last executing test programs:

33.910075012s ago: executing program 3 (id=30):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000f1ffffff0000000000100000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x28}, 0x1c)
connect$pppl2tp(r1, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x8, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x32)
writev(r1, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x180204}], 0x1)

33.854215332s ago: executing program 3 (id=34):
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000001240)='./file0\x00', 0x10, &(0x7f0000000a80)=ANY=[@ANYBLOB="00e789da34e04a1ffbc2f05cefeb4ee6d5ae1071124b2c2fb684f5c7ac05000000c7880f67e775c748f6381a3e01e7f93330b30b90bbb4d2b697899a16f2df4fa2a8f06ac2c5352ddcae2b83672ef3d9f532e55f4e798924ac6332751e737383f6890d2dcfcbdbd41940a64c7b4374674e7bb6dd0d1b8d3d62f6d77b0282e166e2ce4c353d2d4d315a81146bf46a1508ef0d2ddc7d0b447fe17b85b292d13cea2256a16cab12d75a852bc680da7ea837480feb2e0500001e0000000000003bc18c52d0351cd285197b0641569048b5b416ba1c570000000000100083794afff0a9eed63b1226b18c4b455ab222d7ae1be52a22e8ec8bf2c0c7d99770415863f50aa18bcb66061a29bc55105f3482ed752f882d224a386b51836c1b437036b677156e22e174ff516dbab0b2cdf52bee43c4ffffffffffffffffd9487b8663a339b98df63b4bf3e97f02d6f1e7e65f968dd90841506355d9ac40f1b434c8a9b5bd91a70c53a5aadbebd9ed9d0a55bd47a967163e0c02753f8895bfbf1b41b5490667c241068d59983ae1d0f03e650f5357425284b76d793e25a2558fa437e38b8200000000630000000000000000000000000000000000000000000000e911000000000066e073c14bb74617079e0b6ecfc830db14244567fd8f4e4e5903eaf983786e28295783f130b95dc37f59a658000e88047db7783ce8a9cba6c255902cfb83946ea3f5f7a8cee911b2b37ae4b01e65ea86d5ea7ae17b2a9bc250c9b8fc9fbc04617939bdd13457954172d18701768f8a461bee740f2d82ae566d2e30a93ad2b201a6d16a93c75a950cc437e7f25d3aadddb8edd028d84490b6bafd636aa4fb482a8a4b3987dafe58e742448c4b36b03790090198145dee533257bb9050554f8cace210a5bc5c768f83e99019f7c00ff9ca679768dbba3f7d21c545c99c2f7688f7030fe37121d625d1f81018feb74c9d48eebdf1702550b097271ab9bd38c62f4b31fd9482c05ba0", @ANYRES16], 0x1, 0x11dc, &(0x7f0000001280)="$eJzs3MGLG1UcB/Bf19rW1N2sWqstiA+96GVo9uBFL0G2IA0obSO0gjB1JxoyJiETFiJi9eTVv0M8ehPEm1724t/gbS8eexBHTNR2l3hYdDewfD6X/OD3vuQ9BgbeMG/23/jq40Gvynr5NNbOnIm1cUR6kCLFWvzt83j19R9/euHWnbs32p3O9s2Urrdvt15LKW28+P17n37z0g/Ti+9+u/Hd+djbfH//161f9i7vXdn//fZH/Sr1qzQcTVOe7o1G0/xeWaSdfjXIUnqnLPKqSP1hVUwO9HvlaDyepXy4s94YT4qqSvlwlgbFLE1HaTqZpfzDvD9MWZal9UbwX3S/flDXdURdPx7noq7r+oloxMV4MtZjI5qxGU/F0/FMXIpn43I8F8/HlfmoVc8bAAAAAAAAAAAAAAAAAAAAThfn/wEAAAAAAAAAAAAAAAAAAGD1bt25e6Pd6WzfTOlCRPnlbne3u/hd9Nu96EcZRVyLZvwW89P/C4v6+lud7WtpbjO+KO//lb+/233sYL41/5zA0nxrkU8H8+ej8Wh+K5pxaXl+a2n+Qrzy8iP5LJrx8wcxijJ24s/sw/xnrZTefLtzKH91Pg4AAABOgyz9Y+n+Pcv+rb/IH+H5wKH99dm4ena1ayeimn0yyMuymBxbcS6O/S8UCsX/XKz6zsRJeHjRVz0TAAAAAAAAAAAAjuIkXidc9RoBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA/2IFjAQAAAABh/tZpdGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBVAAAA//8xgdSv")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
r1 = inotify_init()
inotify_add_watch(r1, &(0x7f0000000040)='.\x00', 0x10000200)
write$binfmt_elf64(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c460d04000c028000000000000003003e00ecffffff940200000000000040000000000000004d020000000000000000000000003800010001017f000800030000006400000005000000000000000a000000000000000101000000000000a1"], 0x78)
close(r0)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0)

33.718803774s ago: executing program 3 (id=37):
bpf$PROG_LOAD(0x5, &(0x7f0000001180)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000210018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b708000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='net_dev_xmit\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000640)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd020f4c0c8c56147d66527da307bf731fef97861750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3665f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447c2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72e7ead0509d380578673f8b6e74ce23877a6b24db0000000000000003629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d7b90dfae158b94f50adab988dd8e12b1b56073d0d10f7067c881434af5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf77bfc95769a9294df517d90bdc01e73835efd98ad5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b31592479ecf2392548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbe1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5646ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4766e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec859c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f250057931d828ec78e116ae46c4897e2795b6ff92e9a1f63a6ed8fb4f8f3a6ec4e76f8621e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403f02734137ff47257f164391c673b6071b6ad0f05eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb79f5589829b6b0679b5d65a81826fc9b38f791c8f1892b51ad65a89bc84646ebf78f5d5d4804d9abb071fd711b5e7cc163b42a6510b8f5ee6747df0b560eabe0499bf1fef7c18bb9f55effa018679845c6598fb78bf1b8d9d9f04a5f6062c2bbb91952755b3f7c948268cb647d0a0bb1286480615941154a01d23734bcafe3b164474e2f2efa77850686ee4541f3e79efa63545a7ae53d5f0c40cc86473f7eb093980bd0d97bb4750128d9c519984c5f731ea259e71b2f12d67ce12e52c283e74594dfc933e625737ed231d61263721d46daf093f770357cd78fe1431aef52b4a0a933f1a5334ad03f3876fc8a8e187f80318427b4c922075cf829e3cc49d71d52137b48e1fb6b05dd1c7b251a7059f0a4b4f3431f67fc65b75c202e43816e34ff41db85bacd77b25242830b788ae1e00"/2566], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0xe40, 0x0, &(0x7f0000000100)="b9ff03076844268cb89e14f005dd1be0ffff00fe3a21632f77fbac14141de007031762079f4b4d2f87e5feca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0x8, 0x60000000}, 0x1e)

33.626494735s ago: executing program 3 (id=43):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)

33.601549876s ago: executing program 3 (id=45):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000080)='9p_client_res\x00', r1}, 0x10)
pipe2$9p(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])

33.507175577s ago: executing program 3 (id=47):
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f00007fd000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_writev(r0, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0)
madvise(&(0x7f00003c1000/0x1000)=nil, 0xdfc3efff, 0x15)

33.507064657s ago: executing program 32 (id=47):
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f00007fd000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_writev(r0, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0)
madvise(&(0x7f00003c1000/0x1000)=nil, 0xdfc3efff, 0x15)

21.59517392s ago: executing program 4 (id=287):
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xf)
ioctl$TCFLSH(r0, 0x400455c8, 0x40000000004)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000080), 0xfd32)
bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)

21.512871202s ago: executing program 4 (id=289):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_X86_DISABLE_EXITS(r1, 0x4068aea3, &(0x7f0000000180)={0x8f, 0x0, 0x2})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21.416095573s ago: executing program 4 (id=291):
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x1808014, &(0x7f0000000900)=ANY=[], 0x5, 0x5593, &(0x7f0000000c00)="$eJzs3EtvG2UXAOAzTtP71y9CLNh1pAopkWqrTi+CFQVacRGtKi4LVuDYruXW9kSx64auumCJWPBPEEisWPIbWMASdogFiB1SkWcmULdJC63jQPs80vjMHL8+874jK9KZiRzAU2sp/e2XJI7FoYhYiIijSeT7SblF3I44X4x9LiKOR0Tlri0p838m9kfE4Yg4Nile1EzKtz47OT5x9uc3f/362wP7jnz+1Xd7unBgTz0fEf31Yv9mv4hZJw93Fsp8Y9zNY//MuIzrUzX6WZG/2V7LK9xsbI1r5PF0pxifrd8YTuLVXqM5iZ3u1Ty/PihOOBx3tupMPpBea2zkx632Wh67wyyPnVvFeTdvFX/bbg1HRZ1WWe+jvHyMRluxyLc328V61q/nsTkYlfmibtZqb07iuIzl6aKZ9Vr5PNYe9Sr/+73VHdzYTMftjWE3G6Rna/UXavVz1fpG1mqP2meqjX7r3Jl0udObDKuO2o3++U6WdXrtWjPrr6TLnWazWq+nyxfaa93GIK3Xa6drp6pnV8q9k+lrl99Le610eRJf6Q5ujLq9YXo120iLT6ykq7XTL66kJ+rpO5eupFfevnjx0pV3P7jw/uWXL73xajnovmmly6unVler9VPV1frKU7T+j8tJ/4P1J9unf/j+8S4bFHb4ggGws/v6/7i3/w/9PzBzD+j/49pD+v/+9fJ4d/r/2Lb/r0z3/zHL/n/SUun/H97/Vvag/10M/f8urh8ey6P1//tnPg8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAObux8UvXs93lorjI2X+f2XqmfI4iYhKRNzZxkLsn6q5UNZZ3GH84j1z+CaJvMLkHAfK7XBEnC+33/+/21cBAAAAnlxf3j7+adGtFy9Lez0h5qm4aVM5+uGM6iURsbj004yqVSYvz86oWP793hebM6qW38A6OKNixS23fbOq9rcsTIWDd4WkCJW5TgcAAJiL6U5gvl0IAAAA8/TJA999aW7zYM6S2HqUufUsOP/P+78eCB6aeg8AAAD4D0r2egIAAADArsv7f7//BwAAAE+24vf/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+YOd+ctMGojgAPxsM/auiqvtepTs4Ro/QZZeFA/QSHIGeoFIvwBmolEWOkIQIe4LkBKRIjHGCvk+ynRlHP88AmzeWBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAu/a9Wsz+/vv4+Mebv7fY0maYDAAAAHLCpVrP6j0nTfp/6P6auz6ldREQZEYdq90GMWpmDlFMd+f/q0Rj+RdQJu/5xOt5FxLd03Hzq+lMAAACAy7VeLKdNtd6c0hLAVb+j4kyaRZvyw/dMeUVEVJPrTGnl7vQlU1j9+x7Gz0xp9QLWm0xhzZLb8PC9Ua6HtA1al4eZzOsvsW6V3TwXAADoU7sSOFKFAAAAcAF+9D0AzuFpaV/sT/v3jOPmkl4Ivm21AAAAgFeo6HsAAAAAQOfq+v8l7f9X2P8PAAAAsmv2/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBLm2o1Wy+W02P358/MudueJt+MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB79ucdBUIgDMJg7/rOZO5/WGnQ0NikCoSPvzEYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN787i//J6bGmWTutbH0PJKsnRpbp8beuXH0h/H1awAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYn5cUCIEgiII5438nff/DSoKeQYQIaHhUUYsGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAL/rdL/8npsaZZO60sXQ8kqxdNbauGnsPGkcPxtu/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYt2PfNqowAOCffbaTFBAhoEgEoSJ1gIWmbmnpihAoYuBPQIpSpwRcCm0GWkWULGwoC0sXBCNCSKCw5X/o3EhdytYhQ5CYGILufJeeY5dEBc6m+f2kd+/z+Xrve+dTlc/vDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQ2HkrviniJN1Mp5uJqOf77u6uLaX99oE+tbVxby5taVyrOvHx93L5xcnZ0SUCAADA8ZEU9X1E3G9uLqR9fTqr/5vFMWnN/90zvbio5w/W/du7a5P5W3NF/f/rLw9e2B9oOsnGSU+6vNLtnBlMpfEfTXHsPXvoEY3symffvSTZB1J/b/35nWZ2PWtf37nzTisLJ6rIFgB4HKeLPg+Kv4fSvj3KxAA4Nhqlwruo/5Pp0eYEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUIWd9XiqiGsRMdd4GKe2d9eWhvVfbtyb28rbhdu3N8rnTE/RjIjllW7nTIVzGV/F1bz58WK327l2/UbVwcmIGPLWraP98yRP/5HHtCKib8+pF4ec54MjjHXgPANBfntGtddwKp3foQfX+vbUBi7423s9o7gBqgrq+eczLvkMBpOPvo0PCYp7799PrOL/jgAAeOI185ZWovebmwvpvtpMxN73/fX/q6U4+ur+vVu9Pb3XW6X6/8GHF+6WxyrX/+2K5vd/ML965dP56zduvr5yZfFy53LnkzfOtt9sn7t4/vzF+ey7kvnlqPvGBAAAgH+glbdy/V+fGVz/P1GK42/W/8v1/2fftr8oj5Wo/4d6uOg36kwAAACOo9Z+9Nwrf/xeG3JErdWKzxdXV6+1e9v912d720rTfUwTeSvX/8nMqLMCAAAAqrCzXutb/79UiuOI6/9P//DST+VzJhExFXE1Ijqnl652L1U3nbFWxc+bs4Fao54pAAAAozKVt/L6fzN7/r++/8hDPSJeOxXxZ/4b/jhi/Z+8+9WP5bHKz/+fq3SW46c+27seWT8b0ZgddUYAAAA8ySbzlhb7vzU3Fz76+cT7Lc//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFTtrwAAAP//VDwyJg==")
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000000000000000000004b84ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000e00)='.\x00', 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.effective_cpus\x00', 0x275a, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r1, 0x8004587d, &(0x7f0000000080)={@id={0x2, 0x0, @c}})

20.993389349s ago: executing program 4 (id=295):
syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000300)='./file1\x00', 0x10, &(0x7f0000000680), 0x1, 0x254, &(0x7f00000006c0)="$eJzs3T1oJGUcBvBnZnc9c7fIqY0gfoCIaCCcnWBzNgoHchwiggonojbKRYgJdomVjYXWKqlsgtgZLSVNsFEEq6gpYiNosDBYaLGyOxvJx+qqm+zIze8HszPvzsd/Zneed7bY2Q3QWOeTXEzSSjKbpJOkOLjA3dVwfthcndm8mvR6T/xcDJar2pX99c4lWUnyUJKNssjL7WRp/ZmdX7ceu++txc69H6w/PTPVgxza3dl+fO/9y29+fOnBpS+//vFykYvpHjquk1eMeK5dJLecRrH/iaJd9x7wT1x5/aNv+rm/Nck9g/x3UqZ6895euGGjkwfe+6t13/npq9unua/Ayev1Ov1r4EoPaJwySTdFOZekmi7LubnqM/y3rbPlK/MLr82+NL947YW6eyrgpHST7Uc/PfPJuSP5/6FV5X+oVetOAqein/8nr6x915/ek3JohjuqUT//s88t3x/5h8aRf2iQFw+1SvmH5hqf/1q+ogNMges/NJf8Q3PJP1zHOn8/W/6hueQfmkv+obkO5h8AaJbembrvQAbqUnf/AwAAAAAAAAAAAAAAAAAAHLc6s3l1f5hWzc/fTXYfSdIeVb81+D/i5MbB49lfiv5ifyqq1Sby7F0TbmBCH9Z89/VN30/8Ek7kizvrrJ4sX0tW3khyod0+fv4Vw/Pvv7t5zPzO8xMW+JeKI+2Hn5pu/aN+X6u3/qWt5LN+/3NhVP9T5rbBeHT/0x3/E8tjvfrbhBsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgav4IAAD//7ANbcM=")
openat(0xffffffffffffff9c, &(0x7f0000000440)='./bus\x00', 0x141842, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f0000000240)='./bus\x00', 0x187102, 0x1)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0)
bind$unix(0xffffffffffffffff, &(0x7f0000000400)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
openat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x141042, 0x0)

20.700353772s ago: executing program 4 (id=297):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x2c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8000}, [@IFLA_XDP={0x4}, @IFLA_GROUP={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40}, 0x0)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2e}}, 0x10)
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0xf00)

20.539137924s ago: executing program 4 (id=303):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000750000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000e00000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r0}, 0x10)
pipe2$9p(&(0x7f0000001900)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
r3 = dup(r2)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[], [], 0x6b}})

20.538879804s ago: executing program 33 (id=303):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000750000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000e00000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r0}, 0x10)
pipe2$9p(&(0x7f0000001900)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
r3 = dup(r2)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[], [], 0x6b}})

19.168461882s ago: executing program 1 (id=358):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0)
fcntl$lock(r2, 0x26, 0x0)
fcntl$lock(r2, 0x7, &(0x7f0000000280)={0x1, 0x0, 0x2f, 0x9})
fcntl$lock(r2, 0x7, &(0x7f00000000c0)={0x0, 0x2, 0x7, 0x401})

19.156193862s ago: executing program 1 (id=359):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000080)=0x654a, 0x4)
bind$inet(r0, &(0x7f0000000200)={0x2, 0x400, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000001c000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)

19.024959554s ago: executing program 1 (id=363):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r0, &(0x7f00000077c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f00000004c0)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x207601a}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f400000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005f1f2175000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff00", 0x2000, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20, 0x0, 0x0, {0x0, 0x2}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)

18.954834035s ago: executing program 1 (id=365):
syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000300)='./file1\x00', 0x10, &(0x7f0000000680), 0x1, 0x254, &(0x7f00000006c0)="$eJzs3T1oJGUcBvBnZnc9c7fIqY0gfoCIaCCcnWBzNgoHchwiggonojbKRYgJdomVjYXWKqlsgtgZLSVNsFEEq6gpYiNosDBYaLGyOxvJx+qqm+zIze8HszPvzsd/Zneed7bY2Q3QWOeTXEzSSjKbpJOkOLjA3dVwfthcndm8mvR6T/xcDJar2pX99c4lWUnyUJKNssjL7WRp/ZmdX7ceu++txc69H6w/PTPVgxza3dl+fO/9y29+fOnBpS+//vFykYvpHjquk1eMeK5dJLecRrH/iaJd9x7wT1x5/aNv+rm/Nck9g/x3UqZ6895euGGjkwfe+6t13/npq9unua/Ayev1Ov1r4EoPaJwySTdFOZekmi7LubnqM/y3rbPlK/MLr82+NL947YW6eyrgpHST7Uc/PfPJuSP5/6FV5X+oVetOAqein/8nr6x915/ek3JohjuqUT//s88t3x/5h8aRf2iQFw+1SvmH5hqf/1q+ogNMges/NJf8Q3PJP1zHOn8/W/6hueQfmkv+obkO5h8AaJbembrvQAbqUnf/AwAAAAAAAAAAAAAAAAAAHLc6s3l1f5hWzc/fTXYfSdIeVb81+D/i5MbB49lfiv5ifyqq1Sby7F0TbmBCH9Z89/VN30/8Ek7kizvrrJ4sX0tW3khyod0+fv4Vw/Pvv7t5zPzO8xMW+JeKI+2Hn5pu/aN+X6u3/qWt5LN+/3NhVP9T5rbBeHT/0x3/E8tjvfrbhBsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgav4IAAD//7ANbcM=")
openat(0xffffffffffffff9c, &(0x7f0000000440)='./bus\x00', 0x141842, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f0000000240)='./bus\x00', 0x187102, 0x1)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0)
bind$unix(0xffffffffffffffff, &(0x7f0000000400)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
openat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x141042, 0x0)

18.825624466s ago: executing program 1 (id=366):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000080)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x48}, {0x6, 0x37, 0x0, 0x9}]}, 0x10)
r1 = socket$inet6(0xa, 0x80003, 0x6)
connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0)
sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0x0)

18.730965148s ago: executing program 1 (id=367):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xb, &(0x7f0000000c00)=ANY=[@ANYBLOB="18000000000000000000000023ed0000180100002820702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$tipc(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000a40)="ad4308a803a93ae832cfe6d5ef23337e0f698efa258fa9d3bc1c9df29b8749c5ffd0074397d4b10c19ca158b9169fc747e0ce81800f6ab54701b60db0d358f0341b17544b7edabe88d90fc5a63b52a5eee75baf1278b9c106f3c728d86482d41a1b38f52ef3ad9e716e77953d785625a2279cf4fd6266ccaba213de2e35c65a01968cf04d00a1ca520baf750b816fafde164d33bfafb0fee4aae07b55527d4d61deda8a79a1be0238b8309d25f34019a61f0363bd8bdf6bae02edd9d34b01b8157e510898a6e7d7217224d331981b5c2bb14d88bdc317c7a88eb04c5ef7be4021f8dbbf25c65b82d0f787de0c0b87c2d51c21e948c9c8f8077e0341b04c4ff0c0f3e7a48fae5ca15222bc350f59307d42d0670f91610d4dec94cfbbbe3b383decd29515965a3059d4b2cbed6a77948d374d320ef04b9fd74c87eef26125b3e3418aca9bd8e98db179d57611d0f85528116cae7b18393dd78c7528c45e7a8d64db9adb31bb95564d75ff0dc06fb71fc52ee5c02779cb166d93180cbd74ab3fb7e19b3509381c4e2b6e9cb7953347d0993c3d7445d201aa1e11c8eace70bc364fb0572af4c00f9c53d1a8fa4702a792ff9a83eef082e90a18dadd9dcbbc808b8887be9f1b74d8bd5de8adfbcd46b7ab3df6ea858bff5a1b4b5d5f85a6df2e90f370f67e9b7b9e9e02f7b5cb615a86297b112bd735d61d66e25624c465d5a87bfc7f7ec3daac70d4abc99c7a12cc79a14e9a7618a86a295c0fd5cbd9f716ad49a35b152828c3a16bdd4b649d0bf6a1c80a500cdde4627b13751d91cb67fd9003ba3a91891f240be702f978e4e55354de192406defe3d84917f02e27855d6611d8ffc41f73ea5abd7b0f48ad277b691a27e5b747a7d8aa632920f3fce2788d4437fc23f59f9a4b4dbe7fa3460c5c4047277a8b02cb508a2c1853d14aa78689c4814b44391bfc4acc022e7119e9109d35225271c063d6d89d09347a8c1d2ab958bad1ac3890de420877b875272db3402a63da014a38c8ddb9568f00c7c29f31d11bcd473dac29c91247d570cc491384ece7f19ce3a3e4b2c8d72bde83120c3c7d38b49fbb640d7842f9f9a86b1ea6915b2121b72e281667bec82aeb7665d5dde31c6bceb7eb14f41f08d71faaf1b8f31f96564a8add5fbdb69045bfba0fbf3a4e1ea032bbbf3babe0de46ca56fd7738562e8c65c7ad1e8ecf3fe810cca9521a345af1d1bab6eac8a35e391bf1787bf16ee6050635188afa2f9b455c44690b2fecf9f40f08a10c7caf00744db2d389f2d618abcf44e5a45348c186fe926d1eb87f7b402735c05ae96544b5ab3367b60bdb4598152cea9f8f2844ca81fd5fd0b87383db0024db1d2b3c7469245793199cb5aba92dafaf2c90a9e1a93841ff78663ca97d8d51deba8cc06f3f5b7a1af71d3b65dfa48c9acd436bf364641db455d6e8e8ed644b30a4dd7806f1ba82f33c856c76e1f28ec3939e1ad0a7d38426e7af4ae49c0aa9e575a13d9d520aa84bd15090c28a142777e0b6a9d5ddd07918e3a20257a6be334196489ee60ba275d0b821d1ff315da51921111905409311b457fef71d2679a271752cd98cd9b0b1f871ec2e1e02525b41587f88a0bbf7bb63e34f8ca3975789c252a0b803518f2c03d327af92f9c2ed4ec9beb301da910331ad8a2d79c2c461362662c47859154ce8a26c9a12bcae161899a4005572dd3191cec8e4db0ab78816455c0a388c78a979c8ebe0593b23a7fd8681555d686507cf215dd4b1ce9ecd49fb7a4e2884f0449e40bf8eb6347f59a268e7a51441890200a4bb9e86aa18c088e5994699657d4d2d518bf83b59adc8220841e7ad807ed7adad95403d2319836d069b15d245ce013867121224e5e74371c32ff8cd9d19cc477ca36b5e0ac7c15041f2fe7f46a91a8c9cd089f4f38a6118f45f1fc9c48eb4820d355a869fecc2b391630b13aeacb2b745b22018d554a2b8d833f404784f1687d554089aedba3d7036788860bf66e8735603e6e2ed2235e8800931fdc30c9eec3d224650c5b58229faaa9cfacc31", 0x5a9}], 0x1}, 0x0)
setsockopt$sock_attach_bpf(r1, 0x1, 0x21, &(0x7f0000000540), 0x4)
sendmsg$tipc(r2, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0)
sendmsg$tipc(r1, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0)

18.709042998s ago: executing program 34 (id=367):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xb, &(0x7f0000000c00)=ANY=[@ANYBLOB="18000000000000000000000023ed0000180100002820702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$tipc(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000a40)="ad4308a803a93ae832cfe6d5ef23337e0f698efa258fa9d3bc1c9df29b8749c5ffd0074397d4b10c19ca158b9169fc747e0ce81800f6ab54701b60db0d358f0341b17544b7edabe88d90fc5a63b52a5eee75baf1278b9c106f3c728d86482d41a1b38f52ef3ad9e716e77953d785625a2279cf4fd6266ccaba213de2e35c65a01968cf04d00a1ca520baf750b816fafde164d33bfafb0fee4aae07b55527d4d61deda8a79a1be0238b8309d25f34019a61f0363bd8bdf6bae02edd9d34b01b8157e510898a6e7d7217224d331981b5c2bb14d88bdc317c7a88eb04c5ef7be4021f8dbbf25c65b82d0f787de0c0b87c2d51c21e948c9c8f8077e0341b04c4ff0c0f3e7a48fae5ca15222bc350f59307d42d0670f91610d4dec94cfbbbe3b383decd29515965a3059d4b2cbed6a77948d374d320ef04b9fd74c87eef26125b3e3418aca9bd8e98db179d57611d0f85528116cae7b18393dd78c7528c45e7a8d64db9adb31bb95564d75ff0dc06fb71fc52ee5c02779cb166d93180cbd74ab3fb7e19b3509381c4e2b6e9cb7953347d0993c3d7445d201aa1e11c8eace70bc364fb0572af4c00f9c53d1a8fa4702a792ff9a83eef082e90a18dadd9dcbbc808b8887be9f1b74d8bd5de8adfbcd46b7ab3df6ea858bff5a1b4b5d5f85a6df2e90f370f67e9b7b9e9e02f7b5cb615a86297b112bd735d61d66e25624c465d5a87bfc7f7ec3daac70d4abc99c7a12cc79a14e9a7618a86a295c0fd5cbd9f716ad49a35b152828c3a16bdd4b649d0bf6a1c80a500cdde4627b13751d91cb67fd9003ba3a91891f240be702f978e4e55354de192406defe3d84917f02e27855d6611d8ffc41f73ea5abd7b0f48ad277b691a27e5b747a7d8aa632920f3fce2788d4437fc23f59f9a4b4dbe7fa3460c5c4047277a8b02cb508a2c1853d14aa78689c4814b44391bfc4acc022e7119e9109d35225271c063d6d89d09347a8c1d2ab958bad1ac3890de420877b875272db3402a63da014a38c8ddb9568f00c7c29f31d11bcd473dac29c91247d570cc491384ece7f19ce3a3e4b2c8d72bde83120c3c7d38b49fbb640d7842f9f9a86b1ea6915b2121b72e281667bec82aeb7665d5dde31c6bceb7eb14f41f08d71faaf1b8f31f96564a8add5fbdb69045bfba0fbf3a4e1ea032bbbf3babe0de46ca56fd7738562e8c65c7ad1e8ecf3fe810cca9521a345af1d1bab6eac8a35e391bf1787bf16ee6050635188afa2f9b455c44690b2fecf9f40f08a10c7caf00744db2d389f2d618abcf44e5a45348c186fe926d1eb87f7b402735c05ae96544b5ab3367b60bdb4598152cea9f8f2844ca81fd5fd0b87383db0024db1d2b3c7469245793199cb5aba92dafaf2c90a9e1a93841ff78663ca97d8d51deba8cc06f3f5b7a1af71d3b65dfa48c9acd436bf364641db455d6e8e8ed644b30a4dd7806f1ba82f33c856c76e1f28ec3939e1ad0a7d38426e7af4ae49c0aa9e575a13d9d520aa84bd15090c28a142777e0b6a9d5ddd07918e3a20257a6be334196489ee60ba275d0b821d1ff315da51921111905409311b457fef71d2679a271752cd98cd9b0b1f871ec2e1e02525b41587f88a0bbf7bb63e34f8ca3975789c252a0b803518f2c03d327af92f9c2ed4ec9beb301da910331ad8a2d79c2c461362662c47859154ce8a26c9a12bcae161899a4005572dd3191cec8e4db0ab78816455c0a388c78a979c8ebe0593b23a7fd8681555d686507cf215dd4b1ce9ecd49fb7a4e2884f0449e40bf8eb6347f59a268e7a51441890200a4bb9e86aa18c088e5994699657d4d2d518bf83b59adc8220841e7ad807ed7adad95403d2319836d069b15d245ce013867121224e5e74371c32ff8cd9d19cc477ca36b5e0ac7c15041f2fe7f46a91a8c9cd089f4f38a6118f45f1fc9c48eb4820d355a869fecc2b391630b13aeacb2b745b22018d554a2b8d833f404784f1687d554089aedba3d7036788860bf66e8735603e6e2ed2235e8800931fdc30c9eec3d224650c5b58229faaa9cfacc31", 0x5a9}], 0x1}, 0x0)
setsockopt$sock_attach_bpf(r1, 0x1, 0x21, &(0x7f0000000540), 0x4)
sendmsg$tipc(r2, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0)
sendmsg$tipc(r1, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0)

16.964527191s ago: executing program 2 (id=428):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
listen(r0, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000640)={0x28, 0x0, 0x2710, @local}, 0x10)
recvmmsg(r1, &(0x7f0000002b80)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000002c0)=""/80, 0x50}], 0x1}, 0x5}], 0x1, 0x0, 0x0)
close(0x3)

16.848942642s ago: executing program 2 (id=431):
r0 = socket$inet6(0xa, 0x2, 0x88)
r1 = socket(0x10, 0x803, 0x0)
connect$netlink(r1, &(0x7f0000000080)=@unspec, 0xc)
sendmsg$SMC_PNETID_GET(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@newlink={0x48, 0x10, 0x437, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r2, 0x54593, 0x1}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_ERSPAN_VER={0x5, 0x16, 0x1}, @IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_PMTUDISC={0x5}]}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x1}, 0x4)
sendmmsg$inet(r0, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000240)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @empty, @multicast2}}}], 0x20}}], 0x1, 0x80)

16.803092283s ago: executing program 2 (id=434):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000004cc0)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000380)="a1", 0x1}], 0x1, &(0x7f0000000a40)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32=r2, @ANYBLOB="0000000014"], 0x30, 0x40400d1}}], 0x1, 0x10)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
splice(r2, 0x0, r4, 0x0, 0x400000, 0x100000000000000)

16.788990473s ago: executing program 2 (id=435):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000580)='mountinfo\x00')
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000380)={0x90000008})
ppoll(&(0x7f0000000300)=[{r1, 0x108}], 0x1, &(0x7f00000003c0)={0x0, 0x3938700}, 0x0, 0x0)
mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0)

16.694055344s ago: executing program 2 (id=437):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='workqueue_queue_work\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='workqueue_queue_work\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a00000005000000020000000700000000000000"], 0x48)
close(r2)

16.530540526s ago: executing program 2 (id=439):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x3e, 0x0, 0x0)
mknod(0x0, 0x200, 0x0)
fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffe11)

16.509413267s ago: executing program 35 (id=439):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x3e, 0x0, 0x0)
mknod(0x0, 0x200, 0x0)
fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffe11)

9.622430836s ago: executing program 8 (id=494):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000d7c900000900000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x2, 0x10, 0x9, 0x2, 0xa, 0x0, 0x70bd25, 0x25dfdbfd, [@sadb_x_policy={0x8, 0x12, 0x4, 0x4, 0x0, 0x6e6bbb, 0x3, {0x6, 0x32, 0x4, 0x4, 0x0, 0x3, 0x0, @in6=@rand_addr=' \x01\x00', @in=@multicast2}}]}, 0x50}}, 0x2000c800)

8.232437014s ago: executing program 8 (id=494):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000d7c900000900000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x2, 0x10, 0x9, 0x2, 0xa, 0x0, 0x70bd25, 0x25dfdbfd, [@sadb_x_policy={0x8, 0x12, 0x4, 0x4, 0x0, 0x6e6bbb, 0x3, {0x6, 0x32, 0x4, 0x4, 0x0, 0x3, 0x0, @in6=@rand_addr=' \x01\x00', @in=@multicast2}}]}, 0x50}}, 0x2000c800)

6.832394331s ago: executing program 8 (id=494):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000d7c900000900000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x2, 0x10, 0x9, 0x2, 0xa, 0x0, 0x70bd25, 0x25dfdbfd, [@sadb_x_policy={0x8, 0x12, 0x4, 0x4, 0x0, 0x6e6bbb, 0x3, {0x6, 0x32, 0x4, 0x4, 0x0, 0x3, 0x0, @in6=@rand_addr=' \x01\x00', @in=@multicast2}}]}, 0x50}}, 0x2000c800)

5.322223411s ago: executing program 7 (id=634):
r0 = gettid()
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r1, &(0x7f0000000740), 0x8)
listen(r1, 0x0)
accept4(r1, 0x0, 0x0, 0x80000)
timer_create(0x0, &(0x7f00000005c0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=<r2=>0x0)
timer_settime(r2, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)

5.200427112s ago: executing program 8 (id=494):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000d7c900000900000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x2, 0x10, 0x9, 0x2, 0xa, 0x0, 0x70bd25, 0x25dfdbfd, [@sadb_x_policy={0x8, 0x12, 0x4, 0x4, 0x0, 0x6e6bbb, 0x3, {0x6, 0x32, 0x4, 0x4, 0x0, 0x3, 0x0, @in6=@rand_addr=' \x01\x00', @in=@multicast2}}]}, 0x50}}, 0x2000c800)

4.370192483s ago: executing program 7 (id=641):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000004c0)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x80, 0x1c, {0x6, 0x66b, 0xf412, 0xfff9, 0x9, 0x9, 0x7, 0x800, 0x6, 0x5, 0x8, 0x8}}, &(0x7f00000003c0)={0x20, 0x85, 0x4, 0x3}, &(0x7f0000000400)={0x20, 0x83, 0x2, 0x1}, 0x0, &(0x7f0000000480)={0x20, 0x89, 0x2}})
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)

4.369681653s ago: executing program 6 (id=642):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1})
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r2, 0xffffffffffffffff, 0x0)

4.347446354s ago: executing program 6 (id=643):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f00000003c0)='./file0/../file0\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0)
umount2(&(0x7f0000000480)='./file0\x00', 0x0)

4.326696314s ago: executing program 6 (id=646):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000e5850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @remote})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @random="0106002010ff"})

4.246708815s ago: executing program 6 (id=648):
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000300)='./file0\x00', 0xa00008, &(0x7f0000000100), 0x1, 0x7c8, &(0x7f0000001280)="$eJzs3c9rG1ceAPDvyD/jZNdeWNjNngwLu4YQeZ31JrsQ2JQeSqGBQHtOYmTFpJatYMkhNoYklEIvPbT0UGguOTdtesuhl/64tpf+DT2UhLR1QlN6KC4jjRL5hxw7seQ0/nxgrPdmRnrvO2/mzfPMIAWwZw2nf3IRByN60uRgNj+JbEZ0R5yor/dgeamQTkmsrLz6Q1Jb5/7yUiGa3pPan2X+GhFfvBlxKLe+3MrC4vREqVScy/Kj1ZkLo5WFxcPnZyamilPF2aNj4+NHjv3n2NGdi/WnrxcP3HnnpX9+fOKXN/5y8+0vkzgRB7JlzXHslOEYzrZJT7oJV3lxpwvbZcluV4Ankh6aXfWjPA7GYHRt0pL/72jNAIB2uRwRKwDAHpM4/wPAHtO4DnB/eanQmKJ+P+fK464dHG/3xYkOuPtCRPTX42/c36wv6a7fs/umv3YfdOB+UrtH0pBExNAOlD8cEddunb6RTtGm+5AAG7lyNSLODg2v7f/THm7tMwvb9a8trDPcSHxaf9H/Qed8lo5//rt+/BeRy47//trfteOfvuZj9yms/Yz1x3/u9qpszw4U2iQd/x1verbtQVP8maGuLPeH2pivJzl3vlRM+7Y/RsRI9PSl+bFNyhi59+u9Vsuax38/vvv6h2n56eujNXK3u/tWv2dyojrxNDE3u3s14m/dG8WfPGz/pMX499QWy3j5f2990GpZGn8ab2NaH397rVyP+MeG7f/oOahk0+cTR2u7w2hjp9hg//zk2/cHWpXf3P7XbqUlLRUa/wt0Qtr+A5vHP5Q0P69Z2X4ZX10f/LzVstXxn76Rlr86/o33/97ktVq6N5t3aaJanRuL6E1eWT//yKP3NvKN9dP4R/6+Kv6sBXOb7v/pSmez9MpjHn7svvP9R08ef3ul8U+m7Z9kQTy2/befuPlguqtV+Vtr//FaaiSbs77/6173uVut4FNtPAAAAAAAAAAAAAAAAAAAAAAAAADYolxEHIgkl3+YzuXy+fpveP85BnKlcqV66Fx5fnYyar+VPRQ9ucZXXQ42fR/qWPZ9+I38kTX5f0fEnyLivb59tXy+UC5N7nbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJDZ3+L3/1Pf9e127QCAtunf7QoAAB23rfO/wQIAPBdanNJ7N569r611AQA6o3b+T7p3uxoAQAe5pA8Ae4/zPwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG126uTJdFr5eXmpkOYnLy7MT5cvHp4sVqbzM/OFfKE8dyE/VS5PlYr5Qnmm5Qddqb+UyuUL4zE7f2m0WqxURysLi2dmyvOz1TPnZyamimeKPR2LDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC2rrKwOD1RKhXnJDZPXH4mqnE1a7bd3hrPU+Jstk2flfpsI9EXEe0qormX2Nf5jgkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgd+K3AAAA//+aBB1p")
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x185641, 0x0)
r1 = open(&(0x7f00000003c0)='./bus\x00', 0x84902, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x11, r1, 0x0)
write$FUSE_ATTR(r0, &(0x7f0000000440)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0xffffffffff7ffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6288f669, 0x0, 0xc000}}}, 0x78)
mkdir(&(0x7f0000000000)='./control\x00', 0x0)

4.126719276s ago: executing program 6 (id=650):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a000000050000000200000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, 0x0, &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000340), 0x75, r0}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000818110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r1}, 0x10)
syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0)

3.943804629s ago: executing program 6 (id=651):
connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0xfffe, 0x80000000, @loopback, 0x2010003}, 0x1c)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, &(0x7f0000000340)={&(0x7f00000004c0)=ANY=[@ANYBLOB="020300020a00000000000000000000f103000600000000000200000000000000000000000000000002000100000000000000fb0200000000030005000000000002000000ac1414aa0000000000000000"], 0x50}, 0x1, 0x7}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKINFO_SET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000003000000180001801400020073797a5f74756e0000000000000000000500030000000000050002"], 0x3c}}, 0x0)

3.916251119s ago: executing program 36 (id=651):
connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0xfffe, 0x80000000, @loopback, 0x2010003}, 0x1c)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, &(0x7f0000000340)={&(0x7f00000004c0)=ANY=[@ANYBLOB="020300020a00000000000000000000f103000600000000000200000000000000000000000000000002000100000000000000fb0200000000030005000000000002000000ac1414aa0000000000000000"], 0x50}, 0x1, 0x7}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKINFO_SET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000003000000180001801400020073797a5f74756e0000000000000000000500030000000000050002"], 0x3c}}, 0x0)

3.242008258s ago: executing program 8 (id=494):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000d7c900000900000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x2, 0x10, 0x9, 0x2, 0xa, 0x0, 0x70bd25, 0x25dfdbfd, [@sadb_x_policy={0x8, 0x12, 0x4, 0x4, 0x0, 0x6e6bbb, 0x3, {0x6, 0x32, 0x4, 0x4, 0x0, 0x3, 0x0, @in6=@rand_addr=' \x01\x00', @in=@multicast2}}]}, 0x50}}, 0x2000c800)

2.26203024s ago: executing program 9 (id=653):
r0 = gettid()
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r1, &(0x7f0000000740), 0x8)
listen(r1, 0x0)
accept4(r1, 0x0, 0x0, 0x80000)
timer_create(0x0, &(0x7f00000005c0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=<r2=>0x0)
timer_settime(r2, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)

2.146775592s ago: executing program 5 (id=659):
r0 = creat(&(0x7f0000000340)='./file0\x00', 0x0)
close(r0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000002480)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
r2 = getpid()
r3 = syz_pidfd_open(r2, 0x0)
mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}})

1.660781168s ago: executing program 8 (id=494):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000d7c900000900000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x2, 0x10, 0x9, 0x2, 0xa, 0x0, 0x70bd25, 0x25dfdbfd, [@sadb_x_policy={0x8, 0x12, 0x4, 0x4, 0x0, 0x6e6bbb, 0x3, {0x6, 0x32, 0x4, 0x4, 0x0, 0x3, 0x0, @in6=@rand_addr=' \x01\x00', @in=@multicast2}}]}, 0x50}}, 0x2000c800)

638.151051ms ago: executing program 7 (id=668):
mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x4, 0x6031, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10)
mremap(&(0x7f0000ceb000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x2)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r1, 0x0)

637.909442ms ago: executing program 5 (id=669):
r0 = socket$netlink(0x10, 0x3, 0xa)
r1 = dup(r0)
r2 = open(&(0x7f0000000140)='./file1\x00', 0x109cc2, 0x40)
ftruncate(r2, 0x200004)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xb, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000400180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r3}, 0x10)
sendfile(r1, r2, 0x0, 0x80001d00c0d1)

637.621222ms ago: executing program 9 (id=670):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000200), &(0x7f00000005c0)=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000002c0)='mm_page_alloc\x00', r2}, 0x10)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)

550.560123ms ago: executing program 9 (id=674):
socket(0x11, 0x3, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'bridge_slave_1\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_add_memb(r3, 0x107, 0x1, &(0x7f0000000000)={r1, 0x1, 0x6}, 0x10)
sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=@getchain={0x24, 0x11, 0x839, 0x70bd27, 0x0, {0x0, 0x0, 0x0, r1}}, 0x24}}, 0x0)

479.091523ms ago: executing program 0 (id=675):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000500000002"], 0x50)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0700000000000000000005000000180001801400020073797a5f74756e0000000000000000000800038004000380080005"], 0x3c}}, 0x0)

446.606224ms ago: executing program 0 (id=676):
r0 = socket(0x11, 0x800000003, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="280000001c00070d000000000000020007000000", @ANYRES32=r1, @ANYBLOB="800087000a00020001"], 0x28}}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)

401.755425ms ago: executing program 0 (id=677):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6)
bind$bt_hci(r1, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6)

401.449674ms ago: executing program 5 (id=678):
mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80000)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b00000800395032303030"], 0x15)
r2 = dup(r1)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

359.852565ms ago: executing program 0 (id=679):
r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], 0x0, 0x2, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r2, 0x400448e4, 0x0)
bind$bt_hci(r2, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)

359.300525ms ago: executing program 7 (id=680):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000180)={'batadv_slave_0\x00', <r2=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4)
bind$xdp(r0, &(0x7f0000000100)={0x2c, 0x0, r2}, 0x10)

354.190895ms ago: executing program 9 (id=681):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r0}, &(0x7f0000000000), &(0x7f00000005c0)=r1}, 0x20)
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0)
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0)

283.526006ms ago: executing program 9 (id=682):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000280)='netlink_extack\x00', r0}, 0x10)
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000400000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r1, 0x3, 0x25, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8, 0x1, r1}]}, @IFLA_GROUP={0x8}]}, 0x34}}, 0x0)

260.319506ms ago: executing program 0 (id=683):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]})
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r1}, 0x10)
r2 = syz_clone3(&(0x7f0000001880)={0x100000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
tgkill(r2, r2, 0x21)

221.959597ms ago: executing program 7 (id=684):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0}, 0x0, &(0x7f0000000040)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10)
creat(&(0x7f00000001c0)='./file0\x00', 0x16c)
stat(&(0x7f0000000940)='./file0\x00', &(0x7f0000002b80))

172.744918ms ago: executing program 7 (id=685):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x6)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000140)="66baf80cb8044fdc87efed660f388059e0b805000000b91e4200000f01c10f20c035000000200f22c0f20fa20f01cb36263e660f381efc660f7c150c000000b805000000b9210000000f01c1c4e17929d8", 0x51}], 0x1, 0x11, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x1ff, @dev={0xfe, 0x80, '\x00', 0x2c}, 0xb}, 0x1c)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0xd, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

138.699778ms ago: executing program 5 (id=686):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0}, 0x0, &(0x7f0000000040)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000040)='fib6_table_lookup\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000880)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1ff8d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002706870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a83984e68a6d80a5f5222ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a2d0e0007000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1f6428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e1700000000000000000a034000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1ebbb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa5210b16eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0xe2c, 0x60000000, &(0x7f0000000100)="b9ff03076844268cb89e14f086dd47e0ffff00122c00631177fbac141416e000030a44079f034d2f87e589ca6aab845013f2325f1a3911050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000, 0x0, 0x7000002}, 0x2c)

101.422238ms ago: executing program 9 (id=687):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x1d64, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000002000000000000000000018190000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='workqueue_activate_work\x00', r1}, 0x10)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r2, 0x1, 0x1d, &(0x7f00000001c0), 0x4)

50.026989ms ago: executing program 5 (id=688):
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
syz_mount_image$fuse(0x0, &(0x7f0000000080)='./file0\x00', 0x45050, 0x0, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000001dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
rename(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000200)='./file0\x00')

31.065119ms ago: executing program 0 (id=689):
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
fallocate(r0, 0x0, 0x1000, 0x1001f0)

0s ago: executing program 5 (id=690):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.112' (ED25519) to the list of known hosts.
[   20.203192][   T30] audit: type=1400 audit(1746176473.028:80): avc:  denied  { integrity } for  pid=266 comm="syz-executor" lockdown_reason="debugfs access" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=lockdown permissive=1
[   20.227224][   T30] audit: type=1400 audit(1746176473.048:81): avc:  denied  { mounton } for  pid=266 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   20.228542][  T266] cgroup: Unknown subsys name 'net'
[   20.249870][   T30] audit: type=1400 audit(1746176473.048:82): avc:  denied  { mount } for  pid=266 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   20.277403][  T266] cgroup: Unknown subsys name 'devices'
[   20.277439][   T30] audit: type=1400 audit(1746176473.088:83): avc:  denied  { unmount } for  pid=266 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   20.303214][   T30] audit: type=1400 audit(1746176473.088:84): avc:  denied  { read } for  pid=83 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[   20.472677][  T266] cgroup: Unknown subsys name 'hugetlb'
[   20.478316][  T266] cgroup: Unknown subsys name 'rlimit'
[   20.618464][   T30] audit: type=1400 audit(1746176473.438:85): avc:  denied  { setattr } for  pid=266 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   20.641756][   T30] audit: type=1400 audit(1746176473.438:86): avc:  denied  { mounton } for  pid=266 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   20.648693][  T268] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   20.666828][   T30] audit: type=1400 audit(1746176473.438:87): avc:  denied  { mount } for  pid=266 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[   20.698370][   T30] audit: type=1400 audit(1746176473.508:88): avc:  denied  { relabelto } for  pid=268 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   20.723945][   T30] audit: type=1400 audit(1746176473.508:89): avc:  denied  { write } for  pid=268 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   20.760082][  T266] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   21.236079][  T274] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.243396][  T274] bridge0: port 1(bridge_slave_0) entered disabled state
[   21.251179][  T274] device bridge_slave_0 entered promiscuous mode
[   21.259208][  T274] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.266520][  T274] bridge0: port 2(bridge_slave_1) entered disabled state
[   21.273957][  T274] device bridge_slave_1 entered promiscuous mode
[   21.359391][  T275] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.366470][  T275] bridge0: port 1(bridge_slave_0) entered disabled state
[   21.374538][  T275] device bridge_slave_0 entered promiscuous mode
[   21.393158][  T275] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.400349][  T275] bridge0: port 2(bridge_slave_1) entered disabled state
[   21.407801][  T275] device bridge_slave_1 entered promiscuous mode
[   21.438798][  T276] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.445892][  T276] bridge0: port 1(bridge_slave_0) entered disabled state
[   21.453415][  T276] device bridge_slave_0 entered promiscuous mode
[   21.460076][  T277] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.467576][  T277] bridge0: port 1(bridge_slave_0) entered disabled state
[   21.475478][  T277] device bridge_slave_0 entered promiscuous mode
[   21.482599][  T277] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.489657][  T277] bridge0: port 2(bridge_slave_1) entered disabled state
[   21.497600][  T277] device bridge_slave_1 entered promiscuous mode
[   21.511389][  T276] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.518784][  T276] bridge0: port 2(bridge_slave_1) entered disabled state
[   21.526500][  T276] device bridge_slave_1 entered promiscuous mode
[   21.616233][  T279] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.623321][  T279] bridge0: port 1(bridge_slave_0) entered disabled state
[   21.630872][  T279] device bridge_slave_0 entered promiscuous mode
[   21.637815][  T279] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.644916][  T279] bridge0: port 2(bridge_slave_1) entered disabled state
[   21.652342][  T279] device bridge_slave_1 entered promiscuous mode
[   21.722550][  T274] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.729596][  T274] bridge0: port 2(bridge_slave_1) entered forwarding state
[   21.736990][  T274] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.744036][  T274] bridge0: port 1(bridge_slave_0) entered forwarding state
[   21.807766][  T275] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.814829][  T275] bridge0: port 2(bridge_slave_1) entered forwarding state
[   21.822138][  T275] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.829165][  T275] bridge0: port 1(bridge_slave_0) entered forwarding state
[   21.844687][  T277] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.851779][  T277] bridge0: port 2(bridge_slave_1) entered forwarding state
[   21.859046][  T277] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.866101][  T277] bridge0: port 1(bridge_slave_0) entered forwarding state
[   21.899604][  T276] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.906765][  T276] bridge0: port 2(bridge_slave_1) entered forwarding state
[   21.914171][  T276] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.921226][  T276] bridge0: port 1(bridge_slave_0) entered forwarding state
[   21.937034][  T279] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.944156][  T279] bridge0: port 2(bridge_slave_1) entered forwarding state
[   21.951661][  T279] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.958681][  T279] bridge0: port 1(bridge_slave_0) entered forwarding state
[   21.968550][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[   21.976498][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[   21.983789][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[   21.991380][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[   21.998706][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.006019][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.013379][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[   22.020700][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[   22.027967][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.035226][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[   22.042994][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   22.050559][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   22.080776][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   22.088605][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   22.097303][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.104440][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   22.111878][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   22.120032][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.127087][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   22.138433][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   22.147278][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.154427][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   22.185789][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   22.194155][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   22.205526][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   22.214355][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.221418][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   22.229383][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   22.237935][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.245016][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   22.252605][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   22.260846][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   22.268971][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.276029][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   22.283483][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   22.291682][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   22.299739][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   22.308531][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   22.316754][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.323965][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   22.339923][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   22.347663][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   22.355147][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   22.363781][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   22.372235][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.379304][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   22.386831][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   22.394886][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   22.422078][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   22.430677][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   22.438877][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.445958][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   22.453978][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   22.462578][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   22.470954][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.477990][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   22.485523][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   22.493891][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   22.501918][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   22.509956][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   22.517972][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   22.526721][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   22.534879][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   22.542996][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   22.551111][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   22.559536][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   22.574135][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   22.582314][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   22.590487][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   22.598894][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   22.607711][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   22.615459][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   22.628673][  T274] device veth0_vlan entered promiscuous mode
[   22.636703][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   22.644816][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   22.657661][  T277] device veth0_vlan entered promiscuous mode
[   22.669377][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   22.677573][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   22.685303][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   22.693165][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   22.701870][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   22.719626][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   22.728077][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   22.736359][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   22.744693][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   22.755679][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   22.766307][  T275] device veth0_vlan entered promiscuous mode
[   22.777699][  T276] device veth0_vlan entered promiscuous mode
[   22.785166][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   22.794234][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   22.801805][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   22.809464][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   22.817730][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   22.826029][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   22.833588][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   22.841603][  T274] device veth1_macvtap entered promiscuous mode
[   22.855547][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   22.863357][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   22.871919][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   22.886454][  T279] device veth0_vlan entered promiscuous mode
[   22.894318][  T275] device veth1_macvtap entered promiscuous mode
[   22.901502][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   22.909846][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   22.918423][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   22.926896][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   22.935207][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   22.942826][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   22.953977][  T277] device veth1_macvtap entered promiscuous mode
[   22.964274][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   22.974928][  T276] device veth1_macvtap entered promiscuous mode
[   22.991922][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   23.000799][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   23.000908][  T274] request_module fs-gadgetfs succeeded, but still no fs?
[   23.024232][  T279] device veth1_macvtap entered promiscuous mode
[   23.037798][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   23.046468][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   23.055003][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   23.064130][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   23.072989][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   23.082004][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   23.090628][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   23.099024][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   23.107877][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   23.116664][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   23.125380][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   23.152478][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   23.166151][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   23.182827][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   23.191918][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   23.491645][  T325] sit: Dst spoofed 0.0.0.0/2002::bfd8:a5dd -> 224.0.0.1/2002:c021:42c4:3911:0:5efe:253.127.26.154
[   23.530214][  T331] syz.2.12[331] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   23.530307][  T331] syz.2.12[331] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   23.545609][  T329] device veth1_macvtap left promiscuous mode
[   23.559304][  T333] loop3: detected capacity change from 0 to 128
[   23.577587][  T329] device macsec0 entered promiscuous mode
[   23.611358][  T333] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   23.786162][  T357] tmpfs: Unknown parameter 'mp'
[   23.787968][  T359] netlink: 10 bytes leftover after parsing attributes in process `syz.2.27'.
[   23.870166][   T60] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   23.939475][  T375] loop3: detected capacity change from 0 to 8192
[   24.004748][  T375] process 'syz.3.34' launched './file1' with NULL argv: empty string added
[   24.123831][  T392] loop2: detected capacity change from 0 to 512
[   24.181792][  T274] syz-executor (274) used greatest stack depth: 20960 bytes left
[   24.190997][  T392] EXT4-fs (loop2): failed to open journal device unknown-block(0,0) -6
[   24.240329][   T60] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   24.247032][  T392] loop2: detected capacity change from 0 to 1024
[   24.263268][   T60] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   24.270569][  T392] =======================================================
[   24.270569][  T392] WARNING: The mand mount option has been deprecated and
[   24.270569][  T392]          and is ignored by this kernel. Remove the mand
[   24.270569][  T392]          option from the mount to silence this warning.
[   24.270569][  T392] =======================================================
[   24.286145][   T60] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[   24.336709][   T60] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   24.347707][   T60] usb 2-1: config 0 descriptor??
[   24.375995][  T392] EXT4-fs error (device loop2): ext4_ext_check_inode:501: inode #11: comm syz.2.41: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[   24.400586][  T392] EXT4-fs error (device loop2): ext4_orphan_get:1406: comm syz.2.41: couldn't read orphan inode 11 (err -117)
[   24.412995][  T392] EXT4-fs (loop2): mounted filesystem without journal. Opts: mb_optimize_scan=0x0000000000000001,nodiscard,nodelalloc,usrquota,nolazytime,noblock_validity,block_validity,barrier,,errors=continue. Quota mode: writeback.
[   24.435008][  T405] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.446816][  T405] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.455367][  T405] device bridge_slave_0 entered promiscuous mode
[   24.465782][  T392] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:476: comm syz.2.41: Invalid block bitmap block 0 in block_group 0
[   24.480803][  T392] EXT4-fs error (device loop2): ext4_acquire_dquot:6195: comm syz.2.41: Failed to acquire dquot type 0
[   24.485832][  T405] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.504224][  T405] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.512436][  T405] device bridge_slave_1 entered promiscuous mode
[   24.602347][  T405] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.609425][  T405] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.616741][  T405] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.623813][  T405] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.685397][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   24.700834][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.718163][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.730553][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   24.748310][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.755521][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.785337][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   24.819246][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.821701][   T60] cp2112 0003:10C4:EA90.0001: unknown main item tag 0x0
[   24.826494][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.851361][   T60] cp2112 0003:10C4:EA90.0001: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.1-1/input0
[   24.891585][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   24.905658][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   24.908145][  T422] loop2: detected capacity change from 0 to 40427
[   24.922250][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   24.931417][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   24.939626][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   24.953658][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   24.961329][  T422] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[   24.969070][  T422] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[   24.976733][  T405] device veth0_vlan entered promiscuous mode
[   25.003378][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   25.011619][  T422] F2FS-fs (loop2): invalid crc value
[   25.013922][  T405] device veth1_macvtap entered promiscuous mode
[   25.028256][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   25.030298][   T60] cp2112 0003:10C4:EA90.0001: Part Number: 0x82 Device Version: 0xFE
[   25.046011][  T422] F2FS-fs (loop2): Found nat_bits in checkpoint
[   25.059500][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   25.101025][  T301] device bridge_slave_1 left promiscuous mode
[   25.107303][  T301] bridge0: port 2(bridge_slave_1) entered disabled state
[   25.135448][  T422] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[   25.136320][  T301] device bridge_slave_0 left promiscuous mode
[   25.145272][  T422] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   25.150339][  T452] loop5: detected capacity change from 0 to 1024
[   25.163009][  T301] bridge0: port 1(bridge_slave_0) entered disabled state
[   25.177201][  T440] loop4: detected capacity change from 0 to 40427
[   25.188980][  T301] device veth1_macvtap left promiscuous mode
[   25.195219][  T301] device veth0_vlan left promiscuous mode
[   25.211543][   T30] kauditd_printk_skb: 99 callbacks suppressed
[   25.211558][   T30] audit: type=1326 audit(1746176478.104:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=421 comm="syz.2.53" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f7a428969 code=0x7ffc0000
[   25.232135][  T452] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:476: comm syz.5.63: Invalid block bitmap block 0 in block_group 0
[   25.245888][  T440] F2FS-fs (loop4): Found nat_bits in checkpoint
[   25.262002][   T30] audit: type=1326 audit(1746176478.104:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=421 comm="syz.2.53" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f7a428969 code=0x7ffc0000
[   25.287315][  T452] Quota error (device loop5): write_blk: dquota write failed
[   25.296612][   T30] audit: type=1326 audit(1746176478.144:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=421 comm="syz.2.53" exe="/root/syz-executor" sig=0 arch=c000003e syscall=166 compat=0 ip=0x7f5f7a428969 code=0x7ffc0000
[   25.320439][  T452] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota
[   25.330708][  T452] EXT4-fs error (device loop5): ext4_acquire_dquot:6195: comm syz.5.63: Failed to acquire dquot type 0
[   25.342624][  T452] EXT4-fs error (device loop5): ext4_free_blocks:6223: comm syz.5.63: Freeing blocks not in datazone - block = 0, count = 4096
[   25.356143][   T30] audit: type=1326 audit(1746176478.154:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=421 comm="syz.2.53" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f7a428969 code=0x7ffc0000
[   25.356267][  T452] EXT4-fs error (device loop5): ext4_read_inode_bitmap:140: comm syz.5.63: Invalid inode bitmap blk 0 in block_group 0
[   25.392647][   T45] Quota error (device loop5): remove_tree: Getting block too big (0 >= 9)
[   25.401661][  T452] EXT4-fs error (device loop5) in ext4_free_inode:362: Corrupt filesystem
[   25.412897][  T440] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   25.429387][   T45] EXT4-fs error (device loop5): ext4_release_dquot:6218: comm kworker/u4:2: Failed to release dquot type 0
[   25.443503][   T30] audit: type=1326 audit(1746176478.154:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=421 comm="syz.2.53" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f7a428969 code=0x7ffc0000
[   25.466885][  T452] EXT4-fs (loop5): 1 orphan inode deleted
[   25.477318][   T30] audit: type=1400 audit(1746176478.364:192): avc:  denied  { create } for  pid=439 comm="syz.4.61" name="memory.events.local" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   25.498567][  T452] EXT4-fs (loop5): mounted filesystem without journal. Opts: €�; ,errors=continue. Quota mode: writeback.
[   25.537599][   T30] audit: type=1400 audit(1746176478.404:193): avc:  denied  { read append open } for  pid=439 comm="syz.4.61" path="/12/file0/memory.events.local" dev="loop4" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   25.626600][  T440] attempt to access beyond end of device
[   25.626600][  T440] loop4: rw=2049, want=79872, limit=40427
[   25.645214][  T440] attempt to access beyond end of device
[   25.645214][  T440] loop4: rw=2049, want=81920, limit=40427
[   25.694005][  T440] attempt to access beyond end of device
[   25.694005][  T440] loop4: rw=2049, want=51200, limit=40427
[   25.771788][  T440] attempt to access beyond end of device
[   25.771788][  T440] loop4: rw=2049, want=53248, limit=40427
[   25.838779][  T475] loop0: detected capacity change from 0 to 2048
[   25.848310][  T459] attempt to access beyond end of device
[   25.848310][  T459] loop4: rw=524288, want=79872, limit=40427
[   25.877559][  T440] attempt to access beyond end of device
[   25.877559][  T440] loop4: rw=2049, want=61384, limit=40427
[   25.902157][  T475] EXT4-fs (loop0): mounted filesystem without journal. Opts: init_itable=0x0000000000000002,,errors=continue. Quota mode: none.
[   25.941172][  T277] attempt to access beyond end of device
[   25.941172][  T277] loop4: rw=2049, want=45104, limit=40427
[   25.974987][   T60] usb 2-1: USB disconnect, device number 2
[   26.140232][    T6] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   26.170140][  T438] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[   26.252170][  T495] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   26.333892][  T500] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   26.341175][  T500] IPv6: NLM_F_CREATE should be set when creating new route
[   26.365968][  T502] loop4: detected capacity change from 0 to 512
[   26.390323][    T6] usb 3-1: Using ep0 maxpacket: 16
[   26.410475][  T438] usb 6-1: Using ep0 maxpacket: 16
[   26.460700][  T502] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   26.483603][  T502] EXT4-fs error (device loop4): ext4_do_update_inode:5205: inode #16: comm syz.4.82: corrupted inode contents
[   26.500758][  T502] EXT4-fs error (device loop4): ext4_dirty_inode:6041: inode #16: comm syz.4.82: mark_inode_dirty error
[   26.512581][  T502] EXT4-fs error (device loop4): ext4_do_update_inode:5205: inode #16: comm syz.4.82: corrupted inode contents
[   26.525096][  T502] EXT4-fs error (device loop4): __ext4_ext_dirty:183: inode #16: comm syz.4.82: mark_inode_dirty error
[   26.536463][  T438] usb 6-1: config 1 has an invalid descriptor of length 97, skipping remainder of the config
[   26.536655][  T502] EXT4-fs error (device loop4): ext4_do_update_inode:5205: inode #16: comm syz.4.82: corrupted inode contents
[   26.546933][  T438] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[   26.560035][  T502] EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem
[   26.576711][  T502] EXT4-fs error (device loop4): ext4_do_update_inode:5205: inode #16: comm syz.4.82: corrupted inode contents
[   26.593529][  T502] EXT4-fs error (device loop4): ext4_truncate:4303: inode #16: comm syz.4.82: mark_inode_dirty error
[   26.606692][  T502] EXT4-fs error (device loop4) in ext4_process_orphan:347: Corrupt filesystem
[   26.616323][  T502] EXT4-fs (loop4): 1 truncate cleaned up
[   26.622295][  T502] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[   26.633804][  T502] ext4 filesystem being mounted at /19/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   26.670257][    T6] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[   26.679336][    T6] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   26.688879][    T6] usb 3-1: Product: syz
[   26.693331][    T6] usb 3-1: Manufacturer: syz
[   26.698148][    T6] usb 3-1: SerialNumber: syz
[   26.706136][    T6] r8152-cfgselector 3-1: config 0 descriptor??
[   26.740200][  T438] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   26.749620][  T438] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   26.758518][  T438] usb 6-1: Product: syz
[   26.768945][  T438] usb 6-1: Manufacturer: syz
[   26.773861][  T438] usb 6-1: SerialNumber: syz
[   26.775909][  T517] 9pnet: p9_errstr2errno: server reported unknown error õ1 g
[   26.968277][  T539] loop0: detected capacity change from 0 to 512
[   26.988942][  T539] EXT4-fs (loop0): Ignoring removed orlov option
[   26.998983][  T542] xt_hashlimit: size too large, truncated to 1048576
[   27.007941][  T539] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodelalloc,orlov,auto_da_alloc,,errors=continue. Quota mode: writeback.
[   27.021965][  T539] ext4 filesystem being mounted at /25/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   27.037641][  T545] binder: 538:545 ioctl c0306201 200000000480 returned -14
[   27.080491][  T438] usb 6-1: 0:2 : does not exist
[   27.124447][  T438] usb 6-1: USB disconnect, device number 2
[   27.180311][    T6] r8152-cfgselector 3-1: Unknown version 0x0000
[   27.186664][    T6] r8152-cfgselector 3-1: bad CDC descriptors
[   27.220229][    T6] r8152-cfgselector 3-1: Unknown version 0x0000
[   27.241738][    T6] r8152-cfgselector 3-1: USB disconnect, device number 2
[   27.462170][  T582] loop0: detected capacity change from 0 to 512
[   27.552548][  T582] EXT4-fs (loop0): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000004739,inode_readahead_blks=0x0000000000000800,norecovery,,errors=continue. Quota mode: writeback.
[   27.573189][  T582] ext4 filesystem being mounted at /38/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   27.899719][  T628] loop1: detected capacity change from 0 to 512
[   27.931534][  T634] SELinux: security_context_str_to_sid(u) failed for (dev ?, type ?) errno=-22
[   27.941125][  T634] SELinux: security_context_str_to_sid(u) failed for (dev incremental-fs, type incremental-fs) errno=-22
[   27.957247][  T628] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[   27.968663][  T628] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2219: inode #15: comm syz.1.133: corrupted in-inode xattr
[   27.981088][  T628] EXT4-fs (loop1): Remounting filesystem read-only
[   27.987741][  T628] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.133: couldn't read orphan inode 15 (err -117)
[   28.000365][  T628] EXT4-fs (loop1): Remounting filesystem read-only
[   28.007016][  T628] EXT4-fs (loop1): mounted filesystem without journal. Opts: prjquota,noload,errors=remount-ro,resgid=0x000000000000ee00,min_batch_time=0x0000000000000005,usrjquota=,nombcache,noquota,grpquota,norecovery,. Quota mode: writeback.
[   28.090143][   T60] usb 3-1: new full-speed USB device number 3 using dummy_hcd
[   28.364298][  T660] netlink: 8 bytes leftover after parsing attributes in process `syz.0.148'.
[   28.464399][  T668] device syzkaller0 entered promiscuous mode
[   28.470243][   T60] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 40213, setting to 64
[   28.483621][  T668] PF_CAN: dropped non conform CAN skbuff: dev type 65534, len 65487
[   28.560243][   T60] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[   28.569783][   T60] usb 3-1: New USB device strings: Mfr=145, Product=0, SerialNumber=0
[   28.578567][   T60] usb 3-1: Manufacturer: syz
[   28.586516][   T60] usb 3-1: config 0 descriptor??
[   28.593718][  T674] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[   28.610221][  T618] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[   28.640666][   T60] hub 3-1:0.0: USB hub found
[   30.220549][   T30] kauditd_printk_skb: 917 callbacks suppressed
[   30.220565][   T30] audit: type=1326 audit(1746176483.114:1111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=687 comm="syz.5.162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f661d49db39 code=0x7ffc0000
[   30.400190][   T30] audit: type=1326 audit(1746176483.144:1112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=687 comm="syz.5.162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f661d49db39 code=0x7ffc0000
[   30.460234][   T30] audit: type=1326 audit(1746176483.144:1113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=687 comm="syz.5.162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f661d49db39 code=0x7ffc0000
[   30.506837][   T30] audit: type=1326 audit(1746176483.144:1114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=687 comm="syz.5.162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f661d49db39 code=0x7ffc0000
[   30.531673][   T30] audit: type=1326 audit(1746176483.144:1115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=687 comm="syz.5.162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f661d49db39 code=0x7ffc0000
[   30.555228][   T30] audit: type=1326 audit(1746176483.144:1116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=687 comm="syz.5.162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f661d49db39 code=0x7ffc0000
[   30.585670][   T30] audit: type=1326 audit(1746176483.144:1117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=687 comm="syz.5.162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f661d49db39 code=0x7ffc0000
[   30.621392][  T702] loop1: detected capacity change from 0 to 512
[   30.660356][   T30] audit: type=1326 audit(1746176483.144:1118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=687 comm="syz.5.162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f661d49db39 code=0x7ffc0000
[   30.698934][   T30] audit: type=1326 audit(1746176483.144:1119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=687 comm="syz.5.162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f661d49db39 code=0x7ffc0000
[   30.733714][   T30] audit: type=1326 audit(1746176483.144:1120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=687 comm="syz.5.162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f661d49db39 code=0x7ffc0000
[   30.761107][  T688] loop5: detected capacity change from 0 to 512
[   30.770772][  T702] EXT4-fs error (device loop1): ext4_acquire_dquot:6195: comm syz.1.168: Failed to acquire dquot type 1
[   30.787497][  T702] EXT4-fs (loop1): 1 truncate cleaned up
[   30.795986][  T702] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[   30.812807][  T702] ext4 filesystem being mounted at /16/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   30.854628][  T688] EXT4-fs (loop5): Ignoring removed mblk_io_submit option
[   30.866342][  T688] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: comm syz.5.162: inode #1: comm syz.5.162: iget: illegal inode #
[   30.879595][  T688] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz.5.162: error while reading EA inode 1 err=-117
[   30.892166][  T688] EXT4-fs warning (device loop5): ext4_expand_extra_isize_ea:2816: Unable to expand inode 15. Delete some EAs or run e2fsck.
[   30.919724][  T688] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: comm syz.5.162: inode #1: comm syz.5.162: iget: illegal inode #
[   30.939027][  T688] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz.5.162: error while reading EA inode 1 err=-117
[   30.954458][  T688] EXT4-fs (loop5): 1 orphan inode deleted
[   30.961021][  T688] EXT4-fs (loop5): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000005c,min_batch_time=0x00000000000001da,max_batch_time=0x0000000000000002,bsdgroups,mblk_io_submit,,errors=continue. Quota mode: none.
[   31.021229][  T735] netlink: 96 bytes leftover after parsing attributes in process `syz.0.180'.
[   31.407381][  T744] loop1: detected capacity change from 0 to 40427
[   31.445856][  T744] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[   31.460188][  T744] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[   31.478173][  T744] F2FS-fs (loop1): invalid crc value
[   31.511099][  T744] F2FS-fs (loop1): Found nat_bits in checkpoint
[   31.596614][  T744] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[   31.605956][  T744] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   31.732567][  T784] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[   31.940557][   T60] hub 3-1:0.0: config failed, can't read hub descriptor (err -22)
[   32.060405][   T60] usbhid 3-1:0.0: can't add hid device: -71
[   32.073012][   T60] usbhid: probe of 3-1:0.0 failed with error -71
[   32.120545][   T60] usb 3-1: USB disconnect, device number 3
[   32.201001][  T821] netlink: 96 bytes leftover after parsing attributes in process `syz.2.217'.
[   32.302576][  T744] F2FS-fs (loop1): Start checkpoint disabled!
[   32.303727][  T827] attempt to access beyond end of device
[   32.303727][  T827] loop1: rw=10241, want=45104, limit=40427
[   32.360992][  T827] attempt to access beyond end of device
[   32.360992][  T827] loop1: rw=2049, want=45104, limit=40427
[   32.398823][  T827] syz.1.184 (827) used greatest stack depth: 20032 bytes left
[   32.450389][  T299] usb 6-1: new full-speed USB device number 3 using dummy_hcd
[   32.614404][  T844] loop4: detected capacity change from 0 to 1024
[   32.710834][  T844] EXT4-fs (loop4): Mount option "delalloc" incompatible with ext3
[   32.741972][  T848] SELinux: failed to load policy
[   32.840274][  T299] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 40213, setting to 64
[   32.940303][  T299] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[   32.956831][  T299] usb 6-1: New USB device strings: Mfr=145, Product=0, SerialNumber=0
[   32.966418][  T299] usb 6-1: Manufacturer: syz
[   32.979198][  T299] usb 6-1: config 0 descriptor??
[   33.000475][  T817] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[   33.020747][  T299] hub 6-1:0.0: USB hub found
[   33.038821][  T868] overlayfs: unrecognized mount option "\" or missing value
[   33.240755][  T299] hub 6-1:0.0: 1 port detected
[   33.294251][  T872] loop2: detected capacity change from 0 to 40427
[   33.317339][  T872] F2FS-fs (loop2): invalid crc value
[   33.329817][  T872] F2FS-fs (loop2): Found nat_bits in checkpoint
[   33.372888][  T872] F2FS-fs (loop2): Start checkpoint disabled!
[   33.380149][  T872] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[   33.432552][  T872] attempt to access beyond end of device
[   33.432552][  T872] loop2: rw=2049, want=45104, limit=40427
[   33.445457][  T872] attempt to access beyond end of device
[   33.445457][  T872] loop2: rw=2049, want=45104, limit=40427
[   33.485252][  T434] attempt to access beyond end of device
[   33.485252][  T434] loop2: rw=2049, want=40976, limit=40427
[   33.671231][  T299] usb 6-1: USB disconnect, device number 3
[   33.758322][  T889] loop1: detected capacity change from 0 to 40427
[   33.814318][  T889] F2FS-fs (loop1): fault_injection options not supported
[   33.830046][  T889] F2FS-fs (loop1): invalid crc value
[   33.841072][  T889] F2FS-fs (loop1): Found nat_bits in checkpoint
[   33.882612][  T889] F2FS-fs (loop1): Start checkpoint disabled!
[   33.889455][  T889] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[   33.921899][   T45] attempt to access beyond end of device
[   33.921899][   T45] loop1: rw=2049, want=40976, limit=40427
[   34.082703][  T918] overlayfs: unrecognized mount option "\" or missing value
[   34.194857][  T926] loop5: detected capacity change from 0 to 256
[   34.327494][  T924] loop1: detected capacity change from 0 to 40427
[   34.415248][  T924] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[   34.430350][  T924] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[   34.500176][  T924] F2FS-fs (loop1): Found nat_bits in checkpoint
[   34.512025][  T938] loop4: detected capacity change from 0 to 256
[   34.594339][  T924] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[   34.617230][  T924] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   34.639048][  T938] FAT-fs (loop4): error, corrupted file size (i_pos 196, 2097152)
[   34.667318][  T938] FAT-fs (loop4): Filesystem has been set read-only
[   34.674057][  T938] FAT-fs (loop4): error, corrupted file size (i_pos 196, 2097152)
[   34.689203][  T924] attempt to access beyond end of device
[   34.689203][  T924] loop1: rw=2049, want=45104, limit=40427
[   34.899181][  T949] SELinux: failed to load policy
[   35.097890][  T959] loop2: detected capacity change from 0 to 256
[   35.165476][  T963] loop1: detected capacity change from 0 to 512
[   35.230149][  T300] usb 1-1: new full-speed USB device number 2 using dummy_hcd
[   35.240863][  T957] loop4: detected capacity change from 0 to 40427
[   35.267062][  T957] F2FS-fs (loop4): invalid crc value
[   35.285889][  T957] F2FS-fs (loop4): Found nat_bits in checkpoint
[   35.293958][  T963] EXT4-fs error (device loop1): ext4_do_update_inode:5205: inode #16: comm syz.1.275: corrupted inode contents
[   35.316587][  T963] EXT4-fs error (device loop1): ext4_dirty_inode:6041: inode #16: comm syz.1.275: mark_inode_dirty error
[   35.331104][  T963] EXT4-fs error (device loop1): ext4_do_update_inode:5205: inode #16: comm syz.1.275: corrupted inode contents
[   35.346221][  T957] F2FS-fs (loop4): Start checkpoint disabled!
[   35.352420][  T963] EXT4-fs error (device loop1): __ext4_ext_dirty:183: inode #16: comm syz.1.275: mark_inode_dirty error
[   35.364637][  T963] EXT4-fs error (device loop1): ext4_do_update_inode:5205: inode #16: comm syz.1.275: corrupted inode contents
[   35.376528][  T957] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[   35.410487][  T963] EXT4-fs error (device loop1) in ext4_orphan_del:305: Corrupt filesystem
[   35.425707][  T943] loop5: detected capacity change from 0 to 131072
[   35.430230][  T963] EXT4-fs error (device loop1): ext4_do_update_inode:5205: inode #16: comm syz.1.275: corrupted inode contents
[   35.444813][  T963] EXT4-fs error (device loop1): ext4_truncate:4303: inode #16: comm syz.1.275: mark_inode_dirty error
[   35.447056][  T957] attempt to access beyond end of device
[   35.447056][  T957] loop4: rw=2049, want=45104, limit=40427
[   35.456173][  T963] EXT4-fs error (device loop1) in ext4_process_orphan:347: Corrupt filesystem
[   35.474662][  T957] attempt to access beyond end of device
[   35.474662][  T957] loop4: rw=2049, want=45104, limit=40427
[   35.476585][  T963] EXT4-fs (loop1): 1 truncate cleaned up
[   35.497293][  T943] F2FS-fs (loop5): Test dummy encryption mode enabled
[   35.505528][  T963] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[   35.517147][  T963] ext4 filesystem being mounted at /30/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   35.527771][  T943] F2FS-fs (loop5): invalid crc value
[   35.533461][   T30] kauditd_printk_skb: 180 callbacks suppressed
[   35.533475][   T30] audit: type=1326 audit(1746176488.414:1299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=962 comm="syz.1.275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f00f2ebf2d0 code=0x7ffc0000
[   35.540666][  T301] attempt to access beyond end of device
[   35.540666][  T301] loop4: rw=2049, want=40976, limit=40427
[   35.564074][   T30] audit: type=1326 audit(1746176488.414:1300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=962 comm="syz.1.275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=80 compat=0 ip=0x7f00f2ebf6b7 code=0x7ffc0000
[   35.598116][   T30] audit: type=1326 audit(1746176488.414:1301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=962 comm="syz.1.275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f00f2ebf2d0 code=0x7ffc0000
[   35.623237][   T30] audit: type=1326 audit(1746176488.424:1302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=962 comm="syz.1.275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f00f2ec056b code=0x7ffc0000
[   35.647362][   T30] audit: type=1326 audit(1746176488.424:1303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=962 comm="syz.1.275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f00f2ebf5ca code=0x7ffc0000
[   35.671004][  T300] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 40213, setting to 64
[   35.682399][  T943] F2FS-fs (loop5): Found nat_bits in checkpoint
[   35.712677][   T30] audit: type=1326 audit(1746176488.424:1304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=962 comm="syz.1.275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f00f2ec0969 code=0x7ffc0000
[   35.737724][   T30] audit: type=1326 audit(1746176488.474:1305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=962 comm="syz.1.275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f00f2ec0969 code=0x7ffc0000
[   35.763441][   T30] audit: type=1326 audit(1746176488.494:1306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=962 comm="syz.1.275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=4 compat=0 ip=0x7f00f2ec0969 code=0x7ffc0000
[   35.783231][  T973] loop2: detected capacity change from 0 to 128
[   35.787900][   T30] audit: type=1326 audit(1746176488.494:1307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=962 comm="syz.1.275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f00f2ec0969 code=0x7ffc0000
[   35.818719][  T300] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[   35.828134][  T300] usb 1-1: New USB device strings: Mfr=145, Product=0, SerialNumber=0
[   35.836704][  T300] usb 1-1: Manufacturer: syz
[   35.841927][   T30] audit: type=1326 audit(1746176488.494:1308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=962 comm="syz.1.275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f00f2ec0969 code=0x7ffc0000
[   35.865528][  T300] usb 1-1: config 0 descriptor??
[   35.870756][  T943] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[   35.890243][  T955] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[   35.910707][  T300] hub 1-1:0.0: USB hub found
[   35.925449][  T943] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni"
[   35.946497][  T981] fscrypt: AES-256-XTS using implementation "xts-aes-aesni"
[   35.978255][  T986] loop2: detected capacity change from 0 to 256
[   36.090737][  T986] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097152)
[   36.111195][  T986] FAT-fs (loop2): Filesystem has been set read-only
[   36.117846][  T986] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097152)
[   36.130197][  T300] hub 1-1:0.0: 1 port detected
[   36.215720][  T997] loop2: detected capacity change from 0 to 512
[   36.300757][  T997] EXT4-fs (loop2): Ignoring removed mblk_io_submit option
[   36.344638][  T997] EXT4-fs (loop2): mounted filesystem without journal. Opts: mblk_io_submit,bsddf,,errors=continue. Quota mode: writeback.
[   36.367794][  T997] ext4 filesystem being mounted at /43/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   36.414034][ T1011] netlink: 96 bytes leftover after parsing attributes in process `syz.5.292'.
[   36.552754][ T1008] loop4: detected capacity change from 0 to 40427
[   36.571169][  T300] usb 1-1: USB disconnect, device number 2
[   36.604699][ T1008] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[   36.619581][ T1008] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[   36.635236][ T1008] F2FS-fs (loop4): invalid crc value
[   36.642342][ T1008] F2FS-fs (loop4): Found nat_bits in checkpoint
[   36.684133][ T1008] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[   36.691389][ T1008] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   36.750328][  T434] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[   36.754178][  T990] loop1: detected capacity change from 0 to 131072
[   36.760527][  T434] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[   36.803921][  T990] F2FS-fs (loop1): Test dummy encryption mode enabled
[   36.812882][  T990] F2FS-fs (loop1): invalid crc value
[   36.824413][  T990] F2FS-fs (loop1): Found nat_bits in checkpoint
[   36.870189][  T990] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   36.904410][ T1029] loop4: detected capacity change from 0 to 128
[   36.972801][ T1029] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   36.983701][ T1029] ext4 filesystem being mounted at /69/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   37.004364][ T1029] EXT4-fs warning (device loop4): ext4_update_dynamic_rev:1054: updating to rev 1 because of new feature flag, running e2fsck is recommended
[   37.350423][ T1064] loop5: detected capacity change from 0 to 256
[   37.398694][ T1064] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[   37.470894][ T1052] bridge0: port 1(bridge_slave_0) entered blocking state
[   37.479173][ T1052] bridge0: port 1(bridge_slave_0) entered disabled state
[   37.490579][ T1052] device bridge_slave_0 entered promiscuous mode
[   37.497762][ T1052] bridge0: port 2(bridge_slave_1) entered blocking state
[   37.505039][ T1052] bridge0: port 2(bridge_slave_1) entered disabled state
[   37.513997][ T1052] device bridge_slave_1 entered promiscuous mode
[   37.704880][ T1052] bridge0: port 2(bridge_slave_1) entered blocking state
[   37.711982][ T1052] bridge0: port 2(bridge_slave_1) entered forwarding state
[   37.719299][ T1052] bridge0: port 1(bridge_slave_0) entered blocking state
[   37.726371][ T1052] bridge0: port 1(bridge_slave_0) entered forwarding state
[   37.761518][  T301] device bridge_slave_1 left promiscuous mode
[   37.761570][ T1115] SELinux:  Context system_u:object_r:devicekit_disk_exec_t:s0 is not valid (left unmapped).
[   37.767706][  T301] bridge0: port 2(bridge_slave_1) entered disabled state
[   37.792659][  T301] device bridge_slave_0 left promiscuous mode
[   37.798928][  T301] bridge0: port 1(bridge_slave_0) entered disabled state
[   37.808398][  T301] device veth1_macvtap left promiscuous mode
[   37.822484][  T301] device veth0_vlan left promiscuous mode
[   37.980983][ T1131] Invalid ELF header magic: != ELF
[   37.993986][  T434] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   38.005145][  T434] bridge0: port 1(bridge_slave_0) entered disabled state
[   38.020526][  T434] bridge0: port 2(bridge_slave_1) entered disabled state
[   38.042288][  T434] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   38.050668][  T434] bridge0: port 1(bridge_slave_0) entered blocking state
[   38.057754][  T434] bridge0: port 1(bridge_slave_0) entered forwarding state
[   38.065751][  T434] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   38.074858][  T434] bridge0: port 2(bridge_slave_1) entered blocking state
[   38.081949][  T434] bridge0: port 2(bridge_slave_1) entered forwarding state
[   38.091773][ T1118] loop1: detected capacity change from 0 to 40427
[   38.115838][  T434] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   38.121450][ T1140] loop5: detected capacity change from 0 to 256
[   38.124478][  T434] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   38.144472][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   38.154699][ T1140] exFAT-fs (loop5): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[   38.167154][ T1118] F2FS-fs (loop1): fault_injection options not supported
[   38.167366][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   38.188522][ T1118] F2FS-fs (loop1): invalid crc value
[   38.198086][ T1140] exFAT-fs (loop5): hint_cluster is invalid (17)
[   38.199149][ T1052] device veth0_vlan entered promiscuous mode
[   38.213037][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   38.220616][ T1140] exFAT-fs (loop5): error, broken FAT chain.
[   38.221995][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   38.232339][ T1140] exFAT-fs (loop5): Filesystem has been set read-only
[   38.241906][ T1140] exFAT-fs (loop5): error, failed to bmap (inode : ffff888112efd210 iblock : 8, err : -5)
[   38.245440][ T1118] F2FS-fs (loop1): Found nat_bits in checkpoint
[   38.261439][ T1142] netlink: 96 bytes leftover after parsing attributes in process `syz.0.347'.
[   38.276558][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   38.290760][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   38.304402][ T1052] device veth1_macvtap entered promiscuous mode
[   38.316288][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   38.325481][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   38.334909][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   38.355618][  T301] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   38.364277][  T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   38.367952][ T1118] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   38.373213][  T301] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   38.388674][  T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   38.431704][ T1118] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1852399476 (237107132928 ns) > initial count (217889159680 ns). Using initial count to start timer.
[   38.610175][   T20] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[   38.796374][ T1192] loop1: detected capacity change from 0 to 128
[   38.847598][ T1192] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   38.858671][ T1192] ext4 filesystem being mounted at /50/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   38.891337][ T1192] EXT4-fs warning (device loop1): ext4_update_dynamic_rev:1054: updating to rev 1 because of new feature flag, running e2fsck is recommended
[   38.990318][   T20] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   39.013696][   T20] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   39.023889][   T20] usb 6-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00
[   39.034785][   T20] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   39.049101][   T20] usb 6-1: config 0 descriptor??
[   39.110741][ T1196] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.117890][ T1196] bridge0: port 1(bridge_slave_0) entered disabled state
[   39.125480][ T1196] device bridge_slave_0 entered promiscuous mode
[   39.134397][ T1196] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.141538][ T1196] bridge0: port 2(bridge_slave_1) entered disabled state
[   39.148960][ T1196] device bridge_slave_1 entered promiscuous mode
[   39.249038][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   39.258164][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   39.280622][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   39.289176][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   39.298499][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.305603][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   39.313778][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   39.322278][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   39.330811][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.337865][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   39.374174][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   39.395455][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   39.425548][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   39.470731][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   39.492412][  T434] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   39.501418][  T434] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   39.508970][  T434] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   39.539333][ T1196] device veth0_vlan entered promiscuous mode
[   39.557769][  T301] device bridge_slave_1 left promiscuous mode
[   39.565206][  T301] bridge0: port 2(bridge_slave_1) entered disabled state
[   39.580584][  T301] device bridge_slave_0 left promiscuous mode
[   39.593789][  T301] bridge0: port 1(bridge_slave_0) entered disabled state
[   39.620522][  T301] device veth1_macvtap left promiscuous mode
[   39.626582][  T301] device veth0_vlan left promiscuous mode
[   39.741078][   T20] hid-led 0003:1D34:000A.0002: hidraw0: USB HID v0.00 Device [HID 1d34:000a] on usb-dummy_hcd.5-1/input0
[   39.758791][   T20] hid-led 0003:1D34:000A.0002: Dream Cheeky Webmail Notifier initialized
[   39.821856][  T434] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   39.833744][ T1233] loop6: detected capacity change from 0 to 8192
[   39.843466][ T1196] device veth1_macvtap entered promiscuous mode
[   39.869950][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   39.901066][ T1233] FAT-fs (loop6): error, fat_free_clusters: deleting FAT entry beyond EOF
[   39.911127][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   39.919586][ T1233] FAT-fs (loop6): Filesystem has been set read-only
[   39.964520][   T20] usb 6-1: USB disconnect, device number 4
[   40.078883][ T1264] loop6: detected capacity change from 0 to 256
[   40.101201][ T1264] exfat: Bad value for 'uid'
[   40.507579][ T1308] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[   40.634951][ T1300] loop6: detected capacity change from 0 to 40427
[   40.660145][  T299] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[   40.709420][ T1300] F2FS-fs (loop6): invalid crc value
[   40.738524][ T1300] F2FS-fs (loop6): Found nat_bits in checkpoint
[   40.786729][   T30] kauditd_printk_skb: 95 callbacks suppressed
[   40.786744][   T30] audit: type=1400 audit(2000000003.450:1404): avc:  denied  { read } for  pid=1333 comm="syz.2.428" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   40.844856][ T1300] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[   40.857010][   T30] audit: type=1326 audit(2000000003.480:1405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1335 comm="syz.5.427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f661d501969 code=0x7ffc0000
[   40.921738][   T30] audit: type=1326 audit(2000000003.490:1406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1335 comm="syz.5.427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f661d501969 code=0x7ffc0000
[   40.960875][   T30] audit: type=1326 audit(2000000003.500:1407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1335 comm="syz.5.427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f661d501969 code=0x7ffc0000
[   40.985005][   T30] audit: type=1326 audit(2000000003.500:1408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1335 comm="syz.5.427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f661d501969 code=0x7ffc0000
[   41.008682][   T30] audit: type=1326 audit(2000000003.500:1409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1335 comm="syz.5.427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f661d501969 code=0x7ffc0000
[   41.008710][   T30] audit: type=1326 audit(2000000003.500:1410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1335 comm="syz.5.427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f661d501969 code=0x7ffc0000
[   41.008734][   T30] audit: type=1326 audit(2000000003.500:1411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1335 comm="syz.5.427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f661d501969 code=0x7ffc0000
[   41.008758][   T30] audit: type=1326 audit(2000000003.500:1412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1335 comm="syz.5.427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f661d501969 code=0x7ffc0000
[   41.008782][   T30] audit: type=1326 audit(2000000003.500:1413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1335 comm="syz.5.427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f661d501969 code=0x7ffc0000
[   41.154024][  T299] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   41.154065][  T299] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[   41.154088][  T299] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   41.167300][  T299] usb 8-1: config 0 descriptor??
[   41.234793][   T45] attempt to access beyond end of device
[   41.234793][   T45] loop6: rw=2049, want=45104, limit=40427
[   41.307789][ T1363] bridge0: port 1(bridge_slave_0) entered blocking state
[   41.314976][ T1363] bridge0: port 1(bridge_slave_0) entered disabled state
[   41.322780][ T1363] device bridge_slave_0 entered promiscuous mode
[   41.331027][ T1363] bridge0: port 2(bridge_slave_1) entered blocking state
[   41.338382][ T1363] bridge0: port 2(bridge_slave_1) entered disabled state
[   41.346160][ T1363] device bridge_slave_1 entered promiscuous mode
[   41.358147][ T1368] futex_wake_op: syz.5.441 tries to shift op by -1; fix this program
[   41.413626][ T1363] bridge0: port 2(bridge_slave_1) entered blocking state
[   41.420697][ T1363] bridge0: port 2(bridge_slave_1) entered forwarding state
[   41.427967][ T1363] bridge0: port 1(bridge_slave_0) entered blocking state
[   41.435032][ T1363] bridge0: port 1(bridge_slave_0) entered forwarding state
[   41.466810][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   41.475623][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[   41.484257][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[   41.494805][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   41.503330][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   41.510375][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   41.530226][  T299] usbhid 8-1:0.0: can't add hid device: -71
[   41.537512][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   41.538554][  T299] usbhid: probe of 8-1:0.0 failed with error -71
[   41.546370][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   41.559024][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   41.567765][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   41.571390][  T299] usb 8-1: USB disconnect, device number 2
[   41.576626][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   41.598780][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   41.612291][ T1363] device veth0_vlan entered promiscuous mode
[   41.618877][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   41.627297][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   41.635819][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   41.648749][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   41.658487][ T1363] device veth1_macvtap entered promiscuous mode
[   41.668941][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   41.681114][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   41.719896][ T1378] tipc: Started in network mode
[   41.725124][ T1378] tipc: Node identity fe800000000000000000000000000013, cluster identity 4711
[   41.734553][ T1378] tipc: Enabled bearer <udp:syz0>, priority 10
[   41.791566][ T1384] loop8: detected capacity change from 0 to 128
[   41.846691][ T1384] attempt to access beyond end of device
[   41.846691][ T1384] loop8: rw=2049, want=1041, limit=128
[   41.967119][ T1395] SELinux: failed to load policy
[   42.010241][  T299] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[   42.048892][ T1410] tipc: Failed to remove unknown binding: 66,1,1/0:569848792/569848794
[   42.057376][ T1410] tipc: Failed to remove unknown binding: 66,1,1/0:569848792/569848794
[   42.093256][ T1417] syz.0.461 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[   42.165872][ T1425] hub 4-0:1.0: USB hub found
[   42.171556][ T1425] hub 4-0:1.0: 1 port detected
[   42.250177][  T299] usb 8-1: Using ep0 maxpacket: 32
[   42.301993][ T1449] netlink: 32 bytes leftover after parsing attributes in process `syz.0.476'.
[   42.311368][ T1449] netlink: 7 bytes leftover after parsing attributes in process `syz.0.476'.
[   42.370753][  T299] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   42.384513][  T299] usb 8-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[   42.394691][ T1452] netlink: 'syz.8.478': attribute type 13 has an invalid length.
[   42.396525][  T299] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   42.413803][  T299] usb 8-1: config 0 descriptor??
[   42.476212][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[   42.485226][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   42.499943][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[   42.508344][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   42.517006][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   42.525467][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   42.534062][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   42.542536][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   42.860210][  T299] tipc: Node number set to 4269801491
[   42.862836][  T300] usb 8-1: USB disconnect, device number 3
[   42.940236][  T438] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[   43.042075][   T45] tipc: Disabling bearer <udp:syz0>
[   43.047494][   T45] tipc: Left network mode
[   43.158892][ T1486] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.166572][ T1486] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.174978][ T1486] device bridge_slave_0 entered promiscuous mode
[   43.180195][  T438] usb 6-1: Using ep0 maxpacket: 8
[   43.187067][ T1486] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.194485][ T1486] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.202252][ T1486] device bridge_slave_1 entered promiscuous mode
[   43.300255][  T438] usb 6-1: config 179 has an invalid interface number: 65 but max is 0
[   43.308714][  T438] usb 6-1: config 179 has no interface number 0
[   43.315060][  T438] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[   43.330486][  T438] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[   43.330880][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   43.341859][  T438] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[   43.368009][  T438] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[   43.375072][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   43.379588][  T438] usb 6-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[   43.406638][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   43.415377][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   43.426360][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.433444][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[   43.441710][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   43.450871][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   43.453770][  T438] usb 6-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[   43.459741][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.475189][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   43.487505][  T438] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   43.500377][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   43.520261][ T1480] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[   43.528202][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   43.536998][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   43.575490][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   43.592210][ T1486] device veth0_vlan entered promiscuous mode
[   43.598946][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   43.618745][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   43.627502][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   43.635290][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   43.651719][ T1486] device veth1_macvtap entered promiscuous mode
[   43.681921][ T1518] netlink: 'syz.7.505': attribute type 2 has an invalid length.
[   43.689586][ T1518] netlink: 64 bytes leftover after parsing attributes in process `syz.7.505'.
[   43.713803][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   43.739968][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   43.761066][  T299] input: Generic X-Box pad as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:179.65/input/input4
[   43.781037][   T45] device bridge_slave_1 left promiscuous mode
[   43.787351][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.807422][   T45] device bridge_slave_0 left promiscuous mode
[   43.820231][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.829577][   T45] device veth1_macvtap left promiscuous mode
[   43.836182][   T45] device veth0_vlan left promiscuous mode
[   43.953381][ T1480] UDC core: couldn't find an available UDC or it's busy: -16
[   43.965521][ T1480] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[   44.089524][ T1552] SELinux: ebitmap: truncated map
[   44.123755][ T1552] SELinux: failed to load policy
[   44.179077][  T300] usb 6-1: USB disconnect, device number 5
[   44.190129][    C1] xpad 6-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[   44.207166][ T1566] tipc: Failed to remove unknown binding: 66,1,1/0:30082678/30082680
[   44.225556][ T1566] tipc: Failed to remove unknown binding: 66,1,1/0:30082678/30082680
[   44.260155][  T338] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   44.293961][ T1567] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.301572][ T1567] bridge0: port 1(bridge_slave_0) entered disabled state
[   44.309423][ T1567] device bridge_slave_0 entered promiscuous mode
[   44.318001][ T1567] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.325354][ T1567] bridge0: port 2(bridge_slave_1) entered disabled state
[   44.334155][ T1567] device bridge_slave_1 entered promiscuous mode
[   44.426677][ T1567] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.433887][ T1567] bridge0: port 2(bridge_slave_1) entered forwarding state
[   44.441204][ T1567] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.448253][ T1567] bridge0: port 1(bridge_slave_0) entered forwarding state
[   44.478935][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   44.488727][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   44.496902][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   44.512807][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   44.521700][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.528764][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[   44.536515][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   44.545121][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.552202][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   44.568417][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   44.581169][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   44.599326][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   44.612759][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   44.621067][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   44.628527][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   44.636012][  T338] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   44.651839][  T338] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   44.652033][ T1567] device veth0_vlan entered promiscuous mode
[   44.661778][  T338] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   44.675656][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   44.681207][  T338] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   44.692229][ T1567] device veth1_macvtap entered promiscuous mode
[   44.715520][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   44.718777][  T338] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   44.735616][  T338] usb 1-1: config 0 descriptor??
[   44.741423][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   44.764541][ T1595] loop5: detected capacity change from 0 to 512
[   44.811045][ T1595] EXT4-fs (loop5): Ignoring removed orlov option
[   44.819377][ T1595] EXT4-fs error (device loop5): ext4_validate_block_bitmap:438: comm syz.5.537: bg 0: block 411: padding at end of block bitmap is not set
[   44.834060][ T1595] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: comm syz.5.537: inode #1: comm syz.5.537: iget: illegal inode #
[   44.848028][ T1595] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz.5.537: error while reading EA inode 1 err=-117
[   44.860850][ T1595] EXT4-fs (loop5): 1 orphan inode deleted
[   44.866643][ T1595] EXT4-fs (loop5): mounted filesystem without journal. Opts: orlov,nombcache,debug_want_extra_isize=0x000000000000005c,grpquota,barrier,usrjquota=,jqfmt=vfsold,minixdf,,errors=continue. Quota mode: writeback.
[   44.951408][ T1601] tmpfs: Unknown parameter 'nolazyt+>eRë0-~ÿí^¢ˆ~µÍ1"ôÐÙVøIêÿYÎ'
[   44.972625][   T45] device bridge_slave_1 left promiscuous mode
[   44.978808][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[   44.986783][   T45] device bridge_slave_0 left promiscuous mode
[   44.994241][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[   45.003019][   T45] device bridge_slave_1 left promiscuous mode
[   45.009173][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[   45.016863][   T45] device bridge_slave_0 left promiscuous mode
[   45.023212][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[   45.031736][   T45] device veth1_macvtap left promiscuous mode
[   45.037926][   T45] device veth0_vlan left promiscuous mode
[   45.043945][   T45] device veth1_macvtap left promiscuous mode
[   45.049975][   T45] device veth0_vlan left promiscuous mode
[   45.193174][  T338] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[   45.204202][  T338] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[   45.220199][  T338] plantronics 0003:047F:FFFF.0003: item fetching failed at offset 2/15
[   45.237468][  T338] plantronics 0003:047F:FFFF.0003: parse failed
[   45.245123][  T338] plantronics: probe of 0003:047F:FFFF.0003 failed with error -22
[   45.315093][ T1599] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.322487][ T1599] bridge0: port 1(bridge_slave_0) entered disabled state
[   45.330776][ T1599] device bridge_slave_0 entered promiscuous mode
[   45.338161][ T1599] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.345908][ T1599] bridge0: port 2(bridge_slave_1) entered disabled state
[   45.353786][ T1599] device bridge_slave_1 entered promiscuous mode
[   45.417386][   T20] usb 1-1: USB disconnect, device number 3
[   45.478749][ T1599] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.485838][ T1599] bridge0: port 2(bridge_slave_1) entered forwarding state
[   45.493165][ T1599] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.500272][ T1599] bridge0: port 1(bridge_slave_0) entered forwarding state
[   45.526342][   T10] bridge0: port 1(bridge_slave_0) entered disabled state
[   45.534627][   T10] bridge0: port 2(bridge_slave_1) entered disabled state
[   45.542483][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   45.550040][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   45.574485][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   45.583252][   T10] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.590329][   T10] bridge0: port 1(bridge_slave_0) entered forwarding state
[   45.598682][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   45.608008][   T10] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.615091][   T10] bridge0: port 2(bridge_slave_1) entered forwarding state
[   45.623165][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   45.633268][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   45.650825][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   45.664056][ T1599] device veth0_vlan entered promiscuous mode
[   45.671124][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   45.679514][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   45.688264][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   45.703571][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   45.712206][ T1599] device veth1_macvtap entered promiscuous mode
[   45.724085][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   45.742560][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   46.036203][ T1607] loop7: detected capacity change from 0 to 262144
[   46.091913][ T1607] F2FS-fs (loop7): invalid crc value
[   46.105756][ T1607] F2FS-fs (loop7): Found nat_bits in checkpoint
[   46.137003][ T1607] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[   46.261582][   T45] device bridge_slave_1 left promiscuous mode
[   46.267764][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[   46.297080][ T1628] capability: warning: `syz.6.547' uses deprecated v2 capabilities in a way that may be insecure
[   46.307993][   T45] device bridge_slave_0 left promiscuous mode
[   46.320252][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[   46.339140][   T45] device bridge_slave_1 left promiscuous mode
[   46.357851][   T30] kauditd_printk_skb: 46 callbacks suppressed
[   46.357866][   T30] audit: type=1326 audit(2000000009.020:1460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1629 comm="syz.6.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff663bd2969 code=0x7ffc0000
[   46.360667][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[   46.371245][   T30] audit: type=1326 audit(2000000009.040:1461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1629 comm="syz.6.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7ff663bd2969 code=0x7ffc0000
[   46.420581][   T45] device bridge_slave_0 left promiscuous mode
[   46.426803][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[   46.427188][ T1630] loop6: detected capacity change from 0 to 512
[   46.437448][   T30] audit: type=1326 audit(2000000009.040:1462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1629 comm="syz.6.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7ff663bd29a3 code=0x7ffc0000
[   46.468782][   T45] device veth1_macvtap left promiscuous mode
[   46.479335][   T45] device veth0_vlan left promiscuous mode
[   46.489823][   T45] device veth1_macvtap left promiscuous mode
[   46.496370][   T30] audit: type=1326 audit(2000000009.090:1463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1629 comm="syz.6.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7ff663bd141f code=0x7ffc0000
[   46.524648][   T45] device veth0_vlan left promiscuous mode
[   46.538843][   T30] audit: type=1326 audit(2000000009.090:1464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1629 comm="syz.6.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7ff663bd29f7 code=0x7ffc0000
[   46.565532][ T1630] EXT4-fs error (device loop6): ext4_do_update_inode:5205: inode #16: comm syz.6.548: corrupted inode contents
[   46.580443][ T1630] EXT4-fs error (device loop6): ext4_dirty_inode:6041: inode #16: comm syz.6.548: mark_inode_dirty error
[   46.613468][ T1630] EXT4-fs error (device loop6): ext4_do_update_inode:5205: inode #16: comm syz.6.548: corrupted inode contents
[   46.645912][   T30] audit: type=1326 audit(2000000009.090:1465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1629 comm="syz.6.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff663bd12d0 code=0x7ffc0000
[   46.674086][ T1630] EXT4-fs error (device loop6): __ext4_ext_dirty:183: inode #16: comm syz.6.548: mark_inode_dirty error
[   46.715493][ T1630] EXT4-fs error (device loop6): ext4_do_update_inode:5205: inode #16: comm syz.6.548: corrupted inode contents
[   46.741340][   T30] audit: type=1326 audit(2000000009.090:1466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1629 comm="syz.6.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff663bd256b code=0x7ffc0000
[   46.766092][ T1630] EXT4-fs error (device loop6) in ext4_orphan_del:305: Corrupt filesystem
[   46.785014][ T1630] EXT4-fs error (device loop6): ext4_do_update_inode:5205: inode #16: comm syz.6.548: corrupted inode contents
[   46.812448][ T1630] EXT4-fs error (device loop6): ext4_truncate:4303: inode #16: comm syz.6.548: mark_inode_dirty error
[   46.824654][   T30] audit: type=1326 audit(2000000009.130:1467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1629 comm="syz.6.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7ff663bd15ca code=0x7ffc0000
[   46.848293][ T1630] EXT4-fs error (device loop6) in ext4_process_orphan:347: Corrupt filesystem
[   46.848354][   T30] audit: type=1326 audit(2000000009.130:1468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1629 comm="syz.6.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7ff663bd15ca code=0x7ffc0000
[   46.881504][   T30] audit: type=1326 audit(2000000009.140:1469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1629 comm="syz.6.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7ff663bd11d7 code=0x7ffc0000
[   46.881838][ T1630] EXT4-fs (loop6): 1 truncate cleaned up
[   46.911103][ T1630] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[   46.922605][ T1630] ext4 filesystem being mounted at /52/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   47.008600][ T1649] loop6: detected capacity change from 0 to 128
[   47.061964][ T1631] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.069541][ T1631] bridge0: port 1(bridge_slave_0) entered disabled state
[   47.081314][ T1649] FAT-fs (loop6): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[   47.085571][ T1631] device bridge_slave_0 entered promiscuous mode
[   47.100351][ T1631] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.107407][ T1631] bridge0: port 2(bridge_slave_1) entered disabled state
[   47.115081][ T1631] device bridge_slave_1 entered promiscuous mode
[   47.216701][ T1664] bridge0: port 2(bridge_slave_1) entered disabled state
[   47.223997][ T1664] bridge0: port 1(bridge_slave_0) entered disabled state
[   47.265488][ T1664] device macsec0 left promiscuous mode
[   47.290418][ T1668] tipc: Started in network mode
[   47.300677][ T1668] tipc: Node identity fe800000000000000000000000000013, cluster identity 4711
[   47.311946][ T1668] tipc: Enabled bearer <udp:syz0>, priority 10
[   47.403772][ T1680] loop5: detected capacity change from 0 to 256
[   47.431391][  T404] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   47.442760][  T404] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   47.455033][ T1680] exFAT-fs (loop5): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[   47.473375][  T404] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.480601][  T404] bridge0: port 1(bridge_slave_0) entered forwarding state
[   47.488948][  T404] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   47.513069][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   47.523766][ T1680] exFAT-fs (loop5): hint_cluster is invalid (17)
[   47.534261][   T10] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.541400][   T10] bridge0: port 2(bridge_slave_1) entered forwarding state
[   47.551564][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   47.559983][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   47.577047][ T1631] device veth0_vlan entered promiscuous mode
[   47.595972][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   47.610735][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   47.627727][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   47.640009][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   47.648752][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   47.661274][ T1631] device veth1_macvtap entered promiscuous mode
[   47.688650][ T1695] syz.5.572[1695] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   47.688725][ T1695] syz.5.572[1695] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   47.691470][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   47.726643][ T1695] loop5: detected capacity change from 0 to 512
[   47.735919][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   47.814362][ T1695] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[   47.815941][ T1703] netlink: 24 bytes leftover after parsing attributes in process `syz.7.575'.
[   47.825664][ T1695] ext4 filesystem being mounted at /88/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   47.911264][ T1710] bridge0: port 2(bridge_slave_1) entered disabled state
[   47.918536][ T1710] bridge0: port 1(bridge_slave_0) entered disabled state
[   48.143225][ T1730] device syzkaller0 entered promiscuous mode
[   48.320280][  T300] tipc: Node number set to 4269801491
[   48.862939][   T10] device bridge_slave_1 left promiscuous mode
[   48.870281][   T10] bridge0: port 2(bridge_slave_1) entered disabled state
[   48.878641][   T10] device bridge_slave_0 left promiscuous mode
[   48.884969][   T10] bridge0: port 1(bridge_slave_0) entered disabled state
[   48.893501][   T10] device veth1_macvtap left promiscuous mode
[   48.897357][ T1763] xt_bpf: check failed: parse error
[   48.899666][   T10] device veth0_vlan left promiscuous mode
[   48.938682][ T1765] serio: Serial port ptm0
[   48.992366][ T1749] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.999486][ T1749] bridge0: port 1(bridge_slave_0) entered disabled state
[   49.007046][ T1749] device bridge_slave_0 entered promiscuous mode
[   49.014187][ T1749] bridge0: port 2(bridge_slave_1) entered blocking state
[   49.021438][ T1749] bridge0: port 2(bridge_slave_1) entered disabled state
[   49.028853][ T1749] device bridge_slave_1 entered promiscuous mode
[   49.083189][ T1749] bridge0: port 2(bridge_slave_1) entered blocking state
[   49.090400][ T1749] bridge0: port 2(bridge_slave_1) entered forwarding state
[   49.097795][ T1749] bridge0: port 1(bridge_slave_0) entered blocking state
[   49.104870][ T1749] bridge0: port 1(bridge_slave_0) entered forwarding state
[   49.130182][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   49.138146][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[   49.146924][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[   49.161313][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   49.169858][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   49.178642][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   49.185725][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   49.193833][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   49.202518][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   49.211296][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   49.218366][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   49.240212][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   49.253783][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   49.262199][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   49.271494][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   49.293936][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   49.297918][ T1768] loop6: detected capacity change from 0 to 40427
[   49.302797][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   49.319864][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   49.329080][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   49.337472][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   49.345202][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   49.353765][ T1749] device veth0_vlan entered promiscuous mode
[   49.364594][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   49.373217][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   49.387325][ T1768] F2FS-fs (loop6): Found nat_bits in checkpoint
[   49.387345][ T1749] device veth1_macvtap entered promiscuous mode
[   49.404576][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   49.413009][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   49.422091][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   49.433255][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   49.441745][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   49.443904][ T1768] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[   49.586594][ T1768] attempt to access beyond end of device
[   49.586594][ T1768] loop6: rw=2049, want=81920, limit=40427
[   49.606513][ T1768] attempt to access beyond end of device
[   49.606513][ T1768] loop6: rw=2049, want=53248, limit=40427
[   49.624842][ T1768] attempt to access beyond end of device
[   49.624842][ T1768] loop6: rw=2049, want=59776, limit=40427
[   49.648996][ T1768] attempt to access beyond end of device
[   49.648996][ T1768] loop6: rw=2049, want=61496, limit=40427
[   49.733303][ T1768] attempt to access beyond end of device
[   49.733303][ T1768] loop6: rw=524288, want=80384, limit=40427
[   49.756572][ T1052] attempt to access beyond end of device
[   49.756572][ T1052] loop6: rw=2049, want=45104, limit=40427
[   49.990989][    T8] device bridge_slave_1 left promiscuous mode
[   49.997124][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   50.004714][    T8] device bridge_slave_0 left promiscuous mode
[   50.010913][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   50.018764][    T8] device veth1_macvtap left promiscuous mode
[   50.025118][    T8] device veth0_vlan left promiscuous mode
[   50.169280][ T1778] bridge0: port 2(bridge_slave_1) entered disabled state
[   50.176521][ T1778] bridge0: port 1(bridge_slave_0) entered disabled state
[   50.336444][ T1783] bridge0: port 1(bridge_slave_0) entered blocking state
[   50.349099][ T1783] bridge0: port 1(bridge_slave_0) entered disabled state
[   50.355198][ T1780] loop5: detected capacity change from 0 to 40427
[   50.363573][ T1783] device bridge_slave_0 entered promiscuous mode
[   50.381347][ T1783] bridge0: port 2(bridge_slave_1) entered blocking state
[   50.388593][ T1783] bridge0: port 2(bridge_slave_1) entered disabled state
[   50.396235][ T1783] device bridge_slave_1 entered promiscuous mode
[   50.430578][ T1780] F2FS-fs (loop5): fault_injection options not supported
[   50.460387][ T1780] F2FS-fs (loop5): invalid crc value
[   50.480908][ T1780] F2FS-fs (loop5): Found nat_bits in checkpoint
[   50.533817][ T1783] bridge0: port 2(bridge_slave_1) entered blocking state
[   50.540942][ T1783] bridge0: port 2(bridge_slave_1) entered forwarding state
[   50.548245][ T1783] bridge0: port 1(bridge_slave_0) entered blocking state
[   50.555562][ T1783] bridge0: port 1(bridge_slave_0) entered forwarding state
[   50.570947][ T1780] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[   50.610600][  T404] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   50.618751][  T404] bridge0: port 1(bridge_slave_0) entered disabled state
[   50.626257][  T404] bridge0: port 2(bridge_slave_1) entered disabled state
[   50.644092][  T404] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   50.652493][  T404] bridge0: port 1(bridge_slave_0) entered blocking state
[   50.659913][  T404] bridge0: port 1(bridge_slave_0) entered forwarding state
[   50.669684][ T1780] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1852399476 (237107132928 ns) > initial count (217889159680 ns). Using initial count to start timer.
[   50.688093][  T404] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   50.696971][  T404] bridge0: port 2(bridge_slave_1) entered blocking state
[   50.704064][  T404] bridge0: port 2(bridge_slave_1) entered forwarding state
[   50.721170][  T404] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   50.735247][  T404] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   50.744439][ T1811] netlink: 24 bytes leftover after parsing attributes in process `syz.6.613'.
[   50.763420][  T404] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   50.777162][ T1783] device veth0_vlan entered promiscuous mode
[   50.790976][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   50.799369][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   50.807190][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   50.818885][ T1783] device veth1_macvtap entered promiscuous mode
[   50.820229][   T39] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[   50.827079][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   50.850854][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   50.859460][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   50.943715][ T1815] fuse: root generation should be zero
[   51.070295][   T39] usb 8-1: Using ep0 maxpacket: 32
[   51.190273][   T39] usb 8-1: config 0 has an invalid interface number: 67 but max is 0
[   51.198369][   T39] usb 8-1: config 0 has no interface number 0
[   51.360272][   T39] usb 8-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[   51.369327][   T39] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   51.377341][   T39] usb 8-1: Product: syz
[   51.381526][   T39] usb 8-1: Manufacturer: syz
[   51.386103][   T39] usb 8-1: SerialNumber: syz
[   51.391320][   T39] usb 8-1: config 0 descriptor??
[   51.430747][   T39] smsc95xx v2.0.0
[   51.434429][   T39] smsc95xx 8-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[   51.444724][   T39] smsc95xx: probe of 8-1:0.67 failed with error -22
[   51.496634][   T45] device bridge_slave_1 left promiscuous mode
[   51.502819][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[   51.510438][   T45] device bridge_slave_0 left promiscuous mode
[   51.516563][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[   51.524731][   T45] device veth1_macvtap left promiscuous mode
[   51.530770][   T45] device veth0_vlan left promiscuous mode
[   51.656695][   T39] usb 8-1: USB disconnect, device number 4
[   51.672851][   T30] kauditd_printk_skb: 36 callbacks suppressed
[   51.672867][   T30] audit: type=1400 audit(2000065779.335:1506): avc:  denied  { create } for  pid=1824 comm="syz.6.619" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[   51.734029][   T30] audit: type=1400 audit(2000065779.385:1507): avc:  denied  { append } for  pid=1828 comm="syz.0.621" name="001" dev="devtmpfs" ino=178 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[   51.805445][ T1826] bridge0: port 1(bridge_slave_0) entered blocking state
[   51.817328][ T1826] bridge0: port 1(bridge_slave_0) entered disabled state
[   51.825941][ T1826] device bridge_slave_0 entered promiscuous mode
[   51.839036][ T1826] bridge0: port 2(bridge_slave_1) entered blocking state
[   51.846317][ T1826] bridge0: port 2(bridge_slave_1) entered disabled state
[   51.854037][ T1826] device bridge_slave_1 entered promiscuous mode
[   51.901076][ T1848] netlink: 24 bytes leftover after parsing attributes in process `syz.5.627'.
[   51.952295][ T1826] bridge0: port 2(bridge_slave_1) entered blocking state
[   51.959359][ T1826] bridge0: port 2(bridge_slave_1) entered forwarding state
[   51.966682][ T1826] bridge0: port 1(bridge_slave_0) entered blocking state
[   51.973741][ T1826] bridge0: port 1(bridge_slave_0) entered forwarding state
[   51.985518][   T30] audit: type=1326 audit(2000065779.645:1508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1854 comm="syz.5.630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f661d501969 code=0x7ffc0000
[   52.018664][ T1855] loop5: detected capacity change from 0 to 1024
[   52.028182][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   52.030157][   T30] audit: type=1326 audit(2000065779.645:1509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1854 comm="syz.5.630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f661d501969 code=0x7ffc0000
[   52.059022][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   52.066956][   T30] audit: type=1326 audit(2000065779.675:1510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1854 comm="syz.5.630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=282 compat=0 ip=0x7f661d501969 code=0x7ffc0000
[   52.091046][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   52.098627][   T30] audit: type=1326 audit(2000065779.675:1511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1854 comm="syz.5.630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f661d501969 code=0x7ffc0000
[   52.134885][   T30] audit: type=1326 audit(2000065779.675:1512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1854 comm="syz.5.630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f661d501969 code=0x7ffc0000
[   52.159067][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   52.159160][   T30] audit: type=1326 audit(2000065779.675:1513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1854 comm="syz.5.630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f661d501969 code=0x7ffc0000
[   52.178947][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[   52.197461][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[   52.219603][ T1855] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   52.221421][   T30] audit: type=1326 audit(2000065779.675:1514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1854 comm="syz.5.630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f661d5019a3 code=0x7ffc0000
[   52.253491][   T30] audit: type=1326 audit(2000065779.675:1515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1854 comm="syz.5.630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f661d50041f code=0x7ffc0000
[   52.277109][ T1855] ext4 filesystem being mounted at /99/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   52.277834][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   52.295926][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   52.303100][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   52.310826][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   52.319065][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   52.334489][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   52.348051][ T1826] device veth0_vlan entered promiscuous mode
[   52.354580][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   52.380316][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   52.388561][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   52.396417][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   52.404070][ T1863] netlink: 96 bytes leftover after parsing attributes in process `syz.7.632'.
[   52.419195][ T1826] device veth1_macvtap entered promiscuous mode
[   52.429411][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   52.438879][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   52.447727][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   52.463499][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   52.472125][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   52.481013][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   52.489545][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   52.700216][   T20] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[   52.940399][   T20] usb 6-1: Using ep0 maxpacket: 16
[   53.060259][   T20] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   53.071227][   T20] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   53.081465][   T20] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[   53.094428][   T20] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[   53.103743][   T20] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   53.113206][   T20] usb 6-1: config 0 descriptor??
[   53.170924][    T8] device bridge_slave_1 left promiscuous mode
[   53.177095][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.184678][    T8] device bridge_slave_0 left promiscuous mode
[   53.190917][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.198779][    T8] device veth1_macvtap left promiscuous mode
[   53.204844][    T8] device veth0_vlan left promiscuous mode
[   53.447834][ T1893] device veth0_vlan left promiscuous mode
[   53.454061][ T1893] device veth0_vlan entered promiscuous mode
[   53.502278][ T1900] loop6: detected capacity change from 0 to 2048
[   53.526401][ T1894] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.531989][ T1900] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   53.533767][ T1894] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.551498][ T1894] device bridge_slave_0 entered promiscuous mode
[   53.556730][ T1900] EXT4-fs warning (device loop6): ext4_update_dynamic_rev:1054: updating to rev 1 because of new feature flag, running e2fsck is recommended
[   53.558657][ T1894] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.572892][ T1900] EXT4-fs error (device loop6): ext4_find_dest_de:2115: inode #2: block 16: comm syz.6.648: bad entry in directory: directory entry overrun - offset=128, inode=18, rec_len=1920, size=2036 fake=0
[   53.579347][ T1894] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.607001][ T1894] device bridge_slave_1 entered promiscuous mode
[   53.614628][ T1052] EXT4-fs error (device loop6): ext4_lookup:1858: inode #11: comm syz-executor: iget: checksum invalid
[   53.626171][ T1052] EXT4-fs error (device loop6): ext4_lookup:1858: inode #11: comm syz-executor: iget: checksum invalid
[   53.626216][   T20] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0
[   53.652269][   T20] input: HID 045e:07da as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:045E:07DA.0004/input/input5
[   53.667857][   T20] microsoft 0003:045E:07DA.0004: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.5-1/input0
[   53.680068][  T300] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[   53.688764][   T45] EXT4-fs error (device loop6): ext4_validate_block_bitmap:420: comm kworker/u4:2: bg 0: bad block bitmap checksum
[   53.702619][   T45] EXT4-fs (loop6): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28
[   53.714969][   T45] EXT4-fs (loop6): This should not happen!! Data will be lost
[   53.714969][   T45] 
[   53.724660][   T45] EXT4-fs (loop6): Total free blocks count 0
[   53.731185][   T45] EXT4-fs (loop6): Free/Dirty block details
[   53.737109][   T45] EXT4-fs (loop6): free_blocks=0
[   53.742179][   T45] EXT4-fs (loop6): dirty_blocks=16
[   53.747320][   T45] EXT4-fs (loop6): Block reservation details
[   53.753400][   T45] EXT4-fs (loop6): i_reserved_data_blocks=1
[   53.770168][  T338] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   53.784712][ T1894] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.791771][ T1894] bridge0: port 2(bridge_slave_1) entered forwarding state
[   53.799063][ T1894] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.806137][ T1894] bridge0: port 1(bridge_slave_0) entered forwarding state
[   53.848757][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   53.858082][  T438] usb 6-1: USB disconnect, device number 6
[   53.860408][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.872935][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.885180][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   53.895495][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.902580][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   53.911775][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   53.919963][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.927012][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   53.940800][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   53.958959][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   53.985225][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   54.012249][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   54.020459][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   54.028130][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   54.036127][ T1907] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.043590][ T1907] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.051080][ T1907] device bridge_slave_0 entered promiscuous mode
[   54.059487][ T1907] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.066659][  T300] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   54.066884][ T1907] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.085491][ T1907] device bridge_slave_1 entered promiscuous mode
[   54.093636][ T1894] device veth0_vlan entered promiscuous mode
[   54.132542][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   54.140215][  T338] usb 1-1: config 9 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   54.151454][  T338] usb 1-1: config 9 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   54.161366][  T338] usb 1-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00
[   54.170630][  T338] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   54.185549][ T1894] device veth1_macvtap entered promiscuous mode
[   54.205355][    T8] device bridge_slave_1 left promiscuous mode
[   54.211675][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.219150][    T8] device bridge_slave_0 left promiscuous mode
[   54.225491][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.233420][    T8] device veth0_vlan left promiscuous mode
[   54.240218][  T300] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   54.249411][  T300] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   54.257433][  T300] usb 8-1: Product: syz
[   54.261738][  T300] usb 8-1: Manufacturer: syz
[   54.266462][  T300] usb 8-1: SerialNumber: syz
[   54.350060][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   54.358614][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   54.404080][  T404] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   54.417640][  T404] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   54.426082][  T404] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   54.434545][  T404] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.441617][  T404] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.449302][  T404] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   54.457672][  T404] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   54.465964][  T404] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.473007][  T404] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.480578][  T404] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   54.492951][  T404] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   54.501392][  T404] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   54.522423][  T404] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   54.530804][  T404] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   54.539079][  T404] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   54.547863][  T404] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   54.558215][  T404] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   54.566369][  T404] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   54.575007][  T404] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   54.582602][  T404] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   54.591141][ T1907] device veth0_vlan entered promiscuous mode
[   54.602628][  T404] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   54.610939][  T404] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   54.620170][ T1907] device veth1_macvtap entered promiscuous mode
[   54.629771][  T404] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   54.637538][  T404] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   54.641852][  T338] hid-led 0003:27B8:01ED.0005: unbalanced collection at end of report description
[   54.646763][  T404] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   54.660381][  T338] hid-led: probe of 0003:27B8:01ED.0005 failed with error -22
[   54.675213][  T404] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   54.683562][  T404] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   54.871699][  T338] usb 1-1: USB disconnect, device number 4
[   55.285905][    T8] device bridge_slave_1 left promiscuous mode
[   55.292267][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.299851][    T8] device bridge_slave_0 left promiscuous mode
[   55.306185][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.314511][    T8] device veth1_macvtap left promiscuous mode
[   55.320733][    T8] device veth0_vlan left promiscuous mode
[   55.607587][ T1921] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.614934][ T1921] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.624105][ T1921] device bridge_slave_0 entered promiscuous mode
[   55.630670][  T300] cdc_ncm 8-1:1.0: MAC-Address: 42:42:42:42:42:42
[   55.637143][  T300] cdc_ncm 8-1:1.0: setting rx_max = 16384
[   55.647557][ T1921] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.655143][ T1921] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.663482][ T1921] device bridge_slave_1 entered promiscuous mode
[   55.742958][ T1921] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.750013][ T1921] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.757341][ T1921] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.764390][ T1921] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.786283][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   55.794074][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.801829][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.812821][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   55.821287][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.828353][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.838276][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   55.846696][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.853921][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.869024][  T300] cdc_ncm 8-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.7-1, CDC NCM, 42:42:42:42:42:42
[   55.880626][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   55.888614][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   55.900211][  T300] usb 8-1: USB disconnect, device number 5
[   55.906344][  T300] cdc_ncm 8-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.7-1, CDC NCM
[   55.907323][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   55.928984][ T1921] device veth0_vlan entered promiscuous mode
[   55.939374][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   55.947566][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   55.955273][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   55.968114][ T1921] device veth1_macvtap entered promiscuous mode
[   55.975397][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   55.990200][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   55.998688][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   56.491650][    T8] device bridge_slave_1 left promiscuous mode
[   56.497777][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.505347][    T8] device bridge_slave_0 left promiscuous mode
[   56.511759][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.519653][    T8] device veth1_macvtap left promiscuous mode
[   56.525900][    T8] device veth0_vlan left promiscuous mode
[   57.221807][ T1964] netlink: 4 bytes leftover after parsing attributes in process `syz.9.674'.
[   57.246843][ T1964] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.265118][ T1964] device bridge_slave_1 left promiscuous mode
[   57.271686][ T1964] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.374699][ T1962] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.391950][ T1962] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.399533][ T1962] device bridge_slave_0 entered promiscuous mode
[   57.407272][ T1962] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.415183][ T1962] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.422981][ T1962] device bridge_slave_1 entered promiscuous mode
[   57.499578][   T30] kauditd_printk_skb: 35 callbacks suppressed
[   57.499601][   T30] audit: type=1326 audit(2000065785.155:1551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1985 comm="syz.0.683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87b5da6969 code=0x7ffc0000
[   57.540528][ T1986] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check.
[   57.576266][   T30] audit: type=1326 audit(2000065785.215:1552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1985 comm="syz.0.683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f87b5da6969 code=0x7ffc0000
[   57.606583][   T30] audit: type=1326 audit(2000065785.225:1553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1985 comm="syz.0.683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87b5da6969 code=0x7ffc0000
[   57.632859][   T30] audit: type=1326 audit(2000065785.225:1554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1985 comm="syz.0.683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87b5da6969 code=0x7ffc0000
[   57.680480][ T1997] syz.9.687[1997] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   57.680560][ T1997] syz.9.687[1997] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   57.689484][   T30] audit: type=1326 audit(2000065785.225:1555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1985 comm="syz.0.683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f87b5da6969 code=0x7ffc0000
[   57.762151][  T404] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   57.765484][   T30] audit: type=1326 audit(2000065785.225:1556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1985 comm="syz.0.683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87b5da6969 code=0x7ffc0000
[   57.775846][  T404] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   57.800399][    C1] ==================================================================
[   57.808476][    C1] BUG: KASAN: use-after-free in cpu_map_generic_redirect+0x171/0x670
[   57.816709][    C1] Read of size 8 at addr ffff888115822518 by task kworker/1:3/299
[   57.824525][    C1] 
[   57.826885][    C1] CPU: 1 PID: 299 Comm: kworker/1:3 Not tainted 5.15.180-syzkaller-00024-g88c4075c39ed #0
[   57.836868][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   57.846938][    C1] Workqueue: wg-crypt-wg0 wg_packet_tx_worker
[   57.853039][    C1] Call Trace:
[   57.856309][    C1]  <IRQ>
[   57.859156][    C1]  __dump_stack+0x21/0x30
[   57.863485][    C1]  dump_stack_lvl+0xee/0x150
[   57.868071][    C1]  ? show_regs_print_info+0x20/0x20
[   57.873266][    C1]  ? load_image+0x3a0/0x3a0
[   57.877763][    C1]  print_address_description+0x7f/0x2c0
[   57.883306][    C1]  ? cpu_map_generic_redirect+0x171/0x670
[   57.889042][    C1]  kasan_report+0xf1/0x140
[   57.893452][    C1]  ? ____kasan_slab_free+0x130/0x160
[   57.898729][    C1]  ? cpu_map_generic_redirect+0x171/0x670
[   57.904444][    C1]  __asan_report_load8_noabort+0x14/0x20
[   57.910077][    C1]  cpu_map_generic_redirect+0x171/0x670
[   57.915649][    C1]  ? cpu_map_enqueue+0x370/0x370
[   57.920608][    C1]  xdp_do_generic_redirect+0x3be/0xa80
[   57.926063][    C1]  do_xdp_generic+0x516/0x7a0
[   57.930736][    C1]  ? call_timer_fn+0x38/0x290
[   57.935422][    C1]  ? __run_timers+0x667/0x9a0
[   57.940101][    C1]  ? run_timer_softirq+0x6a/0xf0
[   57.945036][    C1]  ? generic_xdp_tx+0x470/0x470
[   57.949880][    C1]  ? schedule_timeout+0x12c/0x2e0
[   57.954901][    C1]  ? migrate_disable+0xd6/0x180
[   57.959748][    C1]  __netif_receive_skb_core+0x12ac/0x2f10
[   57.965466][    C1]  ? set_rps_cpu+0x5d0/0x5d0
[   57.970049][    C1]  ? wake_up_process+0x10/0x20
[   57.974810][    C1]  ? insert_work+0x287/0x310
[   57.979410][    C1]  ? __kasan_check_write+0x14/0x20
[   57.984518][    C1]  ? _raw_spin_lock+0x8e/0xe0
[   57.989193][    C1]  __netif_receive_skb+0x72/0x280
[   57.994228][    C1]  process_backlog+0x368/0x600
[   57.999006][    C1]  __napi_poll+0xbe/0x590
[   58.003329][    C1]  net_rx_action+0x371/0x8e0
[   58.007921][    C1]  ? net_tx_action+0x520/0x520
[   58.012677][    C1]  ? sched_clock_cpu+0x18/0x3c0
[   58.017524][    C1]  ? irqtime_account_irq+0x76/0x390
[   58.022735][    C1]  handle_softirqs+0x250/0x560
[   58.027498][    C1]  __do_softirq+0xb/0xd
[   58.031650][    C1]  do_softirq+0xc6/0x120
[   58.035900][    C1]  </IRQ>
[   58.038827][    C1]  <TASK>
[   58.041750][    C1]  ? __local_bh_enable_ip+0x80/0x80
[   58.046952][    C1]  __local_bh_enable_ip+0x75/0x80
[   58.051973][    C1]  _raw_read_unlock_bh+0x29/0x30
[   58.056905][    C1]  wg_socket_send_skb_to_peer+0x172/0x1d0
[   58.062628][    C1]  wg_packet_tx_worker+0x1bf/0x480
[   58.067735][    C1]  process_one_work+0x6be/0xba0
[   58.072682][    C1]  worker_thread+0xa59/0x1200
[   58.077467][    C1]  ? _raw_spin_lock_irqsave+0xb0/0x110
[   58.082926][    C1]  kthread+0x411/0x500
[   58.086988][    C1]  ? worker_clr_flags+0x190/0x190
[   58.097041][    C1]  ? kthread_blkcg+0xd0/0xd0
[   58.101629][    C1]  ret_from_fork+0x1f/0x30
[   58.106153][    C1]  </TASK>
[   58.109173][    C1] 
[   58.111493][    C1] Allocated by task 1052:
[   58.115808][    C1]  __kasan_kmalloc+0xda/0x110
[   58.120477][    C1]  kmem_cache_alloc_trace+0x119/0x270
[   58.125845][    C1]  kset_create_and_add+0x59/0x2b0
[   58.130868][    C1]  netdev_register_kobject+0x1a5/0x320
[   58.136352][    C1]  register_netdevice+0xdfa/0x13a0
[   58.141460][    C1]  veth_newlink+0x668/0xda0
[   58.145956][    C1]  rtnl_newlink+0x112d/0x17b0
[   58.150637][    C1]  rtnetlink_rcv_msg+0x9e4/0xb90
[   58.155585][    C1]  netlink_rcv_skb+0x1e0/0x430
[   58.160392][    C1]  rtnetlink_rcv+0x1c/0x20
[   58.164802][    C1]  netlink_unicast+0x87c/0xa40
[   58.169560][    C1]  netlink_sendmsg+0x86a/0xb70
[   58.174321][    C1]  __sys_sendto+0x423/0x580
[   58.178821][    C1]  __x64_sys_sendto+0xe5/0x100
[   58.183664][    C1]  x64_sys_call+0x178/0x9a0
[   58.188180][    C1]  do_syscall_64+0x4c/0xa0
[   58.192588][    C1]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   58.198477][    C1] 
[   58.200792][    C1] Freed by task 8:
[   58.204501][    C1]  kasan_set_track+0x4a/0x70
[   58.209104][    C1]  kasan_set_free_info+0x23/0x40
[   58.214039][    C1]  ____kasan_slab_free+0x125/0x160
[   58.219148][    C1]  __kasan_slab_free+0x11/0x20
[   58.223917][    C1]  slab_free_freelist_hook+0xc2/0x190
[   58.229305][    C1]  kfree+0xc4/0x270
[   58.233211][    C1]  kset_release+0x19/0x20
[   58.237543][    C1]  kobject_put+0x18a/0x270
[   58.241963][    C1]  kset_unregister+0x5b/0x70
[   58.246550][    C1]  netdev_unregister_kobject+0x170/0x250
[   58.252185][    C1]  unregister_netdevice_many+0x1486/0x1990
[   58.257990][    C1]  default_device_exit_batch+0x330/0x390
[   58.263617][    C1]  cleanup_net+0x602/0xad0
[   58.268036][    C1]  process_one_work+0x6be/0xba0
[   58.272884][    C1]  worker_thread+0xa59/0x1200
[   58.277560][    C1]  kthread+0x411/0x500
[   58.281628][    C1]  ret_from_fork+0x1f/0x30
[   58.286039][    C1] 
[   58.288362][    C1] Last potentially related work creation:
[   58.294067][    C1]  kasan_save_stack+0x3a/0x60
[   58.298836][    C1]  __kasan_record_aux_stack+0xd2/0x100
[   58.304291][    C1]  kasan_record_aux_stack_noalloc+0xb/0x10
[   58.310098][    C1]  insert_work+0x51/0x310
[   58.314586][    C1]  __queue_work+0x8e5/0xc60
[   58.319083][    C1]  queue_work_on+0xd2/0x140
[   58.323580][    C1]  cpu_map_free+0x1d1/0x2a0
[   58.328076][    C1]  bpf_map_free_deferred+0x10e/0x1e0
[   58.333353][    C1]  process_one_work+0x6be/0xba0
[   58.338199][    C1]  worker_thread+0xa59/0x1200
[   58.342873][    C1]  kthread+0x411/0x500
[   58.347023][    C1]  ret_from_fork+0x1f/0x30
[   58.351434][    C1] 
[   58.353751][    C1] Second to last potentially related work creation:
[   58.360321][    C1]  kasan_save_stack+0x3a/0x60
[   58.365579][    C1]  __kasan_record_aux_stack+0xd2/0x100
[   58.371065][    C1]  kasan_record_aux_stack_noalloc+0xb/0x10
[   58.376876][    C1]  call_rcu+0xf6/0xf60
[   58.381028][    C1]  cpu_map_free+0x104/0x2a0
[   58.385528][    C1]  bpf_map_free_deferred+0x10e/0x1e0
[   58.390808][    C1]  process_one_work+0x6be/0xba0
[   58.395652][    C1]  worker_thread+0xa59/0x1200
[   58.400324][    C1]  kthread+0x411/0x500
[   58.404383][    C1]  ret_from_fork+0x1f/0x30
[   58.408798][    C1] 
[   58.411123][    C1] The buggy address belongs to the object at ffff888115822500
[   58.411123][    C1]  which belongs to the cache kmalloc-192 of size 192
[   58.425260][    C1] The buggy address is located 24 bytes inside of
[   58.425260][    C1]  192-byte region [ffff888115822500, ffff8881158225c0)
[   58.438444][    C1] The buggy address belongs to the page:
[   58.444086][    C1] page:ffffea0004560880 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x115822
[   58.454384][    C1] flags: 0x4000000000000200(slab|zone=1)
[   58.460024][    C1] raw: 4000000000000200 0000000000000000 0000000200000001 ffff888100042c00
[   58.468602][    C1] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[   58.477193][    C1] page dumped because: kasan: bad access detected
[   58.483687][    C1] page_owner tracks the page as allocated
[   58.489386][    C1] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 114, ts 5455482919, free_ts 0
[   58.504553][    C1]  post_alloc_hook+0x192/0x1b0
[   58.509357][    C1]  prep_new_page+0x1c/0x110
[   58.513853][    C1]  get_page_from_freelist+0x2cc5/0x2d50
[   58.519510][    C1]  __alloc_pages+0x18f/0x440
[   58.524185][    C1]  new_slab+0xa1/0x4d0
[   58.528254][    C1]  ___slab_alloc+0x381/0x810
[   58.532836][    C1]  __slab_alloc+0x49/0x90
[   58.537249][    C1]  kmem_cache_alloc_trace+0x146/0x270
[   58.542619][    C1]  kernfs_fop_open+0x343/0xb30
[   58.547380][    C1]  do_dentry_open+0x834/0x1010
[   58.552140][    C1]  vfs_open+0x73/0x80
[   58.556124][    C1]  path_openat+0x2646/0x2f10
[   58.560741][    C1]  do_filp_open+0x1b3/0x3e0
[   58.565246][    C1]  do_sys_openat2+0x14c/0x7b0
[   58.570040][    C1]  __x64_sys_openat+0x136/0x160
[   58.574892][    C1]  x64_sys_call+0x219/0x9a0
[   58.579394][    C1] page_owner free stack trace missing
[   58.584752][    C1] 
[   58.587068][    C1] Memory state around the buggy address:
[   58.592688][    C1]  ffff888115822400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   58.600751][    C1]  ffff888115822480: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   58.608804][    C1] >ffff888115822500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   58.616857][    C1]                             ^
[   58.621706][    C1]  ffff888115822580: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   58.629768][    C1]  ffff888115822600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   58.637823][    C1] ==================================================================
[   58.645874][    C1] Disabling lock debugging due to kernel taint
[   58.652229][    C1] BUG: unable to handle page fault for address: ffffffff85942064
[   58.659961][    C1] #PF: supervisor write access in kernel mode
[   58.666032][    C1] #PF: error_code(0x0003) - permissions violation
[   58.672464][    C1] PGD 6612067 P4D 6612067 PUD 6613063 PMD 80000000058001e1 
[   58.679799][    C1] Oops: 0003 [#1] PREEMPT SMP KASAN
[   58.685028][    C1] CPU: 1 PID: 299 Comm: kworker/1:3 Tainted: G    B             5.15.180-syzkaller-00024-g88c4075c39ed #0
[   58.696362][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   58.706429][    C1] Workqueue: wg-crypt-wg0 wg_packet_tx_worker
[   58.712525][    C1] RIP: 0010:_raw_spin_lock+0x97/0xe0
[   58.717824][    C1] Code: 44 24 20 00 00 00 00 48 89 df be 04 00 00 00 e8 0f 0e 02 fd 4c 89 f7 be 04 00 00 00 e8 02 0e 02 fd 8b 44 24 20 b9 01 00 00 00 <f0> 0f b1 0b 75 2d 48 c7 04 24 0e 36 e0 45 4b c7 04 27 00 00 00 00
[   58.737529][    C1] RSP: 0018:ffffc900001d0800 EFLAGS: 00010297
[   58.743609][    C1] RAX: 0000000000000000 RBX: ffffffff85942064 RCX: 0000000000000001
[   58.751700][    C1] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffc900001d0820
[   58.759674][    C1] RBP: ffffc900001d0890 R08: 0000000000000004 R09: 0000000000000003
[   58.767638][    C1] R10: fffff5200003a104 R11: 1ffff9200003a104 R12: dffffc0000000000
[   58.775607][    C1] R13: dffffc0000000000 R14: ffffc900001d0820 R15: 1ffff9200003a100
[   58.783574][    C1] FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[   58.792502][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   58.799267][    C1] CR2: ffffffff85942064 CR3: 000000000660f000 CR4: 00000000003526a0
[   58.807272][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   58.815238][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   58.823214][    C1] Call Trace:
[   58.826492][    C1]  <IRQ>
[   58.829332][    C1]  ? _raw_spin_trylock_bh+0x130/0x130
[   58.834883][    C1]  cpu_map_generic_redirect+0x18a/0x670
[   58.840430][    C1]  ? cpu_map_enqueue+0x370/0x370
[   58.845369][    C1]  xdp_do_generic_redirect+0x3be/0xa80
[   58.850834][    C1]  do_xdp_generic+0x516/0x7a0
[   58.855505][    C1]  ? call_timer_fn+0x38/0x290
[   58.860376][    C1]  ? __run_timers+0x667/0x9a0
[   58.865068][    C1]  ? run_timer_softirq+0x6a/0xf0
[   58.870002][    C1]  ? generic_xdp_tx+0x470/0x470
[   58.874853][    C1]  ? schedule_timeout+0x12c/0x2e0
[   58.879876][    C1]  ? migrate_disable+0xd6/0x180
[   58.884727][    C1]  __netif_receive_skb_core+0x12ac/0x2f10
[   58.890445][    C1]  ? set_rps_cpu+0x5d0/0x5d0
[   58.895026][    C1]  ? wake_up_process+0x10/0x20
[   58.899784][    C1]  ? insert_work+0x287/0x310
[   58.904375][    C1]  ? __kasan_check_write+0x14/0x20
[   58.909583][    C1]  ? _raw_spin_lock+0x8e/0xe0
[   58.914262][    C1]  __netif_receive_skb+0x72/0x280
[   58.919310][    C1]  process_backlog+0x368/0x600
[   58.924157][    C1]  __napi_poll+0xbe/0x590
[   58.928478][    C1]  net_rx_action+0x371/0x8e0
[   58.933063][    C1]  ? net_tx_action+0x520/0x520
[   58.937821][    C1]  ? sched_clock_cpu+0x18/0x3c0
[   58.942666][    C1]  ? irqtime_account_irq+0x76/0x390
[   58.947863][    C1]  handle_softirqs+0x250/0x560
[   58.952647][    C1]  __do_softirq+0xb/0xd
[   58.956801][    C1]  do_softirq+0xc6/0x120
[   58.961038][    C1]  </IRQ>
[   58.964047][    C1]  <TASK>
[   58.966967][    C1]  ? __local_bh_enable_ip+0x80/0x80
[   58.972164][    C1]  __local_bh_enable_ip+0x75/0x80
[   58.977195][    C1]  _raw_read_unlock_bh+0x29/0x30
[   58.982133][    C1]  wg_socket_send_skb_to_peer+0x172/0x1d0
[   58.987852][    C1]  wg_packet_tx_worker+0x1bf/0x480
[   58.992959][    C1]  process_one_work+0x6be/0xba0
[   58.997812][    C1]  worker_thread+0xa59/0x1200
[   59.002497][    C1]  ? _raw_spin_lock_irqsave+0xb0/0x110
[   59.007964][    C1]  kthread+0x411/0x500
[   59.012027][    C1]  ? worker_clr_flags+0x190/0x190
[   59.017050][    C1]  ? kthread_blkcg+0xd0/0xd0
[   59.021641][    C1]  ret_from_fork+0x1f/0x30
[   59.026056][    C1]  </TASK>
[   59.029078][    C1] Modules linked in:
[   59.032997][    C1] CR2: ffffffff85942064
[   59.037155][    C1] ---[ end trace d297fde082063323 ]---
[   59.042614][    C1] RIP: 0010:_raw_spin_lock+0x97/0xe0
[   59.047916][    C1] Code: 44 24 20 00 00 00 00 48 89 df be 04 00 00 00 e8 0f 0e 02 fd 4c 89 f7 be 04 00 00 00 e8 02 0e 02 fd 8b 44 24 20 b9 01 00 00 00 <f0> 0f b1 0b 75 2d 48 c7 04 24 0e 36 e0 45 4b c7 04 27 00 00 00 00
[   59.067636][    C1] RSP: 0018:ffffc900001d0800 EFLAGS: 00010297
[   59.073714][    C1] RAX: 0000000000000000 RBX: ffffffff85942064 RCX: 0000000000000001
[   59.081683][    C1] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffc900001d0820
[   59.089650][    C1] RBP: ffffc900001d0890 R08: 0000000000000004 R09: 0000000000000003
[   59.097619][    C1] R10: fffff5200003a104 R11: 1ffff9200003a104 R12: dffffc0000000000
[   59.105588][    C1] R13: dffffc0000000000 R14: ffffc900001d0820 R15: 1ffff9200003a100
[   59.113556][    C1] FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[   59.122504][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   59.129118][    C1] CR2: ffffffff85942064 CR3: 000000000660f000 CR4: 00000000003526a0
[   59.137097][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   59.145073][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   59.153047][    C1] Kernel panic - not syncing: Fatal exception in interrupt
[   59.160459][    C1] Kernel Offset: disabled
[   59.164783][    C1] Rebooting in 86400 seconds..