0000001440)=""/3, 0x3}, {&(0x7f0000005500)=""/9, 0x9}, {&(0x7f00000069c0)=""/228, 0xe4}, {&(0x7f0000006ac0)=""/245, 0xf5}, {&(0x7f0000006bc0)=""/213, 0xd5}, {&(0x7f0000006cc0)=""/156, 0x9c}, {&(0x7f0000006d80)=""/89, 0x59}, {&(0x7f0000006e00)=""/122, 0x7a}, {&(0x7f0000006e80)=""/33, 0x21}], 0x9, &(0x7f0000006f80)=""/59, 0x3b}, 0x7}], 0x8, 0x4001058a, 0x0)

141.618498ms ago: executing program 0 (id=1091):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlockall(0x3)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
mprotect(&(0x7f0000023000/0x3000)=nil, 0x3000, 0x3)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

141.352698ms ago: executing program 5 (id=1092):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x5, 0x4, 0x8, 0xb, 0x0, 0x1}, 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x49, 0x1}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r0}, &(0x7f0000000540), &(0x7f0000000200)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xd, &(0x7f00000004c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @call={0x85, 0x0, 0x0, 0x23}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)

135.256859ms ago: executing program 7 (id=1093):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000240)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[], [], 0x6b}})

98.119102ms ago: executing program 7 (id=1094):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x5}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r0}, &(0x7f0000000800), &(0x7f0000000840)=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
setxattr$security_selinux(&(0x7f0000000100)='.\x00', &(0x7f0000000140), &(0x7f0000000180)='system_u:object_r:man_t:s0\x00', 0x1b, 0x2)

162.64µs ago: executing program 7 (id=1095):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x7a, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902680002010040000904000001020e0000052406000105240000000d370f0100000000000000000006241a0000000c241b4800f3ff00050080050905810300020000000904010000020d00000904010102020d0000090582020004000000090503020002"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000000)={0x44, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x20, 0x80, 0x1c, {0x3, 0x9, 0xe68, 0x3, 0x802, 0x3865, 0x8, 0xe00, 0x1000, 0x5, 0x65cb, 0x81}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)

0s ago: executing program 5 (id=1096):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d1afb640cf24e459220900000001090212ad8c0000000009042100000806"], 0x0)

kernel console output (not intermixed with test programs):

FB:0000:0054.0004: unknown main item tag 0x0
[   47.233822][  T287] usb 5-1: new full-speed USB device number 4 using dummy_hcd
[   47.240044][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.240071][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.248048][  T350] bridge0: port 1(bridge_slave_0) entered disabled state
[   47.254947][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.291591][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.299152][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.299391][  T350] device veth1_macvtap left promiscuous mode
[   47.306672][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.306730][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.313233][  T350] device veth0_vlan left promiscuous mode
[   47.320240][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.341260][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.348827][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.356256][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.363707][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.366740][    T6] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[   47.371140][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.386289][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.393772][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.401227][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.408746][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.416142][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.423697][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.431189][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.438627][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.439833][  T287] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[   47.446114][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.446141][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.458242][  T287] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[   47.464877][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.484935][  T287] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64
[   47.490380][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.508594][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.516054][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.523443][  T287] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 28865, setting to 64
[   47.535818][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.543569][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.544512][  T287] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   47.551392][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.564148][  T287] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   47.567762][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.576234][  T287] usb 5-1: Product: syz
[   47.583629][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.588348][  T287] usb 5-1: Manufacturer: syz
[   47.595459][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.600115][  T287] usb 5-1: SerialNumber: syz
[   47.607458][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.617527][    T6] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   47.619792][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.636066][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.637421][  T832] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[   47.643613][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.650902][    T6] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   47.658144][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.673894][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.674309][  T287] cdc_mbim 5-1:1.0: skipping garbage
[   47.681515][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.681540][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.696622][    T6] usb 4-1: Product: syz
[   47.701788][  T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   47.706728][    T6] usb 4-1: Manufacturer: syz
[   47.713545][  T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   47.718016][    T6] usb 4-1: SerialNumber: syz
[   47.725086][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.732101][  T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   47.746238][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.748442][  T340] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   47.762197][  T340] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.765392][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.769254][  T340] bridge0: port 1(bridge_slave_0) entered forwarding state
[   47.770645][  T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   47.784330][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.792797][  T340] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   47.808819][  T340] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.809465][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.815879][  T340] bridge0: port 2(bridge_slave_1) entered forwarding state
[   47.823451][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.839781][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.839857][  T340] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   47.847584][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.855332][  T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   47.862498][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.872490][  T340] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   47.878249][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.886821][  T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   47.901760][  T340] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   47.906224][  T832] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[   47.917071][  T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   47.917158][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.925815][  T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   47.932810][  T832] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[   47.946086][  T823] device veth0_vlan entered promiscuous mode
[   47.948477][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.955047][  T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   47.961831][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.970474][  T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   47.977421][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.992379][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   47.994684][  T340] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   48.001420][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.009642][  T340] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   48.016868][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.024407][  T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   48.031546][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.049518][  T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   48.056663][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.059060][  T823] device veth1_macvtap entered promiscuous mode
[   48.065647][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.080621][  T340] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   48.086450][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.090717][  T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   48.096771][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.105228][  T340] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   48.112639][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.121425][  T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   48.128381][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.144252][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.151923][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.159403][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.166863][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.174375][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.195547][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.203050][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.210588][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.218112][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.225592][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.233057][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.240491][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.247988][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.255367][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.262943][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.270435][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.277895][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.285388][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.293102][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.300869][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.308477][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.316254][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.323650][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.331178][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.338614][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.346097][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.353534][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.360970][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.368514][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.375922][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.383452][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.390908][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.398346][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.405739][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.413183][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.420610][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.428337][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.435852][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.443275][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.451235][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.458667][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.466050][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.473776][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.481448][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.489142][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.496708][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.504326][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.511787][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.519654][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.527453][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.535231][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.543606][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.551459][   T24] hid-generic FFFB:0000:0054.0004: unknown main item tag 0x0
[   48.562718][   T24] hid-generic FFFB:0000:0054.0004: hidraw0: <UNKNOWN> HID v80.01 Device [syz1] on syz1
[   48.596554][  T832] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[   48.614516][  T832] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[   48.633652][  T858] fido_id[858]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[   48.670236][  T870] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[   48.744871][    T6] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42
[   48.754858][    T6] cdc_ncm 4-1:1.0: setting tx_max = 184
[   48.834289][  T287] cdc_mbim 5-1:1.0: bind() failure
[   48.846646][  T287] cdc_ncm: probe of 5-1:1.1 failed with error -71
[   48.864401][  T287] cdc_mbim: probe of 5-1:1.1 failed with error -71
[   48.872280][  T879] netlink: 'syz.1.214': attribute type 12 has an invalid length.
[   48.887785][  T287] usb 5-1: USB disconnect, device number 4
[   48.894667][  T879] netlink: 'syz.1.214': attribute type 29 has an invalid length.
[   48.923380][  T879] netlink: 148 bytes leftover after parsing attributes in process `syz.1.214'.
[   48.940294][  T869] loop0: detected capacity change from 0 to 40427
[   48.949795][  T879] netlink: 'syz.1.214': attribute type 2 has an invalid length.
[   48.969459][  T869] F2FS-fs (loop0): invalid crc value
[   48.977781][  T879] netlink: 23 bytes leftover after parsing attributes in process `syz.1.214'.
[   48.988380][  T880] netlink: 'syz.1.214': attribute type 12 has an invalid length.
[   48.998280][  T869] F2FS-fs (loop0): Found nat_bits in checkpoint
[   49.008394][  T880] netlink: 'syz.1.214': attribute type 29 has an invalid length.
[   49.030749][  T880] netlink: 148 bytes leftover after parsing attributes in process `syz.1.214'.
[   49.053449][  T880] netlink: 'syz.1.214': attribute type 2 has an invalid length.
[   49.061860][  T869] F2FS-fs (loop0): Start checkpoint disabled!
[   49.069145][  T880] netlink: 23 bytes leftover after parsing attributes in process `syz.1.214'.
[   49.079180][  T869] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[   49.096847][    T6] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[   49.144113][    T6] usb 4-1: USB disconnect, device number 3
[   49.176682][    T6] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM (NO ZLP)
[   49.295145][  T340] kworker/u4:3: attempt to access beyond end of device
[   49.295145][  T340] loop0: rw=1, sector=77824, nr_sectors = 3312 limit=40427
[   49.313217][  T340] kworker/u4:3: attempt to access beyond end of device
[   49.313217][  T340] loop0: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[   49.327233][  T871] loop5: detected capacity change from 0 to 131072
[   49.347029][  T871] F2FS-fs (loop5): invalid crc value
[   49.388701][  T871] F2FS-fs (loop5): Found nat_bits in checkpoint
[   49.494622][  T910] device wireguard0 entered promiscuous mode
[   49.494632][  T871] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[   49.525046][  T915] IPv6: sit1: Disabled Multicast RS
[   49.570716][  T871] syz.5.209 (pid 871) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[   49.639288][  T930] syz.3.224[930] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   49.639375][  T930] syz.3.224[930] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   49.685570][   T60] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[   49.710851][  T939] loop4: detected capacity change from 0 to 512
[   49.743197][  T939] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[   49.745458][  T945] loop3: detected capacity change from 0 to 512
[   49.752808][  T939] ext4 filesystem being mounted at /36/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   49.764955][  T945] EXT4-fs: Ignoring removed oldalloc option
[   49.810740][  T945] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   49.830848][  T286] EXT4-fs (loop4): unmounting filesystem.
[   49.837063][  T945] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   49.876557][  T945] EXT4-fs (loop3): 1 truncate cleaned up
[   49.879818][   T28] kauditd_printk_skb: 22 callbacks suppressed
[   49.879832][   T28] audit: type=1400 audit(1755179369.707:250): avc:  denied  { create } for  pid=949 comm="syz.4.229" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[   49.882482][  T945] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[   49.920229][   T60] usb 2-1: Using ep0 maxpacket: 32
[   49.925992][   T28] audit: type=1400 audit(1755179369.747:251): avc:  denied  { read } for  pid=949 comm="syz.4.229" path="socket:[18858]" dev="sockfs" ino=18858 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[   49.957258][   T60] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   49.975459][   T60] usb 2-1: config 0 has no interfaces?
[   49.981135][   T60] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[   49.986017][  T284] EXT4-fs (loop3): unmounting filesystem.
[   49.990468][   T60] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   50.020493][   T60] usb 2-1: config 0 descriptor??
[   50.043502][   T28] audit: type=1400 audit(1755179369.867:252): avc:  denied  { ioctl } for  pid=955 comm="syz.3.231" path="/58/file0/.pending_reads" dev="incremental-fs" ino=2 ioctlcmd=0x6721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   50.147048][  T970] loop3: detected capacity change from 0 to 4096
[   50.155166][  T970] EXT4-fs (loop3): Test dummy encryption mode enabled
[   50.165252][  T970] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[   50.174433][  T970] System zones: 0-5
[   50.178958][  T970] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[   50.203526][  T284] EXT4-fs (loop3): unmounting filesystem.
[   50.243609][   T60] usb 2-1: USB disconnect, device number 5
[   50.312939][  T973] loop3: detected capacity change from 0 to 40427
[   50.322387][  T973] F2FS-fs (loop3): Invalid SB checksum offset: 0
[   50.329073][  T973] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[   50.338517][  T973] F2FS-fs (loop3): invalid crc value
[   50.345792][  T973] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[   50.370240][  T973] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[   50.377596][  T973] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   50.407282][  T284] syz-executor: attempt to access beyond end of device
[   50.407282][  T284] loop3: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[   50.539100][  T989] syz.0.246[989] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   50.539176][  T989] syz.0.246[989] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   50.790217][   T28] audit: type=1400 audit(1755179626.613:253): avc:  denied  { bind } for  pid=996 comm="syz.1.249" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   50.833021][   T28] audit: type=1400 audit(1755179626.613:254): avc:  denied  { read } for  pid=997 comm="syz.4.250" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   50.855092][   T28] audit: type=1400 audit(1755179626.653:255): avc:  denied  { ioctl } for  pid=996 comm="syz.1.249" path="socket:[18142]" dev="sockfs" ino=18142 ioctlcmd=0x48e6 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   50.882741][   T28] audit: type=1400 audit(1755179626.663:256): avc:  denied  { write } for  pid=997 comm="syz.4.250" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   50.968868][  T995] loop3: detected capacity change from 0 to 131072
[   50.989325][  T995] F2FS-fs (loop3): Wrong CP boundary, start(512) end(1536) blocks(0)
[   51.013597][  T995] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[   51.024319][  T995] F2FS-fs (loop3): invalid crc value
[   51.031552][  T995] F2FS-fs (loop3): Found nat_bits in checkpoint
[   51.056804][  T995] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[   51.064585][  T995] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[   51.098350][   T28] audit: type=1400 audit(1755179626.923:257): avc:  denied  { mounton } for  pid=994 comm="syz.3.248" path="/69/file2/file1" dev="loop3" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   51.125628][   T28] audit: type=1400 audit(1755179626.953:258): avc:  denied  { read } for  pid=1011 comm="syz.5.252" name="loop-control" dev="devtmpfs" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[   51.161067][   T28] audit: type=1400 audit(1755179626.953:259): avc:  denied  { open } for  pid=1011 comm="syz.5.252" path="/dev/loop-control" dev="devtmpfs" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[   51.407175][ T1023] SELinux: failed to load policy
[   51.551283][ T1035] netlink: 8 bytes leftover after parsing attributes in process `syz.5.261'.
[   51.760042][ T1038] loop5: detected capacity change from 0 to 40427
[   51.788430][ T1038] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[   51.813676][ T1038] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[   51.844748][ T1038] F2FS-fs (loop5): Found nat_bits in checkpoint
[   51.887804][ T1038] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[   51.896493][ T1038] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[   51.927626][    T6] hid-generic 0000:0004:0000.0005: unknown main item tag 0x0
[   51.941820][    T6] hid-generic 0000:0004:0000.0005: unknown main item tag 0x0
[   51.953930][    T6] hid-generic 0000:0004:0000.0005: unknown main item tag 0x0
[   51.963037][ T1038] F2FS-fs (loop5): invalid namelen(0), ino:0, run fsck to fix.
[   51.963060][ T1038] F2FS-fs (loop5): invalid namelen(0), ino:0, run fsck to fix.
[   51.963871][    T6] hid-generic 0000:0004:0000.0005: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[   51.971932][ T1038] F2FS-fs (loop5): invalid namelen(0), ino:0, run fsck to fix.
[   51.993556][ T1038] F2FS-fs (loop5): invalid namelen(0), ino:0, run fsck to fix.
[   52.005961][ T1038] F2FS-fs (loop5): invalid namelen(0), ino:0, run fsck to fix.
[   52.013938][ T1065] fido_id[1065]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[   52.015913][ T1067] syz.0.272[1067] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   52.041659][ T1038] F2FS-fs (loop5): invalid namelen(0), ino:0, run fsck to fix.
[   52.054425][ T1038] F2FS-fs (loop5): invalid namelen(0), ino:0, run fsck to fix.
[   52.064414][ T1067] syz.0.272[1067] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   52.211366][ T1079] loop4: detected capacity change from 0 to 1024
[   52.235463][ T1079] EXT4-fs: Ignoring removed oldalloc option
[   52.288960][ T1079] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[   52.330065][  T286] EXT4-fs (loop4): unmounting filesystem.
[   52.364089][ T1038] F2FS-fs (loop5): Start checkpoint disabled!
[   52.407744][ T1090] device wireguard0 entered promiscuous mode
[   52.525945][ T1095] loop4: detected capacity change from 0 to 512
[   52.536130][ T1095] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[   52.550560][ T1095] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a003c11c, mo2=0002]
[   52.559044][ T1095] System zones: 1-12
[   52.568471][ T1099] netlink: 8 bytes leftover after parsing attributes in process `syz.5.283'.
[   52.573660][ T1095] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2195: inode #15: comm syz.4.282: corrupted in-inode xattr
[   52.599673][ T1095] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.282: couldn't read orphan inode 15 (err -117)
[   52.614253][ T1095] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[   52.636555][ T1095] process 'syz.4.282' launched './mnt' with NULL argv: empty string added
[   52.646141][   T24] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[   52.663788][  T286] EXT4-fs (loop4): unmounting filesystem.
[   52.671787][ T1105] netlink: 'syz.0.286': attribute type 2 has an invalid length.
[   52.834419][   T24] usb 4-1: Using ep0 maxpacket: 16
[   52.842855][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 78, changing to 10
[   52.859988][   T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   52.870167][   T24] usb 4-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00
[   52.880986][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   52.894726][   T24] usb 4-1: config 0 descriptor??
[   53.023218][ T1150] loop5: detected capacity change from 0 to 512
[   53.089884][ T1150] EXT4-fs warning (device loop5): ext4_enable_quotas:7053: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[   53.124683][ T1164] loop1: detected capacity change from 0 to 512
[   53.136462][ T1164] EXT4-fs: Ignoring removed i_version option
[   53.145283][ T1150] EXT4-fs (loop5): mount failed
[   53.152257][ T1164] EXT4-fs error (device loop1): ext4_orphan_get:1400: comm syz.1.313: inode #13: comm syz.1.313: iget: illegal inode #
[   53.169597][ T1164] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.313: couldn't read orphan inode 13 (err -117)
[   53.184934][ T1164] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   53.238322][  T285] EXT4-fs (loop1): unmounting filesystem.
[   53.310686][   T24] uclogic 0003:5543:0781.0006: item fetching failed at offset 4/5
[   53.335840][   T24] uclogic 0003:5543:0781.0006: parse failed
[   53.352123][   T24] uclogic: probe of 0003:5543:0781.0006 failed with error -22
[   53.383584][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   53.387393][ T1189] loop1: detected capacity change from 0 to 4096
[   53.399793][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   53.408577][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   53.412448][ T1189] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   53.417293][  T287] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[   53.443096][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   53.452412][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   53.461997][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   53.472095][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   53.481389][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   53.491165][  T285] ------------[ cut here ]------------
[   53.491184][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   53.496957][  T285] WARNING: CPU: 1 PID: 285 at fs/overlayfs/util.c:489 ovl_dir_modified+0x189/0x1c0
[   53.496995][  T285] Modules linked in:
[   53.497004][  T285] CPU: 1 PID: 285 Comm: syz-executor Tainted: G        W          6.1.145-syzkaller-00002-gc750dc582629 #0
[   53.497021][  T285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   53.497031][  T285] RIP: 0010:ovl_dir_modified+0x189/0x1c0
[   53.504942][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   53.514264][  T285] Code: 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 ee 33 a5 ff 49 ff 06 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 87 d0 60 ff <0f> 0b e9 17 ff ff ff e8 7b d0 60 ff 0f 0b e9 51 ff ff ff 44 89 e1
[   53.519587][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   53.531261][  T285] RSP: 0018:ffffc9000dabfb20 EFLAGS: 00010293
[   53.543533][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   53.551567][  T285] 
[   53.551578][  T285] RAX: ffffffff820f31f9 RBX: 1ffff110235b2b5a RCX: ffff88810c536540
[   53.551595][  T285] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   53.551605][  T285] RBP: ffffc9000dabfb50 R08: dffffc0000000000 R09: ffffed10235c5769
[   53.551616][  T285] R10: ffffed10235c5769 R11: 1ffff110235c5768 R12: ffff88811ad95aa0
[   53.551626][  T285] R13: 0000000000000000 R14: ffff88811ae2baa0 R15: ffff88811ad95ad0
[   53.551636][  T285] FS:  000055556d949500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[   53.551650][  T285] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   53.551662][  T285] CR2: 000055556d974528 CR3: 000000012f64f000 CR4: 00000000003526a0
[   53.551675][  T285] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   53.551683][  T285] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   53.551692][  T285] Call Trace:
[   53.551696][  T285]  <TASK>
[   53.551704][  T285]  ovl_do_remove+0x79e/0xba0
[   53.551728][  T285]  ? ovl_set_redirect+0x6c0/0x6c0
[   53.551743][  T285]  ? selinux_inode_rmdir+0x22/0x30
[   53.597124][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   53.605613][  T285]  ovl_rmdir+0x1a/0x20
[   53.626501][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   53.636136][  T285]  vfs_rmdir+0x393/0x500
[   53.636168][  T285]  incfs_kill_sb+0x105/0x220
[   53.646319][  T287] usb 5-1: Using ep0 maxpacket: 8
[   53.655136][  T285]  deactivate_locked_super+0xb5/0x120
[   53.691638][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   53.702418][  T285]  deactivate_super+0xaf/0xe0
[   53.702450][  T285]  cleanup_mnt+0x45f/0x4e0
[   53.702471][  T285]  __cleanup_mnt+0x19/0x20
[   53.706239][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   53.709239][  T285]  task_work_run+0x1db/0x240
[   53.709265][  T285]  ? __cfi_task_work_run+0x10/0x10
[   53.709282][  T285]  ? __x64_sys_umount+0x125/0x160
[   53.714250][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   53.719350][  T285]  ? __cfi___x64_sys_umount+0x10/0x10
[   53.719383][  T285]  exit_to_user_mode_loop+0x9b/0xb0
[   53.719400][  T285]  exit_to_user_mode_prepare+0x5a/0xa0
[   53.719433][  T285]  syscall_exit_to_user_mode+0x1a/0x30
[   53.725042][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   53.733643][  T285]  do_syscall_64+0x58/0xa0
[   53.733683][  T285]  ? clear_bhb_loop+0x30/0x80
[   53.738070][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   53.745406][  T285]  ? clear_bhb_loop+0x30/0x80
[   53.745430][  T285]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   53.745447][  T285] RIP: 0033:0x7fa9b2b8ff17
[   53.749962][  T287] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[   53.754463][  T285] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[   53.754485][  T285] RSP: 002b:00007ffc05affe68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   53.754503][  T285] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fa9b2b8ff17
[   53.766690][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   53.774327][  T285] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc05afff20
[   53.774346][  T285] RBP: 00007ffc05afff20 R08: 0000000000000000 R09: 0000000000000000
[   53.774355][  T285] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc05b01010
[   53.774366][  T285] R13: 00007fa9b2c11c05 R14: 000000000000d0d6 R15: 00007ffc05b020e0
[   53.774381][  T285]  </TASK>
[   53.774387][  T285] ---[ end trace 0000000000000000 ]---
[   53.785909][  T287] usb 5-1: config 179 has no interface number 0
[   53.791102][  T285] ------------[ cut here ]------------
[   53.804243][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   53.804272][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   53.811022][  T285] WARNING: CPU: 1 PID: 285 at fs/overlayfs/util.c:489 ovl_dir_modified+0x189/0x1c0
[   53.811061][  T285] Modules linked in:
[   53.817554][  T287] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[   53.826850][  T285] CPU: 1 PID: 285 Comm: syz-executor Tainted: G        W          6.1.145-syzkaller-00002-gc750dc582629 #0
[   53.832744][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   53.839975][  T285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   53.839992][  T285] RIP: 0010:ovl_dir_modified+0x189/0x1c0
[   53.847853][  T287] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[   53.854338][  T285] Code: 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 ee 33 a5 ff 49 ff 06 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 87 d0 60 ff <0f> 0b e9 17 ff ff ff e8 7b d0 60 ff 0f 0b e9 51 ff ff ff 44 89 e1
[   53.862918][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   53.867404][  T285] RSP: 0018:ffffc9000dabfb20 EFLAGS: 00010293
[   53.873763][  T287] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[   53.882039][  T285] 
[   53.882047][  T285] RAX: ffffffff820f31f9 RBX: 1ffff110235b2b5a RCX: ffff88810c536540
[   53.882061][  T285] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   53.882071][  T285] RBP: ffffc9000dabfb50 R08: dffffc0000000000 R09: ffffed10235c5769
[   53.888614][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   53.894558][  T285] R10: ffffed10235c5769 R11: 1ffff110235c5768 R12: ffff88811ad95aa0
[   53.894581][  T285] R13: 0000000000000000 R14: ffff88811ae2baa0 R15: ffff88811ad95ad0
[   53.899777][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   53.908562][  T285] FS:  000055556d949500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[   53.908589][  T285] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   53.908601][  T285] CR2: 000055556d974528 CR3: 000000012f64f000 CR4: 00000000003526a0
[   53.908615][  T285] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   53.930831][  T287] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[   53.939326][  T285] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   53.947928][  T287] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[   53.956821][  T285] Call Trace:
[   53.956834][  T285]  <TASK>
[   53.965315][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   53.974512][  T285]  ovl_do_remove+0x79e/0xba0
[   53.984033][  T287] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[   53.994121][  T285]  ? ovl_set_redirect+0x6c0/0x6c0
[   53.994150][  T285]  ? selinux_inode_rmdir+0x22/0x30
[   53.994166][  T285]  ovl_rmdir+0x1a/0x20
[   53.998110][  T287] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   54.004266][  T285]  vfs_rmdir+0x393/0x500
[   54.011358][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   54.016756][  T285]  incfs_kill_sb+0x198/0x220
[   54.027467][ T1166] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[   54.034669][  T285]  deactivate_locked_super+0xb5/0x120
[   54.047797][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   54.052752][  T285]  deactivate_super+0xaf/0xe0
[   54.052787][  T285]  cleanup_mnt+0x45f/0x4e0
[   54.070369][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   54.078966][  T285]  __cleanup_mnt+0x19/0x20
[   54.079000][  T285]  task_work_run+0x1db/0x240
[   54.079018][  T285]  ? __cfi_task_work_run+0x10/0x10
[   54.079035][  T285]  ? __x64_sys_umount+0x125/0x160
[   54.087735][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   54.099837][  T285]  ? __cfi___x64_sys_umount+0x10/0x10
[   54.099871][  T285]  exit_to_user_mode_loop+0x9b/0xb0
[   54.099889][  T285]  exit_to_user_mode_prepare+0x5a/0xa0
[   54.099908][  T285]  syscall_exit_to_user_mode+0x1a/0x30
[   54.108210][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   54.119980][  T285]  do_syscall_64+0x58/0xa0
[   54.120015][  T285]  ? clear_bhb_loop+0x30/0x80
[   54.120032][  T285]  ? clear_bhb_loop+0x30/0x80
[   54.120047][  T285]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   54.120062][  T285] RIP: 0033:0x7fa9b2b8ff17
[   54.120077][  T285] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[   54.120091][  T285] RSP: 002b:00007ffc05affe68 EFLAGS: 00000246
[   54.143052][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   54.151338][  T285]  ORIG_RAX: 00000000000000a6
[   54.151356][  T285] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fa9b2b8ff17
[   54.151368][  T285] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc05afff20
[   54.151377][  T285] RBP: 00007ffc05afff20 R08: 0000000000000000 R09: 0000000000000000
[   54.151386][  T285] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc05b01010
[   54.151396][  T285] R13: 00007fa9b2c11c05 R14: 000000000000d0d6 R15: 00007ffc05b020e0
[   54.151411][  T285]  </TASK>
[   54.151417][  T285] ---[ end trace 0000000000000000 ]---
[   54.315063][ T1166] loop4: detected capacity change from 0 to 256
[   54.343749][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   54.348688][ T1166] exfat: Deprecated parameter 'namecase'
[   54.357444][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   54.361807][ T1166] exfat: Deprecated parameter 'namecase'
[   54.368830][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   54.387034][ T1166] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d)
[   54.390731][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   54.624930][ T1166] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   54.632940][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   54.642436][  T285] EXT4-fs (loop1): unmounting filesystem.
[   54.648339][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   54.661519][ T1166] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   54.669991][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   54.721218][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   54.729474][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   54.738203][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   54.746485][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   54.755397][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   54.765919][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   54.773703][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   54.782103][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   54.791115][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   54.799826][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   54.808163][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   54.815945][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   54.825945][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   54.835245][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   54.845378][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   54.855479][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   54.864431][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   54.873543][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   54.882307][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   54.891509][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   54.899127][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   54.900236][   T24] usb 5-1: USB disconnect, device number 5
[   54.906725][    C0] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[   54.906761][    C0] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[   54.930518][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   54.938131][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   54.945906][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   54.954568][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   54.962588][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   54.970535][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   54.978218][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   54.986234][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   54.994616][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   55.003197][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   55.010964][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   55.018675][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   55.026779][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   55.035064][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   55.043687][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   55.052718][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   55.061469][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   55.070676][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   55.079062][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   55.086794][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   55.094489][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   55.102402][   T19] hid-generic 0000:0002:0000.0007: unknown main item tag 0x0
[   55.110630][   T19] hid-generic 0000:0002:0000.0007: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[   55.128206][   T19] usb 4-1: USB disconnect, device number 4
[   55.160338][   T28] kauditd_printk_skb: 33 callbacks suppressed
[   55.160353][   T28] audit: type=1400 audit(1755179630.985:293): avc:  denied  { ioctl } for  pid=1199 comm="syz.1.326" path="cgroup:[4026532378]" dev="nsfs" ino=4026532378 ioctlcmd=0xb701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   55.220043][ T1202] fido_id[1202]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[   55.235586][   T28] audit: type=1400 audit(1755179631.065:294): avc:  denied  { relabelfrom } for  pid=1204 comm="syz.0.329" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[   55.265154][   T28] audit: type=1400 audit(1755179631.065:295): avc:  denied  { relabelto } for  pid=1204 comm="syz.0.329" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[   55.361438][ T1221] input: syz0 as /devices/virtual/input/input5
[   55.377117][  T350] Bluetooth: hci0: Frame reassembly failed (-84)
[   55.412045][   T28] audit: type=1400 audit(1755179631.236:296): avc:  denied  { bind } for  pid=1228 comm="syz.1.341" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   55.451943][   T28] audit: type=1400 audit(1755179631.236:297): avc:  denied  { name_bind } for  pid=1228 comm="syz.1.341" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1
[   55.460033][ T1235] loop1: detected capacity change from 0 to 512
[   55.500261][ T1235] EXT4-fs: Ignoring removed oldalloc option
[   55.507890][ T1235] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   55.526090][ T1240] loop5: detected capacity change from 0 to 512
[   55.537382][   T28] audit: type=1400 audit(1755179631.236:298): avc:  denied  { node_bind } for  pid=1228 comm="syz.1.341" saddr=ff02::1 src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1
[   55.555403][ T1240] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[   55.574004][ T1243] loop4: detected capacity change from 0 to 1024
[   55.583752][ T1235] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2818: Unable to expand inode 11. Delete some EAs or run e2fsck.
[   55.601177][   T28] audit: type=1400 audit(1755179631.266:299): avc:  denied  { read } for  pid=1228 comm="syz.1.341" path="socket:[19310]" dev="sockfs" ino=19310 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   55.651757][ T1243] EXT4-fs: Ignoring removed bh option
[   55.657645][ T1235] EXT4-fs (loop1): 1 truncate cleaned up
[   55.664461][ T1235] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   55.678047][ T1240] EXT4-fs (loop5): 1 truncate cleaned up
[   55.684392][ T1240] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[   55.694839][ T1243] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[   55.737903][   T28] audit: type=1400 audit(1755179631.566:300): avc:  denied  { setattr } for  pid=1242 comm="syz.4.347" name="file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   55.751638][ T1240] EXT4-fs (loop5): shut down requested (0)
[   55.765834][ T1243] EXT4-fs error (device loop4): ext4_xattr_set_entry:1628: inode #15: comm syz.4.347: corrupted xattr entries
[   55.780121][   T28] audit: type=1400 audit(1755179631.596:301): avc:  denied  { read } for  pid=85 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[   55.783777][ T1243] EXT4-fs (loop4): Remounting filesystem read-only
[   55.806092][   T28] audit: type=1400 audit(1755179631.596:302): avc:  denied  { search } for  pid=85 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   55.812885][ T1243] EXT4-fs error (device loop4): ext4_xattr_block_set:2173: inode #15: comm syz.4.347: bad block 113
[   55.847448][ T1243] EXT4-fs (loop4): Remounting filesystem read-only
[   55.855026][  T285] EXT4-fs (loop1): unmounting filesystem.
[   55.893085][  T823] EXT4-fs (loop5): unmounting filesystem.
[   55.913576][  T286] EXT4-fs (loop4): unmounting filesystem.
[   56.138782][ T1292] netlink: 20 bytes leftover after parsing attributes in process `syz.4.366'.
[   56.149906][  T287] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[   56.158295][ T1295] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   56.177902][ T1292] netlink: 20 bytes leftover after parsing attributes in process `syz.4.366'.
[   56.188361][  T340] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[   56.210432][  T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   56.221004][  T340] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[   56.231466][  T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   56.242547][  T340] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   56.251323][  T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   56.265422][  T340] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   56.274660][  T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   56.288700][ T1303] loop7: detected capacity change from 0 to 16384
[   56.332265][  T287] usb 2-1: Using ep0 maxpacket: 16
[   56.338751][  T287] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[   56.357403][  T287] usb 2-1: config 0 interface 0 has no altsetting 0
[   56.379839][  T287] usb 2-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00
[   56.389918][  T287] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   56.404182][  T287] usb 2-1: config 0 descriptor??
[   56.422473][ T1303] I/O error, dev loop7, sector 15800 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   56.451348][ T1313] capability: warning: `syz.5.376' uses deprecated v2 capabilities in a way that may be insecure
[   56.602291][ T1321] netlink: 4 bytes leftover after parsing attributes in process `syz.4.379'.
[   56.677001][ T1325] SELinux: security_context_str_to_sid (user_u) failed with errno=-22
[   56.774526][ T1334] loop4: detected capacity change from 0 to 4096
[   56.788542][ T1334] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[   56.813834][  T286] EXT4-fs (loop4): unmounting filesystem.
[   56.831675][  T287] hid-generic 0003:060B:500A.0008: unknown main item tag 0x0
[   56.844575][  T287] hid-generic 0003:060B:500A.0008: unknown main item tag 0x0
[   56.852762][  T287] hid-generic 0003:060B:500A.0008: unknown main item tag 0x0
[   56.861015][  T287] hid-generic 0003:060B:500A.0008: unknown main item tag 0x0
[   56.872873][  T287] hid-generic 0003:060B:500A.0008: unknown main item tag 0x0
[   56.882367][  T287] hid-generic 0003:060B:500A.0008: unknown main item tag 0x0
[   56.890720][  T287] hid-generic 0003:060B:500A.0008: unknown main item tag 0x0
[   56.899050][  T287] hid-generic 0003:060B:500A.0008: unknown main item tag 0x0
[   56.906871][  T287] hid-generic 0003:060B:500A.0008: unknown main item tag 0x0
[   56.915133][  T287] hid-generic 0003:060B:500A.0008: unknown main item tag 0x0
[   56.923924][  T287] hid-generic 0003:060B:500A.0008: unknown main item tag 0x0
[   56.932663][  T287] hid-generic 0003:060B:500A.0008: unknown main item tag 0x0
[   56.941481][  T287] hid-generic 0003:060B:500A.0008: unknown main item tag 0x0
[   56.949387][  T287] hid-generic 0003:060B:500A.0008: unknown main item tag 0x0
[   56.956971][  T287] hid-generic 0003:060B:500A.0008: unknown main item tag 0x0
[   56.964397][  T287] hid-generic 0003:060B:500A.0008: unknown main item tag 0x0
[   56.972478][  T287] hid-generic 0003:060B:500A.0008: unknown main item tag 0x0
[   56.981125][  T287] hid-generic 0003:060B:500A.0008: unknown main item tag 0x0
[   56.990389][  T287] hid-generic 0003:060B:500A.0008: unknown main item tag 0x4
[   56.997847][  T287] hid-generic 0003:060B:500A.0008: unknown main item tag 0x0
[   57.005984][  T287] hid-generic 0003:060B:500A.0008: unknown main item tag 0x0
[   57.014112][  T287] hid-generic 0003:060B:500A.0008: unknown main item tag 0x0
[   57.021714][  T287] hid-generic 0003:060B:500A.0008: unknown main item tag 0x0
[   57.030117][  T287] hid-generic 0003:060B:500A.0008: unknown main item tag 0x0
[   57.039694][  T287] hid-generic 0003:060B:500A.0008: unknown main item tag 0x0
[   57.053091][  T287] hid-generic 0003:060B:500A.0008: unknown main item tag 0x0
[   57.061383][  T287] hid-generic 0003:060B:500A.0008: unknown main item tag 0x0
[   57.071599][  T287] hid-generic 0003:060B:500A.0008: unknown main item tag 0x0
[   57.081529][  T287] hid-generic 0003:060B:500A.0008: unknown main item tag 0x0
[   57.093013][  T287] hid-generic 0003:060B:500A.0008: unknown main item tag 0x0
[   57.105313][  T287] hid-generic 0003:060B:500A.0008: unknown main item tag 0x0
[   57.115670][  T287] hid-generic 0003:060B:500A.0008: unknown main item tag 0x0
[   57.126657][  T287] hid-generic 0003:060B:500A.0008: unknown main item tag 0x0
[   57.136089][  T287] hid-generic 0003:060B:500A.0008: unknown main item tag 0x0
[   57.145471][  T287] hid-generic 0003:060B:500A.0008: unknown main item tag 0x0
[   57.155793][  T287] hid-generic 0003:060B:500A.0008: unknown main item tag 0x0
[   57.163661][  T287] hid-generic 0003:060B:500A.0008: unexpected long global item
[   57.174481][  T287] hid-generic: probe of 0003:060B:500A.0008 failed with error -22
[   57.188698][  T287] usb 2-1: USB disconnect, device number 6
[   57.401698][ T1001] Bluetooth: hci0: command 0x1003 tx timeout
[   57.401714][   T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   57.476944][ T1364] loop4: detected capacity change from 0 to 256
[   57.511897][ T1364] FAT-fs (loop4): bogus number of FAT sectors
[   57.519437][ T1364] FAT-fs (loop4): Can't find a valid FAT filesystem
[   57.742367][ T1374] kvm: vcpu 3: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (148514 ns). Using initial count to start timer.
[   58.049032][ T1400] syz.5.410[1400] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   58.049109][ T1400] syz.5.410[1400] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   58.491209][  T605] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[   58.692151][  T605] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   58.710909][  T605] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   58.722163][ T1431] netlink: 20 bytes leftover after parsing attributes in process `syz.1.423'.
[   58.737056][ T1431] netlink: 20 bytes leftover after parsing attributes in process `syz.1.423'.
[   58.746790][  T605] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[   58.758545][  T605] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   58.780310][  T605] usb 5-1: config 0 descriptor??
[   58.801613][ T1439] loop1: detected capacity change from 0 to 512
[   59.010928][  T365] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[   59.067907][ T1459] loop1: detected capacity change from 0 to 8192
[   59.102191][ T1459]  loop1: p2 p3 p4[EZD]
[   59.116830][ T1467] netlink: 'syz.0.438': attribute type 16 has an invalid length.
[   59.126801][ T1459] loop1: p3 start 360447 is beyond EOD, truncated
[   59.127926][ T1467] netlink: 64138 bytes leftover after parsing attributes in process `syz.0.438'.
[   59.140847][ T1459] loop1: p4 size 262912 extends beyond EOD, truncated
[   59.204723][  T365] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   59.236597][  T365] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[   59.260212][  T365] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   59.287455][  T365] usb 6-1: config 0 descriptor??
[   59.392571][  T340] Bluetooth: hci0: Frame reassembly failed (-84)
[   59.506107][  T365] usbhid 6-1:0.0: can't add hid device: -71
[   59.520797][  T365] usbhid: probe of 6-1:0.0 failed with error -71
[   59.541299][  T365] usb 6-1: USB disconnect, device number 2
[   59.980420][ T1335] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[   59.988751][  T605] uclogic 0003:256C:006D.0009: failed retrieving string descriptor #100: -71
[   60.019081][  T605] uclogic 0003:256C:006D.0009: failed retrieving pen parameters: -71
[   60.039440][  T605] uclogic 0003:256C:006D.0009: failed probing pen v1 parameters: -71
[   60.058451][  T605] uclogic 0003:256C:006D.0009: failed probing parameters: -71
[   60.077359][  T605] uclogic: probe of 0003:256C:006D.0009 failed with error -71
[   60.091324][  T605] usb 5-1: USB disconnect, device number 6
[   60.101120][  T365] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[   60.171541][ T1335] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   60.200531][ T1335] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[   60.221316][ T1335] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[   60.235155][ T1335] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[   60.243381][ T1335] usb 4-1: SerialNumber: syz
[   60.310316][  T365] usb 6-1: Using ep0 maxpacket: 16
[   60.334360][  T365] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   60.348183][  T365] usb 6-1: New USB device found, idVendor=046d, idProduct=c714, bcdDevice= 0.00
[   60.359582][  T365] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   60.376276][  T365] usb 6-1: config 0 descriptor??
[   60.453930][ T1335] usb 4-1: 0:2 : does not exist
[   60.460993][ T1335] usb 4-1: USB disconnect, device number 5
[   60.510217][   T28] kauditd_printk_skb: 24 callbacks suppressed
[   60.510236][   T28] audit: type=1400 audit(1755179636.338:327): avc:  denied  { read write } for  pid=286 comm="syz-executor" name="loop4" dev="devtmpfs" ino=122 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   60.545565][   T28] audit: type=1400 audit(1755179636.338:328): avc:  denied  { open } for  pid=286 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=122 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   60.552323][ T1502] input: syz1 as /devices/virtual/input/input6
[   60.578100][   T28] audit: type=1400 audit(1755179636.338:329): avc:  denied  { ioctl } for  pid=286 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=122 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   60.610972][   T28] audit: type=1400 audit(1755179636.378:330): avc:  denied  { read write } for  pid=1501 comm="syz.4.453" name="uinput" dev="devtmpfs" ino=262 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[   60.639095][   T28] audit: type=1400 audit(1755179636.378:331): avc:  denied  { open } for  pid=1501 comm="syz.4.453" path="/dev/uinput" dev="devtmpfs" ino=262 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[   60.667511][   T28] audit: type=1400 audit(1755179636.378:332): avc:  denied  { ioctl } for  pid=1501 comm="syz.4.453" path="/dev/uinput" dev="devtmpfs" ino=262 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[   60.695934][   T28] audit: type=1400 audit(1755179636.408:333): avc:  denied  { create } for  pid=1500 comm="syz.0.452" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   60.719681][   T28] audit: type=1400 audit(1755179636.448:334): avc:  denied  { read } for  pid=1500 comm="syz.0.452" path="socket:[21132]" dev="sockfs" ino=21132 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   60.747863][   T28] audit: type=1400 audit(1755179636.448:335): avc:  denied  { ioctl } for  pid=1436 comm="syz.5.425" path="/dev/raw-gadget" dev="devtmpfs" ino=258 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   60.751146][  T335] udevd[335]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[   60.781390][   T28] audit: type=1400 audit(1755179636.448:336): avc:  denied  { read } for  pid=88 comm="acpid" name="event3" dev="devtmpfs" ino=801 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   60.822645][  T365] logitech-djreceiver 0003:046D:C714.000A: hidraw0: USB HID v0.05 Device [HID 046d:c714] on usb-dummy_hcd.5-1/input0
[   61.249406][  T365] usb 6-1: USB disconnect, device number 3
[   61.317644][ T1542] loop3: detected capacity change from 0 to 512
[   61.342745][ T1542] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2
[   61.357262][ T1542] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -2
[   61.371733][ T1542] EXT4-fs (loop3): 1 truncate cleaned up
[   61.378791][ T1542] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[   61.397853][ T1542] EXT4-fs (loop3): re-mounted. Quota mode: writeback.
[   61.406553][ T1000] Bluetooth: hci0: command 0x1003 tx timeout
[   61.406620][ T1357] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   61.446226][  T284] EXT4-fs (loop3): unmounting filesystem.
[   61.867779][ T1594] input: syz0 as /devices/virtual/input/input7
[   62.090246][ T1608] loop3: detected capacity change from 0 to 512
[   62.107992][ T1608] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   62.150783][ T1608] EXT4-fs (loop3): 1 truncate cleaned up
[   62.157704][ T1608] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[   62.183607][ T1608] EXT4-fs (loop3): shut down requested (0)
[   62.205600][  T284] EXT4-fs (loop3): unmounting filesystem.
[   62.275732][ T1619] loop3: detected capacity change from 0 to 512
[   62.291683][ T1619] EXT4-fs: Ignoring removed oldalloc option
[   62.298860][ T1619] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   62.315757][ T1619] EXT4-fs (loop3): 1 truncate cleaned up
[   62.324420][ T1619] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[   62.368984][  T284] EXT4-fs (loop3): unmounting filesystem.
[   62.413677][ T1628] incfs: Backing dir is not set, filesystem can't be mounted.
[   62.423413][ T1628] incfs: mount failed -2
[   62.523690][ T1632] loop3: detected capacity change from 0 to 8192
[   62.531032][  T365] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[   62.545077][ T1632] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   62.747589][  T365] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   62.761575][  T365] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[   62.772266][  T365] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   62.785774][  T365] usb 5-1: config 0 descriptor??
[   62.799556][ T1650] tipc: Started in network mode
[   62.808314][ T1650] tipc: Node identity ac14140f, cluster identity 4711
[   62.819461][ T1650] tipc: New replicast peer: 255.255.255.255
[   62.826442][ T1650] tipc: Enabled bearer <udp:syz2>, priority 10
[   62.976379][ T1675] loop5: detected capacity change from 0 to 2048
[   63.064784][  T365] usbhid 5-1:0.0: can't add hid device: -71
[   63.075335][ T1675] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[   63.079512][  T365] usbhid: probe of 5-1:0.0 failed with error -71
[   63.105750][  T823] EXT4-fs (loop5): unmounting filesystem.
[   63.116133][  T365] usb 5-1: USB disconnect, device number 7
[   63.165427][ T1687] loop5: detected capacity change from 0 to 256
[   63.181386][ T1687] exFAT-fs (loop5): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[   63.588634][  T365] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[   63.640384][ T1726] loop1: detected capacity change from 0 to 40427
[   63.649267][ T1726] F2FS-fs (loop1): fault_type options not supported
[   63.657587][ T1726] F2FS-fs (loop1): fault_injection options not supported
[   63.666382][ T1726] F2FS-fs (loop1): Image doesn't support compression
[   63.681874][ T1726] F2FS-fs (loop1): invalid crc value
[   63.682776][ T1731] block device autoloading is deprecated and will be removed.
[   63.688475][ T1726] F2FS-fs (loop1): Found nat_bits in checkpoint
[   63.695763][ T1731] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[   63.731371][ T1726] F2FS-fs (loop1): Start checkpoint disabled!
[   63.742428][ T1726] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[   63.779722][  T365] usb 5-1: Using ep0 maxpacket: 16
[   63.790766][  T365] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   63.794742][ T1726] syz.1.548: attempt to access beyond end of device
[   63.794742][ T1726] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   63.803414][  T365] usb 5-1: New USB device found, idVendor=046d, idProduct=c714, bcdDevice= 0.00
[   63.829555][  T365] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   63.841755][  T365] usb 5-1: config 0 descriptor??
[   63.860213][ T1623] kworker/u4:5: attempt to access beyond end of device
[   63.860213][ T1623] loop1: rw=2049, sector=40960, nr_sectors = 32 limit=40427
[   63.958707][   T60] tipc: Node number set to 2886997007
[   64.101004][ T1740] loop0: detected capacity change from 0 to 40427
[   64.117760][ T1740] F2FS-fs (loop0): invalid crc value
[   64.138475][ T1740] F2FS-fs (loop0): Found nat_bits in checkpoint
[   64.182340][ T1740] F2FS-fs (loop0): Start checkpoint disabled!
[   64.192747][ T1740] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[   64.256907][  T365] logitech-djreceiver 0003:046D:C714.000B: hidraw0: USB HID v0.05 Device [HID 046d:c714] on usb-dummy_hcd.4-1/input0
[   64.264346][ T1750] loop3: detected capacity change from 0 to 256
[   64.298552][ T1750] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[   64.308856][    T8] kworker/u4:0: attempt to access beyond end of device
[   64.308856][    T8] loop0: rw=2049, sector=40960, nr_sectors = 24 limit=40427
[   64.398811][ T1755] loop1: detected capacity change from 0 to 512
[   64.450253][ T1755] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   64.497313][ T1755] ext4 filesystem being mounted at /90/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   64.539339][ T1755] EXT4-fs error (device loop1): ext4_do_update_inode:5256: inode #18: comm syz.1.558: corrupted inode contents
[   64.575358][ T1755] EXT4-fs error (device loop1): ext4_dirty_inode:6121: inode #18: comm syz.1.558: mark_inode_dirty error
[   64.591055][ T1755] EXT4-fs error (device loop1): ext4_do_update_inode:5256: inode #18: comm syz.1.558: corrupted inode contents
[   64.605712][ T1755] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2963: inode #18: comm syz.1.558: mark_inode_dirty error
[   64.628244][ T1755] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2966: inode #18: comm syz.1.558: mark inode dirty (error -117)
[   64.652394][ T1755] EXT4-fs warning (device loop1): ext4_evict_inode:299: xattr delete (err -117)
[   64.687124][ T1782] loop0: detected capacity change from 0 to 256
[   64.698700][  T285] EXT4-fs (loop1): unmounting filesystem.
[   64.714557][ T1782] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[   64.728922][  T605] usb 5-1: USB disconnect, device number 8
[   64.889227][ T1778] loop5: detected capacity change from 0 to 40427
[   64.913724][ T1778] F2FS-fs (loop5): invalid crc value
[   64.938896][ T1778] F2FS-fs (loop5): Found nat_bits in checkpoint
[   64.986068][ T1778] F2FS-fs (loop5): Start checkpoint disabled!
[   64.997318][ T1778] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[   65.082476][ T1623] kworker/u4:5: attempt to access beyond end of device
[   65.082476][ T1623] loop5: rw=2049, sector=40960, nr_sectors = 24 limit=40427
[   65.249876][ T1818] loop4: detected capacity change from 0 to 256
[   65.257811][  T605] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[   65.272840][ T1818] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[   65.457746][  T605] usb 1-1: Using ep0 maxpacket: 16
[   65.464512][  T605] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[   65.476237][  T605] usb 1-1: config 0 interface 0 has no altsetting 0
[   65.483812][  T605] usb 1-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00
[   65.494172][  T605] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   65.494990][ T1829] loop4: detected capacity change from 0 to 40427
[   65.503883][  T605] usb 1-1: config 0 descriptor??
[   65.516839][ T1829] F2FS-fs (loop4): invalid crc value
[   65.524998][ T1829] F2FS-fs (loop4): Found nat_bits in checkpoint
[   65.547881][ T1829] F2FS-fs (loop4): Start checkpoint disabled!
[   65.555259][ T1829] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[   65.613068][    T8] kworker/u4:0: attempt to access beyond end of device
[   65.613068][    T8] loop4: rw=2049, sector=40960, nr_sectors = 24 limit=40427
[   65.931094][  T605] hid-generic 0003:060B:500A.000C: unknown main item tag 0x0
[   65.940239][  T605] hid-generic 0003:060B:500A.000C: unknown main item tag 0x0
[   65.948948][  T605] hid-generic 0003:060B:500A.000C: unknown main item tag 0x0
[   65.959016][  T605] hid-generic 0003:060B:500A.000C: unknown main item tag 0x0
[   65.967213][  T605] hid-generic 0003:060B:500A.000C: unknown main item tag 0x0
[   65.976107][  T605] hid-generic 0003:060B:500A.000C: unknown main item tag 0x0
[   65.981071][   T28] kauditd_printk_skb: 112 callbacks suppressed
[   65.981088][   T28] audit: type=1400 audit(1755179641.811:449): avc:  denied  { read } for  pid=1853 comm="syz.4.596" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   65.986819][  T605] hid-generic 0003:060B:500A.000C: unknown main item tag 0x0
[   66.023250][  T605] hid-generic 0003:060B:500A.000C: unknown main item tag 0x0
[   66.031544][  T605] hid-generic 0003:060B:500A.000C: unknown main item tag 0x0
[   66.040816][  T605] hid-generic 0003:060B:500A.000C: unknown main item tag 0x0
[   66.048711][  T605] hid-generic 0003:060B:500A.000C: unknown main item tag 0x0
[   66.057943][  T605] hid-generic 0003:060B:500A.000C: unknown main item tag 0x0
[   66.066945][  T605] hid-generic 0003:060B:500A.000C: unknown main item tag 0x0
[   66.074955][  T605] hid-generic 0003:060B:500A.000C: unknown main item tag 0x0
[   66.082847][  T605] hid-generic 0003:060B:500A.000C: unknown main item tag 0x0
[   66.091630][  T605] hid-generic 0003:060B:500A.000C: unknown main item tag 0x0
[   66.100268][  T605] hid-generic 0003:060B:500A.000C: unknown main item tag 0x0
[   66.110814][  T605] hid-generic 0003:060B:500A.000C: unknown main item tag 0x0
[   66.119718][  T605] hid-generic 0003:060B:500A.000C: unknown main item tag 0x4
[   66.128572][  T605] hid-generic 0003:060B:500A.000C: unknown main item tag 0x0
[   66.136780][  T605] hid-generic 0003:060B:500A.000C: unknown main item tag 0x0
[   66.145501][  T605] hid-generic 0003:060B:500A.000C: unknown main item tag 0x0
[   66.154120][  T605] hid-generic 0003:060B:500A.000C: unknown main item tag 0x0
[   66.162126][  T605] hid-generic 0003:060B:500A.000C: unknown main item tag 0x0
[   66.171012][  T605] hid-generic 0003:060B:500A.000C: unknown main item tag 0x0
[   66.179079][  T605] hid-generic 0003:060B:500A.000C: unknown main item tag 0x0
[   66.187689][  T605] hid-generic 0003:060B:500A.000C: unknown main item tag 0x0
[   66.196152][  T605] hid-generic 0003:060B:500A.000C: unknown main item tag 0x0
[   66.205267][  T605] hid-generic 0003:060B:500A.000C: unknown main item tag 0x0
[   66.213644][  T605] hid-generic 0003:060B:500A.000C: unknown main item tag 0x0
[   66.222466][  T605] hid-generic 0003:060B:500A.000C: unknown main item tag 0x0
[   66.231286][  T605] hid-generic 0003:060B:500A.000C: unknown main item tag 0x0
[   66.239630][  T605] hid-generic 0003:060B:500A.000C: unknown main item tag 0x0
[   66.247288][  T605] hid-generic 0003:060B:500A.000C: unknown main item tag 0x0
[   66.256454][  T605] hid-generic 0003:060B:500A.000C: unknown main item tag 0x0
[   66.264455][  T605] hid-generic 0003:060B:500A.000C: unknown main item tag 0x0
[   66.272618][  T605] hid-generic 0003:060B:500A.000C: unexpected long global item
[   66.282350][  T605] hid-generic: probe of 0003:060B:500A.000C failed with error -22
[   66.294386][  T605] usb 1-1: USB disconnect, device number 5
[   66.447226][   T60] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[   66.629002][   T60] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   66.643646][   T60] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[   66.656258][   T60] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   66.671626][   T60] usb 4-1: config 0 descriptor??
[   66.873350][ T1871] loop5: detected capacity change from 0 to 512
[   66.883702][   T60] usbhid 4-1:0.0: can't add hid device: -71
[   66.892243][   T60] usbhid: probe of 4-1:0.0 failed with error -71
[   66.905369][   T60] usb 4-1: USB disconnect, device number 6
[   66.938625][ T1871] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[   66.949485][ T1871] ext4 filesystem being mounted at /84/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   67.000305][ T1875] netlink: 16 bytes leftover after parsing attributes in process `syz.0.618'.
[   67.018342][  T823] EXT4-fs (loop5): unmounting filesystem.
[   67.046526][   T28] audit: type=1400 audit(1755179642.871:450): avc:  denied  { write } for  pid=1878 comm="syz.1.610" name="binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[   67.073295][   T28] audit: type=1400 audit(1755179642.901:451): avc:  denied  { read } for  pid=1881 comm="syz.0.612" dev="nsfs" ino=4026532292 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   67.097129][   T28] audit: type=1400 audit(1755179642.901:452): avc:  denied  { open } for  pid=1881 comm="syz.0.612" path="net:[4026532292]" dev="nsfs" ino=4026532292 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   67.127372][   T28] audit: type=1400 audit(1755179642.901:453): avc:  denied  { create } for  pid=1881 comm="syz.0.612" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[   67.152963][   T28] audit: type=1400 audit(1755179642.901:454): avc:  denied  { read } for  pid=1881 comm="syz.0.612" path="socket:[23673]" dev="sockfs" ino=23673 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[   67.178502][ T1891] syz.1.614[1891] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   67.181064][ T1891] syz.1.614[1891] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   67.182117][   T28] audit: type=1400 audit(1755179642.951:455): avc:  denied  { read write } for  pid=1886 comm="syz.1.613" name="vhost-vsock" dev="devtmpfs" ino=268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[   67.234186][   T28] audit: type=1400 audit(1755179642.951:456): avc:  denied  { open } for  pid=1886 comm="syz.1.613" path="/dev/vhost-vsock" dev="devtmpfs" ino=268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[   67.260720][   T28] audit: type=1400 audit(1755179642.951:457): avc:  denied  { ioctl } for  pid=1886 comm="syz.1.613" path="/dev/vhost-vsock" dev="devtmpfs" ino=268 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[   67.406698][   T60] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[   67.414633][   T39] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[   67.606601][   T60] usb 4-1: Using ep0 maxpacket: 16
[   67.612171][   T39] usb 5-1: Using ep0 maxpacket: 32
[   67.626651][   T60] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   67.639321][   T60] usb 4-1: New USB device found, idVendor=046d, idProduct=c714, bcdDevice= 0.00
[   67.649465][   T39] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   67.660542][   T39] usb 5-1: config 0 has no interfaces?
[   67.666920][   T60] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   67.676331][   T60] usb 4-1: config 0 descriptor??
[   67.682230][   T39] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[   67.692646][   T39] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   67.704277][   T39] usb 5-1: config 0 descriptor??
[   67.743117][ T1897] loop1: detected capacity change from 0 to 131072
[   67.753523][ T1897] F2FS-fs (loop1): Wrong CP boundary, start(512) end(1536) blocks(0)
[   67.762828][ T1897] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[   67.772458][ T1897] F2FS-fs (loop1): invalid crc value
[   67.779965][ T1897] F2FS-fs (loop1): Found nat_bits in checkpoint
[   67.812376][ T1897] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[   67.820314][ T1897] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[   67.858647][   T28] audit: type=1400 audit(1755179643.692:458): avc:  denied  { mounton } for  pid=1896 comm="syz.1.617" path="/105/file2/file1" dev="loop1" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   67.918019][   T24] usb 5-1: USB disconnect, device number 9
[   67.944074][ T1904] input: syz1 as /devices/virtual/input/input8
[   68.017851][ T1909] block device autoloading is deprecated and will be removed.
[   68.020498][ T1910] syz.5.622[1910] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   68.026145][ T1910] syz.5.622[1910] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   68.069670][ T1912] SELinux: failed to load policy
[   68.110747][   T60] logitech-djreceiver 0003:046D:C714.000D: hidraw0: USB HID v0.05 Device [HID 046d:c714] on usb-dummy_hcd.3-1/input0
[   68.518721][   T60] usb 4-1: USB disconnect, device number 7
[   68.576128][  T337] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[   68.768018][  T337] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   68.781601][  T337] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   68.791525][  T337] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   68.800723][  T337] usb 1-1: Product: syz
[   68.805040][  T337] usb 1-1: Manufacturer: syz
[   68.810290][  T337] usb 1-1: SerialNumber: syz
[   68.868255][   T60] hid-generic 0000:0004:0000.000E: unknown main item tag 0x0
[   68.877821][   T60] hid-generic 0000:0004:0000.000E: unknown main item tag 0x0
[   68.885627][   T60] hid-generic 0000:0004:0000.000E: unknown main item tag 0x0
[   68.894322][   T60] hid-generic 0000:0004:0000.000E: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[   68.918849][ T1965] loop1: detected capacity change from 0 to 512
[   68.936346][ T1965] EXT4-fs: Ignoring removed oldalloc option
[   68.943231][ T1965] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   68.947772][ T1966] fido_id[1966]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[   68.961494][ T1965] EXT4-fs (loop1): 1 truncate cleaned up
[   68.973454][ T1965] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[   69.004199][  T285] EXT4-fs (loop1): unmounting filesystem.
[   69.197017][   T60] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[   69.354567][ T1993] input: syz1 as /devices/virtual/input/input9
[   69.396068][   T60] usb 6-1: Using ep0 maxpacket: 32
[   69.403860][   T60] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   69.414932][   T60] usb 6-1: config 0 has no interfaces?
[   69.420813][   T60] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[   69.430660][   T60] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   69.445905][   T60] usb 6-1: config 0 descriptor??
[   69.663440][  T365] usb 6-1: USB disconnect, device number 4
[   69.820712][  T337] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[   69.828020][  T337] cdc_ncm 1-1:1.0: dwNtbInMaxSize=9 is too small. Using 2048
[   69.836603][  T337] cdc_ncm 1-1:1.0: setting rx_max = 2048
[   70.023424][  T337] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[   70.036660][  T337] usb 1-1: USB disconnect, device number 6
[   70.043876][  T337] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
[   70.185766][ T2009] loop5: detected capacity change from 0 to 512
[   70.193295][ T2009] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem
[   70.203057][ T2009] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a003c11c, mo2=0002]
[   70.211981][ T2009] System zones: 1-12
[   70.217040][ T2009] EXT4-fs error (device loop5): ext4_xattr_ibody_find:2195: inode #15: comm syz.5.658: corrupted in-inode xattr
[   70.240658][ T2009] EXT4-fs error (device loop5): ext4_orphan_get:1405: comm syz.5.658: couldn't read orphan inode 15 (err -117)
[   70.254225][ T2009] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[   70.287459][  T823] EXT4-fs (loop5): unmounting filesystem.
[   70.346346][   T60] kernel write not supported for file /202/gid_map (pid: 60 comm: kworker/1:2)
[   70.515190][ T1335] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[   70.696757][ T1335] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   70.708575][ T1335] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[   70.717902][ T1335] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   70.726858][ T1335] usb 2-1: config 0 descriptor??
[   70.935862][ T1335] usbhid 2-1:0.0: can't add hid device: -71
[   70.942816][ T1335] usbhid: probe of 2-1:0.0 failed with error -71
[   70.950794][ T1335] usb 2-1: USB disconnect, device number 7
[   71.376289][   T28] kauditd_printk_skb: 20 callbacks suppressed
[   71.376303][   T28] audit: type=1400 audit(1755179647.214:479): avc:  denied  { setopt } for  pid=2055 comm="syz.3.683" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   71.465061][   T28] audit: type=1400 audit(1755179647.244:480): avc:  denied  { connect } for  pid=2055 comm="syz.3.683" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   71.564766][ T1335] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[   71.616990][ T2054] loop0: detected capacity change from 0 to 40427
[   71.624711][ T2054] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[   71.633192][ T2054] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[   71.685672][ T2054] F2FS-fs (loop0): Found nat_bits in checkpoint
[   71.734965][ T2054] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[   71.749583][ T2054] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   71.757844][ T1335] usb 2-1: Using ep0 maxpacket: 16
[   71.766495][ T1335] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   71.788182][ T1335] usb 2-1: New USB device found, idVendor=046d, idProduct=c714, bcdDevice= 0.00
[   71.801492][ T1335] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   71.821200][ T1335] usb 2-1: config 0 descriptor??
[   71.866832][ T2054] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix.
[   71.866879][ T2054] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix.
[   71.879500][ T2054] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix.
[   71.896173][ T2054] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix.
[   71.907400][ T2054] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix.
[   71.950779][ T2054] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix.
[   71.990681][ T2054] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix.
[   72.077533][ T2066] loop4: detected capacity change from 0 to 1024
[   72.112358][ T2066] EXT4-fs: Ignoring removed bh option
[   72.118406][ T2066] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   72.154652][ T2066] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e856c018, mo2=0002]
[   72.173136][ T2066] System zones: 1-12
[   72.177909][ T2066] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[   72.246776][ T1335] logitech-djreceiver 0003:046D:C714.000F: hidraw0: USB HID v0.05 Device [HID 046d:c714] on usb-dummy_hcd.1-1/input0
[   72.264925][ T2066] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3841: comm syz.4.685: Allocating blocks 497-513 which overlap fs metadata
[   72.280075][   T28] audit: type=1400 audit(1755179648.124:481): avc:  denied  { map } for  pid=2065 comm="syz.4.685" path="/110/file1/cgroup.controllers" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   72.280660][ T2066] EXT4-fs (loop4): pa ffff88811ad00d20: logic 256, phys. 385, len 8
[   72.312842][ T2066] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
[   72.394434][  T286] EXT4-fs (loop4): unmounting filesystem.
[   72.476914][ T2054] F2FS-fs (loop0): Start checkpoint disabled!
[   72.495947][   T28] audit: type=1400 audit(1755179648.334:482): avc:  denied  { ioctl } for  pid=2076 comm="syz.4.688" path="socket:[24698]" dev="sockfs" ino=24698 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   72.523703][ T2077] device wireguard0 entered promiscuous mode
[   72.644069][   T24] usb 2-1: USB disconnect, device number 8
[   72.696347][ T2091] loop3: detected capacity change from 0 to 128
[   72.708599][ T2089] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   72.725923][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[   72.734705][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   72.743704][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[   72.744741][ T2091] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[   72.753422][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   72.771766][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   72.780789][ T2091] ext4 filesystem being mounted at /154/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   72.781457][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   72.795090][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   72.814575][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   72.885009][ T2108] binder: 2107:2108 ioctl c0306201 2000000001c0 returned -22
[   72.924545][  T284] EXT4-fs (loop3): unmounting filesystem.
[   72.972216][   T28] audit: type=1400 audit(1755179648.804:483): avc:  denied  { read } for  pid=2117 comm="syz.4.705" name="loop-control" dev="devtmpfs" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[   72.997029][   T28] audit: type=1400 audit(1755179648.814:484): avc:  denied  { open } for  pid=2117 comm="syz.4.705" path="/dev/loop-control" dev="devtmpfs" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[   73.022986][   T28] audit: type=1400 audit(1755179648.814:485): avc:  denied  { ioctl } for  pid=2117 comm="syz.4.705" path="/dev/loop-control" dev="devtmpfs" ino=117 ioctlcmd=0x4c82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[   73.163834][   T39] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[   73.202423][   T28] audit: type=1400 audit(1755179649.034:486): avc:  denied  { write } for  pid=2137 comm="syz.4.713" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   73.366855][   T39] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   73.387033][   T39] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   73.398843][   T39] usb 6-1: Product: syz
[   73.432152][   T39] usb 6-1: Manufacturer: syz
[   73.443223][   T39] usb 6-1: SerialNumber: syz
[   73.444328][ T2158] syz.3.723[2158] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   73.453221][ T2158] syz.3.723[2158] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   73.801971][   T28] audit: type=1400 audit(1755179649.635:487): avc:  denied  { name_bind } for  pid=2202 comm="syz.1.742" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[   73.980130][ T2228] loop1: detected capacity change from 0 to 1024
[   73.998043][ T2228] EXT4-fs: Ignoring removed bh option
[   74.011467][ T2228] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   74.035014][ T2228] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e856c018, mo2=0002]
[   74.044980][ T2228] System zones: 1-12
[   74.049820][ T2228] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   74.083275][ T2228] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3841: comm syz.1.753: Allocating blocks 497-513 which overlap fs metadata
[   74.100893][ T2228] EXT4-fs (loop1): pa ffff88811ad00c78: logic 256, phys. 385, len 8
[   74.110745][ T2228] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
[   74.203000][  T285] EXT4-fs (loop1): unmounting filesystem.
[   74.465967][   T39] cdc_ncm 6-1:1.0: MAC-Address: 42:42:42:42:42:42
[   74.473640][   T39] cdc_ncm 6-1:1.0: setting tx_max = 84
[   74.676230][   T39] cdc_ncm 6-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.5-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[   74.700137][   T39] usb 6-1: USB disconnect, device number 5
[   74.709401][   T28] audit: type=1400 audit(1755179650.545:488): avc:  denied  { search } for  pid=142 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   74.735131][   T39] cdc_ncm 6-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.5-1, CDC NCM (NO ZLP)
[   74.945060][ T2281] serio: Serial port ptm0
[   75.132870][   T24] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[   75.334331][   T24] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   75.347413][   T24] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[   75.360493][   T24] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   75.371670][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   75.385772][   T24] usb 4-1: Product: syz
[   75.390862][   T24] usb 4-1: Manufacturer: syz
[   75.401004][   T24] usb 4-1: SerialNumber: syz
[   75.411866][   T24] cdc_mbim 4-1:1.0: skipping garbage
[   75.552714][   T39] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[   75.613492][ T2273] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[   75.733698][   T39] usb 2-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config
[   75.762527][   T39] usb 2-1: config 7 has 1 interface, different from the descriptor's value: 2
[   75.786369][   T39] usb 2-1: New USB device found, idVendor=19d2, idProduct=1275, bcdDevice= 0.84
[   75.803405][   T39] usb 2-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[   75.825978][   T39] usb 2-1: Product: syz
[   75.836234][   T39] usb 2-1: SerialNumber: syz
[   75.850347][   T39] rndis_host 2-1:7.0: skipping garbage
[   75.870193][   T39] usb 2-1: bad CDC descriptors
[   75.891364][ T2352] netlink: 20 bytes leftover after parsing attributes in process `syz.5.791'.
[   76.065383][  T337] usb 2-1: USB disconnect, device number 9
[   76.212341][ T1335] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[   76.223289][ T2273] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[   76.233016][   T24] cdc_mbim 4-1:1.0: cdc-wdm0: USB WDM device
[   76.243880][   T24] cdc_mbim 4-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.3-1, CDC MBIM, 6e:8d:65:0f:7f:a2
[   76.357617][  T142] 8021q: adding VLAN 0 to HW filter on device wwan0
[   76.403563][ T1335] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   76.418173][ T1335] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   76.430912][ T1335] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   76.448228][ T1335] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   76.450634][   T24] usb 4-1: USB disconnect, device number 8
[   76.458573][ T1335] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   76.473396][   T24] cdc_mbim 4-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.3-1, CDC MBIM
[   76.482367][ T1335] usb 6-1: config 0 descriptor??
[   76.642536][   T28] kauditd_printk_skb: 16 callbacks suppressed
[   76.642552][   T28] audit: type=1400 audit(1755179652.486:505): avc:  denied  { sqpoll } for  pid=2412 comm="syz.0.808" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[   76.726538][ T2421] netlink: 96 bytes leftover after parsing attributes in process `syz.0.810'.
[   76.899920][ T1335] plantronics 0003:047F:FFFF.0010: item 0 4 0 8 parsing failed
[   76.919618][ T1335] plantronics 0003:047F:FFFF.0010: parse failed
[   76.939974][ T1335] plantronics: probe of 0003:047F:FFFF.0010 failed with error -22
[   77.009942][ T2439] loop3: detected capacity change from 0 to 1024
[   77.069427][ T2439] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[   77.106049][  T365] usb 6-1: USB disconnect, device number 6
[   77.132654][   T28] audit: type=1400 audit(1755179652.976:506): avc:  denied  { rmdir } for  pid=2438 comm="syz.3.813" name="file1" dev="loop3" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   77.192686][  T284] EXT4-fs (loop3): unmounting filesystem.
[   77.221854][   T28] audit: type=1400 audit(1755179653.046:507): avc:  denied  { create } for  pid=2445 comm="syz.0.826" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[   77.250810][   T28] audit: type=1400 audit(1755179653.046:508): avc:  denied  { ioctl } for  pid=2445 comm="syz.0.826" path="socket:[25798]" dev="sockfs" ino=25798 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[   77.296054][   T28] audit: type=1400 audit(1755179653.136:509): avc:  denied  { unlink } for  pid=2447 comm="syz.0.817" name="#a" dev="tmpfs" ino=1003 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[   77.560519][ T2461] IPv6: ADDRCONF(NETDEV_CHANGE): ipip1: link becomes ready
[   77.670236][ T2406] loop4: detected capacity change from 0 to 131072
[   77.693595][ T2406] F2FS-fs (loop4): Wrong CP boundary, start(512) end(1536) blocks(0)
[   77.736348][ T2406] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[   77.787304][ T2406] F2FS-fs (loop4): Found nat_bits in checkpoint
[   77.803497][   T28] audit: type=1400 audit(1755179653.647:510): avc:  denied  { connect } for  pid=2476 comm="syz.0.829" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   77.828695][    T8] tipc: Subscription rejected, illegal request
[   77.854959][ T2468] loop3: detected capacity change from 0 to 8192
[   77.892021][ T2406] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[   77.909899][ T2468] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   77.920669][ T2406] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   78.113319][   T28] audit: type=1326 audit(78.116:511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2495 comm="syz.1.838" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa9b2b8ebe9 code=0x0
[   78.549057][ T2530] bridge0: port 3(vlan2) entered blocking state
[   78.557135][ T2530] bridge0: port 3(vlan2) entered disabled state
[   78.641063][  T365] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[   78.742532][ T2541] device wireguard0 entered promiscuous mode
[   78.842151][  T365] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   78.860363][  T365] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   78.896032][  T365] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   78.912189][  T365] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   78.940946][  T365] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   78.961798][  T365] usb 1-1: config 0 descriptor??
[   78.980363][ T2549] loop5: detected capacity change from 0 to 8192
[   79.011960][ T2549] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   79.254207][ T2573] loop1: detected capacity change from 0 to 512
[   79.301008][ T2573] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[   79.344098][ T2573] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.869: invalid indirect mapped block 8 (level 2)
[   79.370213][  T365] plantronics 0003:047F:FFFF.0011: No inputs registered, leaving
[   79.374774][ T2573] EXT4-fs (loop1): Remounting filesystem read-only
[   79.393455][ T2573] EXT4-fs (loop1): 1 truncate cleaned up
[   79.400938][ T2573] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   79.401690][  T365] plantronics 0003:047F:FFFF.0011: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[   79.441046][  T285] EXT4-fs (loop1): unmounting filesystem.
[   79.513069][ T2584] loop1: detected capacity change from 0 to 1024
[   79.523398][ T2586] loop5: detected capacity change from 0 to 512
[   79.530530][ T2586] EXT4-fs: Ignoring removed nobh option
[   79.546033][ T2586] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[   79.555059][ T2588] bridge0: port 4(vlan3) entered blocking state
[   79.581907][ T2586] EXT4-fs error (device loop5): ext4_orphan_get:1400: inode #15: comm syz.5.876: iget: bad i_size value: 38620345925642
[   79.605115][ T2588] bridge0: port 4(vlan3) entered disabled state
[   79.613217][ T2584] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[   79.661185][ T2586] EXT4-fs error (device loop5): ext4_orphan_get:1405: comm syz.5.876: couldn't read orphan inode 15 (err -117)
[   79.674412][ T2586] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[   79.794028][ T2586] EXT4-fs error (device loop5): ext4_validate_block_bitmap:429: comm syz.5.876: bg 0: block 5: invalid block bitmap
[   79.819508][ T2586] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 12 with error 28
[   79.835443][  T285] EXT4-fs (loop1): unmounting filesystem.
[   79.837400][ T2586] EXT4-fs (loop5): This should not happen!! Data will be lost
[   79.837400][ T2586] 
[   79.857265][ T2586] EXT4-fs (loop5): Total free blocks count 0
[   79.866357][ T2586] EXT4-fs (loop5): Free/Dirty block details
[   79.874125][ T2586] EXT4-fs (loop5): free_blocks=0
[   79.879239][ T2586] EXT4-fs (loop5): dirty_blocks=3428
[   79.886732][ T2586] EXT4-fs (loop5): Block reservation details
[   79.895038][ T2586] EXT4-fs (loop5): i_reserved_data_blocks=3428
[   79.963010][   T28] audit: type=1400 audit(79.967:512): avc:  denied  { setattr } for  pid=2611 comm="syz.4.886" name="/" dev="configfs" ino=14543 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[   80.007173][  T350] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 12 with max blocks 2048 with error 28
[   80.029123][ T2617] loop4: detected capacity change from 0 to 256
[   80.076998][ T2617] FAT-fs (loop4): Directory bread(block 64) failed
[   80.100750][ T2617] FAT-fs (loop4): Directory bread(block 65) failed
[   80.108726][ T2617] FAT-fs (loop4): Directory bread(block 66) failed
[   80.135028][ T2617] FAT-fs (loop4): Directory bread(block 67) failed
[   80.160498][ T2617] FAT-fs (loop4): Directory bread(block 68) failed
[   80.179701][ T2617] FAT-fs (loop4): Directory bread(block 69) failed
[   80.199853][ T2617] FAT-fs (loop4): Directory bread(block 70) failed
[   80.219988][ T2617] FAT-fs (loop4): Directory bread(block 71) failed
[   80.227015][ T2617] FAT-fs (loop4): Directory bread(block 72) failed
[   80.244555][ T2617] FAT-fs (loop4): Directory bread(block 73) failed
[   80.272295][ T2624] netlink: 104 bytes leftover after parsing attributes in process `syz.3.891'.
[   80.277850][   T28] audit: type=1400 audit(80.277:513): avc:  denied  { nlmsg_read } for  pid=2623 comm="syz.3.891" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   80.313780][ T2617] syz.4.888: attempt to access beyond end of device
[   80.313780][ T2617] loop4: rw=524288, sector=1256, nr_sectors = 4 limit=256
[   80.331272][ T2617] syz.4.888: attempt to access beyond end of device
[   80.331272][ T2617] loop4: rw=0, sector=1256, nr_sectors = 4 limit=256
[   80.929768][ T2641] netlink: 8 bytes leftover after parsing attributes in process `syz.1.898'.
[   80.998877][   T28] audit: type=1400 audit(80.998:514): avc:  denied  { mount } for  pid=2648 comm="syz.3.901" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[   81.028473][ T2649] overlayfs: upper fs does not support tmpfile.
[   81.217614][ T2673] netlink: 8 bytes leftover after parsing attributes in process `syz.4.914'.
[   81.305749][ T2680] overlayfs: upper fs does not support tmpfile.
[   81.569947][  T365] usb 1-1: USB disconnect, device number 7
[   81.830286][  T605] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[   82.031934][  T605] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   82.056264][ T2734] netlink: 4 bytes leftover after parsing attributes in process `syz.3.943'.
[   82.057093][  T605] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[   82.085794][ T2736] loop3: detected capacity change from 0 to 512
[   82.090521][  T605] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[   82.108829][  T605] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   82.121340][  T605] usb 5-1: config 0 descriptor??
[   82.133704][ T2736] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[   82.149331][  T365] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[   82.295728][   T28] kauditd_printk_skb: 9 callbacks suppressed
[   82.295743][   T28] audit: type=1400 audit(82.298:524): avc:  denied  { ioctl } for  pid=2735 comm="syz.3.944" path="/206/file1/file1" dev="loop3" ino=15 ioctlcmd=0x660f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   82.356852][  T284] EXT4-fs (loop3): unmounting filesystem.
[   82.365279][  T365] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   82.379179][  T365] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[   82.394775][  T365] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   82.408020][  T365] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   82.419050][  T365] usb 6-1: Product: syz
[   82.433093][  T365] usb 6-1: Manufacturer: syz
[   82.443922][  T365] usb 6-1: SerialNumber: syz
[   82.457920][  T365] cdc_mbim 6-1:1.0: skipping garbage
[   82.537989][  T605] kovaplus 0003:1E7D:2D50.0012: unknown main item tag 0x0
[   82.545946][  T605] kovaplus 0003:1E7D:2D50.0012: unknown main item tag 0x0
[   82.554295][  T605] kovaplus 0003:1E7D:2D50.0012: unknown main item tag 0x0
[   82.563277][  T605] kovaplus 0003:1E7D:2D50.0012: unknown main item tag 0x0
[   82.571981][  T605] kovaplus 0003:1E7D:2D50.0012: unknown main item tag 0x0
[   82.580676][  T605] kovaplus 0003:1E7D:2D50.0012: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.4-1/input0
[   82.659440][ T2720] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[   82.947396][  T605] kovaplus 0003:1E7D:2D50.0012: couldn't init struct kovaplus_device
[   82.960065][  T605] kovaplus 0003:1E7D:2D50.0012: couldn't install mouse
[   82.991262][  T605] kovaplus: probe of 0003:1E7D:2D50.0012 failed with error -71
[   83.002752][  T605] usb 5-1: USB disconnect, device number 10
[   83.040927][ T2748] fido_id[2748]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[   83.166158][   T28] audit: type=1400 audit(83.169:525): avc:  denied  { mount } for  pid=2764 comm="syz.1.954" name="/" dev="ramfs" ino=27277 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[   83.208513][   T28] audit: type=1400 audit(83.169:526): avc:  denied  { remount } for  pid=2764 comm="syz.1.954" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[   83.237607][   T28] audit: type=1400 audit(83.169:527): avc:  denied  { unmount } for  pid=285 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[   83.271765][ T2720] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[   83.289837][  T365] cdc_mbim 6-1:1.0: cdc-wdm0: USB WDM device
[   83.304438][  T365] cdc_mbim 6-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.5-1, CDC MBIM, b6:4b:1e:40:0f:d7
[   83.519139][  T365] usb 6-1: USB disconnect, device number 7
[   83.527694][  T365] cdc_mbim 6-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.5-1, CDC MBIM
[   83.648711][ T2807] loop3: detected capacity change from 0 to 1024
[   83.666550][ T2807] EXT4-fs: Ignoring removed bh option
[   83.677357][ T2807] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   83.702710][ T2815] 9pnet: p9_errstr2errno: server reported unknown error �@íÎÇpî‘AçÁ›
¬ž;
KZì44§/@®qæžkøp
[   83.702710][ T2815] é
[   83.741917][   T28] audit: type=1326 audit(83.749:528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2818 comm="syz.4.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f823598ebe9 code=0x7ffc0000
[   83.779474][ T2807] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e856c018, mo2=0002]
[   83.782191][   T28] audit: type=1326 audit(83.749:529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2818 comm="syz.4.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f823598ebe9 code=0x7ffc0000
[   83.802643][ T2807] System zones: 
[   83.820085][   T28] audit: type=1326 audit(83.779:530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2818 comm="syz.4.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7f823598ebe9 code=0x7ffc0000
[   83.842730][ T2807] 1-12
[   83.853924][   T28] audit: type=1326 audit(83.779:531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2818 comm="syz.4.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f823598ebe9 code=0x7ffc0000
[   83.874161][ T2807] 
[   83.897598][ T2807] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[   83.908269][   T28] audit: type=1326 audit(83.779:532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2818 comm="syz.4.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f823598ebe9 code=0x7ffc0000
[   83.937239][   T28] audit: type=1326 audit(83.789:533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2818 comm="syz.4.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7f823598ebe9 code=0x7ffc0000
[   84.017129][ T2807] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3841: comm syz.3.967: Allocating blocks 497-513 which overlap fs metadata
[   84.065644][ T2807] EXT4-fs (loop3): pa ffff88811ad49348: logic 256, phys. 385, len 8
[   84.075473][ T2807] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
[   84.125596][ T2871] loop5: detected capacity change from 0 to 2048
[   84.262910][ T2890] loop1: detected capacity change from 0 to 256
[   84.274610][  T284] EXT4-fs (loop3): unmounting filesystem.
[   84.291028][ T2890] FAT-fs (loop1): Directory bread(block 1285) failed
[   84.327691][ T2890] FAT-fs (loop1): Directory bread(block 1285) failed
[   84.488244][  T337] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[   84.628217][  T365] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[   84.698136][  T337] usb 6-1: Using ep0 maxpacket: 16
[   84.706666][  T337] usb 6-1: config 1 has an invalid interface number: 105 but max is 0
[   84.727442][  T337] usb 6-1: config 1 has no interface number 0
[   84.748960][  T337] usb 6-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[   84.763740][  T337] usb 6-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[   84.775219][  T337] usb 6-1: config 1 interface 105 has no altsetting 0
[   84.796612][  T337] usb 6-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[   84.814341][  T337] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   84.826375][  T337] usb 6-1: Product: syz
[   84.832728][  T337] usb 6-1: Manufacturer: syz
[   84.838272][  T337] usb 6-1: SerialNumber: syz
[   84.844348][  T365] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   84.858210][  T365] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[   84.871903][ T2884] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[   84.882430][  T365] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   84.886645][ T2884] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[   84.913607][  T365] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   84.927836][  T365] usb 5-1: Product: syz
[   84.933182][  T365] usb 5-1: Manufacturer: syz
[   84.939837][ T1335] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[   84.948480][  T365] usb 5-1: SerialNumber: syz
[   84.956249][  T365] cdc_mbim 5-1:1.0: skipping garbage
[   85.147446][ T1335] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   85.161513][ T2897] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[   85.174303][ T1335] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   85.188463][ T1335] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   85.205813][ T1335] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   85.218093][ T1335] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   85.229531][ T1335] usb 1-1: config 0 descriptor??
[   85.304895][ T2967] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.314170][ T2967] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.324409][ T2967] device bridge_slave_0 entered promiscuous mode
[   85.335702][ T2967] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.345070][ T2967] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.353686][ T2967] device bridge_slave_1 entered promiscuous mode
[   85.387146][ T2884] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[   85.396171][ T2884] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[   85.474800][ T2967] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.483680][ T2967] bridge0: port 2(bridge_slave_1) entered forwarding state
[   85.491892][ T2967] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.499565][ T2967] bridge0: port 1(bridge_slave_0) entered forwarding state
[   85.543275][  T350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   85.552585][  T350] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.561377][  T350] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.576027][  T350] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   85.587474][  T350] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.596559][  T350] bridge0: port 1(bridge_slave_0) entered forwarding state
[   85.612236][  T350] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   85.622556][  T350] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.633554][  T350] bridge0: port 2(bridge_slave_1) entered forwarding state
[   85.644218][ T1335] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0
[   85.654254][ T1335] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0
[   85.664026][ T1335] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0
[   85.672573][ T1335] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0
[   85.673234][  T350] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   85.682252][ T1335] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0
[   85.694302][  T350] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   85.701310][ T1335] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0
[   85.718800][ T1335] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0
[   85.728145][ T1335] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0
[   85.736527][ T1335] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0
[   85.738723][  T350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   85.744929][ T1335] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0
[   85.761935][ T2967] device veth0_vlan entered promiscuous mode
[   85.769335][ T1335] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0
[   85.780433][ T1335] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0
[   85.790548][ T2897] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[   85.801335][ T1335] plantronics 0003:047F:FFFF.0013: No inputs registered, leaving
[   85.801616][  T350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   85.812285][  T365] cdc_mbim 5-1:1.0: cdc-wdm0: USB WDM device
[   85.828143][  T350] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   85.830288][ T1335] plantronics 0003:047F:FFFF.0013: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[   85.836808][  T350] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   85.862565][ T1335] usb 1-1: USB disconnect, device number 8
[   85.874035][  T365] cdc_mbim 5-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.4-1, CDC MBIM, e6:a2:62:b3:e7:11
[   85.877216][  T350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   85.903738][    T8] device bridge_slave_1 left promiscuous mode
[   85.916357][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.919977][ T2977] fido_id[2977]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[   85.943431][    T8] device bridge_slave_0 left promiscuous mode
[   85.952589][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.962008][    T8] device veth1_macvtap left promiscuous mode
[   85.969981][    T8] device veth0_vlan left promiscuous mode
[   86.031598][  T337] aqc111 6-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -32
[   86.039465][   T24] usb 5-1: USB disconnect, device number 11
[   86.045031][  T337] aqc111 6-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71
[   86.053044][   T24] cdc_mbim 5-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.4-1, CDC MBIM
[   86.077975][ T2967] device veth1_macvtap entered promiscuous mode
[   86.089790][  T337] aqc111 6-1:1.105 eth1: register 'aqc111' at usb-dummy_hcd.5-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, 12:5a:85:df:e4:c9
[   86.126152][  T337] usb 6-1: USB disconnect, device number 8
[   86.140272][  T350] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   86.146731][  T337] aqc111 6-1:1.105 eth1: unregister 'aqc111' usb-dummy_hcd.5-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter
[   86.160250][  T350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   86.191767][  T350] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   86.206106][  T350] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   86.258086][  T337] aqc111 6-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[   86.272728][  T337] aqc111 6-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[   86.288627][  T337] aqc111 6-1:1.105 eth1 (unregistered): Failed to write(0x61) reg index 0x0000: -19
[   86.721957][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   86.806345][ T3019] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.813971][ T3019] bridge0: port 1(bridge_slave_0) entered disabled state
[   86.839010][ T3019] device bridge_slave_0 entered promiscuous mode
[   86.853334][ T3019] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.864203][ T3019] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.873344][ T3019] device bridge_slave_1 entered promiscuous mode
[   86.914027][ T1623] Bluetooth: hci0: Frame reassembly failed (-84)
[   86.969313][    T8] device bridge_slave_1 left promiscuous mode
[   86.976627][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.987634][    T8] device bridge_slave_0 left promiscuous mode
[   86.994669][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.004452][    T8] device veth1_macvtap left promiscuous mode
[   87.013594][    T8] device veth0_vlan left promiscuous mode
[   87.066975][   T24] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[   87.106568][ T3019] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.115691][ T3019] bridge0: port 2(bridge_slave_1) entered forwarding state
[   87.124547][ T3019] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.133447][ T3019] bridge0: port 1(bridge_slave_0) entered forwarding state
[   87.147680][   T10] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.157037][  T605] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[   87.167397][   T10] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.186365][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   87.194844][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   87.205546][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   87.216226][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   87.226153][   T10] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.233610][   T10] bridge0: port 1(bridge_slave_0) entered forwarding state
[   87.244593][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   87.254083][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   87.264405][   T10] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.272927][   T10] bridge0: port 2(bridge_slave_1) entered forwarding state
[   87.282012][   T24] usb 1-1: Using ep0 maxpacket: 32
[   87.290720][   T24] usb 1-1: unable to get BOS descriptor or descriptor too short
[   87.296109][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   87.300128][   T24] usb 1-1: config 16 has an invalid interface number: 177 but max is 0
[   87.309538][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   87.318021][   T24] usb 1-1: config 16 has no interface number 0
[   87.335624][   T24] usb 1-1: config 16 interface 177 has no altsetting 0
[   87.337468][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   87.353947][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   87.356485][   T24] usb 1-1: New USB device found, idVendor=0b49, idProduct=064f, bcdDevice=d7.89
[   87.374273][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   87.382384][ T3019] device veth0_vlan entered promiscuous mode
[   87.384246][   T24] usb 1-1: Product: syz
[   87.393321][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   87.397376][   T24] usb 1-1: Manufacturer: syz
[   87.407504][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   87.410979][  T605] usb 6-1: Using ep0 maxpacket: 16
[   87.420441][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   87.427116][   T24] usb 1-1: SerialNumber: syz
[   87.448038][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   87.450370][  T605] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   87.470248][  T605] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[   87.478993][ T3019] device veth1_macvtap entered promiscuous mode
[   87.488215][  T605] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   87.498321][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   87.501362][  T605] usb 6-1: config 0 descriptor??
[   87.508661][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   87.522596][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   87.539372][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   87.551126][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   87.573183][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   87.587313][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   87.600384][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   87.613845][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   87.665231][   T24] usb 1-1: USB disconnect, device number 9
[   87.924586][  T605] hid-generic 0003:04D8:00DD.0014: hidraw0: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.5-1/input0
[   87.946790][  T365] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[   88.126358][  T365] usb 8-1: Using ep0 maxpacket: 16
[   88.133661][  T365] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   88.145776][  T365] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 2
[   88.156157][  T605] usb 6-1: USB disconnect, device number 9
[   88.165761][  T365] usb 8-1: New USB device found, idVendor=1189, idProduct=0893, bcdDevice= 0.00
[   88.176957][  T365] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   88.186798][  T365] usb 8-1: Product: syz
[   88.192030][  T365] usb 8-1: Manufacturer: syz
[   88.197280][  T365] usb 8-1: SerialNumber: syz
[   88.202917][  T365] usb 8-1: config 0 descriptor??
[   88.356677][ T3078] syz.4.1054 (3078) used greatest stack depth: 21280 bytes left
[   88.391887][ T3089] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   88.406746][ T3089] bridge0: port 3(vlan2) entered blocking state
[   88.413962][ T3089] bridge0: port 3(vlan2) entered forwarding state
[   88.423478][ T3089] IPv6: ADDRCONF(NETDEV_CHANGE): vlan2: link becomes ready
[   88.434895][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[   88.451814][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   88.465881][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[   88.475834][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   88.487312][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   88.496556][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   88.506560][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   88.516646][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   88.722527][ T3114] syz.5.1070 uses obsolete (PF_INET,SOCK_PACKET)
[   88.732047][   T28] kauditd_printk_skb: 18 callbacks suppressed
[   88.732062][   T28] audit: type=1400 audit(88.732:552): avc:  denied  { read } for  pid=3113 comm="syz.5.1070" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   88.986482][ T1357] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   88.986482][ T1000] Bluetooth: hci0: command 0x1003 tx timeout
[   89.001547][ T3060] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[   89.035545][  T365] asix 8-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[   89.052451][  T365] asix 8-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0080: ffffffb9
[   89.065399][  T365] asix: probe of 8-1:0.0 failed with error -71
[   89.073580][  T365] usb 8-1: USB disconnect, device number 2
[   89.694959][ T3139] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1090'.
[   89.798919][ T3147] netlink: 76 bytes leftover after parsing attributes in process `syz.7.1084'.
[   89.949932][ T3165] SELinux:  Context system_u:object_r:man_t:s0 is not valid (left unmapped).
[   89.975160][   T28] audit: type=1400 audit(89.972:553): avc:  denied  { relabelto } for  pid=3164 comm="syz.7.1094" name="5" dev="tmpfs" ino=39 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:man_t:s0"
[   90.005005][   T60] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[   90.033812][    T6] ==================================================================
[   90.044090][    T6] BUG: KASAN: use-after-free in enqueue_timer+0xae/0x480
[   90.048607][   T28] audit: type=1400 audit(89.972:554): avc:  denied  { associate } for  pid=3164 comm="syz.7.1094" name="5" dev="tmpfs" ino=39 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:man_t:s0"
[   90.053073][    T6] Write of size 8 at addr ffff88811ecd4a00 by task kworker/0:0/6
[   90.053094][    T6] 
[   90.053101][    T6] CPU: 0 PID: 6 Comm: kworker/0:0 Tainted: G        W          6.1.145-syzkaller-00002-gc750dc582629 #0
[   90.053120][    T6] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   90.104868][   T28] audit: type=1400 audit(90.022:555): avc:  denied  { write } for  pid=3019 comm="syz-executor" name="5" dev="tmpfs" ino=39 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:man_t:s0"
[   90.109676][    T6] Workqueue: pm hcd_resume_work
[   90.109719][    T6] Call Trace:
[   90.109726][    T6]  <TASK>
[   90.109734][    T6]  __dump_stack+0x21/0x24
[   90.109760][    T6]  dump_stack_lvl+0xee/0x150
[   90.109778][    T6]  ? __cfi_dump_stack_lvl+0x8/0x8
[   90.109799][    T6]  ? enqueue_timer+0xae/0x480
[   90.185925][    T6]  print_address_description+0x71/0x210
[   90.192561][    T6]  print_report+0x4a/0x60
[   90.197433][    T6]  kasan_report+0x122/0x150
[   90.203004][    T6]  ? enqueue_timer+0xae/0x480
[   90.208139][    T6]  __asan_report_store8_noabort+0x17/0x20
[   90.215222][    T6]  enqueue_timer+0xae/0x480
[   90.221260][    T6]  __mod_timer+0x79f/0xb30
[   90.227190][    T6]  ? ttwu_do_activate+0x174/0x280
[   90.233739][    T6]  schedule_timeout+0x127/0x2e0
[   90.239940][    T6]  ? __cfi_schedule_timeout+0x10/0x10
[   90.247490][    T6]  ? __cfi_process_timeout+0x10/0x10
[   90.254716][    T6]  ? __cfi__raw_spin_lock+0x10/0x10
[   90.265053][    T6]  ? _raw_spin_lock+0x8e/0xe0
[   90.272710][    T6]  wait_for_common+0x354/0x620
[   90.277943][    T6]  ? usb_hcd_giveback_urb+0x351/0x410
[   90.285574][    T6]  ? wait_for_completion+0x20/0x20
[   90.293068][    T6]  ? usb_submit_urb+0x122d/0x1900
[   90.298593][    T6]  wait_for_completion_timeout+0xe/0x10
[   90.306399][    T6]  usb_start_wait_urb+0x166/0x2f0
[   90.312947][    T6]  ? usb_api_blocking_completion+0xb0/0xb0
[   90.319200][    T6]  ? usb_alloc_urb+0x44/0x140
[   90.324617][    T6]  ? __kasan_check_write+0x14/0x20
[   90.331107][    T6]  usb_control_msg+0x241/0x3f0
[   90.336154][    T6]  hub_ext_port_status+0x100/0x6b0
[   90.342497][    T6]  hub_activate+0x887/0x19d0
[   90.348081][    T6]  ? __kasan_check_write+0x14/0x20
[   90.354449][    T6]  hub_resume+0x97/0x390
[   90.359241][    T6]  ? __cfi_hub_resume+0x10/0x10
[   90.365831][    T6]  ? usbfs_notify_resume+0xd0/0xe0
[   90.372403][    T6]  usb_resume_both+0x74d/0xd70
[   90.377711][    T6]  ? usb_resume+0xa0/0xa0
[   90.384674][    T6]  ? update_load_avg+0x4c2/0x13f0
[   90.390572][    T6]  usb_runtime_resume+0x21/0x30
[   90.396889][    T6]  ? __cfi_usb_runtime_resume+0x10/0x10
[   90.407750][    T6]  __rpm_callback+0x315/0x7a0
[   90.415314][    T6]  ? __cfi_usb_runtime_resume+0x10/0x10
[   90.422468][    T6]  ? dev_pm_disable_wake_irq_check+0xbc/0x160
[   90.430048][    T6]  ? rpm_resume+0xd3e/0x1570
[   90.435039][    T6]  ? __cfi_usb_runtime_resume+0x10/0x10
[   90.444060][    T6]  rpm_resume+0xf28/0x1570
[   90.449767][    T6]  ? __pm_runtime_resume+0x90/0x90
[   90.455859][    T6]  ? _raw_spin_lock_irqsave+0xb0/0x110
[   90.462449][    T6]  ? __cfi__raw_spin_lock_irqsave+0x10/0x10
[   90.470029][    T6]  ? _raw_spin_unlock+0x4c/0x70
[   90.475887][    T6]  ? __kasan_check_write+0x14/0x20
[   90.481494][    T6]  ? mutex_lock+0x8d/0x1a0
[   90.487259][    T6]  __pm_runtime_resume+0x69/0x90
[   90.493728][    T6]  usb_autoresume_device+0x23/0x60
[   90.499654][    T6]  usb_remote_wakeup+0x5d/0xc0
[   90.504700][    T6]  hcd_resume_work+0x3b/0x40
[   90.509578][    T6]  process_one_work+0x71f/0xc40
[   90.515484][    T6]  worker_thread+0xa29/0x11f0
[   90.520850][    T6]  kthread+0x281/0x320
[   90.525354][    T6]  ? __cfi_worker_thread+0x10/0x10
[   90.531019][    T6]  ? __cfi_kthread+0x10/0x10
[   90.535735][    T6]  ret_from_fork+0x1f/0x30
[   90.540662][    T6]  </TASK>
[   90.544039][    T6] 
[   90.546629][    T6] Allocated by task 3060:
[   90.552536][    T6]  kasan_set_track+0x4b/0x70
[   90.557926][    T6]  kasan_save_alloc_info+0x25/0x30
[   90.564469][    T6]  __kasan_kmalloc+0x95/0xb0
[   90.569381][    T6]  __kmalloc+0xb1/0x1e0
[   90.573819][    T6]  hci_alloc_dev_priv+0x27/0x1bd0
[   90.579192][    T6]  hci_uart_tty_ioctl+0x3d6/0xa20
[   90.584910][    T6]  tty_ioctl+0x8ef/0xc60
[   90.589696][    T6]  __se_sys_ioctl+0x12f/0x1b0
[   90.595094][    T6]  __x64_sys_ioctl+0x7b/0x90
[   90.600223][    T6]  x64_sys_call+0x58b/0x9a0
[   90.606724][    T6]  do_syscall_64+0x4c/0xa0
[   90.611269][    T6]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   90.618220][    T6] 
[   90.622856][    T6] Freed by task 3060:
[   90.627368][    T6]  kasan_set_track+0x4b/0x70
[   90.633043][    T6]  kasan_save_free_info+0x31/0x50
[   90.638624][    T6]  ____kasan_slab_free+0x132/0x180
[   90.644828][    T6]  __kasan_slab_free+0x11/0x20
[   90.650551][    T6]  slab_free_freelist_hook+0xc2/0x190
[   90.656980][    T6]  __kmem_cache_free+0xb7/0x1b0
[   90.662818][    T6]  kfree+0x6f/0xf0
[   90.668542][    T6]  hci_release_dev+0x12a3/0x13b0
[   90.674128][    T6]  bt_host_release+0x82/0x90
[   90.679937][    T6]  device_release+0xa4/0x1d0
[   90.684787][    T6]  kobject_put+0x19d/0x280
[   90.690149][    T6]  put_device+0x1f/0x30
[   90.694690][    T6]  hci_dev_cmd+0x265/0x720
[   90.700783][    T6]  hci_sock_ioctl+0x41e/0x7f0
[   90.707858][    T6]  sock_do_ioctl+0x101/0x310
[   90.713005][    T6]  sock_ioctl+0x4d8/0x6e0
[   90.718804][    T6]  __se_sys_ioctl+0x12f/0x1b0
[   90.725567][    T6]  __x64_sys_ioctl+0x7b/0x90
[   90.731066][    T6]  x64_sys_call+0x58b/0x9a0
[   90.736255][    T6]  do_syscall_64+0x4c/0xa0
[   90.741092][    T6]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   90.748349][    T6] 
[   90.750781][    T6] Last potentially related work creation:
[   90.757406][    T6]  kasan_save_stack+0x3a/0x60
[   90.765480][    T6]  __kasan_record_aux_stack+0xb6/0xc0
[   90.774159][    T6]  kasan_record_aux_stack_noalloc+0xb/0x10
[   90.780965][    T6]  insert_work+0x51/0x300
[   90.787335][    T6]  __queue_work+0x9b1/0xd30
[   90.794035][    T6]  queue_work_on+0xd2/0x140
[   90.799450][    T6]  __hci_cmd_sync_sk+0xa3e/0xcf0
[   90.807261][    T6]  hci_cmd_sync_status+0x53/0x120
[   90.813255][    T6]  hci_dev_cmd+0x628/0x720
[   90.818043][    T6]  hci_sock_ioctl+0x41e/0x7f0
[   90.824292][    T6]  sock_do_ioctl+0x101/0x310
[   90.829583][    T6]  sock_ioctl+0x4d8/0x6e0
[   90.834223][    T6]  __se_sys_ioctl+0x12f/0x1b0
[   90.839524][    T6]  __x64_sys_ioctl+0x7b/0x90
[   90.845558][    T6]  x64_sys_call+0x58b/0x9a0
[   90.850550][    T6]  do_syscall_64+0x4c/0xa0
[   90.855934][    T6]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   90.863687][    T6] 
[   90.867288][    T6] Second to last potentially related work creation:
[   90.875363][    T6]  kasan_save_stack+0x3a/0x60
[   90.884516][    T6]  __kasan_record_aux_stack+0xb6/0xc0
[   90.891696][    T6]  kasan_record_aux_stack_noalloc+0xb/0x10
[   90.899511][    T6]  insert_work+0x51/0x300
[   90.907533][    T6]  __queue_work+0x9b1/0xd30
[   90.913125][    T6]  queue_work_on+0xd2/0x140
[   90.918511][    T6]  hci_cmd_timeout+0x191/0x200
[   90.924165][    T6]  process_one_work+0x71f/0xc40
[   90.930068][    T6]  worker_thread+0xa29/0x11f0
[   90.935192][    T6]  kthread+0x281/0x320
[   90.940895][    T6]  ret_from_fork+0x1f/0x30
[   90.946262][    T6] 
[   90.948869][    T6] The buggy address belongs to the object at ffff88811ecd4000
[   90.948869][    T6]  which belongs to the cache kmalloc-8k of size 8192
[   90.966770][    T6] The buggy address is located 2560 bytes inside of
[   90.966770][    T6]  8192-byte region [ffff88811ecd4000, ffff88811ecd6000)
[   90.983036][    T6] 
[   90.985795][    T6] The buggy address belongs to the physical page:
[   90.993634][    T6] page:ffffea00047b3400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11ecd0
[   91.009230][    T6] head:ffffea00047b3400 order:3 compound_mapcount:0 compound_pincount:0
[   91.019392][    T6] flags: 0x4000000000010200(slab|head|zone=1)
[   91.026787][    T6] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100043500
[   91.037003][    T6] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000
[   91.056617][    T6] page dumped because: kasan: bad access detected
[   91.065631][    T6] page_owner tracks the page as allocated
[   91.072605][    T6] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 3019, tgid 3019 (syz-executor), ts 86794060546, free_ts 86785118041
[   91.103244][    T6]  post_alloc_hook+0x1f5/0x210
[   91.109676][    T6]  prep_new_page+0x1c/0x110
[   91.114762][    T6]  get_page_from_freelist+0x2c7b/0x2cf0
[   91.120931][    T6]  __alloc_pages+0x1c3/0x450
[   91.127213][    T6]  alloc_slab_page+0x6e/0xf0
[   91.132653][    T6]  new_slab+0x98/0x3d0
[   91.137472][    T6]  ___slab_alloc+0x6f6/0xb50
[   91.142580][    T6]  __slab_alloc+0x5e/0xa0
[   91.147687][    T6]  __kmem_cache_alloc_node+0x203/0x2c0
[   91.154581][    T6]  __kmalloc_node+0xa1/0x1e0
[   91.159575][    T6]  kvmalloc_node+0x294/0x480
[   91.167329][    T6]  wg_packet_queue_init+0x95/0x320
[   91.172994][    T6]  wg_newlink+0x43c/0x7a0
[   91.177763][    T6]  rtnl_newlink+0x14b9/0x2030
[   91.183321][    T6]  rtnetlink_rcv_msg+0x9f4/0xcf0
[   91.189286][    T6]  netlink_rcv_skb+0x1f2/0x440
[   91.195740][    T6] page last free stack trace:
[   91.201574][    T6]  free_unref_page_prepare+0x742/0x750
[   91.208116][    T6]  free_unref_page+0x8f/0x530
[   91.213709][    T6]  __free_pages+0x67/0x100
[   91.218825][    T6]  __free_slab+0xca/0x1a0
[   91.223259][    T6]  __unfreeze_partials+0x160/0x190
[   91.229943][    T6]  put_cpu_partial+0xa9/0x100
[   91.234983][    T6]  __slab_free+0x1c4/0x280
[   91.240465][    T6]  ___cache_free+0xbf/0xd0
[   91.245583][    T6]  qlist_free_all+0xc6/0x140
[   91.251482][    T6]  kasan_quarantine_reduce+0x14a/0x170
[   91.259285][    T6]  __kasan_slab_alloc+0x24/0x80
[   91.265026][    T6]  slab_post_alloc_hook+0x4f/0x2d0
[   91.272426][    T6]  kmem_cache_alloc_node+0x181/0x340
[   91.279042][    T6]  __alloc_skb+0xea/0x4b0
[   91.284010][    T6]  netlink_ack+0x372/0x1100
[   91.289977][    T6]  netlink_rcv_skb+0x277/0x440
[   91.295314][    T6] 
[   91.299601][    T6] Memory state around the buggy address:
[   91.307921][    T6]  ffff88811ecd4900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   91.317985][    T6]  ffff88811ecd4980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   91.326742][    T6] >ffff88811ecd4a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   91.336657][    T6]                    ^
[   91.341973][    T6]  ffff88811ecd4a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   91.351096][    T6]  ffff88811ecd4b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   91.361402][    T6] ==================================================================
[   91.371934][    T6] Disabling lock debugging due to kernel taint
[   91.381819][    C0] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
[   91.397261][    C0] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[   91.399782][   T28] audit: type=1400 audit(90.022:556): avc:  denied  { remove_name } for  pid=3019 comm="syz-executor" name="binderfs" dev="tmpfs" ino=43 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:man_t:s0"
[   91.407726][    C0] CPU: 0 PID: 13 Comm: ksoftirqd/0 Tainted: G    B   W          6.1.145-syzkaller-00002-gc750dc582629 #0
[   91.407753][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   91.407773][    C0] RIP: 0010:__queue_work+0x575/0xd30
[   91.474303][    C0] Code: 39 2b 0f 84 b9 00 00 00 e8 28 d7 28 00 4c 89 ff e8 50 60 ac 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 4c 3a 6d 00 49 8b 7d 00 e8 33 5c
[   91.490773][   T28] audit: type=1400 audit(90.022:557): avc:  denied  { rmdir } for  pid=3019 comm="syz-executor" name="5" dev="tmpfs" ino=39 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:man_t:s0"
[   91.496286][    C0] RSP: 0018:ffffc900000d7b10 EFLAGS: 00010046
[   91.496311][    C0] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff8881003a1440
[   91.496323][    C0] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff
[   91.526561][   T60] usb 5-1: Using ep0 maxpacket: 16
[   91.533574][    C0] RBP: ffffc900000d7ba8 R08: fffffffffffffffb R09: 0000000000000007
[   91.542515][   T24] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[   91.551185][    C0] R10: ffffed1023d9a939 R11: 1ffff11023d9a939 R12: dffffc0000000000
[   91.551208][    C0] R13: 0000000000000000 R14: ffff88811ecd49c8 R15: 0000000000000008
[   91.551218][    C0] FS:  0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[   91.551234][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   91.578640][   T60] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   91.583679][    C0] CR2: 00007fb9cf572020 CR3: 00000001359e5000 CR4: 00000000003506b0
[   91.615018][   T60] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[   91.619570][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   91.646813][   T60] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   91.655544][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   91.655564][    C0] Call Trace:
[   91.655569][    C0]  <TASK>
[   91.655580][    C0]  delayed_work_timer_fn+0x61/0x80
[   91.655604][    C0]  ? __cfi_delayed_work_timer_fn+0x10/0x10
[   91.655624][    C0]  call_timer_fn+0x46/0x2a0
[   91.722482][    C0]  ? __cfi_delayed_work_timer_fn+0x10/0x10
[   91.729199][    C0]  __run_timers+0x667/0x9a0
[   91.734056][    C0]  ? calc_index+0x200/0x200
[   91.739583][    C0]  ? finish_task_switch+0x16b/0x7b0
[   91.746248][    C0]  ? __schedule+0xb8f/0x14e0
[   91.751218][    C0]  run_timer_softirq+0x6a/0xf0
[   91.756629][    C0]  handle_softirqs+0x1d7/0x600
[   91.762272][    C0]  ? __cfi_run_ksoftirqd+0x10/0x10
[   91.768255][    C0]  run_ksoftirqd+0x28/0x30
[   91.773140][    C0]  smpboot_thread_fn+0x4a0/0x910
[   91.779961][    C0]  kthread+0x281/0x320
[   91.784510][    C0]  ? __cfi_smpboot_thread_fn+0x10/0x10
[   91.791689][    C0]  ? __cfi_kthread+0x10/0x10
[   91.796661][    C0]  ret_from_fork+0x1f/0x30
[   91.805406][    C0]  </TASK>
[   91.808984][    C0] Modules linked in:
[   91.812901][    C0] ---[ end trace 0000000000000000 ]---
[   91.820106][    C0] RIP: 0010:__queue_work+0x575/0xd30
[   91.828145][    C0] Code: 39 2b 0f 84 b9 00 00 00 e8 28 d7 28 00 4c 89 ff e8 50 60 ac 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 4c 3a 6d 00 49 8b 7d 00 e8 33 5c
[   91.854987][    C0] RSP: 0018:ffffc900000d7b10 EFLAGS: 00010046
[   91.862905][    C0] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff8881003a1440
[   91.872543][    C0] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff
[   91.883318][    C0] RBP: ffffc900000d7ba8 R08: fffffffffffffffb R09: 0000000000000007
[   91.892271][    C0] R10: ffffed1023d9a939 R11: 1ffff11023d9a939 R12: dffffc0000000000
[   91.900927][    C0] R13: 0000000000000000 R14: ffff88811ecd49c8 R15: 0000000000000008
[   91.909634][    C0] FS:  0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[   91.919118][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   91.926239][    C0] CR2: 00007fb9cf572020 CR3: 00000001359e5000 CR4: 00000000003506b0
[   91.935347][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   91.944604][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   91.955071][    C0] Kernel panic - not syncing: Fatal exception in interrupt
[   91.963262][    C0] Kernel Offset: disabled
[   91.969538][    C0] Rebooting in 86400 seconds..