last executing test programs:

41.196326495s ago: executing program 4 (id=158):
unshare(0x60480)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x20, 0x1, 0x0, 0xffffffffffffffff, 0x8}, 0x50)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1}, 0x10)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20)

41.125802367s ago: executing program 4 (id=160):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1801000001ffffeb00000000eb658e0d850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x40940, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000003c0)=0x2)
readv(r1, &(0x7f0000000600)=[{&(0x7f00000002c0)=""/135, 0x87}], 0x1)
ioctl$TIOCVHANGUP(r1, 0x5437, 0x2)

41.083246679s ago: executing program 4 (id=162):
r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=ANY=[@ANYBLOB="12000000810000000800000002"], 0x14)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000280)={r0, &(0x7f00000004c0), &(0x7f0000000400)=@udp6=r1}, 0x3f)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYRESDEC=0x0])
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000007c0)={r0, &(0x7f0000000000), &(0x7f0000000780)=@udp6=r1}, 0x20)
bpf$MAP_UPDATE_ELEM(0x4, &(0x7f0000000100)={r0, &(0x7f0000000000), &(0x7f00000000c0)=@udp6}, 0x20)

41.009740202s ago: executing program 4 (id=163):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$incfs(&(0x7f0000000200)='./file0\x00', &(0x7f0000000340)='./file0\x00', &(0x7f0000000380), 0x0, 0x0)
chdir(&(0x7f00000001c0)='./file0\x00')
syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x400a8, 0x0, 0x1, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000240)='./bus\x00', 0x20000, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x200000, &(0x7f0000002380)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})

41.005598233s ago: executing program 4 (id=164):
r0 = socket(0x2, 0x3, 0x6)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x4dd8, 0x4)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r1, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x3}, 0x1c)
syz_emit_ethernet(0x16, &(0x7f0000000a40)={@random="cf702e8cf675", @remote, @val={@val={0x88a8, 0x6, 0x1, 0x4}, {0x8100, 0x0, 0x1, 0x11}}, {@mpls_mc}}, 0x0)

40.897631327s ago: executing program 4 (id=166):
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = inotify_init1(0x80800)
inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x610003d5)
r1 = inotify_init1(0x800)
inotify_add_watch(r1, &(0x7f0000000040)='./file0\x00', 0x40000000)
inotify_add_watch(r1, &(0x7f0000000240)='./file0\x00', 0xc0)

40.804169501s ago: executing program 32 (id=166):
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = inotify_init1(0x80800)
inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x610003d5)
r1 = inotify_init1(0x800)
inotify_add_watch(r1, &(0x7f0000000040)='./file0\x00', 0x40000000)
inotify_add_watch(r1, &(0x7f0000000240)='./file0\x00', 0xc0)

40.009414475s ago: executing program 1 (id=200):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000f00)=@base={0x5, 0x4, 0xfff, 0x7}, 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000080850000008200000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f00000021c0)={r2, 0x0, 0x0}, 0x10)

39.942662338s ago: executing program 1 (id=201):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x94)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000680)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000500)="630b00dcb95b0e4afdb20104bb4e", 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50)

39.942400648s ago: executing program 1 (id=202):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000980)=ANY=[@ANYBLOB="00220f000000040b2100000095f5758483", @ANYRES16], 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000500)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000580), 0x0})
ioctl$HIDIOCGUSAGES(r1, 0xd01c4813, 0x0)

37.578863319s ago: executing program 1 (id=274):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200880, &(0x7f0000000280)={[{@resgid={'resgid', 0x3d, 0xee00}}, {@nogrpid}, {@grpquota}, {@data_err_ignore}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@barrier}, {@stripe}]}, 0x3, 0x572, &(0x7f00000006c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwIF6kCCIWxD/Au8fiH6B/RUELRUrQg5fIbGbbbZLNJunWbJ3PB6Z9b2ayb96++b79zs4uG0BhjWT/lCJejoivk4iDbdsGI984srLf0sNrk9mSxPLyJ38mkeTrWvsn+f/788pLEfHLFxHHS2vbrS8szlSq1XQur482Zi+P1hcWT1ycrUyn0+ml8YmJU29NjL/7zts96+vr5/7+7uO7H5z66ujStz/dP3Q7iTNxIN/W3o+ncKO9MhIj+XMyFGdW7TjWg8b6SbLTB8C2DORxPhTZHHAwBvKoB/7/rkfEMlBQifiHgmrlAa1r+x5dBz83Hry/cgG0tv+DK++NxJ7mtdG+peSJK6Psene4B+1nbfz8x53b2RJd3oe43oP2AFpu3IyIk4ODa+e/JJ//tu9k883jja1uo2ivP7CT7mb5zxvr5T+lR/lPrJP/7F8ndreje/yX7vegmY6y/O+9dfPfR1PX8EBee6GZ8w0lFy5W05MR8WJEHIuh3Vl9o/s5p5buLXfa1p7/ZUvWfisXzI/j/uDuJ/9mqtKoPE2f2z24GfHK4/w3iTXz/55mrrt6/LPn41xW+PXLrm0cSe+82mlb9/63630GvPxjxGvrjv/jO1rJxvcnR5vnw2jrrFjrr1tHfuvU/tb633vZ+O/buP/DSfv92vrW2/hhzz9pp23bPf93JZ82y7vydVcrjcbcWMSu5KO168cf/22r3to/6/+xoxvPf+ud/3sj4rNN9v/W4Vsdd+2H8Z/a0vhvvXDvw8+/79T+5sb/zWbpWL5mM/PfZg/waZ47AAAAAAAA6DeliDgQSan8qFwqlcsrn+84HPtK1Vq9cfxCbf7SVDS/KzscQ6XWne6DbZ+HGMs/D9uqj6+qT0TEoYj4ZmBvs16erFWndrrzAAAAAAAAAAAAAAAAAAAA0Cf2d/j+f+b3gZ0+OuCZ85PfUFxd478Xv/QE9CWv/1Bc4h+KS/xDcYl/KC7xD8Ul/qG4xD8Ul/gHAAAAAAAAAAAAAAAAAAAAAAAAAACAnjp39my2LC89vDaZ1aeuLMzP1K6cmErrM+XZ+cnyZG3ucnm6VpuupuXJ2my3x6vWapfHxmP+6mgjrTdG6wuL52dr85ca5y/OVqbT8+nQf9IrAAAAAAAAAAAAAAAAAAAAeL7UFxZnKtVqOqfQsXA6+uIwtl1Iuo3y6fxk2NIjR14Y3PkOKjyDwg5PTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQ5t8AAAD//8nLNLM=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x1c0)
mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0)
chdir(&(0x7f00000001c0)='./bus\x00')
syz_mount_image$fuse(0x0, &(0x7f0000000580)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f00000007c0)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000680)='./file1\x00', 0x2)

37.546665881s ago: executing program 1 (id=278):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0900000004000000e27f000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000002200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x18)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4(r2, 0x0, 0x80000000, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)

37.450250385s ago: executing program 1 (id=282):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfdef)

37.377139958s ago: executing program 33 (id=282):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfdef)

32.053511056s ago: executing program 0 (id=441):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f0000000300)="b9800000c00f3235000100000f30c441dd6b13d9ff3e430f529aac3c00000f014648470f18d167400f01cb66baf80cb890c10e84ef66bafc0cec66440f38212bc4e35d6849cf04", 0x47}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

30.829963019s ago: executing program 0 (id=466):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x101800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x6)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f00009b3000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f0000000240)="b9800000c00f3235004000000f30b9fa000000130f01d9300d76c4020a1bf7b805000000b90000c0fe0f3cae0a41d941d9000f32ba00e500000f30660fc775022e0fba600c9864660ffc76002f3166b85766baa00066ed00d0", 0x59}], 0x1, 0x1, 0x0, 0x0)
ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000040)={0x1, 0x0, [{0x80000001, 0x6, 0x634, 0x0, 0x5e886aa4}]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

30.587081689s ago: executing program 0 (id=479):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000100)=[{0x6, 0x7, 0x0, 0x8001}]}, 0x10)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)

29.680365238s ago: executing program 0 (id=489):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
umount2(&(0x7f00000000c0)='./file0\x00', 0x1)

29.655112369s ago: executing program 0 (id=492):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000e00000020000000000000000000000000000000000000000000000000000000100000000000000000a00000087000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000009e8c20300000000000000000000000000000000000000000000000000000000000000000000fbfffffffffffffffdffffffffffffff00000000000000000000000000a3ed6c90c3557f04000000000000000001"], 0xb8}}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, {0x0, 0x4000000000000, 0x200000000000000}}}, 0xb8}}, 0x2c000010)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000800)=ANY=[@ANYBLOB="b8000000150001000000000000030000e00000020000000000000000000000000000000000000000000000000000000000000000000000000a"], 0xb8}}, 0x80)

29.553765744s ago: executing program 0 (id=496):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000, 0x0, 0x1}, 0x20)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', <r2=>0x0})
bind$xdp(r0, &(0x7f0000000100)={0x2c, 0x0, r2}, 0x10)

29.491953016s ago: executing program 34 (id=496):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000, 0x0, 0x1}, 0x20)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', <r2=>0x0})
bind$xdp(r0, &(0x7f0000000100)={0x2c, 0x0, r2}, 0x10)

19.36289949s ago: executing program 3 (id=649):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r1, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @loopback}, 0x4}}, 0x2e)
syz_emit_ethernet(0x4c, &(0x7f0000000140)={@link_local, @random="dce65fbcee55", @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x16, 0x11, 0x0, @remote, @local, {[], {0x0, 0xe22, 0x16, 0x0, @gue={{0x2, 0x0, 0x0, 0x3}, "30b00afe4e70"}}}}}}}, 0x0)
recvmmsg(r1, &(0x7f0000000340)=[{{0x0, 0x0, 0x0}, 0x8}], 0x1, 0x1, 0x0)

18.488527557s ago: executing program 3 (id=664):
r0 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
r1 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5\x00'/557, 0x1)
pwritev(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)='P', 0x1}], 0x1, 0x800000, 0x0)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r0, 0x0, 0x24002de8)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000480)={0x0, {}, 0x0, {}, 0x40000004, 0x0, 0xffffffff, 0x9, "28f5c9ea1f1ae4be4111ab18d2da69bde58cd7af40fd150b70aac11c2e16bd5bba7663c435aff94793ddd7aae07ef35f17bf01933bdb6fd7ecdd91b59ca8d541", "07a9310900000010fe1406584afd8d74b8830793b848194e1df82d00", [0x6, 0x9]})

17.727416231s ago: executing program 3 (id=667):
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x2008410, &(0x7f0000000580)=ANY=[], 0x1, 0x554d, &(0x7f0000011600)="$eJzs3EtvG1UUAOA7TtPSJxFiwa4jVUiJVFt1+hDsArTiIVJFPBaswLEdy63tiWLHCVkhwRKx4J8gkFix5DewYM0OsQCxQwJ57pgSyiOVHbuP75PGZ+bO+Mw9IyvWmYkcgCfWUvrrz0m4EE6HEBZCCOeSkK8nxZJbi+G5EMLFEELpL0tSjP85cDKEcCaEcGGUPOZMil2fXx5euv7TG798892pE2e/+Pr7+VUNzNvzIYTudlzf68aYtWK8U4zXhu08dq8Nixh3dO8W21mMe83NPMNebXxcLY9XW/H4bHu3P4pbnVp9FFvtrXx8uxdP2B+2xnnyN9yp7eTbjeZmHtv9LI+tgziv/YP4t+2gP4h5GkW+D/P0YTAYxzje3G/Gerbv5rHeGxTjMW/WaO6P4rCIxelCPes08nlsTnKlH25vtnu7++mwudNvZ730eqX6QqV6o1zdyRrNQfNaudZt3LiWLrc6o8PKg2atu9bKslanWaln3ZV0uVWvl6vVdPlmc7Nd66XVauVq5Ur5+kqxdjl99fa7aaeRLo/iy+3e7sl2p59uZTtpfMdKulq5+uJKeqmavr2+kW68devW+sY779987/ZL66+/Uhx037TS5dUrq6vl6pXyanXlWOoffYMevf7R9+4R6x9MUv8nxaQfoP5ksssD/80HDOCB3df/B/0/cPwe9f4/TLP/H7VU+v//7/9Lk/f/E/W/s+v/j+3+x8NWP0xE/w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8MT6YfHL1/KVpbh9thg/Xww9U2wnIYRSCOH3f7AQTh7KuVDkWfyX4xf/Nodvk5BnGJ3jVLGcCSGsFctvTx/3VQAAAIDH11cfXfwsduvxZWneE2KW4k2b0rkPppQvCSEsLv04pWyl0cuzU0qWf75PhP0pZctvYD01pWTxltuJaWU7koVx+Pj8vcG8oCSG0kynAwAAzMTCoTDbLgQAAIBZ+nTeE2A+kjB+lDl+Fpz/5/29R5unD+0DAAAAHkHJvCcAAAAAHLu8//f7fwAAAPB4i7//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH+wcz+3iQNRHICfDQb2nxat9r6t7A3KSAk55hgoIE1QAmkhDVADuaWECCLsEZIjkCIxjhX0fZLHGTv6zQxweWPJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAl56r9fzx/t/DpTm7/WXyrAYAAAA4ZVut5/Uf06b/I13/lS79Sf0iIsqIOFW7D2LUyhyknOrM/1fv5vAUUSccxhin43tE/E/H6++uPwUAAAC4XpvlatZU600z7XtCfKZm06b8eZMpr4iIavqSKa08NH8zhdW/72HcZUqrN7AmmcKaLbfh6XujXIO0DVqntJLJov4S617ZzbgAAECf2pXAmSoEAACAK3Db9wToR3Fsjs8Zx80pPRD81uoBAAAAX1DR9wQAAACAztX1v/f/AQAAwHVr3v8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAl7bVer5Zrmbn7i8+mLPbXybfigAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4Y3/eUSAEwiAM9q7vTOb+h5UGDY1NqkD4+BuDAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADe/O4v/yemxplk7rWx9DySrJ0aW6fG3rlx9Ifx9WsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICL/XlJgRAIgiiYM/530vc/rCToGUSIgIZHFbVoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC/63S//J6bGmWTutLF0PJKsXTW2rhp7DxpHD8bbvwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICLnbvXjaOKAgB8dnZn80MQxiAXBhQkCmiIvYGElFCALAoeAcly1sGwIZC4IJEFcgMVcp0GQYkQEsh06XiA1LGUJnQpXBiJGjR/ziQxZAEzs9jfJ925Z3ZHc8+dWVk+vuMFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDK9hvxbFLG3WwzVcTVa7d21payfuuBPnNj4/Zs1rK486iBvnh9/5OfbM/Vd07O1HY+az4ZAAAADoduVd9HxJ10cyHrk6m8/k+rY7Ka/+vHi7iq5x+s+7d21o6Wb81W9f9PP959enegqWKc7KTLK6Ph/MOp9P6jKU68Jx55RC+/8vnfXrr5DUneXn9qO82vZ+fLmzff7OfhkSayBQD+iVNVXwbV70NZP2gzMQAOjV6t8K7q/+5UuzkBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANGF7PR6r4k5EzPbuxZmtnbWlvfobG7dnq3b2+vWN+jmzU6QRsbwyGqYNzmXSXbl67YPF0Wh4ufngZES0N3oZvDvGMRF/fUz58YzWZnHsz9/q/NshTkSLd2d/gqS8P5OSz34G1Wdv/8/c0g8kAAAOrLRsWV1/J91cyF7rTEf8/s399f+LtTjGrP/vvnf2Vn2sev0/aGyGk29u9eJHc1euXnt55eLiheGF4Yevnh68Nnjl3Jkz5+ayazU/txzJcL7tNAEAAPgf65etXv8n0w+v/x+vxTFm/f/xV4NP62N11f97urfo13YmAAAAh1F/N3ry+d9+7exxRKffj08WV1cvD4rt7v7pYttoun9TNZ8jZavX/93pdnMDAAAAmrG93rlv/f98LY4x1/9PfPvM9/VzdiPiWMSliBieWro0Ot/cdCZaE/+onA/Ub3umAAAAtODnKOrxvNXX/9P8+f9k95GHJCJeeqGIq++6Gqf+7771+Xf1AevP/x/2UjSZKa5H3s9E9GbazggAAICD7GjZsmL/l3Rz4f0fjr/T9/w/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQNP+CAAA//9PzDPP")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x8000c61)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
sendfile(r1, r1, 0x0, 0xe3aa6ea)
creat(&(0x7f00000003c0)='./file1\x00', 0x11)

16.971983982s ago: executing program 3 (id=683):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200880, &(0x7f0000000280)={[{@resgid={'resgid', 0x3d, 0xee00}}, {@nogrpid}, {@grpquota}, {@data_err_ignore}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@barrier}, {@stripe}]}, 0x3, 0x572, &(0x7f00000006c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwIF6kCCIWxD/Au8fiH6B/RUELRUrQg5fIbGbbbZLNJunWbJ3PB6Z9b2ayb96++b79zs4uG0BhjWT/lCJejoivk4iDbdsGI984srLf0sNrk9mSxPLyJ38mkeTrWvsn+f/788pLEfHLFxHHS2vbrS8szlSq1XQur482Zi+P1hcWT1ycrUyn0+ml8YmJU29NjL/7zts96+vr5/7+7uO7H5z66ujStz/dP3Q7iTNxIN/W3o+ncKO9MhIj+XMyFGdW7TjWg8b6SbLTB8C2DORxPhTZHHAwBvKoB/7/rkfEMlBQifiHgmrlAa1r+x5dBz83Hry/cgG0tv+DK++NxJ7mtdG+peSJK6Psene4B+1nbfz8x53b2RJd3oe43oP2AFpu3IyIk4ODa+e/JJ//tu9k883jja1uo2ivP7CT7mb5zxvr5T+lR/lPrJP/7F8ndreje/yX7vegmY6y/O+9dfPfR1PX8EBee6GZ8w0lFy5W05MR8WJEHIuh3Vl9o/s5p5buLXfa1p7/ZUvWfisXzI/j/uDuJ/9mqtKoPE2f2z24GfHK4/w3iTXz/55mrrt6/LPn41xW+PXLrm0cSe+82mlb9/63630GvPxjxGvrjv/jO1rJxvcnR5vnw2jrrFjrr1tHfuvU/tb633vZ+O/buP/DSfv92vrW2/hhzz9pp23bPf93JZ82y7vydVcrjcbcWMSu5KO168cf/22r3to/6/+xoxvPf+ud/3sj4rNN9v/W4Vsdd+2H8Z/a0vhvvXDvw8+/79T+5sb/zWbpWL5mM/PfZg/waZ47AAAAAAAA6DeliDgQSan8qFwqlcsrn+84HPtK1Vq9cfxCbf7SVDS/KzscQ6XWne6DbZ+HGMs/D9uqj6+qT0TEoYj4ZmBvs16erFWndrrzAAAAAAAAAAAAAAAAAAAA0Cf2d/j+f+b3gZ0+OuCZ85PfUFxd478Xv/QE9CWv/1Bc4h+KS/xDcYl/KC7xD8Ul/qG4xD8Ul/gHAAAAAAAAAAAAAAAAAAAAAAAAAACAnjp39my2LC89vDaZ1aeuLMzP1K6cmErrM+XZ+cnyZG3ucnm6VpuupuXJ2my3x6vWapfHxmP+6mgjrTdG6wuL52dr85ca5y/OVqbT8+nQf9IrAAAAAAAAAAAAAAAAAAAAeL7UFxZnKtVqOqfQsXA6+uIwtl1Iuo3y6fxk2NIjR14Y3PkOKjyDwg5PTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQ5t8AAAD//8nLNLM=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x1c0)
mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0)
chdir(&(0x7f00000001c0)='./bus\x00')
syz_mount_image$fuse(0x0, &(0x7f0000000580)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f00000007c0)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000680)='./file1\x00', 0x2)

16.608331928s ago: executing program 3 (id=685):
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0)

16.309156631s ago: executing program 3 (id=687):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x18)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x4, 0x0)

16.226308715s ago: executing program 35 (id=687):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x18)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x4, 0x0)

2.731565513s ago: executing program 8 (id=873):
r0 = socket$inet(0x2, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x11, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000540)='inet_sock_set_state\x00', r1}, 0x10)
listen(r0, 0x0)

1.936750467s ago: executing program 8 (id=875):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000ed074479000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00', r0}, 0x18)
openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000040), 0x18a3c85)

1.910255628s ago: executing program 2 (id=876):
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)
r0 = gettid()
process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00')
read$FUSE(r1, &(0x7f0000004100)={0x2020}, 0x2020)

1.725466046s ago: executing program 2 (id=877):
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10)
listen(r0, 0x0)
r1 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r1, &(0x7f0000000240)={&(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x41}}}, 0x10, &(0x7f0000000340)=[{&(0x7f00000002c0)='/', 0x1}], 0x1, 0x0, 0x0, 0x40}, 0x0)
accept4(r0, 0x0, 0x0, 0x0)

1.561945833s ago: executing program 2 (id=879):
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0)
getsockname$packet(r0, &(0x7f0000001e40)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001e00)=0x8)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r2, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800fbffffff0000000000000a00000000000000000000000c00090008000080", @ANYRES32=r2, @ANYBLOB="14000500fe80"], 0x3c}}, 0x0)

1.38706721s ago: executing program 2 (id=882):
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r0, &(0x7f0000000340)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x805, 0x0, 0x0)
syz_usb_connect$rtl8150(0x0, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xbda, 0x8150, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0)

981.250588ms ago: executing program 8 (id=891):
socket$nl_route(0x10, 0x3, 0x0)
socket$packet(0x11, 0x2, 0x300)
r0 = socket$inet6(0xa, 0x3, 0x3c)
setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, &(0x7f0000000040)=ANY=[@ANYBLOB="0002020100000008ff", @ANYRES16=r0], 0x18)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e24, 0x2, @dev={0xfe, 0x80, '\x00', 0x28}, 0x9}, 0x1c)
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000240)="88", 0x1}], 0x1)

945.14199ms ago: executing program 8 (id=894):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000180)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x3}, 0x1c)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r3=>0x0})
sendto$packet(r2, &(0x7f0000000080)='\b', 0x1, 0x800, &(0x7f0000000200)={0x11, 0xd, r3, 0x1, 0x1, 0x6, @remote}, 0x14)

887.403842ms ago: executing program 8 (id=896):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'pim6reg1\x00', 0x1a003})
ioctl$TUNSETLINK(r0, 0x400454cd, 0x6)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000140)={'pim6reg1\x00', @link_local})
close(r0)

797.169636ms ago: executing program 8 (id=900):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = io_uring_setup(0x76a3, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x80})
close(r1)
ptrace(0x10, r0)
waitid(0x0, r0, 0x0, 0x8, 0x0)
waitid(0x1000000000000000, 0x0, 0x0, 0x4, 0x0)

782.409016ms ago: executing program 5 (id=902):
symlinkat(&(0x7f0000000400)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x4008, &(0x7f0000000300)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@uuid_off}]})
linkat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file1\x00', 0xffffffffffffff9c, &(0x7f0000000140)='./file0/file2\x00', 0x0)
setxattr$trusted_overlay_nlink(&(0x7f0000000080)='./file0/file2\x00', &(0x7f0000000180), 0x0, 0x0, 0x0)

750.405228ms ago: executing program 5 (id=904):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0500000001000000070000000c"], 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000640)={{r0}, &(0x7f00000005c0), &(0x7f0000000600)='%-5lx  \x00'}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000980)='sys_enter\x00', r1}, 0x18)
r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4(r2, 0x0, 0x4000000a, 0x0)

550.627966ms ago: executing program 5 (id=914):
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000142020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000e02800850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='vm_unmapped_area\x00', r0}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='vm_unmapped_area\x00', r1}, 0x10)
io_setup(0x2003, &(0x7f0000000340))

453.75178ms ago: executing program 5 (id=918):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0xc9d7, 0x9, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000880)=""/166}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r2}, 0x10)
getresgid(0x0, 0x0, 0x0)

420.617422ms ago: executing program 5 (id=920):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=<r1=>0x0)
timer_settime(r1, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000ac0)=ANY=[@ANYBLOB="18000000000000000000000000000000950000000000000046682d562c31630100000000000000b52f0d6086e274aa97a91fa46cdcefe7534fda04ca542b4c4904446290f93bce3177127ebc0c24e7e718c0b1da96d9c9fa8e95238403007cb9806b9641253a7b99504c950fcba378fae7ec90b6da825996012194da80cc7621803fe840ccedca203b30524e6258edbfe64d0900cdf79924bfb82ad5cfe25853d4f3a2841f7d7e692bfb1387c1211d00d4cace5a0ae3fad859bc7cb33f20922abe3780b6d07d9dde639e27dc79daef403b188d618ab4928773db8fba724f8d8f46ff88fdf1e61dceef4ac7bb085eb915eb2f14927a5caef0f5224ef0e7219c3fe37b272f27e9aab8a31e258d6c14be1f1a31a8e68d00"/306], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x0, 0x0, 0xa, 0x0, 0x0, 0xffffffffffffffff, 0x4}, 0x98)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r2, 0xffff0000, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x48, 0x0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x0, 0xffff0000}, 0x48)

409.456313ms ago: executing program 7 (id=921):
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x1a, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xeb, '\x00', 0x0, @tracing=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r0}, 0x18)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000180)='percpu_create_chunk\x00', r1}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0a00000001010000ff7f0000cc"], 0x50)

368.522164ms ago: executing program 5 (id=923):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000300)={0x1, 0x3}, 0x4)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000080)=0xf3e, 0x62)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0x73220c8b}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000002f00)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)=""/43, 0x2b}], 0x1}}, {{0x0, 0x0, 0x0}, 0x1006}], 0x2, 0x0, 0x0)

334.216565ms ago: executing program 7 (id=924):
r0 = socket$inet6(0xa, 0x2, 0x0)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x14445, &(0x7f0000000940)={[{@jqfmt_vfsold}, {@errors_remount}, {@data_journal}, {@usrjquota}, {@init_itable_val={'init_itable', 0x3d, 0x22}}], [{@uid_gt}, {@obj_type={'obj_type', 0x3d, 'usrjquota='}}]}, 0x3, 0x43c, &(0x7f0000000200)="$eJzs3MtvG8UfAPDv2kn66+sXU5VHH0CgICIeSZOW0gMXEEgcQEKCQzmGJK1C3QY1QaJVBAGhckSVuCOOSPwFnOCCgBMSV7ijShXKpaUno7V3E8ex83DjOODPR9pkZndWM1/vjj2zEyeAnjWU/kgiDkTE7xExWMuuLjBU+3VnaWHy76WFySQqlbf+Sqrlbi8tTOZF8/P255lSROGzJI41qXfu6rWLE+Xy9JUsPzp/6f3RuavXnpu5NHFh+sL05fGzZ0+fGnvhzPjz2xJnGtftox/NHj/y2js33pg8d+Pdn79N8vgb4tiSQssjQ+ud9mSl0lZ1u9XBunTSt5Lc4LTKYMdaxGYUIyK9XP3V/j8YxVi5eIPx6qddbRzQUQPrH16sAP9h6Wge6EX5B306/823HRh27Bq3XqpNgNK472Rb7Ujf8tS+v2F+u52GIuLc4t2v0i3u5TkEAMAmfZ+Of55tNv4rxAN15f6fraGUIuK+iDgUEWci4nBE3B9RLftgRDy0xfobF0nWjn8KN9sKbJPS8d+L2drW6vHf8sJOqZjlDlbj70/Oz5SnT2avyXD070nzY+vU8cMrv33R6lj9+C/d0vrzsWDWjpt9e1afMzUxP3EvMde79UnE0b5m8SfLKwFJRByJiKNt1jHz9DfHWx3bOP7Oqnwd8VTt+i9GQ/y5ZP31ydH/RXn65Gh+V6z1y6/X32xVf7fjT6//vqb3/3L8paR+vXZu63Vc/+PzlnOadu//geTtVfs+nJifvzIWMZC8Xmt0/f7xhnLjK+XT+IdPNO//h2LllTgWEelN/HBEPBIRj2ZtfywiHo+IE+vE/9PLT7zXfvydlcY/FRF3s+cBG1//lcRANO5pnihe/PG7VZWWthJ/ev1PV1PD2Z7NvP9tpl3t3c0AAADw71OIiAORFEaW04XCyEjtb/gPx75CeXZu/pnzsx9cnqp9R6AU/YX8Sddg3fPQsWxan+fHG/KnsufGXxb3VvMjk7PlqW4HDz1uf4v+n/qz2O3WAR3X1+0GAF2j/0Pv0v+hd+n/0Lua9P+93WgHsPOq/b/hXzV93KW2ADur4fPfsh/0EPN/6F36P/Qu/R960tze2PhL8hISaxJR2BXNkOhQotvvTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANvjnwAAAP//qIfmRw==")
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000280)=0x1, 0x4)
setsockopt$inet6_udp_int(r0, 0x11, 0x66, &(0x7f0000000100)=0xc6, 0x4)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x7d)
syz_emit_ethernet(0xd2, &(0x7f0000000900)=ANY=[@ANYBLOB="ffffffffbfff20000000000086dd600489f1009c1100fc010000000000000025030000000000ff02000000000000000000000000000100000e22"], 0x0)

271.082978ms ago: executing program 7 (id=926):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0}, 0x0, &(0x7f0000000040)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x18)
setreuid(0x0, 0x0)

261.087219ms ago: executing program 7 (id=928):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x10, 0x0)
syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000280)='./file0\x00', 0xa0, &(0x7f0000000700)=ANY=[], 0x1, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000580)='./bus\x00', 0x100040, 0x0, 0x1, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000280)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@metacopy_on}]})

139.095654ms ago: executing program 6 (id=930):
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x5, 0x4, 0xfff, 0x7}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000021b70400000000000085000000c3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='itimer_state\x00', r1}, 0x10)
setitimer(0x1, 0x0, 0x0)

133.564364ms ago: executing program 7 (id=931):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000d80)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e1f, 0x9c, 0x0, @wg=@initiation={0x1, 0x3, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424d", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="64000000030101010000000000000000020000000c001980080002000d08000044000280140001800800010000000000080002007f0000010c0002"], 0x64}, 0x1, 0x0, 0x0, 0x4000004}, 0x44080)

92.929136ms ago: executing program 6 (id=932):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
ftruncate(r0, 0xc17a)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x34}, 0x20)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r1, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1}, 0x90)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={r2, 0xe0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000001200)=[{}], 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)

83.852727ms ago: executing program 2 (id=933):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc509873f1a103c87f69"], &(0x7f0000000100)='GPL\x00'}, 0x41)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
prctl$PR_SET_NAME(0xf, &(0x7f00000001c0)='w\xde\xa3\x05\xff\a\x00\x00\x00\x00\x00\x00\x8f\xc0\x9b\x86\xef\\\xc0\x89\av\x9f\xd6\xd1\x98,\xc8\x18E/\x8c\x1a\xe3\xbd')
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000780)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e0000000800000000001800038014000380"], 0x44}}, 0x0)

79.374767ms ago: executing program 7 (id=934):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@ipv6_newaddr={0x48, 0x14, 0x1, 0xfffffffc, 0x0, {0xa, 0x0, 0x0, 0x0, r3}, [@IFA_ADDRESS={0x14, 0x1, @mcast2}, @IFA_FLAGS={0x8, 0x8, 0x402}, @IFA_CACHEINFO={0x14, 0x6, {0x5, 0x7, 0x77eb488a, 0x5}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x6, 0x0, 0x8100, 0x0, {0xd}, {}, {0xe, 0xd}}, [@TCA_RATE={0x6}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x11, {0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}}, 0x0)

61.693327ms ago: executing program 2 (id=935):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f0000000040)={0x0, 0x0})
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r3, 0x4068aea3, &(0x7f0000000140)={0xbe, 0x0, 0x1})
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000200)={0x1, 0x0, [{0x4b564d07}]})

61.214217ms ago: executing program 6 (id=945):
r0 = socket$inet(0x2, 0x2, 0x1)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x6e24, @empty}, 0x10)
r1 = socket(0x2, 0x2, 0x1)
r2 = socket(0x2, 0x2, 0x1)
bind$unix(r2, &(0x7f0000000000)=@abs, 0x6e)
bind$unix(r1, &(0x7f0000000000)=@abs, 0x6e)

22.956729ms ago: executing program 6 (id=936):
r0 = socket$inet(0x2, 0x801, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @multicast2}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @empty}, 0x10)
sendto$inet(r0, &(0x7f0000000040)="ee", 0x1, 0x4064055, 0x0, 0x0)
pipe2(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
splice(r0, 0x0, r1, 0x0, 0x7ffff000, 0x3)

22.528409ms ago: executing program 6 (id=937):
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000080), 0x2000000, &(0x7f0000000180)=ANY=[@ANYBLOB='huge=always,size=8'])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='net_prio.prioidx\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f00000000c0)={'#! ', './file0'}, 0xb)
symlink(&(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000800)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

0s ago: executing program 6 (id=938):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r0}, 0x10)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x2000081, &(0x7f0000000080)=ANY=[@ANYRES8=0x0, @ANYRES8, @ANYRES64, @ANYRES8], 0x0, 0x23e, &(0x7f0000000bc0)="$eJzs3c9qE1EUB+AzSdqmukgWrkRwQBeuStsnSJEKYldKFupCi21BklCwEGgVQ1c+gU/ic7jxDXwAoTtdFEYmSZsWUm0wf0r9vk0uzP3NOTe5Iau5eX2n1dja3ds5/PA9yuUkCrWoJUcR1ShEbiEAgOvmV5bFUdYzWrJUmFRPAMBkXfL3f3GKLQEAE/bs+Ysnaxsb60/TtBzR+tSuJ9F77V1f24m30YztWI5KHEdkp3rjR4831qOU5qpxv9Vp1/Nk69XX/v3XfkR08ytRierw/Eracybfadfn4ka/fi3Pr0Ylbg3Prw7JR30+Htw70/9SVOLbm9iNZmxFnh3kP66k6cPs88/3L/OO83zSadcXuvMGsuLUPxwAAAAAAAAAAAAAAAAAAAAAAK6tpTRN0yz7kmVZ1jl3/k7xuHt9KT1RPX8+Ty9/0flAnTPn6yznJZLe/EG+FLdLUZrl2gEAAAAAAAAAAAAAAAAAAOCq2Ns/aGw2m9vvxjo4eax//Hf+10EU+601k4gr0E93sJj3M51ad2PEWrURS0Rh/6Bxsrsam0n8JVWe0CbJhmy/4oWp+TFVn7853lUkETF3+mb+aXIh5sb8TQEAAAAAAAAAAAAAAAAAAKZs8NDvkIuHM2gIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGZg8P//Iww6/fAlUzNeIgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP+B3wEAAP//bkR7Lg==")
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r1, 0xa02000000000000, 0x60, &(0x7f0000000000)={'filter\x00', 0xb001, 0x4, 0x3e8, 0x0, 0x0, 0x130, 0x300, 0x300, 0x300, 0x7fffffe, 0x0, {[{{@arp={@local, @empty, 0x0, 0x0, 0x0, 0x0, {}, {@mac=@local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'pimreg\x00', 'veth0_to_bridge\x00'}, 0xc0, 0x130}, @unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "f67b23ffdfa27f907a03732da3acbc6518e62a77ca06f258762e88c0d9f9d2f413b94a105f4bdf01425ce81c5d000000000000000500ffffffff00"}}}, {{@arp={@multicast2, @empty, 0x0, 0x0, 0x0, 0x0, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0_to_team\x00', 'ip6tnl0\x00'}, 0xc0, 0xe8}, @unspec=@CLASSIFY={0x28}}, {{@uncond, 0xc0, 0xe8}, @unspec=@NFQUEUE3={0x28}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x438)

kernel console output (not intermixed with test programs):

usb 3-1: config 0 descriptor??
[   24.146008][   T19] smsc75xx v1.0.0
[   24.163105][  T407] netlink: 8 bytes leftover after parsing attributes in process `syz.4.28'.
[   24.463280][  T370] loop3: detected capacity change from 0 to 262144
[   24.477585][  T370] F2FS-fs (loop3): invalid crc value
[   24.503975][  T370] F2FS-fs (loop3): Found nat_bits in checkpoint
[   24.558002][  T370] F2FS-fs (loop3): Start checkpoint disabled!
[   24.575431][  T370] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   24.647336][  T421] syz.1.33[421] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   24.647412][  T421] syz.1.33[421] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   25.052924][  T429] netlink: 92 bytes leftover after parsing attributes in process `syz.3.36'.
[   25.101820][  T431] loop4: detected capacity change from 0 to 128
[   25.128335][  T431] syz.4.37: attempt to access beyond end of device
[   25.128335][  T431] loop4: rw=2049, sector=128, nr_sectors = 1 limit=128
[   25.141892][  T431] Buffer I/O error on dev loop4, logical block 128, lost async page write
[   25.150780][   T19] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): EEPROM read operation timeout
[   25.183630][  T437] loop3: detected capacity change from 0 to 128
[   25.191574][  T437] FAT-fs (loop3): bogus logical sector size 8
[   25.199488][  T437] FAT-fs (loop3): Can't find a valid FAT filesystem
[   25.233637][  T437] bridge0: port 2(bridge_slave_1) entered disabled state
[   25.240850][  T437] bridge0: port 1(bridge_slave_0) entered disabled state
[   25.249514][  T437] netlink: 24 bytes leftover after parsing attributes in process `syz.3.40'.
[   25.258430][  T437] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check.
[   25.288912][   T28] kauditd_printk_skb: 83 callbacks suppressed
[   25.288925][   T28] audit: type=1400 audit(1764165361.044:157): avc:  denied  { block_suspend } for  pid=440 comm="syz.3.41" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   25.350771][   T28] audit: type=1400 audit(1764165361.104:158): avc:  denied  { watch_reads } for  pid=444 comm="syz.4.44" path="/12" dev="tmpfs" ino=75 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   25.372932][   T19] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[   25.388327][   T19] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[   25.398223][   T19] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[   25.409750][   T19] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[   25.423237][   T19] smsc75xx: probe of 3-1:0.184 failed with error -71
[   25.431928][   T19] usb 3-1: USB disconnect, device number 2
[   25.459029][   T28] audit: type=1400 audit(1764165361.214:159): avc:  denied  { create } for  pid=452 comm="syz.3.46" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   25.565511][   T28] audit: type=1400 audit(1764165361.324:160): avc:  denied  { create } for  pid=461 comm="syz.3.50" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   25.595847][  T466] loop3: detected capacity change from 0 to 1024
[   25.608377][   T28] audit: type=1400 audit(1764165361.324:161): avc:  denied  { write } for  pid=461 comm="syz.3.50" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   25.628713][  T466] EXT4-fs: Ignoring removed orlov option
[   25.630395][  T470] netlink: 'syz.1.54': attribute type 4 has an invalid length.
[   25.643202][  T469] tmpfs: Unknown parameter 'nolazytime5'
[   25.646321][   T28] audit: type=1400 audit(1764165361.324:162): avc:  denied  { nlmsg_write } for  pid=461 comm="syz.3.50" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   25.672815][  T470] netlink: 'syz.1.54': attribute type 4 has an invalid length.
[   25.681406][  T466] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a800c019, mo2=0002]
[   25.692414][  T470] syz.1.54 (470) used greatest stack depth: 21376 bytes left
[   25.704239][  T475] IPv6: sit1: Disabled Multicast RS
[   25.709608][  T466] System zones: 0-1, 3-12
[   25.715795][  T476] incfs: Options parsing error. -22
[   25.726224][  T476] incfs: mount failed -22
[   25.731016][  T466] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[   25.750647][   T28] audit: type=1400 audit(1764165361.504:163): avc:  denied  { read write } for  pid=480 comm="syz.1.58" name="vhost-vsock" dev="devtmpfs" ino=268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[   25.781327][   T28] audit: type=1400 audit(1764165361.504:164): avc:  denied  { open } for  pid=480 comm="syz.1.58" path="/dev/vhost-vsock" dev="devtmpfs" ino=268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[   25.806251][   T28] audit: type=1400 audit(1764165361.534:165): avc:  denied  { ioctl } for  pid=480 comm="syz.1.58" path="/dev/vhost-vsock" dev="devtmpfs" ino=268 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[   25.831976][   T28] audit: type=1400 audit(1764165361.534:166): avc:  denied  { append } for  pid=464 comm="syz.3.52" name="file1" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   25.840750][  T334] usb 1-1: USB disconnect, device number 2
[   25.866063][  T284] EXT4-fs (loop3): unmounting filesystem.
[   25.899599][  T491] netlink: 104 bytes leftover after parsing attributes in process `syz.4.63'.
[   25.948100][  T499] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=499 comm=syz.0.66
[   26.001308][  T505] syz.2.69 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[   26.059970][  T510] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   26.124083][  T522] SELinux:  Context system_u:object_r:bsdpty_device_t:s0 is not valid (left unmapped).
[   26.213329][  T539] 9pnet: p9_errstr2errno: server reported unknown error ��n$Ž[
[   26.213329][  T539] Q&|xùXºX<
[   26.247830][  T545] loop7: detected capacity change from 0 to 16384
[   26.359025][  T531] loop1: detected capacity change from 0 to 40427
[   26.378182][  T531] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[   26.386204][  T531] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[   26.397042][  T531] F2FS-fs (loop1): Found nat_bits in checkpoint
[   26.402267][  T547] loop7: detected capacity change from 16384 to 0
[   26.442883][  T531] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[   26.450009][  T531] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   26.494765][  T531] syz.1.79: attempt to access beyond end of device
[   26.494765][  T531] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   26.513429][  T531] syz.1.79: attempt to access beyond end of device
[   26.513429][  T531] loop1: rw=2049, sector=45104, nr_sectors = 128 limit=40427
[   26.558996][  T283] syz-executor: attempt to access beyond end of device
[   26.558996][  T283] loop1: rw=2051, sector=45096, nr_sectors = 136 limit=40427
[   26.573416][  T283] F2FS-fs (loop1): Issue discard(5637, 5637, 17) failed, ret: -5
[   26.598399][  T552] loop3: detected capacity change from 0 to 40427
[   26.614711][  T552] F2FS-fs (loop3): Wrong SIT boundary, start(1536) end(50334208) blocks(1024)
[   26.624333][  T552] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[   26.633663][  T552] F2FS-fs (loop3): invalid crc value
[   26.640052][  T552] F2FS-fs (loop3): Found nat_bits in checkpoint
[   26.675680][  T552] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[   26.682856][  T552] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   26.819730][  T560] syz.3.87: attempt to access beyond end of device
[   26.819730][  T560] loop3: rw=2049, sector=40424, nr_sectors = 8 limit=40427
[   26.832187][  T566] loop1: detected capacity change from 0 to 2048
[   26.871397][  T566] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[   26.894033][  T283] EXT4-fs (loop1): unmounting filesystem.
[   26.916157][  T574] netlink: 'syz.1.95': attribute type 1 has an invalid length.
[   26.951738][  T576] loop1: detected capacity change from 0 to 256
[   26.969714][  T576] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[   27.023571][  T576] syz.1.96: attempt to access beyond end of device
[   27.023571][  T576] loop1: rw=524288, sector=440, nr_sectors = 256 limit=256
[   27.039651][  T576] syz.1.96: attempt to access beyond end of device
[   27.039651][  T576] loop1: rw=524288, sector=696, nr_sectors = 256 limit=256
[   27.058382][  T580] netlink: 16 bytes leftover after parsing attributes in process `syz.3.94'.
[   27.066843][  T576] syz.1.96: attempt to access beyond end of device
[   27.066843][  T576] loop1: rw=0, sector=440, nr_sectors = 8 limit=256
[   27.081354][  T576] syz.1.96: attempt to access beyond end of device
[   27.081354][  T576] loop1: rw=0, sector=440, nr_sectors = 8 limit=256
[   27.208411][  T582] syz.2.98 (582) used greatest stack depth: 21264 bytes left
[   27.266653][  T611] syz.2.110[611] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   27.266720][  T611] syz.2.110[611] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   27.281473][  T608] user requested TSC rate below hardware speed
[   27.305075][  T608] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (148514 ns). Using initial count to start timer.
[   27.393453][  T622] netlink: 48 bytes leftover after parsing attributes in process `syz.1.115'.
[   27.403597][  T622] netlink: 48 bytes leftover after parsing attributes in process `syz.1.115'.
[   27.423898][  T631] loop1: detected capacity change from 0 to 512
[   27.440290][  T631] EXT4-fs (loop1): external journal device major/minor numbers have changed
[   27.450353][  T628] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8192 sclass=netlink_route_socket pid=628 comm=syz.3.118
[   27.472294][  T631] block device autoloading is deprecated and will be removed.
[   27.475582][  T628] device erspan0 entered promiscuous mode
[   27.496507][  T631] EXT4-fs (loop1): external journal has bad superblock
[   27.539631][  T647] loop4: detected capacity change from 0 to 1024
[   27.562228][  T647] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[   27.590178][  T287] EXT4-fs (loop4): unmounting filesystem.
[   27.672502][  T669] loop0: detected capacity change from 0 to 1024
[   27.679453][  T669] EXT4-fs: Ignoring removed oldalloc option
[   27.685574][  T669] EXT4-fs: Ignoring removed bh option
[   27.691797][  T669] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   27.714469][  T669] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[   27.753517][  T285] EXT4-fs (loop0): unmounting filesystem.
[   27.809330][  T685] loop1: detected capacity change from 0 to 2048
[   27.842882][  T685]  loop1: p1 < > p4 < >
[   27.857024][  T103]  loop1: p1 < > p4 < >
[   28.254281][  T716] loop2: detected capacity change from 0 to 512
[   28.271938][  T716] EXT4-fs error (device loop2): ext4_orphan_get:1400: inode #15: comm syz.2.154: inode has both inline data and extents flags
[   28.289936][  T716] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.154: couldn't read orphan inode 15 (err -117)
[   28.305120][  T721] Illegal XDP return value 2506679969 on prog  (id 77) dev N/A, expect packet loss!
[   28.314889][  T716] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[   28.446657][  T286] EXT4-fs (loop2): unmounting filesystem.
[   28.490339][  T731] serio: Serial port ttyS3
[   28.530981][  T335] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   28.587047][  T738] overlayfs: failed to create directory ./bus/work (errno: 22); mounting read-only
[   28.721115][  T335] usb 4-1: Using ep0 maxpacket: 32
[   28.737067][  T335] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   28.780791][  T335] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   28.793437][  T335] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[   28.821376][  T335] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   28.847484][  T335] usb 4-1: config 0 descriptor??
[   28.870473][  T751] loop2: detected capacity change from 0 to 1024
[   28.889393][  T335] hub 4-1:0.0: USB hub found
[   28.919072][  T751] EXT4-fs: Ignoring removed mblk_io_submit option
[   28.927934][  T751] EXT4-fs: Ignoring removed oldalloc option
[   28.944165][  T751] EXT4-fs: Ignoring removed nomblk_io_submit option
[   28.987862][  T751] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[   29.048031][  T286] EXT4-fs (loop2): unmounting filesystem.
[   29.066923][  T335] hub 4-1:0.0: config failed, can't read hub descriptor (err -22)
[   29.128551][  T785] loop2: detected capacity change from 0 to 256
[   29.137318][  T785] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x9059ffb0, utbl_chksum : 0xe619d30d)
[   29.159464][  T768] bridge0: port 1(bridge_slave_0) entered blocking state
[   29.167147][  T768] bridge0: port 1(bridge_slave_0) entered disabled state
[   29.174712][  T768] device bridge_slave_0 entered promiscuous mode
[   29.183191][  T768] bridge0: port 2(bridge_slave_1) entered blocking state
[   29.190474][  T768] bridge0: port 2(bridge_slave_1) entered disabled state
[   29.197981][  T768] device bridge_slave_1 entered promiscuous mode
[   29.205975][  T342] device bridge_slave_1 left promiscuous mode
[   29.212635][  T342] bridge0: port 2(bridge_slave_1) entered disabled state
[   29.220973][  T342] device bridge_slave_0 left promiscuous mode
[   29.227153][  T342] bridge0: port 1(bridge_slave_0) entered disabled state
[   29.235268][  T342] device veth1_macvtap left promiscuous mode
[   29.246205][  T342] device veth0_vlan left promiscuous mode
[   29.273583][  T795] loop1: detected capacity change from 0 to 1024
[   29.280395][  T795] EXT4-fs: Ignoring removed orlov option
[   29.292220][  T335] hid-generic 0003:046D:C31C.0001: item fetching failed at offset 0/1
[   29.302911][  T335] hid-generic: probe of 0003:046D:C31C.0001 failed with error -22
[   29.313367][  T795] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   29.323138][  T795] EXT4-fs (loop1): unmounting filesystem.
[   29.397384][  T805] loop2: detected capacity change from 0 to 128
[   29.407134][  T805] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[   29.416066][  T805] ext4 filesystem being mounted at /22/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   29.453812][  T805] EXT4-fs error (device loop2): dx_make_map:1328: inode #2: block 63: comm syz.2.193: bad entry in directory: inode out of bounds - offset=988, inode=128, rec_len=36, size=1024 fake=1
[   29.485749][  T805] EXT4-fs error (device loop2) in do_split:2095: Corrupt filesystem
[   29.501242][  T286] EXT4-fs (loop2): unmounting filesystem.
[   29.569996][  T768] bridge0: port 2(bridge_slave_1) entered blocking state
[   29.577127][  T768] bridge0: port 2(bridge_slave_1) entered forwarding state
[   29.584448][  T768] bridge0: port 1(bridge_slave_0) entered blocking state
[   29.591500][  T768] bridge0: port 1(bridge_slave_0) entered forwarding state
[   29.611072][  T334] usb 4-1: USB disconnect, device number 2
[   29.617523][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   29.638974][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   29.646560][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   29.666099][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   29.674737][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[   29.681983][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[   29.689648][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   29.698075][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   29.705160][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   29.712753][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   29.721755][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   29.729859][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   29.745185][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   29.753543][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   29.765934][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   29.774579][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   29.784859][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   29.792535][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   29.800477][  T768] device veth0_vlan entered promiscuous mode
[   29.810415][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   29.818750][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   29.827965][  T768] device veth1_macvtap entered promiscuous mode
[   29.837027][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   29.845036][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   29.853273][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   29.862740][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   29.871311][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   29.897893][  T835] syz.5.167[835] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   29.897938][  T835] syz.5.167[835] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   29.940998][  T334] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   29.981820][  T846] device veth0 entered promiscuous mode
[   29.987750][  T846] __nla_validate_parse: 2 callbacks suppressed
[   29.987760][  T846] netlink: 4 bytes leftover after parsing attributes in process `syz.0.207'.
[   30.006634][  T846] device veth0 left promiscuous mode
[   30.032758][  T852] loop5: detected capacity change from 0 to 512
[   30.054404][  T852] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[   30.063438][  T852] ext4 filesystem being mounted at /5/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   30.099282][   T60] kernel write not supported for file [eventfd] (pid: 60 comm: kworker/1:2)
[   30.118532][  T768] EXT4-fs (loop5): unmounting filesystem.
[   30.142676][  T334] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   30.166591][  T334] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   30.176610][  T334] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   30.190408][  T334] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   30.199494][  T334] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   30.210458][  T334] usb 2-1: config 0 descriptor??
[   30.217516][  T867] kvm [866]: vcpu2, guest rIP: 0x9131 Unhandled WRMSR(0x11e) = 0x5
[   30.228108][  T867] kvm [866]: vcpu2, guest rIP: 0x9131 Unhandled WRMSR(0x186) = 0x5
[   30.236648][  T867] kvm [866]: vcpu2, guest rIP: 0x9131 Unhandled WRMSR(0x187) = 0x5
[   30.247275][  T867] kvm [866]: vcpu2, guest rIP: 0x9131 Unhandled WRMSR(0x1d9) = 0x5
[   30.366836][   T28] kauditd_printk_skb: 143 callbacks suppressed
[   30.366850][   T28] audit: type=1400 audit(1764165366.124:310): avc:  denied  { read write } for  pid=888 comm="syz.0.224" name="ppp" dev="devtmpfs" ino=158 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[   30.400857][   T28] audit: type=1400 audit(1764165366.154:311): avc:  denied  { open } for  pid=888 comm="syz.0.224" path="/dev/ppp" dev="devtmpfs" ino=158 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[   30.429079][   T28] audit: type=1400 audit(1764165366.154:312): avc:  denied  { ioctl } for  pid=888 comm="syz.0.224" path="/dev/ppp" dev="devtmpfs" ino=158 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[   30.529944][   T28] audit: type=1400 audit(1764165366.284:313): avc:  denied  { create } for  pid=902 comm="syz.0.231" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   30.552010][  T904] loop3: detected capacity change from 0 to 512
[   30.585480][   T28] audit: type=1400 audit(1764165366.334:314): avc:  denied  { ioctl } for  pid=902 comm="syz.0.231" path="socket:[19469]" dev="sockfs" ino=19469 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   30.611824][   T28] audit: type=1400 audit(1764165366.334:315): avc:  denied  { connect } for  pid=902 comm="syz.0.231" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   30.640225][   T28] audit: type=1400 audit(1764165366.334:316): avc:  denied  { write } for  pid=902 comm="syz.0.231" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   30.642221][  T334] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving
[   30.672816][  T334] plantronics 0003:047F:FFFF.0002: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[   30.688639][  T904] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[   30.705730][  T904] ext4 filesystem being mounted at /35/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[   30.723404][   T28] audit: type=1400 audit(1764165366.484:317): avc:  denied  { read } for  pid=912 comm="syz.5.235" name="loop-control" dev="devtmpfs" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[   30.767411][  T904] EXT4-fs error (device loop3): ext4_empty_dir:3136: inode #12: comm syz.3.230: invalid size
[   30.780290][   T28] audit: type=1400 audit(1764165366.484:318): avc:  denied  { open } for  pid=912 comm="syz.5.235" path="/dev/loop-control" dev="devtmpfs" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[   30.816978][  T284] EXT4-fs (loop3): unmounting filesystem.
[   30.824677][   T28] audit: type=1400 audit(1764165366.514:319): avc:  denied  { ioctl } for  pid=912 comm="syz.5.235" path="/dev/loop-control" dev="devtmpfs" ino=117 ioctlcmd=0x4c82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[   30.882913][  T933] input: syz0 as /devices/virtual/input/input6
[   30.939898][  T938] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[   31.023416][  T960] netlink: 128 bytes leftover after parsing attributes in process `syz.2.255'.
[   31.032659][  T960] netlink: 128 bytes leftover after parsing attributes in process `syz.2.255'.
[   31.188128][  T982] futex_wake_op: syz.0.265 tries to shift op by 144; fix this program
[   31.341041][  T335] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[   31.505939][  T961] usb 2-1: USB disconnect, device number 2
[   31.520971][  T335] usb 4-1: Using ep0 maxpacket: 16
[   31.527264][  T335] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   31.538326][  T335] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   31.548231][  T335] usb 4-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[   31.557315][  T335] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   31.566253][  T335] usb 4-1: config 0 descriptor??
[   31.974520][  T335] hid-multitouch 0003:1FD2:6007.0003: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.3-1/input0
[   32.014627][ T1004] loop1: detected capacity change from 0 to 1024
[   32.025137][ T1004] EXT4-fs: Ignoring removed orlov option
[   32.043905][ T1004] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   32.063939][ T1004] incfs: ino conflict with backing FS 2
[   32.113797][  T422] EXT4-fs (loop1): unmounting filesystem.
[   32.183874][  T335] usb 4-1: USB disconnect, device number 3
[   32.200557][ T1012] loop2: detected capacity change from 0 to 32768
[   32.274690][ T1012]  loop2: p1 p3 < >
[   32.348811][ T1026] netlink: 4 bytes leftover after parsing attributes in process `syz.0.286'.
[   32.425754][  T341] udevd[341]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory
[   32.437765][  T337] udevd[337]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[   32.471264][ T1033] bridge0: port 1(bridge_slave_0) entered blocking state
[   32.478311][ T1033] bridge0: port 1(bridge_slave_0) entered disabled state
[   32.491735][ T1033] device bridge_slave_0 entered promiscuous mode
[   32.504504][ T1033] bridge0: port 2(bridge_slave_1) entered blocking state
[   32.511795][ T1033] bridge0: port 2(bridge_slave_1) entered disabled state
[   32.521554][ T1033] device bridge_slave_1 entered promiscuous mode
[   32.551665][ T1051] netlink: 'syz.2.296': attribute type 2 has an invalid length.
[   32.600184][ T1033] bridge0: port 2(bridge_slave_1) entered blocking state
[   32.607386][ T1033] bridge0: port 2(bridge_slave_1) entered forwarding state
[   32.614703][ T1033] bridge0: port 1(bridge_slave_0) entered blocking state
[   32.621739][ T1033] bridge0: port 1(bridge_slave_0) entered forwarding state
[   32.656345][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   32.667102][   T10] bridge0: port 1(bridge_slave_0) entered disabled state
[   32.676102][   T10] bridge0: port 2(bridge_slave_1) entered disabled state
[   32.704713][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   32.713629][   T10] bridge0: port 1(bridge_slave_0) entered blocking state
[   32.720690][   T10] bridge0: port 1(bridge_slave_0) entered forwarding state
[   32.728337][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   32.739177][   T10] bridge0: port 2(bridge_slave_1) entered blocking state
[   32.746268][   T10] bridge0: port 2(bridge_slave_1) entered forwarding state
[   32.758062][ T1075] loop3: detected capacity change from 0 to 1024
[   32.766060][ T1075] EXT4-fs: Ignoring removed orlov option
[   32.780677][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   32.789762][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   32.802270][ T1075] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[   32.808395][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   32.830857][    T8] device bridge_slave_1 left promiscuous mode
[   32.837416][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   32.845476][    T8] device bridge_slave_0 left promiscuous mode
[   32.852458][  T284] EXT4-fs (loop3): unmounting filesystem.
[   32.858321][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   32.882068][    T8] device veth1_macvtap left promiscuous mode
[   32.888117][    T8] device veth0_vlan left promiscuous mode
[   32.957526][ T1086] input: syz0 as /devices/virtual/input/input7
[   32.969492][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   32.986898][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   33.011465][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   33.019945][ T1033] device veth0_vlan entered promiscuous mode
[   33.034412][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   33.046235][ T1033] device veth1_macvtap entered promiscuous mode
[   33.057925][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   33.061027][  T966] Bluetooth: hci0: command 0x1003 tx timeout
[   33.066795][  T944] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   33.099008][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   33.363437][ T1137] netlink: 36 bytes leftover after parsing attributes in process `syz.0.330'.
[   33.998203][ T1190] loop2: detected capacity change from 0 to 128
[   34.010945][  T961] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   34.082867][ T1198] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=1198 comm=syz.2.357
[   34.222014][  T961] usb 1-1: config 0 has an invalid interface number: 22 but max is 0
[   34.235184][  T961] usb 1-1: config 0 has no interface number 0
[   34.251037][  T961] usb 1-1: config 0 interface 22 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   34.272307][  T961] usb 1-1: config 0 interface 22 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   34.283590][  T961] usb 1-1: New USB device found, idVendor=04e7, idProduct=0030, bcdDevice= 0.00
[   34.292790][  T961] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   34.301924][  T961] usb 1-1: config 0 descriptor??
[   34.312758][ T1208] syz.2.363 (1208) used greatest stack depth: 21248 bytes left
[   34.321050][  T334] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[   34.328355][ T1210] input: syz1 as /devices/virtual/input/input8
[   34.512037][  T334] usb 7-1: config 0 descriptor has 1 excess byte, ignoring
[   34.519378][  T334] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[   34.529089][  T334] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0xA has an invalid bInterval 0, changing to 7
[   34.541686][  T334] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[   34.551226][  T334] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   34.570701][  T334] usb 7-1: Product: syz
[   34.575757][  T334] usb 7-1: Manufacturer: syz
[   34.583196][  T334] usb 7-1: SerialNumber: syz
[   34.592907][  T334] usb 7-1: config 0 descriptor??
[   34.609290][  T334] usb 7-1: 0:0 : invalid sync pipe. is_playback 1, ep 0a, bSynchAddress f8
[   34.627181][ T1240] netlink: 24 bytes leftover after parsing attributes in process `syz.5.377'.
[   34.709702][  T961] elo 0003:04E7:0030.0004: item fetching failed at offset 6/7
[   34.717804][  T961] elo 0003:04E7:0030.0004: parse failed
[   34.724538][  T961] elo: probe of 0003:04E7:0030.0004 failed with error -22
[   34.816312][  T334] usb 7-1: USB disconnect, device number 2
[   34.841005][  T335] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   34.912670][  T833] usb 1-1: USB disconnect, device number 3
[   35.022192][  T335] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   35.033265][  T335] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   35.043841][  T335] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[   35.058501][  T335] usb 3-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[   35.067218][  T335] usb 3-1: Manufacturer: syz
[   35.075077][  T335] usb 3-1: config 0 descriptor??
[   35.110959][    T6] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[   35.292075][    T6] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   35.302599][    T6] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[   35.320086][    T6] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[   35.331727][    T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[   35.340056][    T6] usb 4-1: SerialNumber: syz
[   35.345205][ T1258] netlink: 'syz.6.385': attribute type 4 has an invalid length.
[   35.357355][ T1258] netlink: 'syz.6.385': attribute type 4 has an invalid length.
[   35.477128][   T28] kauditd_printk_skb: 80 callbacks suppressed
[   35.477143][   T28] audit: type=1400 audit(1764165371.234:400): avc:  denied  { read } for  pid=1267 comm="syz.0.390" name="rtc0" dev="devtmpfs" ino=263 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[   35.552060][   T28] audit: type=1400 audit(1764165371.274:401): avc:  denied  { open } for  pid=1267 comm="syz.0.390" path="/dev/rtc0" dev="devtmpfs" ino=263 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[   35.557850][    T6] usb 4-1: 0:2 : does not exist
[   35.582341][   T28] audit: type=1400 audit(1764165371.274:402): avc:  denied  { ioctl } for  pid=1267 comm="syz.0.390" path="/dev/rtc0" dev="devtmpfs" ino=263 ioctlcmd=0x7003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[   35.614947][   T28] audit: type=1400 audit(1764165371.284:403): avc:  denied  { validate_trans } for  pid=1269 comm="syz.0.391" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[   35.636273][ T1275] netlink: 32 bytes leftover after parsing attributes in process `syz.0.393'.
[   35.642163][   T28] audit: type=1400 audit(1764165371.374:404): avc:  denied  { shutdown } for  pid=1276 comm="syz.6.394" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   35.652478][    T6] usb 4-1: USB disconnect, device number 4
[   35.699848][   T28] audit: type=1400 audit(1764165371.374:405): avc:  denied  { read } for  pid=1276 comm="syz.6.394" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   35.700973][ T1275] netem: unknown loss type 13
[   35.737659][ T1275] netem: change failed
[   35.808918][   T28] audit: type=1400 audit(1764165371.564:406): avc:  denied  { execute } for  pid=1295 comm="syz.0.403" path="/84/blkio.bfq.group_wait_time" dev="tmpfs" ino=458 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[   35.859063][ T1301] input: syz1 as /devices/virtual/input/input9
[   35.900771][ T1308] netlink: 8 bytes leftover after parsing attributes in process `syz.6.408'.
[   35.909960][ T1308] netlink: 8 bytes leftover after parsing attributes in process `syz.6.408'.
[   35.919062][ T1308] netlink: 8 bytes leftover after parsing attributes in process `syz.6.408'.
[   35.921796][  T335] uclogic 0003:256C:006D.0005: failed retrieving string descriptor #200: -71
[   35.937767][  T335] uclogic 0003:256C:006D.0005: failed retrieving pen parameters: -71
[   35.950719][  T335] uclogic 0003:256C:006D.0005: failed probing pen v2 parameters: -71
[   35.958981][  T335] uclogic 0003:256C:006D.0005: failed probing parameters: -71
[   35.966707][  T335] uclogic: probe of 0003:256C:006D.0005 failed with error -71
[   35.976551][  T335] usb 3-1: USB disconnect, device number 3
[   36.068163][   T28] audit: type=1400 audit(1764165371.824:407): avc:  denied  { module_load } for  pid=1317 comm="syz.5.412" path=2F6D656D66643A20C736BE918D183229219A25A2D238D606070EFCFE128F2613AE254054A3B03E5CECA9F951403641108C6E7C202864656C6574656429 dev="tmpfs" ino=30 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=system permissive=1
[   36.074831][ T1318] Invalid ELF header magic: != ELF
[   36.106465][  T833] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   36.140493][   T28] audit: type=1326 audit(1764165371.894:408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1322 comm="syz.3.414" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f375378f749 code=0x0
[   36.171163][   T28] audit: type=1400 audit(1764165371.924:409): avc:  denied  { setcurrent } for  pid=1325 comm="syz.5.415" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   36.303641][  T833] usb 1-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00
[   36.312808][  T833] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   36.321102][  T833] usb 1-1: Product: syz
[   36.325886][  T833] usb 1-1: Manufacturer: syz
[   36.330524][  T833] usb 1-1: SerialNumber: syz
[   36.447561][ T1335] syz.2.419[1335] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   36.447662][ T1335] syz.2.419[1335] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   36.484633][ T1337] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[   36.521060][    T6] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[   36.529661][ T1339] SELinux: security_context_str_to_sid (s) failed with errno=-22
[   36.565417][  T833] rtl8150 1-1:1.0: couldn't reset the device
[   36.574707][  T833] rtl8150: probe of 1-1:1.0 failed with error -5
[   36.587864][  T833] usb 1-1: USB disconnect, device number 4
[   36.613349][ T1345] serio: Serial port ptm0
[   36.691403][ T1348] mmap: syz.2.425 (1348) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   36.710935][    T6] usb 6-1: Using ep0 maxpacket: 32
[   36.717656][    T6] usb 6-1: unable to get BOS descriptor or descriptor too short
[   36.738994][    T6] usb 6-1: config 0 has an invalid interface number: 36 but max is 0
[   36.755329][    T6] usb 6-1: config 0 has an invalid interface number: 5 but max is 0
[   36.763664][    T6] usb 6-1: config 0 has 2 interfaces, different from the descriptor's value: 1
[   36.772889][    T6] usb 6-1: config 0 has no interface number 0
[   36.779035][    T6] usb 6-1: config 0 has no interface number 1
[   36.785301][    T6] usb 6-1: config 0 interface 36 altsetting 4 has an invalid endpoint with address 0x0, skipping
[   36.796206][    T6] usb 6-1: too many endpoints for config 0 interface 5 altsetting 156: 226, using maximum allowed: 30
[   36.807278][    T6] usb 6-1: config 0 interface 5 altsetting 156 has 0 endpoint descriptors, different from the interface descriptor's value: 226
[   36.833599][    T6] usb 6-1: config 0 interface 36 has no altsetting 0
[   36.840472][    T6] usb 6-1: config 0 interface 5 has no altsetting 0
[   36.851365][    T6] usb 6-1: string descriptor 0 read error: -22
[   36.857655][    T6] usb 6-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=64.67
[   36.867159][    T6] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   36.878374][    T6] usb 6-1: config 0 descriptor??
[   37.031903][   T10] Bluetooth: hci0: Frame reassembly failed (-84)
[   37.094341][  T335] usb 6-1: USB disconnect, device number 2
[   37.301048][   T24] usb 7-1: new full-speed USB device number 3 using dummy_hcd
[   37.492018][   T24] usb 7-1: config index 0 descriptor too short (expected 3133, got 61)
[   37.500341][   T24] usb 7-1: config 0 has an invalid interface number: 156 but max is 1
[   37.508767][   T24] usb 7-1: config 0 has an invalid descriptor of length 118, skipping remainder of the config
[   37.519255][   T24] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2
[   37.528692][   T24] usb 7-1: config 0 has no interface number 0
[   37.535011][   T24] usb 7-1: config 0 interface 156 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[   37.545061][   T24] usb 7-1: config 0 interface 156 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[   37.558056][   T24] usb 7-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9
[   37.569858][   T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   37.579217][   T24] usb 7-1: config 0 descriptor??
[   37.585598][   T24] usb 7-1: MIDIStreaming interface descriptor not found
[   37.787749][    T6] usb 7-1: USB disconnect, device number 3
[   38.166042][ T1409] loop5: detected capacity change from 0 to 512
[   38.183967][ T1409] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   38.204144][ T1409] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[   38.213523][ T1409] ext4 filesystem being mounted at /49/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   38.233650][ T1409] EXT4-fs (loop5): shut down requested (2)
[   38.252295][  T768] EXT4-fs (loop5): unmounting filesystem.
[   38.290031][ T1414] loop5: detected capacity change from 0 to 4096
[   38.328653][ T1414] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[   38.371346][  T768] EXT4-fs (loop5): unmounting filesystem.
[   38.422943][ T1428] netlink: 'syz.5.459': attribute type 27 has an invalid length.
[   38.509207][ T1428] bridge0: port 2(bridge_slave_1) entered disabled state
[   38.516493][ T1428] bridge0: port 1(bridge_slave_0) entered disabled state
[   38.661782][ T1429] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   38.705770][ T1429] bridge0: port 1(bridge_slave_0) entered blocking state
[   38.712878][ T1429] bridge0: port 1(bridge_slave_0) entered forwarding state
[   38.743826][ T1429] bridge0: port 2(bridge_slave_1) entered blocking state
[   38.750922][ T1429] bridge0: port 2(bridge_slave_1) entered forwarding state
[   38.765769][ T1429] device veth0_vlan left promiscuous mode
[   38.772071][ T1429] device veth0_vlan entered promiscuous mode
[   38.779828][ T1429] device veth1_macvtap left promiscuous mode
[   38.788122][ T1429] device veth1_macvtap entered promiscuous mode
[   38.801129][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   38.810654][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   38.830255][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   38.838883][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   38.847886][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   38.856966][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   38.865635][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   38.873982][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   38.882274][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   38.890609][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   38.898724][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   38.907092][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[   38.915255][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   38.923470][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[   38.932047][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   38.940139][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   38.948220][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   38.956467][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   38.964552][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   38.981280][ T1429] syz.5.459 (1429) used greatest stack depth: 20096 bytes left
[   38.996245][ T1457] netem: change failed
[   39.020872][ T1459] netlink: 'syz.5.468': attribute type 12 has an invalid length.
[   39.035410][ T1459] netlink: 'syz.5.468': attribute type 29 has an invalid length.
[   39.048051][ T1459] netlink: 148 bytes leftover after parsing attributes in process `syz.5.468'.
[   39.057350][ T1459] netlink: 'syz.5.468': attribute type 2 has an invalid length.
[   39.067639][  T944] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   39.070987][  T966] Bluetooth: hci0: command 0x1003 tx timeout
[   39.078202][ T1459] netlink: 'syz.5.468': attribute type 3 has an invalid length.
[   39.082052][ T1367] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[   39.091304][ T1459] netlink: 15 bytes leftover after parsing attributes in process `syz.5.468'.
[   39.160717][ T1476] device ipip0 entered promiscuous mode
[   39.178938][ T1478] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[   39.190476][ T1478] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[   39.549176][ T1493] loop6: detected capacity change from 0 to 40427
[   39.564657][ T1493] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12
[   39.579356][ T1493] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[   39.588839][ T1493] F2FS-fs (loop6): invalid crc_offset: 33558524
[   39.598226][ T1493] F2FS-fs (loop6): Found nat_bits in checkpoint
[   39.647335][ T1493] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[   39.647935][ T1504] loop3: detected capacity change from 0 to 16
[   39.660818][ T1493] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[   39.678469][ T1504] erofs: (device loop3): mounted with root inode @ nid 36.
[   39.703392][   T47] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[9000]
[   39.714528][ T1504] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[9000]
[   39.726370][ T1504] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[9000]
[   39.737805][ T1504] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[9000]
[   39.749311][ T1504] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[9000]
[   39.792176][ T1509] loop5: detected capacity change from 0 to 512
[   39.850621][ T1509] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[   39.871032][ T1509] ext4 filesystem being mounted at /62/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   39.900760][ T1518] xt_hashlimit: size too large, truncated to 1048576
[   39.991457][  T768] EXT4-fs (loop5): unmounting filesystem.
[   40.020549][ T1526] loop5: detected capacity change from 0 to 512
[   40.035487][ T1526] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   40.049820][ T1526] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[   40.078485][ T1526] EXT4-fs error (device loop5): ext4_orphan_get:1400: inode #15: comm syz.5.493: inode has both inline data and extents flags
[   40.104873][ T1526] EXT4-fs error (device loop5): ext4_orphan_get:1405: comm syz.5.493: couldn't read orphan inode 15 (err -117)
[   40.129976][ T1526] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[   40.159452][ T1532] 9p: Unknown uid 00000000004294967295
[   40.201989][  T768] EXT4-fs (loop5): unmounting filesystem.
[   40.306928][ T1540] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=1540 comm=syz.6.501
[   40.360405][ T1538] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.369771][ T1538] bridge0: port 1(bridge_slave_0) entered disabled state
[   40.382483][ T1538] device bridge_slave_0 entered promiscuous mode
[   40.388406][   T24] hid-generic 0000:0004:0000.0006: unknown main item tag 0x0
[   40.397517][   T24] hid-generic 0000:0004:0000.0006: unknown main item tag 0x0
[   40.405394][   T24] hid-generic 0000:0004:0000.0006: unknown main item tag 0x0
[   40.413064][ T1538] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.413851][   T24] hid-generic 0000:0004:0000.0006: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[   40.431088][ T1538] bridge0: port 2(bridge_slave_1) entered disabled state
[   40.439336][ T1538] device bridge_slave_1 entered promiscuous mode
[   40.465866][ T1556] fido_id[1556]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[   40.487897][ T1559] loop6: detected capacity change from 0 to 512
[   40.524461][ T1559] EXT4-fs error (device loop6): ext4_orphan_get:1400: inode #15: comm syz.6.507: inode has both inline data and extents flags
[   40.538699][ T1559] EXT4-fs error (device loop6): ext4_orphan_get:1405: comm syz.6.507: couldn't read orphan inode 15 (err -117)
[   40.551889][ T1559] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[   40.561971][ T1561] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8192 sclass=netlink_route_socket pid=1561 comm=syz.5.508
[   40.574673][ T1561] netlink: 8 bytes leftover after parsing attributes in process `syz.5.508'.
[   40.584298][ T1561] device erspan0 entered promiscuous mode
[   40.607444][   T28] kauditd_printk_skb: 74 callbacks suppressed
[   40.607462][   T28] audit: type=1400 audit(1764165376.364:484): avc:  denied  { create } for  pid=1538 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   40.617088][ T1538] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.643101][ T1538] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.650476][ T1538] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.657562][ T1538] bridge0: port 1(bridge_slave_0) entered forwarding state
[   40.657600][   T28] audit: type=1400 audit(1764165376.364:485): avc:  denied  { write } for  pid=1538 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   40.687128][   T28] audit: type=1400 audit(1764165376.364:486): avc:  denied  { read } for  pid=1538 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   40.709995][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   40.725397][ T1033] EXT4-fs (loop6): unmounting filesystem.
[   40.734917][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   40.752615][   T28] audit: type=1400 audit(1764165376.504:487): avc:  denied  { read write } for  pid=1571 comm="syz.3.509" name="vhost-vsock" dev="devtmpfs" ino=268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[   40.776736][   T10] bridge0: port 2(bridge_slave_1) entered disabled state
[   40.786810][   T28] audit: type=1400 audit(1764165376.504:488): avc:  denied  { open } for  pid=1571 comm="syz.3.509" path="/dev/vhost-vsock" dev="devtmpfs" ino=268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[   40.811567][   T28] audit: type=1400 audit(1764165376.504:489): avc:  denied  { ioctl } for  pid=1571 comm="syz.3.509" path="/dev/vhost-vsock" dev="devtmpfs" ino=268 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[   40.843467][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   40.853972][   T10] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.861040][   T10] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.895351][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   40.904095][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   40.917272][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   40.926088][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   40.942578][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   40.951423][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   40.964311][ T1538] device veth0_vlan entered promiscuous mode
[   40.971610][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   40.985531][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   40.995904][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   41.014210][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   41.028651][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   41.039552][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   41.049680][ T1591] netlink: 48 bytes leftover after parsing attributes in process `syz.3.517'.
[   41.067024][ T1595] netlink: 48 bytes leftover after parsing attributes in process `syz.3.517'.
[   41.077462][ T1538] device veth1_macvtap entered promiscuous mode
[   41.084715][ T1597] loop6: detected capacity change from 0 to 256
[   41.091378][   T43] device bridge_slave_1 left promiscuous mode
[   41.097923][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[   41.108359][   T43] device bridge_slave_0 left promiscuous mode
[   41.115567][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[   41.117260][ T1597] exFAT-fs (loop6): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[   41.135517][   T43] device veth1_macvtap left promiscuous mode
[   41.141735][   T28] audit: type=1400 audit(1764165376.894:490): avc:  denied  { mount } for  pid=1596 comm="syz.6.519" name="/" dev="loop6" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[   41.141890][   T43] device veth0_vlan left promiscuous mode
[   41.186665][   T28] audit: type=1400 audit(1764165376.944:491): avc:  denied  { write } for  pid=1596 comm="syz.6.519" name="/" dev="loop6" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   41.208903][   T28] audit: type=1400 audit(1764165376.944:492): avc:  denied  { add_name } for  pid=1596 comm="syz.6.519" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   41.229797][   T28] audit: type=1400 audit(1764165376.944:493): avc:  denied  { associate } for  pid=1596 comm="syz.6.519" name="file1" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[   41.230172][ T1597] syz.6.519: attempt to access beyond end of device
[   41.230172][ T1597] loop6: rw=524288, sector=440, nr_sectors = 256 limit=256
[   41.265503][ T1597] syz.6.519: attempt to access beyond end of device
[   41.265503][ T1597] loop6: rw=524288, sector=696, nr_sectors = 256 limit=256
[   41.319264][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   41.327090][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   41.336329][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   41.350157][ T1604] netlink: 'syz.6.521': attribute type 1 has an invalid length.
[   41.365434][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   41.378670][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   41.444441][ T1617] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=1617 comm=syz.5.525
[   41.475798][ T1623] netlink: 'syz.7.529': attribute type 4 has an invalid length.
[   41.479758][ T1621] incfs: Options parsing error. -22
[   41.490061][ T1621] incfs: mount failed -22
[   41.496551][ T1623] netlink: 'syz.7.529': attribute type 4 has an invalid length.
[   41.555149][ T1629] loop5: detected capacity change from 0 to 512
[   41.582089][ T1629] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[   41.591315][ T1629] ext4 filesystem being mounted at /72/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[   41.610828][ T1629] EXT4-fs error (device loop5): ext4_empty_dir:3136: inode #12: comm syz.5.532: invalid size
[   41.630441][  T768] EXT4-fs (loop5): unmounting filesystem.
[   41.730953][    T6] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[   41.873541][ T1439] kernel write not supported for file [eventfd] (pid: 1439 comm: kworker/0:6)
[   41.899297][ T1644] loop5: detected capacity change from 0 to 256
[   41.920925][    T6] usb 7-1: Using ep0 maxpacket: 32
[   41.927250][    T6] usb 7-1: config 0 has an invalid interface number: 184 but max is 0
[   41.937525][    T6] usb 7-1: config 0 has no interface number 0
[   41.948724][    T6] usb 7-1: config 0 interface 184 has no altsetting 0
[   41.950641][ T1644] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x9059ffb0, utbl_chksum : 0xe619d30d)
[   41.971402][    T6] usb 7-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[   41.982676][    T6] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   42.002844][ T1648] loop3: detected capacity change from 0 to 128
[   42.035016][    T6] usb 7-1: Product: syz
[   42.039236][    T6] usb 7-1: Manufacturer: syz
[   42.055790][ T1650] netlink: 4 bytes leftover after parsing attributes in process `syz.2.541'.
[   42.060261][    T6] usb 7-1: SerialNumber: syz
[   42.085489][    T6] usb 7-1: config 0 descriptor??
[   42.095349][    T6] smsc75xx v1.0.0
[   42.178798][   T43] Bluetooth: hci0: Frame reassembly failed (-84)
[   42.402243][ T1676] netlink: 'syz.7.552': attribute type 27 has an invalid length.
[   42.427583][ T1676] bridge0: port 2(bridge_slave_1) entered disabled state
[   42.434827][ T1676] bridge0: port 1(bridge_slave_0) entered disabled state
[   42.479323][ T1681] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   42.495062][ T1681] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.502190][ T1681] bridge0: port 1(bridge_slave_0) entered forwarding state
[   42.533390][ T1681] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.540486][ T1681] bridge0: port 2(bridge_slave_1) entered forwarding state
[   42.595673][ T1681] device veth0_vlan left promiscuous mode
[   42.611067][ T1681] device veth0_vlan entered promiscuous mode
[   42.619483][ T1681] device veth1_macvtap left promiscuous mode
[   42.626554][ T1681] device veth1_macvtap entered promiscuous mode
[   42.641677][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   42.660719][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   42.676548][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   42.695154][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   42.712609][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   42.729879][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   42.747311][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   42.764396][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   42.781547][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   42.800062][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   42.817233][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   42.835660][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[   42.844054][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   42.852613][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[   42.860806][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   42.869822][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   42.878193][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   42.886723][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   42.895088][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   42.997380][ T1693] input: syz1 as /devices/virtual/input/input10
[   43.115031][    T6] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): EEPROM read operation timeout
[   43.311576][    T6] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[   43.330999][    T6] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[   43.358473][    T6] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[   43.379333][    T6] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[   43.400089][    T6] smsc75xx: probe of 7-1:0.184 failed with error -71
[   43.420993][    T6] usb 7-1: USB disconnect, device number 4
[   43.846856][ T1720] input: syz1 as /devices/virtual/input/input11
[   43.862600][ T1723] netlink: 'syz.6.567': attribute type 27 has an invalid length.
[   43.898676][ T1723] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.905867][ T1723] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.985612][ T1729] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[   44.062229][ T1729] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   44.069857][ T1730] loop5: detected capacity change from 0 to 32768
[   44.088499][ T1729] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.095598][ T1729] bridge0: port 1(bridge_slave_0) entered forwarding state
[   44.104480][ T1729] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.111733][ T1729] bridge0: port 2(bridge_slave_1) entered forwarding state
[   44.120176][ T1730]  loop5: p1 p2 p3 < p5 p6 >
[   44.126120][ T1730] loop5: p2 size 16775168 extends beyond EOD, truncated
[   44.139517][ T1729] device veth0_vlan left promiscuous mode
[   44.139860][ T1730] loop5: p5 start 4294970168 is beyond EOD, 
[   44.146301][ T1729] device veth0_vlan entered promiscuous mode
[   44.149787][ T1730] truncated
[   44.154505][ T1729] device veth1_macvtap left promiscuous mode
[   44.168705][ T1729] device veth1_macvtap entered promiscuous mode
[   44.181189][ T1469] Bluetooth: hci0: command 0x1003 tx timeout
[   44.187232][  T944] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   44.209600][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   44.241421][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   44.249166][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   44.258255][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   44.266812][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   44.275963][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   44.284636][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   44.292945][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   44.301310][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   44.309880][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   44.323350][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   44.331854][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[   44.340147][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   44.354471][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[   44.369261][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   44.387199][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   44.403937][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   44.421100][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   44.438020][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   44.630933][  T833] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[   44.852331][  T833] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   44.867322][  T833] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   44.899796][  T833] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   44.945549][ T1753] loop6: detected capacity change from 0 to 1024
[   44.960387][  T833] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   44.975008][ T1753] EXT4-fs: Ignoring removed orlov option
[   45.000028][  T833] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   45.003992][ T1753] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[   45.021380][  T833] usb 4-1: config 0 descriptor??
[   45.082567][ T1033] EXT4-fs (loop6): unmounting filesystem.
[   45.177305][ T1763] input: syz1 as /devices/virtual/input/input12
[   45.188997][ T1761] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[   45.411058][  T335] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[   45.428949][ T1787] netlink: 128 bytes leftover after parsing attributes in process `syz.5.595'.
[   45.439757][  T833] plantronics 0003:047F:FFFF.0007: No inputs registered, leaving
[   45.447891][ T1787] netlink: 128 bytes leftover after parsing attributes in process `syz.5.595'.
[   45.458508][ T1787] netlink: 128 bytes leftover after parsing attributes in process `syz.5.595'.
[   45.468600][  T833] plantronics 0003:047F:FFFF.0007: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[   45.602111][  T335] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   45.613197][  T335] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   45.623069][  T335] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   45.636316][  T335] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   45.645483][  T335] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   45.654712][  T335] usb 7-1: config 0 descriptor??
[   46.065369][  T335] plantronics 0003:047F:FFFF.0008: unknown main item tag 0xd
[   46.072930][  T335] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0
[   46.080335][  T335] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0
[   46.087800][  T335] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0
[   46.095218][  T335] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0
[   46.102698][  T335] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0
[   46.110291][  T335] plantronics 0003:047F:FFFF.0008: No inputs registered, leaving
[   46.118787][  T335] plantronics 0003:047F:FFFF.0008: hiddev97,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[   46.273302][   T60] usb 7-1: USB disconnect, device number 5
[   46.283280][  T833] usb 4-1: USB disconnect, device number 5
[   46.800046][ T1796] netlink: 24 bytes leftover after parsing attributes in process `syz.7.606'.
[   46.813851][ T1800] netlink: 'syz.3.596': attribute type 27 has an invalid length.
[   46.971538][ T1804] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   47.003877][ T1804] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.010989][ T1804] bridge0: port 1(bridge_slave_0) entered forwarding state
[   47.028618][ T1804] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.035713][ T1804] bridge0: port 2(bridge_slave_1) entered forwarding state
[   47.070960][   T60] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[   47.086102][ T1804] device veth0_vlan left promiscuous mode
[   47.101623][ T1804] device veth0_vlan entered promiscuous mode
[   47.112593][ T1804] device veth1_macvtap left promiscuous mode
[   47.126176][ T1804] device veth1_macvtap entered promiscuous mode
[   47.141878][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   47.153939][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   47.171341][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   47.186544][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   47.204719][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   47.222021][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   47.238931][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   47.255873][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   47.274330][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   47.290951][   T60] usb 3-1: Using ep0 maxpacket: 32
[   47.291216][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   47.305232][   T60] usb 3-1: config 4 has an invalid interface number: 128 but max is 0
[   47.318593][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[   47.326536][   T60] usb 3-1: config 4 has no interface number 0
[   47.335496][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   47.342813][   T60] usb 3-1: config 4 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   47.352346][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[   47.360927][   T60] usb 3-1: config 4 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   47.373275][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   47.382380][   T60] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[   47.391233][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   47.400920][   T60] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   47.408137][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   47.418728][   T60] hub 3-1:4.128: USB hub found
[   47.427002][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   47.443844][  T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   47.477797][   T28] kauditd_printk_skb: 80 callbacks suppressed
[   47.477810][   T28] audit: type=1400 audit(1764165383.234:574): avc:  denied  { watch watch_reads } for  pid=1805 comm="syz.7.611" path="/17" dev="tmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   47.581846][   T28] audit: type=1400 audit(1764165383.344:575): avc:  denied  { read } for  pid=1811 comm="syz.7.602" name="binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[   47.619262][   T60] hub 3-1:4.128: 2 ports detected
[   47.624440][   T60] hub 3-1:4.128: Using single TT (err -22)
[   47.646817][   T28] audit: type=1400 audit(1764165383.344:576): avc:  denied  { open } for  pid=1811 comm="syz.7.602" path="/dev/binderfs/binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[   47.731036][   T28] audit: type=1400 audit(1764165383.344:577): avc:  denied  { ioctl } for  pid=1811 comm="syz.7.602" path="/dev/binderfs/binder0" dev="binder" ino=10 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[   47.789452][   T28] audit: type=1400 audit(1764165383.344:578): avc:  denied  { set_context_mgr } for  pid=1811 comm="syz.7.602" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[   47.815790][ T1817] user requested TSC rate below hardware speed
[   47.852461][ T1817] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (148514 ns). Using initial count to start timer.
[   47.861347][ T1813] loop3: detected capacity change from 0 to 32768
[   47.914976][   T60] hub 3-1:4.128: hub_hub_status failed (err = -71)
[   47.925317][   T60] hub 3-1:4.128: config failed, can't get hub status (err -71)
[   47.932981][ T1813]  loop3: p1 p2 p3 < p5 p6 >
[   47.938503][ T1813] loop3: p2 size 16775168 extends beyond EOD, truncated
[   47.948038][ T1813] loop3: p5 start 4294970168 is beyond EOD, truncated
[   47.975635][   T60] usb 3-1: USB disconnect, device number 4
[   48.002303][ T1822] netlink: 452 bytes leftover after parsing attributes in process `syz.3.605'.
[   48.050758][   T28] audit: type=1400 audit(1764165383.804:579): avc:  denied  { execute } for  pid=1824 comm="syz.6.609" name="file1" dev="tmpfs" ino=367 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[   48.052115][ T1815] loop7: detected capacity change from 0 to 40427
[   48.075796][   T28] audit: type=1400 audit(1764165383.804:580): avc:  denied  { execute_no_trans } for  pid=1824 comm="syz.6.609" path="/67/file1" dev="tmpfs" ino=367 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[   48.103087][ T1827] loop5: detected capacity change from 0 to 16
[   48.105034][ T1815] F2FS-fs (loop7): Invalid log_blocksize (268), supports only 12
[   48.118259][  T337] udevd[337]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory
[   48.128143][ T1827] erofs: (device loop5): mounted with root inode @ nid 36.
[   48.136382][ T1815] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[   48.151636][ T1273] udevd[1273]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory
[   48.167581][   T28] audit: type=1400 audit(1764165383.924:581): avc:  denied  { unlink } for  pid=1826 comm="syz.5.610" name="#d" dev="tmpfs" ino=540 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[   48.167951][  T341] udevd[341]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory
[   48.201764][  T386] udevd[386]: inotify_add_watch(7, /dev/loop3p6, 10) failed: No such file or directory
[   48.241313][   T28] audit: type=1400 audit(1764165383.954:582): avc:  denied  { write } for  pid=1826 comm="syz.5.610" name="file0" dev="overlay" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   48.251556][ T1815] F2FS-fs (loop7): Found nat_bits in checkpoint
[   48.266746][   T28] audit: type=1400 audit(1764165383.954:583): avc:  denied  { add_name } for  pid=1826 comm="syz.5.610" name="file1" dev="overlay" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   48.353282][ T1815] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0
[   48.360342][ T1815] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[   48.375247][ T1841] SELinux: failed to load policy
[   48.457157][ T1850] syz.5.628[1850] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   48.457256][ T1850] syz.5.628[1850] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   48.515761][ T1838] loop3: detected capacity change from 0 to 40427
[   48.558586][ T1838] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[   48.572933][ T1838] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[   48.590315][ T1838] F2FS-fs (loop3): invalid crc_offset: 33558524
[   48.619039][ T1838] F2FS-fs (loop3): Found nat_bits in checkpoint
[   48.689236][ T1838] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[   48.706721][ T1838] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   48.718079][ T1853] loop2: detected capacity change from 0 to 32768
[   48.761338][ T1853]  loop2: p1 p2 p3 < p5 p6 >
[   48.767258][ T1853] loop2: p2 size 16775168 extends beyond EOD, truncated
[   48.783541][ T1853] loop2: p5 start 4294970168 is beyond EOD, truncated
[   48.812851][ T1861] netlink: 16 bytes leftover after parsing attributes in process `syz.7.630'.
[   48.851594][ T1273] I/O error, dev loop2, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   48.884162][ T1831] udevd[1831]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory
[   48.884339][  T337] udevd[337]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory
[   48.894879][ T1832] udevd[1832]: inotify_add_watch(7, /dev/loop2p6, 10) failed: No such file or directory
[   48.914973][ T1273] udevd[1273]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[   49.044994][ T1874] loop7: detected capacity change from 0 to 16
[   49.078892][ T1874] erofs: (device loop7): mounted with root inode @ nid 36.
[   49.273314][ T1888] loop7: detected capacity change from 0 to 128
[   49.450143][ T1885] loop2: detected capacity change from 0 to 40427
[   49.463343][ T1885] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[   49.471971][ T1885] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[   49.490930][ T1885] F2FS-fs (loop2): invalid crc_offset: 33558524
[   49.518029][ T1885] F2FS-fs (loop2): Found nat_bits in checkpoint
[   49.583424][ T1896] loop6: detected capacity change from 0 to 32768
[   49.596278][ T1885] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[   49.604908][ T1885] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   49.628610][ T1896]  loop6: p1 p2 p3 < p5 p6 >
[   49.648233][ T1905] syz.7.639[1905] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   49.648303][ T1905] syz.7.639[1905] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   49.665649][ T1896] loop6: p2 size 16775168 extends beyond EOD, truncated
[   49.720640][ T1896] loop6: p5 start 4294970168 is beyond EOD, truncated
[   49.755253][ T1911] netlink: 'syz.7.650': attribute type 1 has an invalid length.
[   49.845086][ T1916] netlink: 'syz.7.644': attribute type 27 has an invalid length.
[   49.896257][  T337] udevd[337]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[   49.907173][ T1831] udevd[1831]: inotify_add_watch(7, /dev/loop6p3, 10) failed: No such file or directory
[   49.944108][ T1916] bridge0: port 2(bridge_slave_1) entered disabled state
[   49.951314][ T1916] bridge0: port 1(bridge_slave_0) entered disabled state
[   50.012958][ T1920] loop2: detected capacity change from 0 to 16
[   50.025178][ T1920] erofs: (device loop2): mounted with root inode @ nid 36.
[   50.064501][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   50.096037][ T1928] loop3: detected capacity change from 0 to 512
[   50.117386][ T1918] bridge0: port 1(bridge_slave_0) entered blocking state
[   50.124507][ T1918] bridge0: port 1(bridge_slave_0) entered forwarding state
[   50.132555][ T1928] EXT4-fs (loop3): external journal device major/minor numbers have changed
[   50.161806][ T1928] EXT4-fs (loop3): external journal has bad superblock
[   50.195270][ T1918] bridge0: port 2(bridge_slave_1) entered blocking state
[   50.202369][ T1918] bridge0: port 2(bridge_slave_1) entered forwarding state
[   50.260647][ T1918] device veth0_vlan left promiscuous mode
[   50.285417][ T1918] device veth0_vlan entered promiscuous mode
[   50.303365][ T1918] device veth1_macvtap left promiscuous mode
[   50.318257][ T1918] device veth1_macvtap entered promiscuous mode
[   50.326126][ T1925] loop6: detected capacity change from 0 to 40427
[   50.333305][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   50.341521][ T1925] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12
[   50.352131][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   50.368494][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   50.376794][ T1925] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[   50.395175][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   50.413014][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   50.421900][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   50.430204][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   50.439044][ T1925] F2FS-fs (loop6): Found nat_bits in checkpoint
[   50.453402][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   50.470615][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   50.488082][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   50.500432][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   50.508919][ T1925] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[   50.516089][ T1925] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[   50.524116][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   50.538024][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   50.556304][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   50.573044][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   50.582222][ T1925] syz.6.656: attempt to access beyond end of device
[   50.582222][ T1925] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   50.609604][ T1925] syz.6.656: attempt to access beyond end of device
[   50.609604][ T1925] loop6: rw=2049, sector=45104, nr_sectors = 128 limit=40427
[   50.627045][ T1938] loop5: detected capacity change from 0 to 40427
[   50.639704][ T1938] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[   50.680931][ T1938] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[   50.691779][ T1938] F2FS-fs (loop5): invalid crc_offset: 33558524
[   50.708472][ T1033] syz-executor: attempt to access beyond end of device
[   50.708472][ T1033] loop6: rw=2051, sector=45096, nr_sectors = 136 limit=40427
[   50.722943][ T1033] F2FS-fs (loop6): Issue discard(5637, 5637, 17) failed, ret: -5
[   50.726782][ T1938] F2FS-fs (loop5): Found nat_bits in checkpoint
[   50.789275][ T1938] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[   50.796636][ T1938] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[   51.006244][ T1965] loop5: detected capacity change from 0 to 512
[   51.078897][ T1965] EXT4-fs error (device loop5): ext4_orphan_get:1400: inode #15: comm syz.5.661: inode has both inline data and extents flags
[   51.124220][ T1965] EXT4-fs error (device loop5): ext4_orphan_get:1405: comm syz.5.661: couldn't read orphan inode 15 (err -117)
[   51.162175][ T1975] loop7: detected capacity change from 0 to 16384
[   51.172881][ T1973] loop6: detected capacity change from 0 to 512
[   51.207834][ T1973] EXT4-fs (loop6): external journal device major/minor numbers have changed
[   51.226075][ T1965] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[   51.256441][ T1973] EXT4-fs (loop6): external journal has bad superblock
[   51.361775][ T1975] loop7: detected capacity change from 16384 to 0
[   51.377245][  T768] EXT4-fs (loop5): unmounting filesystem.
[   51.922665][ T1983] loop5: detected capacity change from 0 to 1024
[   51.948279][ T1983] EXT4-fs: Ignoring removed orlov option
[   51.974349][ T1983] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[   51.984538][ T1983] EXT4-fs (loop5): unmounting filesystem.
[   52.081346][ T1994] loop2: detected capacity change from 0 to 1024
[   52.103158][ T1994] EXT4-fs: Ignoring removed orlov option
[   52.131776][ T1994] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[   52.141467][ T1994] EXT4-fs (loop2): unmounting filesystem.
[   52.182849][ T1981] loop3: detected capacity change from 0 to 40427
[   52.209765][ T1981] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[   52.248008][ T1981] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[   52.301545][ T1981] F2FS-fs (loop3): Found nat_bits in checkpoint
[   52.332940][ T1992] loop7: detected capacity change from 0 to 32768
[   52.382318][ T1981] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[   52.391295][ T1981] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   52.399306][ T1992]  loop7: p1 p2 p3 < p5 p6 >
[   52.408530][ T1992] loop7: p2 size 16775168 extends beyond EOD, truncated
[   52.432180][ T1992] loop7: p5 start 4294970168 is beyond EOD, truncated
[   52.471020][ T2014] device veth0 entered promiscuous mode
[   52.479642][ T1981] syz.3.667: attempt to access beyond end of device
[   52.479642][ T1981] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   52.525004][ T1981] syz.3.667: attempt to access beyond end of device
[   52.525004][ T1981] loop3: rw=2049, sector=45104, nr_sectors = 128 limit=40427
[   52.559574][ T2016] netlink: 4 bytes leftover after parsing attributes in process `syz.5.676'.
[   52.566035][ T2019] input: syz0 as /devices/virtual/input/input14
[   52.590725][   T28] kauditd_printk_skb: 21 callbacks suppressed
[   52.590740][   T28] audit: type=1400 audit(1764165388.344:605): avc:  denied  { write } for  pid=2020 comm="syz.6.679" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[   52.625995][ T2016] device veth0 left promiscuous mode
[   52.684919][ T2026] futex_wake_op: syz.7.680 tries to shift op by 144; fix this program
[   52.699358][  T284] syz-executor: attempt to access beyond end of device
[   52.699358][  T284] loop3: rw=2051, sector=45096, nr_sectors = 136 limit=40427
[   52.727629][  T284] F2FS-fs (loop3): Issue discard(5637, 5637, 17) failed, ret: -5
[   52.880806][ T2031] loop3: detected capacity change from 0 to 1024
[   52.907115][ T2031] EXT4-fs: Ignoring removed orlov option
[   52.921055][ T1439] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[   52.939021][ T2031] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[   52.963525][   T28] audit: type=1400 audit(1764165388.724:606): avc:  denied  { mounton } for  pid=2030 comm="syz.3.683" path="/92/file1/bus" dev="loop3" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[   52.964510][ T2031] incfs: ino conflict with backing FS 2
[   53.021066][   T28] audit: type=1400 audit(1764165388.774:607): avc:  denied  { rename } for  pid=2030 comm="syz.3.683" name="file1" dev="incremental-fs" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   53.082415][   T28] audit: type=1400 audit(1764165388.774:608): avc:  denied  { rename } for  pid=2030 comm="syz.3.683" name="file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="incremental-fs" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   53.128255][ T1439] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   53.150651][ T1439] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   53.181350][ T1439] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   53.187395][  T284] EXT4-fs (loop3): unmounting filesystem.
[   53.199403][ T1439] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   53.209571][ T1439] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   53.217965][   T28] audit: type=1400 audit(1764165388.774:609): avc:  denied  { unlink } for  pid=2030 comm="syz.3.683" name="file1" dev="incremental-fs" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   53.244877][ T1439] usb 7-1: config 0 descriptor??
[   53.250266][   T28] audit: type=1400 audit(1764165388.774:610): avc:  denied  { rename } for  pid=2030 comm="syz.3.683" name="file1" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   53.281101][   T28] audit: type=1400 audit(1764165388.774:611): avc:  denied  { unlink } for  pid=2030 comm="syz.3.683" name="file1" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   53.304015][   T28] audit: type=1400 audit(1764165388.784:612): avc:  denied  { unlink } for  pid=284 comm="syz-executor" name="file1" dev="loop3" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1
[   53.328754][   T28] audit: type=1400 audit(1764165388.804:613): avc:  denied  { read } for  pid=2034 comm="syz.5.686" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   53.651694][ T2038] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.668973][ T2038] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.677178][ T1439] plantronics 0003:047F:FFFF.0009: No inputs registered, leaving
[   53.677443][ T2038] device bridge_slave_0 entered promiscuous mode
[   53.693256][ T2038] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.700370][ T2038] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.708802][ T1439] plantronics 0003:047F:FFFF.0009: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[   53.721891][ T2038] device bridge_slave_1 entered promiscuous mode
[   53.897013][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   53.905040][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   53.912977][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   53.921568][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   53.929773][   T43] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.936848][   T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[   53.944771][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   53.953425][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   53.961875][   T43] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.969098][   T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[   53.976700][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   53.989438][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   53.998709][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   54.012655][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   54.023826][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   54.032411][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   54.039928][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   54.049664][ T2038] device veth0_vlan entered promiscuous mode
[   54.059654][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   54.069080][ T2038] device veth1_macvtap entered promiscuous mode
[   54.078405][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   54.090061][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   54.132661][    T8] device bridge_slave_1 left promiscuous mode
[   54.139400][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.147085][    T8] device bridge_slave_0 left promiscuous mode
[   54.153403][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.161891][    T8] device veth1_macvtap left promiscuous mode
[   54.167947][    T8] device veth0_vlan left promiscuous mode
[   54.436551][ T2068] loop7: detected capacity change from 0 to 40427
[   54.460999][ T2068] F2FS-fs (loop7): Wrong SIT boundary, start(1536) end(50334208) blocks(1024)
[   54.469905][ T2068] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[   54.497377][ T2068] F2FS-fs (loop7): invalid crc value
[   54.504108][ T2068] F2FS-fs (loop7): Found nat_bits in checkpoint
[   54.521744][ T2070] loop8: detected capacity change from 0 to 32768
[   54.537454][ T1435] usb 7-1: USB disconnect, device number 6
[   54.546508][ T2068] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0
[   54.553736][ T2068] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[   54.584297][ T2070]  loop8: p1 p2 p3 < p5 p6 >
[   54.589623][ T2070] loop8: p2 size 16775168 extends beyond EOD, truncated
[   54.597978][ T2070] loop8: p5 start 4294970168 is beyond EOD, truncated
[   54.608614][  T103]  loop8: p1 p2 p3 < p5 p6 >
[   54.613397][   T60] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[   54.621808][  T103] loop8: p2 size 16775168 extends beyond EOD, truncated
[   54.629546][  T103] loop8: p5 start 4294970168 is beyond EOD, truncated
[   54.683152][   T28] audit: type=1400 audit(1764165390.444:614): avc:  denied  { sqpoll } for  pid=2075 comm="syz.8.693" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[   54.721407][ T2068] syz.7.702: attempt to access beyond end of device
[   54.721407][ T2068] loop7: rw=2049, sector=40424, nr_sectors = 8 limit=40427
[   54.751085][ T1832] udevd[1832]: inotify_add_watch(7, /dev/loop8p6, 10) failed: No such file or directory
[   54.751168][ T1831] udevd[1831]: inotify_add_watch(7, /dev/loop8p3, 10) failed: No such file or directory
[   54.772419][ T1273] udevd[1273]: inotify_add_watch(7, /dev/loop8p1, 10) failed: No such file or directory
[   54.783972][ T2081] loop8: detected capacity change from 0 to 1024
[   54.786081][  T337] udevd[337]: inotify_add_watch(7, /dev/loop8p2, 10) failed: No such file or directory
[   54.792947][ T2081] EXT4-fs: Ignoring removed orlov option
[   54.805766][   T60] usb 3-1: Using ep0 maxpacket: 16
[   54.818335][ T1831] udevd[1831]: inotify_add_watch(7, /dev/loop8p3, 10) failed: No such file or directory
[   54.818366][ T1832] udevd[1832]: inotify_add_watch(7, /dev/loop8p6, 10) failed: No such file or directory
[   54.832046][   T60] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   54.840170][  T337] udevd[337]: inotify_add_watch(7, /dev/loop8p2, 10) failed: No such file or directory
[   54.852359][ T1273] udevd[1273]: inotify_add_watch(7, /dev/loop8p1, 10) failed: No such file or directory
[   54.868664][   T60] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   54.870514][ T2081] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[   54.888441][ T2081] EXT4-fs (loop8): unmounting filesystem.
[   54.902654][   T60] usb 3-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[   54.920471][   T60] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   54.947648][   T60] usb 3-1: config 0 descriptor??
[   55.102383][ T2097] netlink: 32 bytes leftover after parsing attributes in process `syz.8.704'.
[   55.116689][ T2097] netem: unknown loss type 13
[   55.121527][ T2097] netem: change failed
[   55.189883][ T2109] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=2109 comm=syz.5.707
[   55.258942][ T2115] serio: Serial port ptm0
[   55.369251][   T60] hid-multitouch 0003:1FD2:6007.000A: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.2-1/input0
[   55.384889][ T2113] loop5: detected capacity change from 0 to 40427
[   55.392554][ T2113] F2FS-fs (loop5): Wrong SIT boundary, start(1536) end(50334208) blocks(1024)
[   55.401725][ T2113] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[   55.416711][ T2113] F2FS-fs (loop5): invalid crc value
[   55.423958][ T2113] F2FS-fs (loop5): Found nat_bits in checkpoint
[   55.447656][ T2113] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[   55.454820][ T2113] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[   55.574078][ T2113] syz.5.710: attempt to access beyond end of device
[   55.574078][ T2113] loop5: rw=2049, sector=40424, nr_sectors = 8 limit=40427
[   55.582975][ T1435] usb 3-1: USB disconnect, device number 5
[   55.591088][  T833] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[   55.782425][  T833] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   55.793462][  T833] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   55.803682][  T833] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   55.816755][  T833] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   55.825974][  T833] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   55.848480][  T833] usb 8-1: config 0 descriptor??
[   55.867257][ T2145] netlink: 164 bytes leftover after parsing attributes in process `syz.5.723'.
[   56.008317][ T2156] netlink: 64 bytes leftover after parsing attributes in process `syz.5.726'.
[   56.034028][ T2150] loop8: detected capacity change from 0 to 32768
[   56.053695][ T2160] serio: Serial port ptm0
[   56.082258][ T2150]  loop8: p1 p3 < >
[   56.167323][  T337] udevd[337]: inotify_add_watch(7, /dev/loop8p3, 10) failed: No such file or directory
[   56.167351][ T1273] udevd[1273]: inotify_add_watch(7, /dev/loop8p1, 10) failed: No such file or directory
[   56.261667][  T833] plantronics 0003:047F:FFFF.000B: No inputs registered, leaving
[   56.275792][  T833] plantronics 0003:047F:FFFF.000B: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.7-1/input0
[   56.352669][ T2170] loop2: detected capacity change from 0 to 40427
[   56.365193][ T2170] F2FS-fs (loop2): Wrong SIT boundary, start(1536) end(50334208) blocks(1024)
[   56.374513][ T2170] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[   56.393432][ T2170] F2FS-fs (loop2): invalid crc value
[   56.400010][ T2170] F2FS-fs (loop2): Found nat_bits in checkpoint
[   56.410955][   T60] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[   56.434838][ T2170] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[   56.442221][ T2170] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   56.611897][ T2176] syz.2.732: attempt to access beyond end of device
[   56.611897][ T2176] loop2: rw=2049, sector=40424, nr_sectors = 8 limit=40427
[   56.626081][   T60] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   56.648339][   T60] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   56.657542][   T60] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   56.665850][   T60] usb 6-1: Product: syz
[   56.670162][   T60] usb 6-1: Manufacturer: syz
[   56.674982][   T60] usb 6-1: SerialNumber: syz
[   56.780929][   T24] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[   56.982264][   T24] usb 7-1: Using ep0 maxpacket: 32
[   56.988557][   T24] usb 7-1: config 4 has an invalid interface number: 128 but max is 0
[   56.996854][   T24] usb 7-1: config 4 has no interface number 0
[   57.003068][   T24] usb 7-1: config 4 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   57.014307][   T24] usb 7-1: config 4 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   57.024291][   T24] usb 7-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[   57.033501][   T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   57.043287][   T24] hub 7-1:4.128: USB hub found
[   57.094256][ T1435] usb 8-1: USB disconnect, device number 2
[   57.244001][   T24] hub 7-1:4.128: 2 ports detected
[   57.249156][   T24] hub 7-1:4.128: Using single TT (err -22)
[   57.495561][   T24] hub 7-1:4.128: hub_hub_status failed (err = -71)
[   57.502331][   T24] hub 7-1:4.128: config failed, can't get hub status (err -71)
[   57.541470][   T24] usb 7-1: USB disconnect, device number 7
[   57.710295][   T60] cdc_ncm 6-1:1.0: MAC-Address: 42:42:42:42:42:42
[   57.719886][   T60] cdc_ncm 6-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.5-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[   57.735039][   T28] kauditd_printk_skb: 8 callbacks suppressed
[   57.735054][   T28] audit: type=1400 audit(1764165393.494:623): avc:  denied  { read } for  pid=142 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1
[   57.762845][   T28] audit: type=1400 audit(1764165393.494:624): avc:  denied  { search } for  pid=142 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   57.791042][   T28] audit: type=1400 audit(1764165393.494:625): avc:  denied  { read } for  pid=142 comm="dhcpcd" name="n15" dev="tmpfs" ino=4953 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   57.832822][   T28] audit: type=1400 audit(1764165393.494:626): avc:  denied  { open } for  pid=142 comm="dhcpcd" path="/run/udev/data/n15" dev="tmpfs" ino=4953 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   57.855703][  T961] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[   57.881906][   T28] audit: type=1400 audit(1764165393.494:627): avc:  denied  { getattr } for  pid=142 comm="dhcpcd" path="/run/udev/data/n15" dev="tmpfs" ino=4953 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   57.920300][  T833] usb 6-1: USB disconnect, device number 3
[   57.925835][   T28] audit: type=1400 audit(1764165393.524:628): avc:  denied  { read } for  pid=2194 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=494 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   57.926955][  T833] cdc_ncm 6-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.5-1, CDC NCM (NO ZLP)
[   57.979613][   T28] audit: type=1400 audit(1764165393.524:629): avc:  denied  { open } for  pid=2194 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=494 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   58.020947][   T28] audit: type=1400 audit(1764165393.524:630): avc:  denied  { getattr } for  pid=2194 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=494 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   58.050812][  T961] usb 9-1: config 0 descriptor has 1 excess byte, ignoring
[   58.071211][  T961] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[   58.091479][  T961] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0xA has an invalid bInterval 0, changing to 7
[   58.112595][  T961] usb 9-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[   58.140920][   T28] audit: type=1400 audit(1764165393.774:631): avc:  denied  { write } for  pid=2193 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=493 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   58.164084][  T961] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   58.180940][  T961] usb 9-1: Product: syz
[   58.185129][  T961] usb 9-1: Manufacturer: syz
[   58.189718][  T961] usb 9-1: SerialNumber: syz
[   58.198546][ T2200] loop2: detected capacity change from 0 to 40427
[   58.207989][   T28] audit: type=1400 audit(1764165393.774:632): avc:  denied  { add_name } for  pid=2193 comm="dhcpcd-run-hook" name="resolv.conf.usb0.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   58.231475][  T961] usb 9-1: config 0 descriptor??
[   58.237214][ T2200] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[   58.247900][  T961] usb 9-1: 0:0 : invalid sync pipe. is_playback 1, ep 0a, bSynchAddress f8
[   58.261203][ T2200] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[   58.282155][ T2200] F2FS-fs (loop2): Found nat_bits in checkpoint
[   58.331666][ T2200] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[   58.338770][ T2200] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   58.395647][ T2200] syz.2.751: attempt to access beyond end of device
[   58.395647][ T2200] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   58.428544][ T2200] syz.2.751: attempt to access beyond end of device
[   58.428544][ T2200] loop2: rw=2049, sector=45104, nr_sectors = 128 limit=40427
[   58.452506][  T961] usb 9-1: USB disconnect, device number 2
[   58.515980][ T2209] loop6: detected capacity change from 0 to 32768
[   58.527361][  T286] syz-executor: attempt to access beyond end of device
[   58.527361][  T286] loop2: rw=2051, sector=45096, nr_sectors = 136 limit=40427
[   58.541731][  T286] F2FS-fs (loop2): Issue discard(5637, 5637, 17) failed, ret: -5
[   58.582009][ T2209]  loop6: p1 p3 < >
[   58.662070][  T337] I/O error, dev loop6, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   59.128943][ T2258] hub 6-0:1.0: USB hub found
[   59.134098][ T2258] hub 6-0:1.0: 1 port detected
[   59.380961][   T60] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[   59.480224][ T2294] kvm [2293]: vcpu2, guest rIP: 0x9134 Unhandled WRMSR(0x11e) = 0x405
[   59.497130][ T2290] loop8: detected capacity change from 0 to 8192
[   59.511586][ T2294] kvm [2293]: vcpu2, guest rIP: 0x9134 Unhandled WRMSR(0x186) = 0x2c05
[   59.528838][ T2294] kvm [2293]: vcpu2, guest rIP: 0x9134 Unhandled WRMSR(0x187) = 0x6505
[   59.543743][ T2294] kvm [2293]: vcpu2, guest rIP: 0x9134 Unhandled WRMSR(0x1d9) = 0xa705
[   59.551793][ T2290]  loop8: p1 p2 p3 p4
[   59.558158][ T2290] loop8: p1 start 51379968 is beyond EOD, truncated
[   59.562049][   T60] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   59.573060][ T2290] loop8: p2 start 4293394690 is beyond EOD, truncated
[   59.597752][   T60] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   59.608628][ T2290] loop8: p3 size 100663552 extends beyond EOD, truncated
[   59.615905][   T60] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   59.634225][   T60] usb 8-1: Product: syz
[   59.638568][   T60] usb 8-1: Manufacturer: syz
[   59.639292][ T2290] loop8: p4 size 50331648 extends beyond EOD, 
[   59.643249][   T60] usb 8-1: SerialNumber: syz
[   59.661023][ T2290] truncated
[   59.789557][ T1831] udevd[1831]: inotify_add_watch(7, /dev/loop8p4, 10) failed: No such file or directory
[   59.802211][ T1273] udevd[1273]: inotify_add_watch(7, /dev/loop8p3, 10) failed: No such file or directory
[   59.968816][ T2312] syz.2.778[2312] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   59.968887][ T2312] syz.2.778[2312] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   60.436913][ T2326] kvm [2325]: vcpu2, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x7
[   60.456952][ T2326] kvm [2325]: vcpu2, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0x7
[   60.591478][ T2328] loop6: detected capacity change from 0 to 32768
[   60.641741][ T2328]  loop6: p1 p2 p3 < p5 p6 >
[   60.646953][ T2328] loop6: p2 size 16775168 extends beyond EOD, truncated
[   60.654194][  T961] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[   60.655073][ T2328] loop6: p5 start 4294970168 is beyond EOD, 
[   60.663383][   T60] cdc_ncm 8-1:1.0: MAC-Address: 42:42:42:42:42:42
[   60.671008][ T2328] truncated
[   60.678417][   T60] cdc_ncm 8-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.7-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[   60.860983][  T961] usb 6-1: Using ep0 maxpacket: 32
[   60.867792][  T961] usb 6-1: config 4 has an invalid interface number: 128 but max is 0
[   60.876271][  T961] usb 6-1: config 4 has no interface number 0
[   60.882480][  T961] usb 6-1: config 4 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   60.890475][  T833] usb 8-1: USB disconnect, device number 3
[   60.893613][  T961] usb 6-1: config 4 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   60.902142][  T833] cdc_ncm 8-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.7-1, CDC NCM (NO ZLP)
[   60.909318][  T961] usb 6-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[   60.927405][  T961] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   60.936968][  T961] hub 6-1:4.128: USB hub found
[   61.137653][  T961] hub 6-1:4.128: 2 ports detected
[   61.142829][  T961] hub 6-1:4.128: Using single TT (err -22)
[   61.375311][  T961] hub 6-1:4.128: hub_hub_status failed (err = -71)
[   61.381910][  T961] hub 6-1:4.128: config failed, can't get hub status (err -71)
[   61.444079][  T961] usb 6-1: USB disconnect, device number 4
[   61.621903][ T2371] loop8: detected capacity change from 0 to 40427
[   61.632445][ T2371] F2FS-fs (loop8): Invalid log_blocksize (268), supports only 12
[   61.640542][ T2371] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock
[   61.660175][ T2371] F2FS-fs (loop8): Found nat_bits in checkpoint
[   61.694949][ T2371] F2FS-fs (loop8): Try to recover 1th superblock, ret: 0
[   61.702179][   T19] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[   61.709768][ T2371] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[   61.741083][ T2371] syz.8.794: attempt to access beyond end of device
[   61.741083][ T2371] loop8: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   61.758946][ T2371] syz.8.794: attempt to access beyond end of device
[   61.758946][ T2371] loop8: rw=2049, sector=45104, nr_sectors = 128 limit=40427
[   61.800963][ T2038] syz-executor: attempt to access beyond end of device
[   61.800963][ T2038] loop8: rw=2051, sector=45096, nr_sectors = 136 limit=40427
[   61.815326][  T833] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[   61.823168][ T2038] F2FS-fs (loop8): Issue discard(5637, 5637, 17) failed, ret: -5
[   61.890921][   T19] usb 7-1: Using ep0 maxpacket: 32
[   61.915433][   T19] usb 7-1: unable to get BOS descriptor or descriptor too short
[   61.931625][   T19] usb 7-1: config 0 has an invalid interface number: 36 but max is 0
[   61.943190][   T19] usb 7-1: config 0 has an invalid interface number: 5 but max is 0
[   61.954322][   T19] usb 7-1: config 0 has 2 interfaces, different from the descriptor's value: 1
[   61.968641][   T19] usb 7-1: config 0 has no interface number 0
[   61.981131][   T19] usb 7-1: config 0 has no interface number 1
[   61.987451][   T19] usb 7-1: config 0 interface 36 altsetting 4 has an invalid endpoint with address 0x0, skipping
[   61.998278][   T19] usb 7-1: too many endpoints for config 0 interface 5 altsetting 156: 226, using maximum allowed: 30
[   62.009990][   T19] usb 7-1: config 0 interface 5 altsetting 156 has 0 endpoint descriptors, different from the interface descriptor's value: 226
[   62.018515][ T2387] netlink: 'syz.5.799': attribute type 13 has an invalid length.
[   62.023444][   T19] usb 7-1: config 0 interface 36 has no altsetting 0
[   62.037982][   T19] usb 7-1: config 0 interface 5 has no altsetting 0
[   62.040958][ T2387] netlink: 'syz.5.799': attribute type 17 has an invalid length.
[   62.048127][  T833] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   62.063413][  T833] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   62.073286][  T833] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   62.086390][  T833] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   62.095568][  T833] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   62.107354][   T19] usb 7-1: string descriptor 0 read error: -22
[   62.113896][  T833] usb 3-1: config 0 descriptor??
[   62.118949][   T19] usb 7-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=64.67
[   62.128175][   T19] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   62.142204][   T19] usb 7-1: config 0 descriptor??
[   62.162769][ T2387] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   62.170220][ T2387] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   62.186679][ T2387] device ipip0 left promiscuous mode
[   62.340934][ T1439] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[   62.369297][   T24] usb 7-1: USB disconnect, device number 8
[   62.532031][ T1439] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   62.550038][ T1439] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   62.551399][  T833] plantronics 0003:047F:FFFF.000C: No inputs registered, leaving
[   62.570808][ T1439] usb 9-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[   62.584058][  T833] plantronics 0003:047F:FFFF.000C: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[   62.596699][ T1439] usb 9-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[   62.604974][ T1439] usb 9-1: Manufacturer: syz
[   62.619891][ T1439] usb 9-1: config 0 descriptor??
[   62.929445][   T28] kauditd_printk_skb: 42 callbacks suppressed
[   62.929461][   T28] audit: type=1326 audit(1764165398.684:675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2421 comm="syz.6.812" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b9e98f749 code=0x7ffc0000
[   62.965626][   T28] audit: type=1326 audit(1764165398.684:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2421 comm="syz.6.812" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b9e98f749 code=0x7ffc0000
[   62.990343][   T28] audit: type=1326 audit(1764165398.684:677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2421 comm="syz.6.812" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f9b9e98f749 code=0x7ffc0000
[   63.005593][ T2422] loop6: detected capacity change from 0 to 8192
[   63.013918][   T28] audit: type=1326 audit(1764165398.684:678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2421 comm="syz.6.812" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f9b9e98f783 code=0x7ffc0000
[   63.046377][   T28] audit: type=1326 audit(1764165398.724:679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2421 comm="syz.6.812" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f9b9e98e1ff code=0x7ffc0000
[   63.071116][   T28] audit: type=1326 audit(1764165398.764:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2421 comm="syz.6.812" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f9b9e98f7d7 code=0x7ffc0000
[   63.094790][   T28] audit: type=1326 audit(1764165398.764:681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2421 comm="syz.6.812" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9b9e98df90 code=0x7ffc0000
[   63.131821][ T2422]  loop6: p1 p2 p3 p4
[   63.136206][ T2422] loop6: p1 start 51379968 is beyond EOD, truncated
[   63.145212][   T28] audit: type=1326 audit(1764165398.764:682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2421 comm="syz.6.812" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f9b9e98f34b code=0x7ffc0000
[   63.154022][ T2422] loop6: p2 start 4293394690 is beyond EOD, 
[   63.169029][   T28] audit: type=1326 audit(1764165398.824:683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2421 comm="syz.6.812" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f9b9e98e3aa code=0x7ffc0000
[   63.181270][ T2422] truncated
[   63.200129][   T28] audit: type=1326 audit(1764165398.824:684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2421 comm="syz.6.812" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f9b9e98f34b code=0x7ffc0000
[   63.219086][ T2422] loop6: p3 size 100663552 extends beyond EOD, truncated
[   63.234569][ T2422] loop6: p4 size 50331648 extends beyond EOD, truncated
[   63.396497][ T1273] udevd[1273]: inotify_add_watch(7, /dev/loop6p3, 10) failed: No such file or directory
[   63.396512][ T1831] udevd[1831]: inotify_add_watch(7, /dev/loop6p4, 10) failed: No such file or directory
[   63.406742][   T60] usb 3-1: USB disconnect, device number 6
[   63.446302][ T1439] uclogic 0003:256C:006D.000D: failed retrieving string descriptor #200: -71
[   63.460621][ T1439] uclogic 0003:256C:006D.000D: failed retrieving pen parameters: -71
[   63.480724][ T1439] uclogic 0003:256C:006D.000D: failed probing pen v2 parameters: -71
[   63.501137][ T1439] uclogic 0003:256C:006D.000D: failed probing parameters: -71
[   63.508659][ T1439] uclogic: probe of 0003:256C:006D.000D failed with error -71
[   63.545225][ T2443] loop7: detected capacity change from 0 to 256
[   63.550739][ T1439] usb 9-1: USB disconnect, device number 3
[   63.574762][ T2443] FAT-fs (loop7): bogus number of FAT sectors
[   63.582098][ T2443] FAT-fs (loop7): Can't find a valid FAT filesystem
[   63.868888][   T24] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[   64.051974][   T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   64.074948][   T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   64.094169][   T24] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   64.122752][   T24] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   64.150927][   T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   64.169382][   T24] usb 7-1: config 0 descriptor??
[   64.578208][   T24] plantronics 0003:047F:FFFF.000E: No inputs registered, leaving
[   64.600084][   T24] plantronics 0003:047F:FFFF.000E: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[   64.914853][ T2477] loop6: detected capacity change from 0 to 512
[   64.987313][ T2477] EXT4-fs (loop6): 1 truncate cleaned up
[   64.999094][ T2477] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[   65.012555][ T2480] loop7: detected capacity change from 0 to 8192
[   65.050255][ T2487] loop2: detected capacity change from 0 to 256
[   65.059067][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   65.073308][ T2480]  loop7: p1 p2 p3 p4
[   65.077786][ T2480] loop7: p1 start 51379968 is beyond EOD, truncated
[   65.094557][ T2480] loop7: p2 start 4293394690 is beyond EOD, truncated
[   65.103557][ T2480] loop7: p3 size 100663552 extends beyond EOD, truncated
[   65.110844][ T2487] FAT-fs (loop2): bogus number of FAT sectors
[   65.118083][ T2480] loop7: p4 size 50331648 extends beyond EOD, 
[   65.126794][ T2487] FAT-fs (loop2): Can't find a valid FAT filesystem
[   65.131037][ T2480] truncated
[   65.246437][  T337] udevd[337]: inotify_add_watch(7, /dev/loop7p4, 10) failed: No such file or directory
[   65.258654][ T1273] udevd[1273]: inotify_add_watch(7, /dev/loop7p3, 10) failed: No such file or directory
[   65.270259][ T2499] kvm [2498]: vcpu2, guest rIP: 0x9133 Unhandled WRMSR(0x11e) = 0xbe702111
[   65.890940][  T833] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[   65.901003][    C0] plantronics 0003:047F:FFFF.000E: usb_submit_urb(ctrl) failed: -1
[   65.920089][ T2525] loop2: detected capacity change from 0 to 8192
[   65.961711][ T2525]  loop2: p1 p2 p3 p4
[   65.966616][ T2525] loop2: p1 start 51379968 is beyond EOD, truncated
[   65.974210][ T2525] loop2: p2 start 4293394690 is beyond EOD, truncated
[   65.981950][ T2525] loop2: p3 size 100663552 extends beyond EOD, truncated
[   65.997464][ T2525] loop2: p4 size 50331648 extends beyond EOD, truncated
[   66.059958][ T1273] udevd[1273]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory
[   66.066062][  T337] udevd[337]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory
[   66.086480][  T833] usb 9-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00
[   66.097611][  T833] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   66.105933][  T833] usb 9-1: Product: syz
[   66.110175][  T833] usb 9-1: Manufacturer: syz
[   66.115009][  T833] usb 9-1: SerialNumber: syz
[   66.310927][  T961] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[   66.351365][  T833] rtl8150 9-1:1.0: couldn't reset the device
[   66.357558][  T833] rtl8150: probe of 9-1:1.0 failed with error -5
[   66.365455][  T833] usb 9-1: USB disconnect, device number 4
[   66.408558][ T2531] syz.5.858[2531] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   66.408605][ T2531] syz.5.858[2531] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   66.426150][ T1033] EXT4-fs (loop6): unmounting filesystem.
[   66.510923][  T961] usb 3-1: Using ep0 maxpacket: 16
[   66.521647][  T961] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   66.534733][  T961] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[   66.548020][  T961] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[   66.557129][  T961] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   66.568671][  T961] usb 3-1: config 0 descriptor??
[   66.654730][ T2542] loop6: detected capacity change from 0 to 128
[   66.678817][ T2542] FAT-fs (loop6): bogus number of reserved sectors
[   66.685884][ T2542] FAT-fs (loop6): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero
[   66.695487][ T2542] FAT-fs (loop6): Can't find a valid FAT filesystem
[   66.732171][    T6] usb 7-1: USB disconnect, device number 9
[   66.875205][ T2563] netlink: 8 bytes leftover after parsing attributes in process `syz.8.872'.
[   66.884108][ T2563] netlink: 24 bytes leftover after parsing attributes in process `syz.8.872'.
[   66.976935][  T961] microsoft 0003:045E:07DA.000F: ignoring exceeding usage max
[   66.986135][  T961] HID 045e:07da: Invalid code 65791 type 1
[   66.992255][  T961] HID 045e:07da: Invalid code 768 type 1
[   66.997903][  T961] HID 045e:07da: Invalid code 769 type 1
[   67.003569][  T961] HID 045e:07da: Invalid code 770 type 1
[   67.009226][  T961] HID 045e:07da: Invalid code 771 type 1
[   67.014878][  T961] HID 045e:07da: Invalid code 772 type 1
[   67.020508][  T961] HID 045e:07da: Invalid code 773 type 1
[   67.026156][  T961] HID 045e:07da: Invalid code 774 type 1
[   67.031811][  T961] HID 045e:07da: Invalid code 775 type 1
[   67.037439][  T961] HID 045e:07da: Invalid code 776 type 1
[   67.047989][  T961] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.000F/input/input19
[   67.121928][  T961] microsoft 0003:045E:07DA.000F: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0
[   67.203837][  T961] usb 3-1: USB disconnect, device number 7
[   67.540972][ T1469] Bluetooth: hci0: command 0x1003 tx timeout
[   67.540975][  T944] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   67.553219][ T2516] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[   67.699481][ T2572] syz.8.875[2572] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   67.699553][ T2572] syz.8.875[2572] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   68.074469][ T2586] netlink: 4 bytes leftover after parsing attributes in process `syz.2.879'.
[   68.161780][ T2591] user requested TSC rate below hardware speed
[   68.182485][ T2591] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3959316773 (126698136736 ns) > initial count (49021836160 ns). Using initial count to start timer.
[   68.477430][   T28] kauditd_printk_skb: 69 callbacks suppressed
[   68.477443][   T28] audit: type=1400 audit(1764165404.234:754): avc:  denied  { getopt } for  pid=2600 comm="syz.5.885" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[   68.511033][  T833] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[   68.556950][ T2605] netlink: 40 bytes leftover after parsing attributes in process `syz.5.886'.
[   68.621416][ T2609] netlink: 4 bytes leftover after parsing attributes in process `syz.5.890'.
[   68.698170][   T28] audit: type=1400 audit(1764165404.454:755): avc:  denied  { ioctl } for  pid=2616 comm="syz.8.894" path="socket:[28510]" dev="sockfs" ino=28510 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   68.713278][  T833] usb 3-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00
[   68.772639][  T833] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   68.790830][  T833] usb 3-1: Product: syz
[   68.800988][  T833] usb 3-1: Manufacturer: syz
[   68.805635][  T833] usb 3-1: SerialNumber: syz
[   68.814283][   T60] kernel write not supported for file bpf-prog (pid: 60 comm: kworker/1:2)
[   68.904878][ T2641] loop7: detected capacity change from 0 to 1024
[   68.918556][ T2641] EXT4-fs: Ignoring removed bh option
[   68.932866][ T2641] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none.
[   68.945911][ T2641] EXT4-fs (loop7): shut down requested (1)
[   68.958595][ T1538] EXT4-fs (loop7): unmounting filesystem.
[   69.048357][  T833] rtl8150 3-1:1.0: couldn't reset the device
[   69.054839][  T833] rtl8150: probe of 3-1:1.0 failed with error -5
[   69.066649][  T833] usb 3-1: USB disconnect, device number 8
[   69.193816][   T28] audit: type=1400 audit(1764165404.954:756): avc:  denied  { map } for  pid=2674 comm="syz.6.919" path="/dev/ashmem" dev="devtmpfs" ino=269 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   69.243531][   T28] audit: type=1400 audit(1764165404.964:757): avc:  denied  { map } for  pid=2674 comm="syz.6.919" path="/dev/usbmon0" dev="devtmpfs" ino=159 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   69.303881][ T2687] loop7: detected capacity change from 0 to 512
[   69.311811][ T2687] ext4: Unknown parameter 'uid>00000000000000000000'
[   69.335971][   T28] audit: type=1400 audit(1764165405.094:758): avc:  denied  { mount } for  pid=2689 comm="syz.6.925" name="/" dev="ramfs" ino=28623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[   69.374333][   T28] audit: type=1400 audit(1764165405.134:759): avc:  denied  { remount } for  pid=2693 comm="syz.7.928" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[   69.395403][ T2694] overlayfs: upper fs does not support RENAME_WHITEOUT.
[   69.402461][ T2694] overlayfs: failed to set xattr on upper
[   69.403618][ T2696] netlink: 8 bytes leftover after parsing attributes in process `syz.6.927'.
[   69.408304][   T28] audit: type=1400 audit(1764165405.154:760): avc:  denied  { mounton } for  pid=2693 comm="syz.7.928" path="/82/file0/bus" dev="ramfs" ino=27483 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=dir permissive=1
[   69.417561][ T2696] netlink: 24 bytes leftover after parsing attributes in process `syz.6.927'.
[   69.439955][ T2694] overlayfs: ...falling back to index=off,metacopy=off.
[   69.495560][   T28] audit: type=1400 audit(1764165405.254:761): avc:  denied  { unmount } for  pid=1538 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[   69.527111][ T2702] netlink: 12 bytes leftover after parsing attributes in process `syz.7.931'.
[   69.568349][ T2708] netlink: 'syz.7.934': attribute type 13 has an invalid length.
[   69.576481][ T2708] netlink: 'syz.7.934': attribute type 17 has an invalid length.
[   69.625703][ T2708] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   69.630906][    C1] ==================================================================
[   69.640977][    C1] BUG: KASAN: use-after-free in __run_timers+0x32b/0x9b0
[   69.648005][    C1] Write of size 8 at addr ffff88812f95ca00 by task swapper/1/0
[   69.655537][    C1] 
[   69.657847][    C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted syzkaller #0
[   69.664936][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   69.674993][    C1] Call Trace:
[   69.678257][    C1]  <IRQ>
[   69.681090][    C1]  __dump_stack+0x21/0x24
[   69.685457][    C1]  dump_stack_lvl+0xee/0x150
[   69.690854][    C1]  ? __cfi_dump_stack_lvl+0x8/0x8
[   69.695871][    C1]  ? update_rq_clock+0x536/0x5c0
[   69.700809][    C1]  ? __run_timers+0x32b/0x9b0
[   69.705471][    C1]  print_address_description+0x71/0x200
[   69.711000][    C1]  print_report+0x4a/0x60
[   69.715317][    C1]  kasan_report+0x122/0x150
[   69.719814][    C1]  ? __run_timers+0x32b/0x9b0
[   69.724479][    C1]  __asan_report_store8_noabort+0x17/0x20
[   69.730190][    C1]  __run_timers+0x32b/0x9b0
[   69.734688][    C1]  ? sched_clock+0x9/0x10
[   69.739000][    C1]  ? sched_clock_cpu+0x6e/0x250
[   69.743854][    C1]  ? calc_index+0x200/0x200
[   69.748351][    C1]  ? kvm_sched_clock_read+0x18/0x40
[   69.753544][    C1]  run_timer_softirq+0x6a/0xf0
[   69.758301][    C1]  handle_softirqs+0x1d7/0x600
[   69.763044][    C1]  ? irqtime_account_irq+0xc4/0x240
[   69.768234][    C1]  __irq_exit_rcu+0x52/0xf0
[   69.772931][    C1]  irq_exit_rcu+0x9/0x10
[   69.777165][    C1]  sysvec_apic_timer_interrupt+0xa9/0xc0
[   69.782783][    C1]  </IRQ>
[   69.785696][    C1]  <TASK>
[   69.788619][    C1]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[   69.794607][    C1] RIP: 0010:default_idle+0xf/0x20
[   69.799622][    C1] Code: e9 47 ff ff ff 00 00 cc cc 00 00 90 90 90 90 90 90 90 90 90 90 90 b8 0c 67 40 a5 55 48 89 e5 66 90 0f 00 2d 33 f0 51 00 fb f4 <5d> c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 90 90 90 90 90
[   69.819212][    C1] RSP: 0018:ffffc90000147dd8 EFLAGS: 00000257
[   69.825278][    C1] RAX: ffff8881f7100000 RBX: ffff888100336540 RCX: 0985255f364b5a00
[   69.833238][    C1] RDX: 0000000000000001 RSI: ffffffff85aa1980 RDI: ffffffff85aa1940
[   69.841193][    C1] RBP: ffffc90000147dd8 R08: dffffc0000000000 R09: ffffed103ee26917
[   69.849162][    C1] R10: 0000000000000000 R11: ffffffff84f44280 R12: 0000000000000000
[   69.857159][    C1] R13: 0000000000000000 R14: ffff888100336540 R15: dffffc0000000000
[   69.865123][    C1]  ? __cfi_default_idle+0x10/0x10
[   69.870157][    C1]  arch_cpu_idle+0x1c/0x20
[   69.874574][    C1]  default_idle_call+0x71/0x1d0
[   69.879408][    C1]  do_idle+0x1a7/0x520
[   69.883459][    C1]  ? ct_irq_exit+0x9/0x10
[   69.887799][    C1]  ? idle_inject_timer_fn+0x60/0x60
[   69.892993][    C1]  cpu_startup_entry+0x43/0x60
[   69.897751][    C1]  start_secondary+0x119/0x120
[   69.902502][    C1]  secondary_startup_64_no_verify+0xce/0xdb
[   69.908378][    C1]  </TASK>
[   69.911374][    C1] 
[   69.913683][    C1] Allocated by task 2516:
[   69.917981][    C1]  kasan_set_track+0x4b/0x70
[   69.922551][    C1]  kasan_save_alloc_info+0x25/0x30
[   69.927653][    C1]  __kasan_kmalloc+0x95/0xb0
[   69.932232][    C1]  __kmalloc+0xb1/0x1e0
[   69.936374][    C1]  hci_alloc_dev_priv+0x27/0x1bd0
[   69.941382][    C1]  hci_uart_tty_ioctl+0x3d6/0xa20
[   69.946390][    C1]  tty_ioctl+0x8ef/0xc60
[   69.950606][    C1]  __se_sys_ioctl+0x12f/0x1b0
[   69.955261][    C1]  __x64_sys_ioctl+0x7b/0x90
[   69.960247][    C1]  x64_sys_call+0x58b/0x9a0
[   69.964745][    C1]  do_syscall_64+0x4c/0xa0
[   69.969140][    C1]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   69.975022][    C1] 
[   69.977335][    C1] Freed by task 2514:
[   69.981283][    C1]  kasan_set_track+0x4b/0x70
[   69.985865][    C1]  kasan_save_free_info+0x31/0x50
[   69.990876][    C1]  ____kasan_slab_free+0x132/0x180
[   69.995975][    C1]  __kasan_slab_free+0x11/0x20
[   70.000711][    C1]  slab_free_freelist_hook+0xc2/0x190
[   70.006081][    C1]  __kmem_cache_free+0xb7/0x1b0
[   70.010908][    C1]  kfree+0x6f/0xf0
[   70.014607][    C1]  hci_release_dev+0x12a3/0x13b0
[   70.019520][    C1]  bt_host_release+0x82/0x90
[   70.024088][    C1]  device_release+0xa4/0x1d0
[   70.028665][    C1]  kobject_put+0x19d/0x280
[   70.033061][    C1]  put_device+0x1f/0x30
[   70.037201][    C1]  hci_free_dev+0x1c/0x20
[   70.041507][    C1]  hci_uart_tty_close+0x1a3/0x230
[   70.046510][    C1]  tty_ldisc_kill+0x10f/0x1f0
[   70.051157][    C1]  tty_ldisc_release+0x1a5/0x200
[   70.056079][    C1]  tty_release_struct+0x29/0xe0
[   70.060936][    C1]  tty_release+0xbfd/0x1210
[   70.065420][    C1]  __fput+0x1fc/0x8f0
[   70.069380][    C1]  ____fput+0x15/0x20
[   70.073339][    C1]  task_work_run+0x1db/0x240
[   70.077908][    C1]  exit_to_user_mode_loop+0x9b/0xb0
[   70.083081][    C1]  exit_to_user_mode_prepare+0x87/0xd0
[   70.088518][    C1]  syscall_exit_to_user_mode+0x1a/0x30
[   70.093954][    C1]  do_syscall_64+0x58/0xa0
[   70.098343][    C1]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   70.104211][    C1] 
[   70.106513][    C1] Last potentially related work creation:
[   70.112201][    C1]  kasan_save_stack+0x3a/0x60
[   70.116852][    C1]  __kasan_record_aux_stack+0xb6/0xc0
[   70.122215][    C1]  kasan_record_aux_stack_noalloc+0xb/0x10
[   70.127996][    C1]  insert_work+0x51/0x300
[   70.132305][    C1]  __queue_work+0x9b1/0xd30
[   70.136782][    C1]  queue_work_on+0xd2/0x140
[   70.141262][    C1]  __hci_cmd_sync_sk+0xa3e/0xcf0
[   70.146173][    C1]  hci_cmd_sync_status+0x53/0x120
[   70.151182][    C1]  hci_dev_cmd+0x628/0x720
[   70.155588][    C1]  hci_sock_ioctl+0x41e/0x7f0
[   70.160239][    C1]  sock_do_ioctl+0x101/0x310
[   70.164807][    C1]  sock_ioctl+0x4d8/0x6e0
[   70.169111][    C1]  __se_sys_ioctl+0x12f/0x1b0
[   70.173757][    C1]  __x64_sys_ioctl+0x7b/0x90
[   70.178321][    C1]  x64_sys_call+0x58b/0x9a0
[   70.182801][    C1]  do_syscall_64+0x4c/0xa0
[   70.187196][    C1]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   70.193090][    C1] 
[   70.195398][    C1] Second to last potentially related work creation:
[   70.201947][    C1]  kasan_save_stack+0x3a/0x60
[   70.206597][    C1]  __kasan_record_aux_stack+0xb6/0xc0
[   70.211944][    C1]  kasan_record_aux_stack_noalloc+0xb/0x10
[   70.217725][    C1]  insert_work+0x51/0x300
[   70.222026][    C1]  __queue_work+0x9b1/0xd30
[   70.226520][    C1]  queue_work_on+0xd2/0x140
[   70.230998][    C1]  hci_cmd_timeout+0x191/0x200
[   70.235742][    C1]  process_one_work+0x71f/0xc40
[   70.240564][    C1]  worker_thread+0xa29/0x11f0
[   70.245219][    C1]  kthread+0x281/0x320
[   70.249278][    C1]  ret_from_fork+0x1f/0x30
[   70.253673][    C1] 
[   70.255974][    C1] The buggy address belongs to the object at ffff88812f95c000
[   70.255974][    C1]  which belongs to the cache kmalloc-8k of size 8192
[   70.270124][    C1] The buggy address is located 2560 bytes inside of
[   70.270124][    C1]  8192-byte region [ffff88812f95c000, ffff88812f95e000)
[   70.283647][    C1] 
[   70.285954][    C1] The buggy address belongs to the physical page:
[   70.292438][    C1] page:ffffea0004be5600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12f958
[   70.302651][    C1] head:ffffea0004be5600 order:3 compound_mapcount:0 compound_pincount:0
[   70.310965][    C1] flags: 0x4000000000010200(slab|head|zone=1)
[   70.317024][    C1] raw: 4000000000010200 ffffea0004349600 dead000000000002 ffff888100043500
[   70.325585][    C1] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000
[   70.334137][    C1] page dumped because: kasan: bad access detected
[   70.340529][    C1] page_owner tracks the page as allocated
[   70.346213][    C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 284, tgid 284 (syz-executor), ts 20729531238, free_ts 0
[   70.366519][    C1]  post_alloc_hook+0x1f5/0x210
[   70.371364][    C1]  prep_new_page+0x1c/0x110
[   70.375846][    C1]  get_page_from_freelist+0x2c7b/0x2cf0
[   70.381374][    C1]  __alloc_pages+0x1c3/0x450
[   70.385945][    C1]  alloc_slab_page+0x6e/0xf0
[   70.390516][    C1]  new_slab+0x98/0x3d0
[   70.394564][    C1]  ___slab_alloc+0x6bd/0xb20
[   70.399131][    C1]  __slab_alloc+0x5e/0xa0
[   70.403438][    C1]  __kmem_cache_alloc_node+0x203/0x2c0
[   70.408876][    C1]  __kmalloc_node+0xa1/0x1e0
[   70.413460][    C1]  kvmalloc_node+0x294/0x480
[   70.418034][    C1]  pfifo_fast_init+0x3af/0x7a0
[   70.422795][    C1]  qdisc_create_dflt+0x150/0x3b0
[   70.427717][    C1]  dev_activate+0x2cf/0x1040
[   70.432290][    C1]  __dev_open+0x3ce/0x4f0
[   70.436601][    C1]  __dev_change_flags+0x21b/0x6b0
[   70.441603][    C1] page_owner free stack trace missing
[   70.446946][    C1] 
[   70.449279][    C1] Memory state around the buggy address:
[   70.454886][    C1]  ffff88812f95c900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   70.462921][    C1]  ffff88812f95c980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   70.470956][    C1] >ffff88812f95ca00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   70.478989][    C1]                    ^
[   70.483032][    C1]  ffff88812f95ca80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   70.491070][    C1]  ffff88812f95cb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   70.499104][    C1] ==================================================================
[   70.507148][    C1] Disabling lock debugging due to kernel taint
[   70.513325][    C1] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
[   70.525011][    C1] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[   70.533396][    C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G    B              syzkaller #0
[   70.541869][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   70.551921][    C1] RIP: 0010:__queue_work+0x575/0xd30
[   70.557201][    C1] Code: 39 2b 0f 84 b9 00 00 00 e8 78 e3 28 00 4c 89 ff e8 10 28 ad 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 cc 5b 6d 00 49 8b 7d 00 e8 f3 23
[   70.577315][    C1] RSP: 0018:ffffc900001b0c70 EFLAGS: 00010046
[   70.583398][    C1] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff888100336540
[   70.591363][    C1] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff
[   70.599321][    C1] RBP: ffffc900001b0d08 R08: fffffffffffffffb R09: 0000000000000007
[   70.607293][    C1] R10: ffffed1025f2b939 R11: 1ffff11025f2b939 R12: dffffc0000000000
[   70.615274][    C1] R13: 0000000000000000 R14: ffff88812f95c9c8 R15: 0000000000000008
[   70.623247][    C1] FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[   70.632158][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   70.638718][    C1] CR2: 00005555940324a8 CR3: 00000001145d9000 CR4: 00000000003526a0
[   70.646674][    C1] Call Trace:
[   70.649934][    C1]  <IRQ>
[   70.652756][    C1]  delayed_work_timer_fn+0x61/0x80
[   70.657845][    C1]  ? __cfi_delayed_work_timer_fn+0x10/0x10
[   70.663715][    C1]  call_timer_fn+0x46/0x2a0
[   70.668203][    C1]  ? __cfi_delayed_work_timer_fn+0x10/0x10
[   70.674101][    C1]  __run_timers+0x672/0x9b0
[   70.678625][    C1]  ? calc_index+0x200/0x200
[   70.683295][    C1]  ? kvm_sched_clock_read+0x18/0x40
[   70.688490][    C1]  run_timer_softirq+0x6a/0xf0
[   70.693244][    C1]  handle_softirqs+0x1d7/0x600
[   70.698011][    C1]  ? irqtime_account_irq+0xc4/0x240
[   70.703204][    C1]  __irq_exit_rcu+0x52/0xf0
[   70.707694][    C1]  irq_exit_rcu+0x9/0x10
[   70.711919][    C1]  sysvec_apic_timer_interrupt+0xa9/0xc0
[   70.717558][    C1]  </IRQ>
[   70.720470][    C1]  <TASK>
[   70.723460][    C1]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[   70.729611][    C1] RIP: 0010:default_idle+0xf/0x20
[   70.734618][    C1] Code: e9 47 ff ff ff 00 00 cc cc 00 00 90 90 90 90 90 90 90 90 90 90 90 b8 0c 67 40 a5 55 48 89 e5 66 90 0f 00 2d 33 f0 51 00 fb f4 <5d> c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 90 90 90 90 90
[   70.754207][    C1] RSP: 0018:ffffc90000147dd8 EFLAGS: 00000257
[   70.760262][    C1] RAX: ffff8881f7100000 RBX: ffff888100336540 RCX: 0985255f364b5a00
[   70.768566][    C1] RDX: 0000000000000001 RSI: ffffffff85aa1980 RDI: ffffffff85aa1940
[   70.776791][    C1] RBP: ffffc90000147dd8 R08: dffffc0000000000 R09: ffffed103ee26917
[   70.784752][    C1] R10: 0000000000000000 R11: ffffffff84f44280 R12: 0000000000000000
[   70.792708][    C1] R13: 0000000000000000 R14: ffff888100336540 R15: dffffc0000000000
[   70.800755][    C1]  ? __cfi_default_idle+0x10/0x10
[   70.805769][    C1]  arch_cpu_idle+0x1c/0x20
[   70.810165][    C1]  default_idle_call+0x71/0x1d0
[   70.815111][    C1]  do_idle+0x1a7/0x520
[   70.819162][    C1]  ? ct_irq_exit+0x9/0x10
[   70.823469][    C1]  ? idle_inject_timer_fn+0x60/0x60
[   70.828654][    C1]  cpu_startup_entry+0x43/0x60
[   70.833397][    C1]  start_secondary+0x119/0x120
[   70.838141][    C1]  secondary_startup_64_no_verify+0xce/0xdb
[   70.844009][    C1]  </TASK>
[   70.847011][    C1] Modules linked in:
[   70.850889][    C1] ---[ end trace 0000000000000000 ]---
[   70.856327][    C1] RIP: 0010:__queue_work+0x575/0xd30
[   70.861595][    C1] Code: 39 2b 0f 84 b9 00 00 00 e8 78 e3 28 00 4c 89 ff e8 10 28 ad 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 cc 5b 6d 00 49 8b 7d 00 e8 f3 23
[   70.881184][    C1] RSP: 0018:ffffc900001b0c70 EFLAGS: 00010046
[   70.887263][    C1] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff888100336540
[   70.895219][    C1] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff
[   70.903179][    C1] RBP: ffffc900001b0d08 R08: fffffffffffffffb R09: 0000000000000007
[   70.911140][    C1] R10: ffffed1025f2b939 R11: 1ffff11025f2b939 R12: dffffc0000000000
[   70.919103][    C1] R13: 0000000000000000 R14: ffff88812f95c9c8 R15: 0000000000000008
[   70.927183][    C1] FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[   70.936442][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   70.943009][    C1] CR2: 00005555940324a8 CR3: 00000001145d9000 CR4: 00000000003526a0
[   70.950970][    C1] Kernel panic - not syncing: Fatal exception in interrupt
[   70.958500][    C1] Kernel Offset: disabled
[   70.962818][    C1] Rebooting in 86400 seconds..