last executing test programs: 1.472976114s ago: executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000004c0)={'wlan0\x00', 0x0}) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="090d0000000000f0ff000700000008000300", @ANYRES32=r8, @ANYBLOB="0800051d000000001400060076657468115f746f5f7465616d0000000400cc0008000500040000001400040073"], 0x58}}, 0x0) sendmsg$NL80211_CMD_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x2c, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8}]}, 0x4a}}, 0x0) sendfile(r2, r1, 0x0, 0x100004001) 1.277450065s ago: executing program 1: mlockall(0x3) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) r0 = socket(0x11, 0x2, 0x0) ioctl$sock_inet_SIOCRTMSG(r0, 0x8942, &(0x7f0000000200)={0x0, {0x2, 0x0, @multicast2}, {0x2, 0x0, @loopback}, {0x2, 0x0, @dev}}) 1.106129443s ago: executing program 4: bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x9, 0x4, 0x7fe2, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r0, &(0x7f0000000340), &(0x7f0000000080)=@tcp6}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='qdisc_destroy\x00', r1}, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @broadcast}) close(r2) 1.042572533s ago: executing program 0: socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000004000850000008200000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='block_plug\x00', r3}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r4, &(0x7f0000000200), 0x43400) 975.788084ms ago: executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000100)={'ipvlan0\x00', 0x2}) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x3938700}, {0x0, 0x9}}, 0x0) preadv2(r0, 0x0, 0x0, 0x0, 0x0, 0x0) close(r0) rt_sigreturn() pipe2$watch_queue(&(0x7f0000000080), 0xb82e336200000000) read(0xffffffffffffffff, 0x0, 0x0) 748.86378ms ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x7, 0x11000, 0x5}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000007c0)={{r0}, 0x0, &(0x7f0000000780)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000280)='sys_enter\x00', r1}, 0x10) personality(0x0) 698.656428ms ago: executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000001c40)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc6751dfb265a0e3ccae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af9cc9e5ef6bda9df2c3af36effff9af2551ce935b0f327cb3f011a2fd52347125907000000000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7511d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df262ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71d20fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada12f7a1525320e716660000000000b02b001500a710eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d3294000000000000000000000000000000000000000000000000000000000000000000000000c52f4ebd2c893bb97a068bd10738d3c9f7a98eccb26f7e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18a904c0e585a66c3b84b138efc20a546d3d5227e23b03f2a834391ad24fe977076ce7d9b20cf92cb151763d41f5c76e2ff3e93ee296c4082ee73e7e197253a2b66c353312c9d75711ce1623e9c54bdff59d1a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1c77a211bfa02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc084275ad10727522934a87a4ddcdb112754ca5bdec0ead14b6c0f19a4b126bbe0c2b8c9ff68236c8600000000000000000000000066e034c81c3cab4e33fc8dc55ce0ada18dcb1a47a87baf63e4edf11c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f2243471221c158ae8f44bfbfa7c2730302b66a99f66705b71e6205e7cbf36435e1eabb9a63fcd604d5cc27e1317add4cf438d7187a2fe4e06fa6cbf84ef1efa82cb2c4af6bd1370616cdbe2b98fd89b79824ba089df1f81e6fcef073059f5f1d6a221d791839d7826ed1759c2153532c393fd1bd7be2e7f5abf2f0800000000ea46c07adee10d0f2bc85cf37182256e4fd8f56942726efc07180eaa5421d697665c8bacd39cdb392e6153af80bc1a69e3bfab032e78c9a96eab13be845a0d44ef2a4ab414ac2e4802a3b5d3aa2a4a4fc259206d97d0cc1602d6b45ff414c53fc9f5f68438f0423e168a97923ca0464b40b2f797841fb2bb2e5ad9feff37220ab7c34f4c382c247e7735adb55c209f7c0f8880733dbd3f5a095cc6a2"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x1, 0xbf22}, 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000280), &(0x7f0000000380), 0xffffd6c0}, 0x38) 684.06628ms ago: executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x1, 0x4, 0x7fe2, 0x1}, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) chmod(&(0x7f00000001c0)='./file0\x00', 0x0) 659.641424ms ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000700)={{r0}, &(0x7f0000000680), &(0x7f0000000980)='%+9llu \x00'}, 0x20) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) bind$packet(r2, &(0x7f0000000100)={0x11, 0x4, r3}, 0x14) syz_emit_ethernet(0x1e, &(0x7f0000000380)=ANY=[@ANYBLOB="01"], 0x0) 642.771497ms ago: executing program 4: r0 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0) fstat(r0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x1000801, &(0x7f0000000380)=ANY=[@ANYRES32=r2, @ANYRESOCT=r2, @ANYRES32, @ANYRES16=r1, @ANYRESHEX=r0, @ANYRESOCT, @ANYRES8, @ANYRES8=r0], 0x2, 0x1dd, &(0x7f0000000840)="$eJzsmbGLE0EUxr+Z3cuehwg2FjYWHniit9ndqBxCigiWgpAIWgazhugmkWSFJCAYbGwsLQRb/wELi1QWdna2WqggWJjSThiZ2XF3zCYxQYTAvR9k9puZN/NmXpKvSEAQxKHly+cfn55eOaidB3AUu3D0+Dcri+FG/MfnD849K1998erDy7edYw8ns/sxAEKsnl/Gv6lYiHVfiD9X7+pnDTzVN8BxVmsHDG4ifwqRrQ7BcEvH3DV094gWUeje7kaNO60o9GTjyyaQTcnMbwOYjhkaALb1+Zgx3x+O7tWjKOzNii3xO09ual2xrH7qfBWOslE/+X7dfPJ4LPu6NvCM+vng8LUugaGq9QEcuK6blcS4/0k7299a5f6bII7vb8QxSKwu8Oj/52KzI/ILnY6cmE7e5Vd93ZD6/E1cRn5KGReAXPD7nSi69g9JC9oE5sZk/sRs4IzhTzbs1D+Kcft+sT8c7bfa9WbYDDtBULrkXfC8i0FRGVHSLvG/beVPO8b+WwtiC6yAQT2Oe/4AiHt+2g+S1nDc6uvud7WGK//j2Dud7CE/KurazvwcTL+4ekq1Zy08PEEQBEEQBEEQBEEQBEEQxFqcAkPyT5hg+gfReQTXVfSvAAAA//8ybG48") open(&(0x7f0000000100)='.\x00', 0x0, 0x0) fstat(0xffffffffffffffff, &(0x7f0000000040)) 640.151977ms ago: executing program 3: bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7020000140000fbb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r0}, 0x10) fgetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0) 606.646133ms ago: executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000004c0)={'wlan0\x00', 0x0}) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="090d0000000000f0ff000700000008000300", @ANYRES32=r8, @ANYBLOB="0800051d000000001400060076657468115f746f5f7465616d0000000400cc0008000500040000001400040073"], 0x58}}, 0x0) sendmsg$NL80211_CMD_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x2c, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8}]}, 0x4a}}, 0x0) sendfile(r2, r1, 0x0, 0x100004001) 555.678671ms ago: executing program 4: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="6c617a7974696d652c6e6f696e6c696e655f78617474722c6c617a7974696d652c6e6f62617272696572000000006976655f6c6f67733d342c757365725f786174747200000000653d6c66732c616c6c6f63df6d6f64653d64656661756c742c00be9ee044c45511e65887f6fac9eba6d787c3684a9e835ab286bb5980836f23dbf8ad3dd5931c08b46ea5952a332ad207000c98a2affa2dad4d623f9ff3ffa81e45095548ab6200f069d0f63d20fd71d3043b0dd5c4cf9785f3f531abc19bc1678f5e0b33206bd1049ca45fd8500d67a5aa6e1c23d9bb55bb77bcadfdf75143289938f8d282688c10f0ffcefa57ff27c893414af5266072d92b4513d8d2a3d941", @ANYRES64], 0x1, 0x54f6, &(0x7f0000001f80)="$eJzs3M1rI2UcB/Bf2u2+uxbx4G0HFqGFTdh0X9Bb1V18wS7Fl4MnTZM0ZDfJlCZNa08ePIoH/xNR8OTRv8GDZ2/iQfEmKJlnKltfQGm2sdvPB6bfmSeT3/yeUFqeSUgAp9Zi9stPlbgSFyJiPiIuRxT7lXIrrKZ4LiKuRsTcI1ulHP9j4GxEXIyIK5PiqWalfOiz6+Nrt3984+evvz135tLnX303u1kDs/Z8RPS30v5uP2XeSfmgHG+Mu0X2b43LTA/0H5bHecrd9kZRYbdxcF6jyJuddH6+tTOc5Gav0Zxkp7tZjG8N0gWH485BneIJDxrbxXGrvVFkd5gX2dlPfe3tp79t+8NRqtMq631YlI/R6CDTeHuvneaz9bDI5mBUjqe6eau9N8lxmeXlopn3WkUfG0d5pf/f3uwOdvaycXt72M0H2e1a/YVa/U61vp232qP2rWqj37pzK1vq9CanVUftRn+1k+edXrvWzPvL2VKn2azW69nS3fZGtzHI6vXazdqN6u3lcu969ur9d7NeK1ua5Mvdwc6o2xtmm/l2lp6xnK3Ubr64nF2rZ2+vrWfrb927t7b+zvt337v/0trrr5Qn/aWtbGnlxspKtX6julJfPrnzn/yv/0/z/7hseorzhyOpzLoBgJPH+h+YhZO+/g/r/6mw/j/d84cjsf4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADi1vl/44rViZzEdXyrHnyqHnimPKxExFxG//Y35OHuo5nxZZ+Efzl/4Uw/fVKKoMLnGuXK7GBGr5fbr04/7VQAAAIAn15cfXf00rdbTj8VZN8RxSjdt5i5/MKV6lYhYWPxhClWivNkUzx69q2Ty+30m9qZUrbiBdX5KxdIttzPTqvavzB+K849EJcXcsbYDAAAci8MrgeNdhQAAAHCcPpl1A8xG8U5r+Vn88gP851KUbwheOHQEAAAAnECVWTcAAAAAPHbF+t/3/wEAAMCTLX3/HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDv7NxPTupQFAfg00Lf4/0xEuPcrTiDZbgEhw4NC3ATLAG34AZYA85cggFDW6I1mJj0to3k+5L2chvy45QwOfeSAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQpediNX+8v3pom7PdtZPmbgAAAIBjNsVqXr6YVvN/9fWz+tJFPc8iIo+IY737KH41Mkd1TvHF+4tPNTxFlAn7z/hdH38j4ro+Xs+7/hYAAADgdK0Xy1nVrVen6dAF0adq0Sb/f5MoL4uIYvqSKC3fny4ThZW/73HcJUorF7AmicKqJbdxqrRvGTWGyYchq4a813IAAIBeNDuBfrsQAAAA+nQ7dAEMI4vDVuZhL7j85/37huCfxgwAAAD4gbKhCwAAAAA6V/b/nv8HAAAAp616/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABd2hSr+XqxnLXN2e7aSXM3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAb+zPOwqEQBiEwd71ncnc/7DSoKmpSRUIH39jMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG9+95f/E1PjTDL32lh6HknWTo2tU2Pv3Dj6w/j6NQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwsT8vKRACQRAFc8b/Tvr+h5UEPYMIEdDwqKIWDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAF/3ul/8TU+NMMnfaWDoeSdauGltXjb0HjaMH4+3fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwsXP/vnFTcQDAn+3zlRYQR0A3BCGQGGCh12tp6coAihj4E5Ci9FoCV360GWhVIWVhQ5m7IBgRQgKFrf9D51bqUrYONxSJiQFkn528HpE4iGJfks9Hen5fW5bf9zlRlK+f7wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDa5J3dOCs2vWmcVsfuPb61VvT3Z/rCna0Hy0Ur4qTJpA+Hl+OdpN9eIgAAABwfWV3fhxAe5tsrRZ/2yvo/r88pav7vnp3GdT0/W/fXfV37F+3XXx69uDNQbzpOcdHL6+PRmX+m0jm4WS625/71jE5558tnL1n5A0nf33xhkpf3M/nm7t13u2V4oolsAYD/43TdV0H9/1DRD9tMDIBjoxMV3nX9n/XazQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgCd3N8HQdJyGE5c5uXLj/+NZa2c/s39l6sFy3C7dvb8XXLC6RhxAur49HZ5qayCFw/cbNT1bH49G15oNXQgjtjV4FH85xTghtZijYb5BWv+uLks/hCFr+wwQAwJGTV62o6x/m2yvFsWQphL++f7L+fz2KQ1z/z/Rx/f/oowv34rHi+n/Y2AwX32Dj6ueD6zduvrl+dfXK6Mro07fODt8enrt4/vzFQfmsZOCJCQAAAPvTrVpc/6dLIUxm1v9PRXGYs/7/4tvhV/FYmfp/T7uLfm1nAgAAcLw9/+ofvyd7HE+63fDl6sbGteF0u7N/drptIdX/7ETV4vo/W2o7KwAAAKAJk83kifX/S1Ec5lz/f+aHl36Kr5mFEE5W6/+n1z4bX2puOi35c66zmvg48YFPFQAAgIV2smrx+n9evv+f7rzykIYQ3nhtGldfAzhX/Z+99/WP8Vjx+//nmpviQkr70/tR9v0QOv22MwIAAOAoe6pqRbH/W7698vHPpz7oev8fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoGl/BwAA//+S5D5T") mkdir(&(0x7f0000000100)='./file0\x00', 0x0) lsetxattr$system_posix_acl(&(0x7f0000000400)='.\x00', &(0x7f0000000440)='system.posix_acl_default\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000010000000000000002000000", @ANYRES32=0xee01, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0x0, @ANYBLOB="040000000000800008000000", @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="100000000000000020"], 0x5c, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./bus\x00', 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) fchmodat(r0, &(0x7f00000000c0)='./bus\x00', 0x2) 252.19117ms ago: executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000700)={{r0}, &(0x7f0000000680), &(0x7f0000000980)='%+9llu \x00'}, 0x20) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) bind$packet(r2, &(0x7f0000000100)={0x11, 0x4, r3}, 0x14) syz_emit_ethernet(0x1e, &(0x7f0000000380)=ANY=[@ANYBLOB="01"], 0x0) 222.405704ms ago: executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x1, 0x4, 0x7fe2, 0x1}, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) chmod(&(0x7f00000001c0)='./file0\x00', 0x0) 212.738976ms ago: executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x5, 0x2, 0x1000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x17, 0x0, 0x1f5c, 0x6}, 0x48) bpf$MAP_LOOKUP_ELEM(0x3, &(0x7f0000000140)={r2, 0x0, 0x0}, 0x20) 207.656747ms ago: executing program 2: r0 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0) fstat(r0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x1000801, &(0x7f0000000380)=ANY=[@ANYRES32=r2, @ANYRESOCT=r2, @ANYRES32, @ANYRES16=r1, @ANYRESHEX=r0, @ANYRESOCT, @ANYRES8, @ANYRES8=r0], 0x2, 0x1dd, &(0x7f0000000840)="$eJzsmbGLE0EUxr+Z3cuehwg2FjYWHniit9ndqBxCigiWgpAIWgazhugmkWSFJCAYbGwsLQRb/wELi1QWdna2WqggWJjSThiZ2XF3zCYxQYTAvR9k9puZN/NmXpKvSEAQxKHly+cfn55eOaidB3AUu3D0+Dcri+FG/MfnD849K1998erDy7edYw8ns/sxAEKsnl/Gv6lYiHVfiD9X7+pnDTzVN8BxVmsHDG4ifwqRrQ7BcEvH3DV094gWUeje7kaNO60o9GTjyyaQTcnMbwOYjhkaALb1+Zgx3x+O7tWjKOzNii3xO09ual2xrH7qfBWOslE/+X7dfPJ4LPu6NvCM+vng8LUugaGq9QEcuK6blcS4/0k7299a5f6bII7vb8QxSKwu8Oj/52KzI/ILnY6cmE7e5Vd93ZD6/E1cRn5KGReAXPD7nSi69g9JC9oE5sZk/sRs4IzhTzbs1D+Kcft+sT8c7bfa9WbYDDtBULrkXfC8i0FRGVHSLvG/beVPO8b+WwtiC6yAQT2Oe/4AiHt+2g+S1nDc6uvud7WGK//j2Dud7CE/KurazvwcTL+4ekq1Zy08PEEQBEEQBEEQBEEQBEEQxFqcAkPyT5hg+gfReQTXVfSvAAAA//8ybG48") open(&(0x7f0000000100)='.\x00', 0x0, 0x0) fstat(0xffffffffffffffff, &(0x7f0000000040)) 182.837151ms ago: executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bf"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10) syz_open_procfs(0x0, &(0x7f0000000000)='net/vlan/vlan0\x00') syz_open_procfs(0x0, &(0x7f00000001c0)='net/vlan/vlan0\x00') socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r1, 0x8982, &(0x7f0000002800)={0x1, 'vlan0\x00'}) 169.427033ms ago: executing program 1: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000002680)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000008da4b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000200)='sys_enter\x00', r0}, 0x10) futimesat(0xffffffffffffffff, 0x0, 0x0) 157.235275ms ago: executing program 3: socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="e400000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, &(0x7f0000000f40)=""/4089, 0x3e, 0xff9}, 0x20) syz_emit_ethernet(0x4a, &(0x7f0000000580)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd600a96460014060000000000000000000000000000000000fe8000000000000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRESDEC=r1, @ANYBLOB='\t\x00\x00\x00\x00\x00\x00\x00'], 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd608a9646660014060000000000000000000000000000000000fe8000000000000000000000000000aa00004e", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780000"], 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) close(r3) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x0, 0x8, 0x1, 0xffffffffffffffff, 0x2}, 0x48) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r5, 0x107, 0xd, 0x0, 0x0) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000ff000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10) close(0xffffffffffffffff) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_GET(0xffffffffffffffff, 0x0, 0x0) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) 155.050325ms ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0xc9d7, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, 0x0, &(0x7f0000000200)=""/166}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r0, 0xffffffffffffffff}, &(0x7f0000000440), &(0x7f00000005c0)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) r3 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) fchdir(r3) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00') mount(&(0x7f0000000000), &(0x7f0000000040)='./cgroup\x00', 0x0, 0x1001, 0x0) 120.7424ms ago: executing program 2: bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7020000140000fbb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r0}, 0x10) fgetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0) 117.886281ms ago: executing program 1: bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x5, 0x2, 0x1000}, 0x48) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) r1 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r1, 0x0) fallocate(r1, 0x0, 0x0, 0x1000f4) r2 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) pwritev2(r2, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x78c00}], 0x1, 0x2000, 0x0, 0x3) 97.450694ms ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0}, 0x0, &(0x7f0000000040)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) r3 = socket$pppl2tp(0x18, 0x1, 0x1) mount$9p_fd(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000500)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 68.612749ms ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=@base={0x17, 0x0, 0x4, 0xfe, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10) ioperm(0x0, 0x8001, 0x9) 39.702314ms ago: executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x7, 0x11000, 0x5}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000007c0)={{r0}, &(0x7f0000000740), 0x0}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000280)='sys_enter\x00', r1}, 0x10) personality(0x0) 31.526295ms ago: executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x1, 0x4, 0x7fe2, 0x1}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) chmod(&(0x7f00000001c0)='./file0\x00', 0x0) 13.583648ms ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x5, 0x8, 0x1}, 0x48) r1 = socket$inet_udp(0x2, 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000940)={r0, &(0x7f0000000780), &(0x7f0000000900)=@udp=r1}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000300)='kfree\x00', r2}, 0x10) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x1) 2.04514ms ago: executing program 2: socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000004000850000008200000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='block_plug\x00', r3}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r4, &(0x7f0000000200), 0x43400) 0s ago: executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0}, 0x0, &(0x7f0000000040)}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10) getresgid(&(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280)) kernel console output (not intermixed with test programs): 8] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,,errors=continue. Quota mode: none. [ 339.348679][ T578] Bluetooth: hci0: command 0x1001 tx timeout [ 339.430661][ T47] Bluetooth: hci0: sending frame failed (-49) [ 339.661123][ T7325] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 339.670282][ T7325] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 339.679633][ T7325] bpf_get_probe_write_proto: 8 callbacks suppressed [ 339.679644][ T7325] syz-executor.2[7325] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 339.686119][ T7325] syz-executor.2[7325] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 340.406903][ T7336] syz-executor.3[7336] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 340.418979][ T7336] syz-executor.3[7336] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 341.032264][ T7332] loop4: detected capacity change from 0 to 131072 [ 341.087245][ T7332] F2FS-fs (loop4): Wrong CP boundary, start(512) end(198144) blocks(1024) [ 341.096255][ T2366] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 341.096328][ T7332] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock [ 341.120722][ T7332] F2FS-fs (loop4): invalid crc value [ 341.138631][ T7332] F2FS-fs (loop4): Found nat_bits in checkpoint [ 341.201273][ T7332] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0 [ 341.218181][ T7332] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 341.486385][ T578] Bluetooth: hci0: command 0x1009 tx timeout [ 341.656675][ T7360] loop4: detected capacity change from 0 to 512 [ 341.676344][ T2366] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 341.686455][ T2366] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 341.969229][ T2366] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 341.976914][ T7360] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.4: corrupted in-inode xattr [ 341.978143][ T2366] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 341.990558][ T7360] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz-executor.4: couldn't read orphan inode 15 (err -117) [ 341.998200][ T2366] usb 2-1: SerialNumber: syz [ 342.010512][ T7360] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,,errors=continue. Quota mode: none. [ 342.157497][ T7368] syz-executor.3[7368] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 342.157543][ T7368] syz-executor.3[7368] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 342.286808][ T2366] usb 2-1: 0:2 : does not exist [ 342.302981][ T2366] usb 2-1: unit 5 not found! [ 342.309853][ T2366] usb 2-1: USB disconnect, device number 38 [ 342.406332][ T4752] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 342.766273][ T4752] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 342.778366][ T4752] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 342.794385][ T7378] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 342.803052][ T7378] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 342.812993][ T7378] syz-executor.1[7378] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 342.813062][ T7378] syz-executor.1[7378] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 342.866325][ T4752] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 342.886721][ T4752] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 342.894471][ T4752] usb 5-1: SerialNumber: syz [ 343.176786][ T4752] usb 5-1: 0:2 : does not exist [ 343.181625][ T4752] usb 5-1: unit 5 not found! [ 343.187746][ T4752] usb 5-1: USB disconnect, device number 38 [ 343.208299][ T331] udevd[331]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 344.211777][ T7401] loop3: detected capacity change from 0 to 512 [ 344.307432][ T7401] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.3: corrupted in-inode xattr [ 344.320512][ T7401] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz-executor.3: couldn't read orphan inode 15 (err -117) [ 344.327699][ T7404] syz-executor.2[7404] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 344.332798][ T7404] syz-executor.2[7404] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 344.340711][ T7401] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,,errors=continue. Quota mode: none. [ 344.736225][ T338] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 344.946227][ T2366] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 344.996249][ T3461] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 345.126351][ T338] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 345.137125][ T338] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 345.146693][ T338] usb 4-1: New USB device found, idVendor=1b96, idProduct=0010, bcdDevice= 0.00 [ 345.155544][ T338] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 345.164238][ T338] usb 4-1: config 0 descriptor?? [ 345.306237][ T2366] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 345.316135][ T2366] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 345.356335][ T3461] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 345.367113][ T3461] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 345.376591][ T3461] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 345.389202][ T3461] usb 2-1: New USB device found, idVendor=5543, idProduct=0003, bcdDevice= 0.00 [ 345.398010][ T3461] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 345.406234][ T2366] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 345.415082][ T2366] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 345.423619][ T3461] usb 2-1: config 0 descriptor?? [ 345.430073][ T2366] usb 5-1: SerialNumber: syz [ 345.526296][ T338] usbhid 4-1:0.0: can't add hid device: -71 [ 345.532102][ T338] usbhid: probe of 4-1:0.0 failed with error -71 [ 345.539123][ T338] usb 4-1: USB disconnect, device number 36 [ 345.576251][ T1635] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 345.636702][ T7424] syz-executor.0[7424] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 345.636740][ T7424] syz-executor.0[7424] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 345.706814][ T2366] usb 5-1: 0:2 : does not exist [ 345.722968][ T2366] usb 5-1: unit 5 not found! [ 345.731137][ T2366] usb 5-1: USB disconnect, device number 39 [ 345.933009][ T3461] uclogic 0003:5543:0003.006D: No inputs registered, leaving [ 345.945180][ T331] udevd[331]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 345.945730][ T3461] uclogic 0003:5543:0003.006D: hidraw0: USB HID v0.00 Device [HID 5543:0003] on usb-dummy_hcd.1-1/input0 [ 346.012769][ T1635] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 346.023633][ T1635] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 346.033694][ T1635] usb 3-1: New USB device found, idVendor=1b96, idProduct=0010, bcdDevice= 0.00 [ 346.042574][ T1635] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 346.050930][ T1635] usb 3-1: config 0 descriptor?? [ 346.159442][ T338] usb 2-1: USB disconnect, device number 39 [ 346.396260][ T1635] usbhid 3-1:0.0: can't add hid device: -71 [ 346.402194][ T1635] usbhid: probe of 3-1:0.0 failed with error -71 [ 346.409539][ T1635] usb 3-1: USB disconnect, device number 40 [ 347.392060][ T7453] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 347.866201][ T338] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 348.356309][ T338] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 348.367190][ T338] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 348.377334][ T338] usb 2-1: New USB device found, idVendor=1b96, idProduct=0010, bcdDevice= 0.00 [ 348.386304][ T338] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 348.395514][ T338] usb 2-1: config 0 descriptor?? [ 348.626216][ T3461] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 348.766406][ T338] usbhid 2-1:0.0: can't add hid device: -71 [ 348.772335][ T338] usbhid: probe of 2-1:0.0 failed with error -71 [ 348.781684][ T338] usb 2-1: USB disconnect, device number 40 [ 348.851147][ T30] audit: type=1326 audit(1716890720.336:2221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7481 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c8e666ee9 code=0x7ffc0000 [ 348.875515][ T30] audit: type=1326 audit(1716890720.346:2222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7481 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c8e666ee9 code=0x7ffc0000 [ 348.899527][ T30] audit: type=1326 audit(1716890720.346:2223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7481 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=162 compat=0 ip=0x7f0c8e666ee9 code=0x7ffc0000 [ 348.921593][ T7483] loop2: detected capacity change from 0 to 256 [ 348.927894][ T30] audit: type=1326 audit(1716890720.406:2224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7481 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c8e666ee9 code=0x7ffc0000 [ 348.953407][ T30] audit: type=1326 audit(1716890720.406:2225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7481 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c8e666ee9 code=0x7ffc0000 [ 348.996390][ T3461] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 349.007452][ T7483] exfat: Unknown parameter 'ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ0xffffffffffffffff' [ 349.007829][ T3461] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 349.025086][ T3461] usb 5-1: New USB device found, idVendor=1b96, idProduct=0010, bcdDevice= 0.00 [ 349.033962][ T3461] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 349.044992][ T30] audit: type=1326 audit(1716890720.536:2226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7481 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f0c8e666ee9 code=0x7ffc0000 [ 349.045725][ T7482] loop2: detected capacity change from 0 to 16 [ 349.070693][ T30] audit: type=1326 audit(1716890720.536:2227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7481 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f0c8e666f23 code=0x7ffc0000 [ 349.078242][ T3461] usb 5-1: config 0 descriptor?? [ 349.099207][ T30] audit: type=1326 audit(1716890720.536:2228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7481 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f0c8e665c2f code=0x7ffc0000 [ 349.127295][ T30] audit: type=1326 audit(1716890720.536:2229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7481 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f0c8e666f77 code=0x7ffc0000 [ 349.129582][ T7482] erofs: Unknown parameter 'ÿÿÿÿ0177777777777777777777718446744073709551615ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ' [ 349.151869][ T30] audit: type=1326 audit(1716890720.536:2230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7481 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0c8e665ae0 code=0x7ffc0000 [ 349.416295][ T578] Bluetooth: hci0: command 0x1003 tx timeout [ 349.422317][ T47] Bluetooth: hci0: sending frame failed (-49) [ 349.476281][ T3461] usbhid 5-1:0.0: can't add hid device: -71 [ 349.482086][ T3461] usbhid: probe of 5-1:0.0 failed with error -71 [ 349.489854][ T3461] usb 5-1: USB disconnect, device number 40 [ 349.546225][ T338] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 349.906426][ T7498] fuse: Unknown parameter 'user_id00000000000000000000' [ 349.957872][ T338] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 349.968917][ T338] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 349.978583][ T338] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 350.000069][ T338] usb 2-1: New USB device found, idVendor=5543, idProduct=0003, bcdDevice= 0.00 [ 350.027934][ T338] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 350.036993][ T338] usb 2-1: config 0 descriptor?? [ 350.049411][ T7502] syz-executor.4[7502] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 350.049456][ T7502] syz-executor.4[7502] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 350.555212][ T338] uclogic 0003:5543:0003.006E: No inputs registered, leaving [ 350.574975][ T338] uclogic 0003:5543:0003.006E: hidraw0: USB HID v0.00 Device [HID 5543:0003] on usb-dummy_hcd.1-1/input0 [ 350.833821][ T338] usb 2-1: USB disconnect, device number 41 [ 351.060302][ T7515] loop4: detected capacity change from 0 to 256 [ 351.069202][ T7515] exfat: Unknown parameter 'ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ0xffffffffffffffff' [ 351.149279][ T7515] loop4: detected capacity change from 0 to 16 [ 351.156480][ T7515] erofs: Unknown parameter 'ÿÿÿÿ0177777777777777777777718446744073709551615ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ' [ 351.216232][ T1635] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 351.297752][ T7519] loop4: detected capacity change from 0 to 512 [ 351.408452][ T7523] fuse: Unknown parameter 'user_id00000000000000000000' [ 351.429317][ T7519] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.4: corrupted in-inode xattr [ 351.442444][ T7519] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz-executor.4: couldn't read orphan inode 15 (err -117) [ 351.454837][ T7519] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,,errors=continue. Quota mode: none. [ 351.496508][ T338] Bluetooth: hci0: command 0x1001 tx timeout [ 351.503250][ T47] Bluetooth: hci0: sending frame failed (-49) [ 351.656278][ T1635] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 351.671396][ T1635] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 351.683360][ T1635] usb 3-1: New USB device found, idVendor=056a, idProduct=00f8, bcdDevice= 0.00 [ 351.692338][ T1635] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 351.701561][ T1635] usb 3-1: config 0 descriptor?? [ 352.189010][ T1635] wacom 0003:056A:00F8.006F: hidraw0: USB HID v0.00 Device [HID 056a:00f8] on usb-dummy_hcd.2-1/input0 [ 352.390997][ T3461] usb 3-1: USB disconnect, device number 41 [ 353.423185][ T578] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 353.576267][ T3555] Bluetooth: hci0: command 0x1009 tx timeout [ 353.626213][ T4752] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 353.856292][ T578] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 353.867134][ T578] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 353.877055][ T578] usb 2-1: New USB device found, idVendor=056a, idProduct=00f8, bcdDevice= 0.00 [ 353.885988][ T578] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 353.894979][ T578] usb 2-1: config 0 descriptor?? [ 353.986247][ T4752] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 353.997037][ T4752] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 354.006671][ T4752] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 354.019322][ T4752] usb 5-1: New USB device found, idVendor=5543, idProduct=0003, bcdDevice= 0.00 [ 354.028131][ T4752] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 354.058218][ T4752] usb 5-1: config 0 descriptor?? [ 354.412701][ T578] wacom 0003:056A:00F8.0070: hidraw0: USB HID v0.00 Device [HID 056a:00f8] on usb-dummy_hcd.1-1/input0 [ 354.537606][ T4752] uclogic 0003:5543:0003.0071: No inputs registered, leaving [ 354.545971][ T4752] uclogic 0003:5543:0003.0071: hidraw1: USB HID v0.00 Device [HID 5543:0003] on usb-dummy_hcd.4-1/input0 [ 354.580723][ T578] usb 2-1: USB disconnect, device number 42 [ 354.740375][ T39] usb 5-1: USB disconnect, device number 41 [ 355.283386][ T7579] loop4: detected capacity change from 0 to 512 [ 355.356226][ T3461] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 355.363592][ T7579] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.4: corrupted in-inode xattr [ 355.376394][ T7579] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz-executor.4: couldn't read orphan inode 15 (err -117) [ 355.389789][ T7579] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,,errors=continue. Quota mode: none. [ 355.489603][ T7583] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 355.716290][ T3461] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 355.727072][ T3461] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 355.735821][ T3461] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 355.744901][ T3461] usb 4-1: config 0 descriptor?? [ 355.886312][ T4752] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 356.226851][ T3461] keytouch 0003:0926:3333.0072: fixing up Keytouch IEC report descriptor [ 356.236088][ T3461] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.0072/input/input97 [ 356.247437][ T4752] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 356.258213][ T4752] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 356.266996][ T4752] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 356.275520][ T4752] usb 3-1: config 0 descriptor?? [ 356.330201][ T3461] keytouch 0003:0926:3333.0072: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0 [ 356.757014][ T4752] keytouch 0003:0926:3333.0073: fixing up Keytouch IEC report descriptor [ 356.766014][ T4752] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.0073/input/input98 [ 356.851233][ T4752] keytouch 0003:0926:3333.0073: input,hidraw1: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0 [ 356.999927][ T578] usb 4-1: USB disconnect, device number 37 [ 357.540367][ T4752] usb 3-1: USB disconnect, device number 42 [ 357.556223][ C0] keytouch 0003:0926:3333.0073: usb_submit_urb(ctrl) failed: -19 [ 357.566410][ T3461] Bluetooth: hci1: command 0x1003 tx timeout [ 357.572342][ T887] Bluetooth: hci1: sending frame failed (-49) [ 358.156185][ T309] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 358.230739][ T7613] syz-executor.2[7613] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 358.230788][ T7613] syz-executor.2[7613] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 358.526288][ T309] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 358.548594][ T309] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 358.558287][ T309] usb 1-1: New USB device found, idVendor=056a, idProduct=00f8, bcdDevice= 0.00 [ 358.576259][ T309] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 358.587721][ T309] usb 1-1: config 0 descriptor?? [ 358.726202][ T2366] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 359.266305][ T309] usbhid 1-1:0.0: can't add hid device: -71 [ 359.272117][ T309] usbhid: probe of 1-1:0.0 failed with error -71 [ 359.282615][ T309] usb 1-1: USB disconnect, device number 44 [ 359.326330][ T2366] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 359.337256][ T2366] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 359.346949][ T2366] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 359.360042][ T2366] usb 3-1: New USB device found, idVendor=5543, idProduct=0003, bcdDevice= 0.00 [ 359.368959][ T2366] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 359.377376][ T2366] usb 3-1: config 0 descriptor?? [ 359.646396][ T309] Bluetooth: hci1: command 0x1001 tx timeout [ 359.652398][ T1151] Bluetooth: hci1: sending frame failed (-49) [ 359.704096][ T7631] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 359.857503][ T2366] uclogic 0003:5543:0003.0074: No inputs registered, leaving [ 359.867350][ T2366] uclogic 0003:5543:0003.0074: hidraw0: USB HID v0.00 Device [HID 5543:0003] on usb-dummy_hcd.2-1/input0 [ 360.059779][ T1635] usb 3-1: USB disconnect, device number 43 [ 361.301645][ T7660] syz-executor.3[7660] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 361.301725][ T7660] syz-executor.3[7660] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 361.736226][ T338] Bluetooth: hci0: command 0x1003 tx timeout [ 361.774076][ T887] Bluetooth: hci0: sending frame failed (-49) [ 361.780100][ T578] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 361.791116][ T338] Bluetooth: hci1: command 0x1009 tx timeout [ 362.166317][ T7672] loop3: detected capacity change from 0 to 512 [ 362.176286][ T578] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 362.188993][ T578] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 362.198610][ T7672] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.3: corrupted in-inode xattr [ 362.211296][ T578] usb 3-1: New USB device found, idVendor=056a, idProduct=00f8, bcdDevice= 0.00 [ 362.211369][ T7672] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz-executor.3: couldn't read orphan inode 15 (err -117) [ 362.220181][ T578] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 362.220855][ T578] usb 3-1: config 0 descriptor?? [ 362.233125][ T7672] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,,errors=continue. Quota mode: none. [ 362.776246][ T578] usbhid 3-1:0.0: can't add hid device: -71 [ 362.782041][ T578] usbhid: probe of 3-1:0.0 failed with error -71 [ 362.789336][ T578] usb 3-1: USB disconnect, device number 44 [ 362.842896][ T7686] syz-executor.1[7686] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 362.842965][ T7686] syz-executor.1[7686] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 362.857950][ T7684] fuse: Bad value for 'fd' [ 363.806218][ T338] Bluetooth: hci0: command 0x1001 tx timeout [ 363.812166][ T887] Bluetooth: hci0: sending frame failed (-49) [ 364.026205][ T578] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 364.153956][ T7709] loop2: detected capacity change from 0 to 512 [ 364.178948][ T7709] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.2: corrupted in-inode xattr [ 364.191649][ T7709] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz-executor.2: couldn't read orphan inode 15 (err -117) [ 364.203944][ T7709] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,,errors=continue. Quota mode: none. [ 364.439512][ T578] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 364.450379][ T578] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 364.461427][ T578] usb 4-1: New USB device found, idVendor=056a, idProduct=00f8, bcdDevice= 0.00 [ 364.474426][ T578] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 364.496430][ T578] usb 4-1: config 0 descriptor?? [ 365.236253][ T578] usbhid 4-1:0.0: can't add hid device: -71 [ 365.242155][ T578] usbhid: probe of 4-1:0.0 failed with error -71 [ 365.249336][ T578] usb 4-1: USB disconnect, device number 38 [ 365.886210][ T578] Bluetooth: hci0: command 0x1009 tx timeout [ 365.936244][ T1635] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 366.029195][ T7737] syz-executor.2[7737] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 366.029241][ T7737] syz-executor.2[7737] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 366.363773][ T7744] loop1: detected capacity change from 0 to 512 [ 366.416297][ T1635] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 366.427065][ T1635] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 366.436704][ T1635] usb 4-1: New USB device found, idVendor=056a, idProduct=00f8, bcdDevice= 0.00 [ 366.445596][ T1635] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 366.454338][ T1635] usb 4-1: config 0 descriptor?? [ 366.462644][ T7744] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.1: corrupted in-inode xattr [ 366.480632][ T7744] EXT4-fs error (device loop1): ext4_orphan_get:1402: comm syz-executor.1: couldn't read orphan inode 15 (err -117) [ 366.503327][ T7744] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,,errors=continue. Quota mode: none. [ 366.579165][ T7750] overlayfs: missing 'lowerdir' [ 367.006278][ T1635] usbhid 4-1:0.0: can't add hid device: -71 [ 367.012391][ T1635] usbhid: probe of 4-1:0.0 failed with error -71 [ 367.024123][ T1635] usb 4-1: USB disconnect, device number 39 [ 368.288267][ T7780] syz-executor.1[7780] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 368.288317][ T7780] syz-executor.1[7780] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 368.659125][ T7786] syz-executor.3[7786] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 368.682036][ T7786] syz-executor.3[7786] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 369.593168][ T7803] overlayfs: missing 'lowerdir' [ 369.926281][ T338] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 370.044158][ T7816] syz-executor.1[7816] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 370.044231][ T7816] syz-executor.1[7816] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 370.068748][ T30] kauditd_printk_skb: 51 callbacks suppressed [ 370.068763][ T30] audit: type=1326 audit(1716890741.556:2282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7813 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f373d4ee9 code=0x7ffc0000 [ 370.110790][ T30] audit: type=1326 audit(1716890741.606:2283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7813 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f373d4ee9 code=0x7ffc0000 [ 370.136358][ T7814] loop0: detected capacity change from 0 to 256 [ 370.136854][ T30] audit: type=1326 audit(1716890741.606:2284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7813 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=162 compat=0 ip=0x7f5f373d4ee9 code=0x7ffc0000 [ 370.166767][ T30] audit: type=1326 audit(1716890741.606:2285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7813 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f373d4ee9 code=0x7ffc0000 [ 370.190894][ T30] audit: type=1326 audit(1716890741.606:2286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7813 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f373d4ee9 code=0x7ffc0000 [ 370.215095][ T30] audit: type=1326 audit(1716890741.606:2287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7813 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=8 compat=0 ip=0x7f5f373d4ee9 code=0x7ffc0000 [ 370.239247][ T30] audit: type=1326 audit(1716890741.606:2288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7813 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f373d4ee9 code=0x7ffc0000 [ 370.260373][ T7818] syz-executor.1[7818] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 370.263143][ T7818] syz-executor.1[7818] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 370.263298][ T30] audit: type=1326 audit(1716890741.606:2289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7813 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f373d4ee9 code=0x7ffc0000 [ 370.310053][ T30] audit: type=1326 audit(1716890741.606:2290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7813 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f5f373d4ee9 code=0x7ffc0000 [ 370.333969][ T30] audit: type=1326 audit(1716890741.606:2291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7813 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f373d4ee9 code=0x7ffc0000 [ 370.358447][ T7814] exfat: Unknown parameter 'ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ0xffffffffffffffff' [ 370.418941][ T7814] loop0: detected capacity change from 0 to 16 [ 370.426347][ T338] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 370.447432][ T7814] erofs: Unknown parameter 'ÿÿÿÿ0177777777777777777777718446744073709551615ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ' [ 370.457919][ T338] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 370.468509][ T338] usb 5-1: New USB device found, idVendor=056a, idProduct=00f8, bcdDevice= 0.00 [ 370.477788][ T338] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 370.494998][ T338] usb 5-1: config 0 descriptor?? [ 370.993105][ T338] wacom 0003:056A:00F8.0075: hidraw0: USB HID v0.00 Device [HID 056a:00f8] on usb-dummy_hcd.4-1/input0 [ 371.200889][ T338] usb 5-1: USB disconnect, device number 42 [ 371.782865][ T7849] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 371.966120][ T7852] loop0: detected capacity change from 0 to 512 [ 372.091954][ T7852] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.0: corrupted in-inode xattr [ 372.188648][ T7852] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz-executor.0: couldn't read orphan inode 15 (err -117) [ 372.216455][ T7852] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,,errors=continue. Quota mode: none. [ 372.306892][ T7856] bpf_get_probe_write_proto: 4 callbacks suppressed [ 372.306905][ T7856] syz-executor.0[7856] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 372.313487][ T7856] syz-executor.0[7856] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 373.496238][ T578] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 373.656188][ T4752] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 373.766284][ T578] usb 1-1: Using ep0 maxpacket: 8 [ 373.806191][ T2366] Bluetooth: hci0: command 0x1003 tx timeout [ 373.812091][ T47] Bluetooth: hci0: sending frame failed (-49) [ 373.896222][ T4752] usb 4-1: Using ep0 maxpacket: 8 [ 373.906396][ T578] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 373.923964][ T578] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 373.947580][ T578] usb 1-1: New USB device found, idVendor=05ac, idProduct=0231, bcdDevice= 0.00 [ 373.966190][ T578] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 373.979071][ T578] usb 1-1: config 0 descriptor?? [ 374.016326][ T4752] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 374.036201][ T4752] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 374.045774][ T4752] usb 4-1: New USB device found, idVendor=05ac, idProduct=0231, bcdDevice= 0.00 [ 374.076175][ T4752] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 374.086693][ T4752] usb 4-1: config 0 descriptor?? [ 374.369710][ T7887] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 374.378320][ T7887] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 374.736255][ T578] usbhid 1-1:0.0: can't add hid device: -71 [ 374.742430][ T578] usbhid: probe of 1-1:0.0 failed with error -71 [ 374.750138][ T578] usb 1-1: USB disconnect, device number 45 [ 374.826221][ T4752] usbhid 4-1:0.0: can't add hid device: -71 [ 374.832147][ T4752] usbhid: probe of 4-1:0.0 failed with error -71 [ 374.841178][ T4752] usb 4-1: USB disconnect, device number 40 [ 375.214918][ T7893] syz-executor.0[7893] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 375.214986][ T7893] syz-executor.0[7893] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 375.886252][ T2366] Bluetooth: hci0: command 0x1001 tx timeout [ 375.903654][ T47] Bluetooth: hci0: sending frame failed (-49) [ 376.195443][ T30] kauditd_printk_skb: 29 callbacks suppressed [ 376.195458][ T30] audit: type=1326 audit(1716890747.676:2321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7911 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f373d4ee9 code=0x7ffc0000 [ 376.224295][ T7912] loop0: detected capacity change from 0 to 256 [ 376.225504][ T30] audit: type=1326 audit(1716890747.676:2322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7911 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f373d4ee9 code=0x7ffc0000 [ 376.247156][ T7912] exfat: Unknown parameter 'ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ0xffffffffffffffff' [ 376.255280][ T30] audit: type=1326 audit(1716890747.676:2323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7911 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=162 compat=0 ip=0x7f5f373d4ee9 code=0x7ffc0000 [ 376.287960][ T30] audit: type=1326 audit(1716890747.696:2324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7911 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f373d4ee9 code=0x7ffc0000 [ 376.311787][ T30] audit: type=1326 audit(1716890747.696:2325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7911 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f373d4ee9 code=0x7ffc0000 [ 376.335715][ T30] audit: type=1326 audit(1716890747.696:2326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7911 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=8 compat=0 ip=0x7f5f373d4ee9 code=0x7ffc0000 [ 376.359542][ T30] audit: type=1326 audit(1716890747.696:2327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7911 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f373d4ee9 code=0x7ffc0000 [ 376.383807][ T30] audit: type=1326 audit(1716890747.696:2328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7911 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f373d4ee9 code=0x7ffc0000 [ 376.407832][ T30] audit: type=1326 audit(1716890747.696:2329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7911 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f5f373d4ee9 code=0x7ffc0000 [ 376.408292][ T309] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 376.432395][ T30] audit: type=1326 audit(1716890747.696:2330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7911 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f373d4ee9 code=0x7ffc0000 [ 376.459787][ T7912] loop0: detected capacity change from 0 to 16 [ 376.507041][ T7912] erofs: Unknown parameter 'ÿÿÿÿ0177777777777777777777718446744073709551615ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ' [ 376.826294][ T309] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 376.845350][ T309] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 376.854526][ T309] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 376.865990][ T309] usb 4-1: config 0 descriptor?? [ 377.073510][ T7923] syz-executor.1[7923] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 377.073598][ T7923] syz-executor.1[7923] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 377.708776][ T309] keytouch 0003:0926:3333.0076: fixing up Keytouch IEC report descriptor [ 377.732166][ T309] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.0076/input/input103 [ 377.781155][ T7931] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 377.789760][ T7931] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 377.808975][ T309] keytouch 0003:0926:3333.0076: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0 [ 377.876448][ T4752] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 377.934556][ T7934] syz-executor.1[7934] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 377.934640][ T7934] syz-executor.1[7934] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 377.966363][ T309] Bluetooth: hci0: command 0x1009 tx timeout [ 378.569069][ T338] usb 4-1: USB disconnect, device number 41 [ 378.615696][ T4752] usb 3-1: Using ep0 maxpacket: 8 [ 378.736301][ T4752] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 378.747424][ T4752] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 378.757311][ T4752] usb 3-1: New USB device found, idVendor=05ac, idProduct=0231, bcdDevice= 0.00 [ 378.766352][ T4752] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 378.777930][ T4752] usb 3-1: config 0 descriptor?? [ 379.516256][ T4752] usbhid 3-1:0.0: can't add hid device: -71 [ 379.525089][ T4752] usbhid: probe of 3-1:0.0 failed with error -71 [ 379.534659][ T4752] usb 3-1: USB disconnect, device number 45 [ 379.786338][ T338] usb 1-1: new high-speed USB device number 46 using dummy_hcd [ 380.196326][ T338] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 380.207981][ T338] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 380.218159][ T338] usb 1-1: New USB device found, idVendor=1b96, idProduct=0010, bcdDevice= 0.00 [ 380.227435][ T338] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 380.239308][ T338] usb 1-1: config 0 descriptor?? [ 380.286213][ T2366] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 380.526199][ T2366] usb 4-1: Using ep0 maxpacket: 8 [ 380.586271][ T338] usbhid 1-1:0.0: can't add hid device: -71 [ 380.592122][ T338] usbhid: probe of 1-1:0.0 failed with error -71 [ 380.600340][ T338] usb 1-1: USB disconnect, device number 46 [ 380.646688][ T2366] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 380.658487][ T2366] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 380.668220][ T2366] usb 4-1: New USB device found, idVendor=05ac, idProduct=0231, bcdDevice= 0.00 [ 380.677413][ T2366] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 380.686431][ T2366] usb 4-1: config 0 descriptor?? [ 380.859582][ T7967] syz-executor.2[7967] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 380.859643][ T7967] syz-executor.2[7967] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 381.476650][ T7972] syz-executor.0[7972] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 381.496294][ T7972] syz-executor.0[7972] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 381.526232][ T2366] usbhid 4-1:0.0: can't add hid device: -71 [ 381.543589][ T2366] usbhid: probe of 4-1:0.0 failed with error -71 [ 381.552671][ T7974] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 381.559117][ T2366] usb 4-1: USB disconnect, device number 42 [ 381.806281][ T338] usb 1-1: new high-speed USB device number 47 using dummy_hcd [ 382.196302][ T338] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 382.206602][ T338] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 382.276200][ T1635] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 382.296554][ T338] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 382.305549][ T338] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 382.313654][ T338] usb 1-1: SerialNumber: syz [ 382.616821][ T338] usb 1-1: 0:2 : does not exist [ 382.621574][ T338] usb 1-1: unit 5 not found! [ 382.632447][ T338] usb 1-1: USB disconnect, device number 47 [ 382.656300][ T1635] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 382.667338][ T1635] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 382.676420][ T1635] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 382.685119][ T1635] usb 4-1: config 0 descriptor?? [ 383.096989][ T7996] syz-executor.0[7996] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 383.097061][ T7996] syz-executor.0[7996] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 383.166881][ T1635] keytouch 0003:0926:3333.0077: fixing up Keytouch IEC report descriptor [ 383.187683][ T1635] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.0077/input/input104 [ 383.276550][ T1635] keytouch 0003:0926:3333.0077: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0 [ 383.446255][ T2366] usb 1-1: new high-speed USB device number 48 using dummy_hcd [ 383.566338][ T338] Bluetooth: hci1: command 0x1003 tx timeout [ 383.573447][ T1151] Bluetooth: hci1: sending frame failed (-49) [ 384.128794][ T578] usb 4-1: USB disconnect, device number 43 [ 384.144414][ T2366] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 384.146202][ C1] keytouch 0003:0926:3333.0077: usb_submit_urb(ctrl) failed: -19 [ 384.155189][ T2366] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 384.172261][ T2366] usb 1-1: New USB device found, idVendor=056a, idProduct=00f8, bcdDevice= 0.00 [ 384.181238][ T2366] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 384.190867][ T2366] usb 1-1: config 0 descriptor?? [ 384.646234][ T3461] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 384.668742][ T2366] wacom 0003:056A:00F8.0078: hidraw0: USB HID v0.00 Device [HID 056a:00f8] on usb-dummy_hcd.0-1/input0 [ 384.776547][ T30] kauditd_printk_skb: 31 callbacks suppressed [ 384.776563][ T30] audit: type=1326 audit(1716890756.266:2362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8025 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcb8da8ee9 code=0x7ffc0000 [ 384.806445][ T30] audit: type=1326 audit(1716890756.266:2363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8025 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcb8da8ee9 code=0x7ffc0000 [ 384.830312][ T30] audit: type=1326 audit(1716890756.266:2364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8025 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=162 compat=0 ip=0x7efcb8da8ee9 code=0x7ffc0000 [ 384.855727][ T8028] loop3: detected capacity change from 0 to 256 [ 384.857630][ T30] audit: type=1326 audit(1716890756.336:2365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8025 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcb8da8ee9 code=0x7ffc0000 [ 384.885750][ T30] audit: type=1326 audit(1716890756.336:2366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8025 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcb8da8ee9 code=0x7ffc0000 [ 384.889556][ T338] usb 1-1: USB disconnect, device number 48 [ 384.926874][ T8028] exfat: Unknown parameter 'ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ0xffffffffffffffff' [ 384.986370][ T2366] usb 5-1: new high-speed USB device number 43 using dummy_hcd [ 385.014089][ T30] audit: type=1326 audit(1716890756.496:2367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8025 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7efcb8da8ee9 code=0x7ffc0000 [ 385.014419][ T8026] loop3: detected capacity change from 0 to 16 [ 385.037988][ T3461] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 385.047709][ T30] audit: type=1326 audit(1716890756.496:2368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8025 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7efcb8da8f23 code=0x7ffc0000 [ 385.054702][ T3461] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 385.078282][ T30] audit: type=1326 audit(1716890756.496:2369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8025 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7efcb8da7c2f code=0x7ffc0000 [ 385.087091][ T3461] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 385.111600][ T8026] erofs: Unknown parameter 'ÿÿÿÿ0177777777777777777777718446744073709551615ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ' [ 385.123758][ T30] audit: type=1326 audit(1716890756.496:2370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8025 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7efcb8da8f77 code=0x7ffc0000 [ 385.152501][ T3461] usb 3-1: config 0 descriptor?? [ 385.155032][ T30] audit: type=1326 audit(1716890756.496:2371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8025 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7efcb8da7ae0 code=0x7ffc0000 [ 385.396270][ T2366] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 385.406246][ T2366] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 385.486336][ T2366] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 385.495238][ T2366] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 385.503063][ T2366] usb 5-1: SerialNumber: syz [ 385.636902][ T3461] keytouch 0003:0926:3333.0079: fixing up Keytouch IEC report descriptor [ 385.646259][ T578] Bluetooth: hci1: command 0x1001 tx timeout [ 385.646599][ T3461] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.0079/input/input108 [ 385.652086][ T1151] Bluetooth: hci1: sending frame failed (-49) [ 385.741024][ T3461] keytouch 0003:0926:3333.0079: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0 [ 385.766699][ T2366] usb 5-1: 0:2 : does not exist [ 385.771376][ T2366] usb 5-1: unit 5 not found! [ 385.787917][ T2366] usb 5-1: USB disconnect, device number 43 [ 385.797468][ T331] udevd[331]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 386.694993][ T578] usb 3-1: USB disconnect, device number 46 [ 387.006196][ T309] usb 1-1: new high-speed USB device number 49 using dummy_hcd [ 387.726209][ T1635] Bluetooth: hci1: command 0x1009 tx timeout [ 387.867284][ T8069] syz-executor.3[8069] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 387.867328][ T8069] syz-executor.3[8069] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 387.926239][ T309] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 387.948600][ T309] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 387.957513][ T309] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 387.966374][ T309] usb 1-1: config 0 descriptor?? [ 388.016228][ T3461] usb 5-1: new high-speed USB device number 44 using dummy_hcd [ 388.016228][ T1635] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 388.376274][ T3461] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 388.386375][ T3461] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 388.436284][ T1635] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 388.446888][ T309] keytouch 0003:0926:3333.007A: fixing up Keytouch IEC report descriptor [ 388.449345][ T1635] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 388.456923][ T309] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.007A/input/input109 [ 388.470584][ T1635] usb 3-1: New USB device found, idVendor=056a, idProduct=00f8, bcdDevice= 0.00 [ 388.476510][ T3461] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 388.485236][ T1635] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 388.494156][ T3461] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 388.505850][ T1635] usb 3-1: config 0 descriptor?? [ 388.509746][ T3461] usb 5-1: SerialNumber: syz [ 388.561352][ T309] keytouch 0003:0926:3333.007A: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0 [ 388.796726][ T3461] usb 5-1: 0:2 : does not exist [ 388.801457][ T3461] usb 5-1: unit 5 not found! [ 388.811076][ T3461] usb 5-1: USB disconnect, device number 44 [ 388.818295][ T331] udevd[331]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 388.995687][ T1635] wacom 0003:056A:00F8.007B: hidraw1: USB HID v0.00 Device [HID 056a:00f8] on usb-dummy_hcd.2-1/input0 [ 389.182446][ T309] usb 3-1: USB disconnect, device number 47 [ 389.239105][ T2366] usb 1-1: USB disconnect, device number 49 [ 389.246224][ C0] keytouch 0003:0926:3333.007A: usb_submit_urb(ctrl) failed: -19 [ 390.126203][ T2366] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 390.675804][ T8110] syz-executor.0[8110] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 390.675873][ T8110] syz-executor.0[8110] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 390.687832][ T2366] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 390.710126][ T2366] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 390.719226][ T2366] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 390.732762][ T2366] usb 4-1: config 0 descriptor?? [ 391.006249][ T3461] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 391.216938][ T2366] keytouch 0003:0926:3333.007C: fixing up Keytouch IEC report descriptor [ 391.236729][ T2366] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.007C/input/input113 [ 391.330649][ T2366] keytouch 0003:0926:3333.007C: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0 [ 391.376577][ T3461] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 391.390794][ T3461] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 391.400124][ T3461] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 391.412045][ T3461] usb 3-1: config 0 descriptor?? [ 392.168816][ T338] usb 4-1: USB disconnect, device number 44 [ 392.340214][ T3461] keytouch 0003:0926:3333.007D: fixing up Keytouch IEC report descriptor [ 392.347365][ T3461] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.007D/input/input114 [ 392.420992][ T3461] keytouch 0003:0926:3333.007D: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0 [ 392.649121][ T30] kauditd_printk_skb: 10 callbacks suppressed [ 392.649150][ T30] audit: type=1326 audit(1716890764.136:2382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8140 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f373d4ee9 code=0x7ffc0000 [ 392.680444][ T30] audit: type=1326 audit(1716890764.136:2383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8140 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f373d4ee9 code=0x7ffc0000 [ 392.686216][ T578] usb 5-1: new high-speed USB device number 45 using dummy_hcd [ 392.705344][ T30] audit: type=1326 audit(1716890764.136:2384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8140 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=162 compat=0 ip=0x7f5f373d4ee9 code=0x7ffc0000 [ 392.765235][ T30] audit: type=1326 audit(1716890764.206:2385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8140 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f373d4ee9 code=0x7ffc0000 [ 392.765427][ T8141] loop0: detected capacity change from 0 to 256 [ 392.803657][ T30] audit: type=1326 audit(1716890764.206:2386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8140 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f373d4ee9 code=0x7ffc0000 [ 392.830829][ T30] audit: type=1326 audit(1716890764.226:2387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8140 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f5f373d4ee9 code=0x7ffc0000 [ 392.858151][ T8141] exfat: Unknown parameter 'ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ0xffffffffffffffff' [ 392.866533][ T30] audit: type=1326 audit(1716890764.226:2388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8140 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f373d4ee9 code=0x7ffc0000 [ 392.890688][ T30] audit: type=1326 audit(1716890764.226:2389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8140 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f373d4ee9 code=0x7ffc0000 [ 392.914804][ T30] audit: type=1326 audit(1716890764.226:2390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8140 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f5f373d4ee9 code=0x7ffc0000 [ 392.942716][ T30] audit: type=1326 audit(1716890764.226:2391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8140 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f5f373d4f23 code=0x7ffc0000 [ 393.000900][ T8141] loop0: detected capacity change from 0 to 16 [ 393.011375][ T8141] erofs: Unknown parameter 'ÿÿÿÿ0177777777777777777777718446744073709551615ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ' [ 393.014128][ T338] usb 3-1: USB disconnect, device number 48 [ 393.026236][ C0] keytouch 0003:0926:3333.007D: usb_submit_urb(ctrl) failed: -19 [ 393.156287][ T578] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 393.167347][ T578] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 393.177136][ T578] usb 5-1: New USB device found, idVendor=056a, idProduct=00f8, bcdDevice= 0.00 [ 393.186335][ T578] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 393.195039][ T8152] syz-executor.0[8152] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 393.195108][ T8152] syz-executor.0[8152] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 393.195486][ T578] usb 5-1: config 0 descriptor?? [ 393.646868][ T8160] syz-executor.2[8160] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 393.646937][ T8160] syz-executor.2[8160] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 393.710829][ T578] wacom 0003:056A:00F8.007E: hidraw0: USB HID v0.00 Device [HID 056a:00f8] on usb-dummy_hcd.4-1/input0 [ 393.910293][ T578] usb 5-1: USB disconnect, device number 45 [ 394.326243][ T3555] usb 1-1: new high-speed USB device number 50 using dummy_hcd [ 394.999220][ T3555] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 395.082881][ T3555] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 395.093938][ T3555] usb 1-1: New USB device found, idVendor=1b96, idProduct=0010, bcdDevice= 0.00 [ 395.103139][ T3555] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 395.111788][ T3555] usb 1-1: config 0 descriptor?? [ 395.389588][ T2366] usb 2-1: new high-speed USB device number 43 using dummy_hcd [ 395.566433][ T3555] usbhid 1-1:0.0: can't add hid device: -71 [ 395.572673][ T3555] usbhid: probe of 1-1:0.0 failed with error -71 [ 395.579708][ T3555] usb 1-1: USB disconnect, device number 50 [ 395.756305][ T2366] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 395.777894][ T2366] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 395.787429][ T2366] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 395.796461][ T2366] usb 2-1: config 0 descriptor?? [ 396.146310][ T8205] syz-executor.3[8205] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 396.146397][ T8205] syz-executor.3[8205] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 396.284371][ T2366] keytouch 0003:0926:3333.007F: fixing up Keytouch IEC report descriptor [ 396.618990][ T2366] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.007F/input/input118 [ 396.718294][ T2366] keytouch 0003:0926:3333.007F: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0 [ 396.769695][ T8222] loop2: detected capacity change from 0 to 16 [ 396.866407][ T8222] erofs: (device loop2): mounted with root inode @ nid 36. [ 397.157009][ T8236] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 397.169465][ T8236] device bridge1 entered promiscuous mode [ 397.379260][ T578] usb 2-1: USB disconnect, device number 43 [ 397.564608][ T8253] loop0: detected capacity change from 0 to 16 [ 397.589770][ T8257] loop3: detected capacity change from 0 to 16 [ 397.597809][ T8253] erofs: (device loop0): mounted with root inode @ nid 36. [ 397.638464][ T8257] erofs: (device loop3): mounted with root inode @ nid 36. [ 397.801680][ T30] kauditd_printk_skb: 29 callbacks suppressed [ 397.801695][ T30] audit: type=1400 audit(1716890769.286:2421): avc: denied { read } for pid=8271 comm="syz-executor.3" name="bus" dev="9p" ino=7016996764471618667 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=blk_file permissive=1 [ 397.834729][ T30] audit: type=1400 audit(1716890769.286:2422): avc: denied { open } for pid=8271 comm="syz-executor.3" path="/root/syzkaller-testdir3018818393/syzkaller.rshLwa/487/file0/bus" dev="9p" ino=7016996764471618667 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=blk_file permissive=1 [ 397.980003][ T8285] loop4: detected capacity change from 0 to 16 [ 397.989916][ T8286] loop1: detected capacity change from 0 to 16 [ 398.008223][ T8288] SELinux: security_context_str_to_sid(root) failed for (dev ?, type ?) errno=-22 [ 398.011281][ T30] audit: type=1400 audit(1716890769.496:2423): avc: denied { mount } for pid=8289 comm="syz-executor.0" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 398.018486][ T8288] SELinux: security_context_str_to_sid(root) failed for (dev incremental-fs, type incremental-fs) errno=-22 [ 398.052825][ T8286] erofs: (device loop1): mounted with root inode @ nid 36. [ 398.053457][ T8292] incfs: mount failed -22 [ 398.072682][ T30] audit: type=1400 audit(1716890769.536:2424): avc: denied { mounton } for pid=8289 comm="syz-executor.0" path="/root/syzkaller-testdir2812926908/syzkaller.hrL2TS/60/file0" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=dir permissive=1 [ 398.101768][ T30] audit: type=1400 audit(1716890769.586:2425): avc: denied { unmount } for pid=7061 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 398.157058][ T8285] erofs: (device loop4): mounted with root inode @ nid 36. [ 398.179919][ T8297] device syzkaller0 entered promiscuous mode [ 398.356585][ T8319] SELinux: security_context_str_to_sid(root) failed for (dev ?, type ?) errno=-22 [ 398.370150][ T8319] SELinux: security_context_str_to_sid(root) failed for (dev incremental-fs, type incremental-fs) errno=-22 [ 398.426431][ T2366] usb 4-1: new high-speed USB device number 45 using dummy_hcd [ 398.596224][ T309] usb 5-1: new high-speed USB device number 46 using dummy_hcd [ 398.625140][ T30] audit: type=1400 audit(1716890770.106:2426): avc: denied { mounton } for pid=8342 comm="syz-executor.0" path="/proc/8342/cgroup" dev="proc" ino=43548 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=file permissive=1 [ 398.696400][ T2366] usb 4-1: Using ep0 maxpacket: 8 [ 398.727857][ T8348] syz-executor.0[8348] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 398.727929][ T8348] syz-executor.0[8348] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 398.816254][ T2366] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 398.847349][ T8354] loop0: detected capacity change from 0 to 16 [ 398.854304][ T2366] usb 4-1: New USB device found, idVendor=8380, idProduct=1850, bcdDevice= 0.00 [ 398.870928][ T2366] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 398.879537][ T2366] usb 4-1: config 0 descriptor?? [ 398.893725][ T8356] SELinux: security_context_str_to_sid(root) failed for (dev ?, type ?) errno=-22 [ 398.897139][ T8354] erofs: (device loop0): mounted with root inode @ nid 36. [ 398.903828][ T8356] SELinux: security_context_str_to_sid(root) failed for (dev incremental-fs, type incremental-fs) errno=-22 [ 398.946829][ T8358] syz-executor.2[8358] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 398.946894][ T8358] syz-executor.2[8358] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 398.987441][ T30] audit: type=1400 audit(1716890770.476:2427): avc: denied { read } for pid=8359 comm="syz-executor.2" name="uhid" dev="devtmpfs" ino=171 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 398.999046][ T309] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 399.046368][ T8362] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 399.048534][ T309] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 399.072770][ T309] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 399.074727][ T8362] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 399.082320][ T309] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 399.099655][ T30] audit: type=1400 audit(1716890770.476:2428): avc: denied { open } for pid=8359 comm="syz-executor.2" path="/dev/uhid" dev="devtmpfs" ino=171 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 399.101958][ T309] usb 5-1: config 0 descriptor?? [ 399.153872][ T8362] device bridge2 entered promiscuous mode [ 399.171381][ T30] audit: type=1400 audit(1716890770.656:2429): avc: denied { ioctl } for pid=8367 comm="syz-executor.2" path="socket:[43614]" dev="sockfs" ino=43614 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 399.200786][ T8368] device vlan1 entered promiscuous mode [ 399.212535][ T8368] device veth0_vlan left promiscuous mode [ 399.231726][ T30] audit: type=1400 audit(1716890770.696:2430): avc: denied { create } for pid=8367 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 399.253693][ T8368] device vlan1 left promiscuous mode [ 399.302731][ T8376] input: syz0 as /devices/virtual/input/input119 [ 399.436280][ T2366] usb 4-1: string descriptor 0 read error: -71 [ 399.446411][ T2366] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 399.466457][ T2366] usb 4-1: USB disconnect, device number 45 [ 399.606540][ T309] hid (null): bogus close delimiter [ 399.784779][ T8383] SELinux: security_context_str_to_sid(root) failed for (dev ?, type ?) errno=-22 [ 399.794990][ T8383] SELinux: security_context_str_to_sid(root) failed for (dev incremental-fs, type incremental-fs) errno=-22 [ 399.826293][ T309] usb 5-1: string descriptor 0 read error: -22 [ 399.853253][ T8385] device syzkaller0 entered promiscuous mode [ 400.001935][ T8393] syz-executor.1[8393] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 400.002006][ T8393] syz-executor.1[8393] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 400.036651][ T8395] loop3: detected capacity change from 0 to 16 [ 400.055943][ T309] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.0080/input/input120 [ 400.077000][ T309] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.0080/input/input121 [ 400.105165][ T8395] erofs: (device loop3): mounted with root inode @ nid 36. [ 400.122535][ T309] uclogic 0003:256C:006D.0080: input,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.4-1/input0 [ 400.251920][ T578] usb 5-1: USB disconnect, device number 46 [ 400.275548][ T8408] device pim6reg1 entered promiscuous mode [ 400.417252][ T8414] device pim6reg1 entered promiscuous mode [ 400.530452][ T8422] syz-executor.2[8422] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 400.530932][ T8422] syz-executor.2[8422] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 401.467930][ T8451] device pim6reg1 entered promiscuous mode [ 401.621760][ T8455] device pim6reg1 entered promiscuous mode [ 402.103058][ T8474] loop4: detected capacity change from 0 to 16 [ 402.188387][ T8474] erofs: (device loop4): mounted with root inode @ nid 36. [ 403.373369][ T8506] 9pnet: Insufficient options for proto=fd [ 403.436227][ T578] usb 1-1: new high-speed USB device number 51 using dummy_hcd [ 403.696180][ T578] usb 1-1: Using ep0 maxpacket: 16 [ 403.816271][ T578] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 403.833381][ T578] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 403.852897][ T578] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 403.872424][ T578] usb 1-1: New USB device found, idVendor=1e7d, idProduct=31ce, bcdDevice= 0.00 [ 403.887932][ T578] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 403.902576][ T578] usb 1-1: config 0 descriptor?? [ 404.351810][ T8543] 9pnet: Insufficient options for proto=fd [ 404.407103][ T578] ryos 0003:1E7D:31CE.0081: unknown main item tag 0x0 [ 404.413722][ T578] ryos 0003:1E7D:31CE.0081: bogus close delimiter [ 404.431121][ T578] ryos 0003:1E7D:31CE.0081: item 0 2 2 10 parsing failed [ 404.453415][ T578] ryos 0003:1E7D:31CE.0081: parse failed [ 404.471557][ T578] ryos: probe of 0003:1E7D:31CE.0081 failed with error -22 [ 404.499762][ T8554] input: syz0 as /devices/virtual/input/input122 [ 404.610360][ T309] usb 1-1: USB disconnect, device number 51 [ 405.407390][ T8574] 9pnet: Insufficient options for proto=fd [ 405.796229][ T578] usb 2-1: new high-speed USB device number 44 using dummy_hcd [ 406.036255][ T578] usb 2-1: Using ep0 maxpacket: 16 [ 406.153723][ T8593] loop2: detected capacity change from 0 to 16 [ 406.176351][ T578] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 406.177129][ T8593] erofs: Unknown parameter 'ÿÿÿÿ01777777777777777777777ÿÿÿÿÿÿ0x000000000000000301777777777777777777777ÿ' [ 406.196218][ T578] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 406.216322][ T578] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 406.258358][ T578] usb 2-1: New USB device found, idVendor=1e7d, idProduct=31ce, bcdDevice= 0.00 [ 406.275663][ T578] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 406.292035][ T8599] input: syz0 as /devices/virtual/input/input123 [ 406.296847][ T578] usb 2-1: config 0 descriptor?? [ 406.829328][ T578] ryos 0003:1E7D:31CE.0082: unknown main item tag 0x0 [ 406.836462][ T578] ryos 0003:1E7D:31CE.0082: bogus close delimiter [ 406.842845][ T578] ryos 0003:1E7D:31CE.0082: item 0 2 2 10 parsing failed [ 406.850297][ T578] ryos 0003:1E7D:31CE.0082: parse failed [ 406.855878][ T578] ryos: probe of 0003:1E7D:31CE.0082 failed with error -22 [ 406.916674][ T8610] 9pnet: Insufficient options for proto=fd [ 407.039894][ T578] usb 2-1: USB disconnect, device number 44 [ 407.239508][ T8628] loop4: detected capacity change from 0 to 16 [ 407.296800][ T8628] erofs: Unknown parameter 'ÿÿÿÿ01777777777777777777777ÿÿÿÿÿÿ0x000000000000000301777777777777777777777ÿ' [ 407.552156][ T8638] device pim6reg1 entered promiscuous mode [ 407.569147][ T8640] 9pnet: Insufficient options for proto=fd [ 407.879355][ T8649] input: syz0 as /devices/virtual/input/input124 [ 408.307904][ T8659] loop3: detected capacity change from 0 to 16 [ 408.346973][ T8659] erofs: Unknown parameter 'ÿÿÿÿ01777777777777777777777ÿÿÿÿÿÿ0x000000000000000301777777777777777777777ÿ' [ 408.627724][ T8672] 9pnet: Insufficient options for proto=fd [ 408.682630][ T8675] device pim6reg1 entered promiscuous mode [ 409.073536][ T8689] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 409.382001][ T30] kauditd_printk_skb: 4 callbacks suppressed [ 409.382018][ T30] audit: type=1400 audit(1716890780.866:2435): avc: denied { read } for pid=8690 comm="syz-executor.3" name="kvm" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 409.415822][ T8691] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 409.454993][ T30] audit: type=1400 audit(1716890780.876:2436): avc: denied { open } for pid=8690 comm="syz-executor.3" path="/dev/kvm" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 409.485684][ T30] audit: type=1400 audit(1716890780.906:2437): avc: denied { ioctl } for pid=8690 comm="syz-executor.3" path="/dev/kvm" dev="devtmpfs" ino=82 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 409.856769][ T8707] 9pnet: Insufficient options for proto=fd [ 409.916856][ T8710] device pim6reg1 entered promiscuous mode [ 410.374206][ T30] audit: type=1400 audit(1716890781.856:2438): avc: denied { mounton } for pid=8725 comm="syz-executor.2" path="/syzcgroup/unified/syz2" dev="cgroup2" ino=68 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 410.497520][ T8738] 9pnet: Insufficient options for proto=fd [ 410.678884][ T8739] netlink: 'syz-executor.2': attribute type 16 has an invalid length. [ 411.609560][ T8840] netlink: 'syz-executor.2': attribute type 16 has an invalid length. [ 412.520075][ T30] audit: type=1400 audit(1716890784.006:2439): avc: denied { create } for pid=8912 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 412.560961][ T30] audit: type=1400 audit(1716890784.006:2440): avc: denied { setopt } for pid=8912 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 412.692073][ T8925] loop2: detected capacity change from 0 to 16 [ 412.767576][ T8925] erofs: Unknown parameter 'ÿÿÿÿ01777777777777777777777ÿÿÿÿÿÿ0xffffffffffffffff01777777777777777777777ÿÿ' [ 412.820604][ T8935] serio: Serial port pts0 [ 412.932231][ T30] audit: type=1400 audit(1716890784.416:2441): avc: denied { bind } for pid=8943 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 412.993943][ T30] audit: type=1400 audit(1716890784.446:2442): avc: denied { setopt } for pid=8943 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 413.113433][ T8947] bridge0: port 1(bridge_slave_0) entered blocking state [ 413.120882][ T8947] bridge0: port 1(bridge_slave_0) entered disabled state [ 413.128673][ T8947] device bridge_slave_0 entered promiscuous mode [ 413.137194][ T8947] bridge0: port 2(bridge_slave_1) entered blocking state [ 413.144090][ T8947] bridge0: port 2(bridge_slave_1) entered disabled state [ 413.151422][ T8947] device bridge_slave_1 entered promiscuous mode [ 413.191791][ T8963] 9pnet: Insufficient options for proto=fd [ 413.218743][ T8947] bridge0: port 2(bridge_slave_1) entered blocking state [ 413.225607][ T8947] bridge0: port 2(bridge_slave_1) entered forwarding state [ 413.232716][ T8947] bridge0: port 1(bridge_slave_0) entered blocking state [ 413.239534][ T8947] bridge0: port 1(bridge_slave_0) entered forwarding state [ 413.288646][ T6812] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 413.296712][ T6812] bridge0: port 1(bridge_slave_0) entered disabled state [ 413.303638][ T30] audit: type=1400 audit(1716890784.786:2443): avc: denied { bind } for pid=8972 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 413.327183][ T6812] bridge0: port 2(bridge_slave_1) entered disabled state [ 413.336497][ T30] audit: type=1400 audit(1716890784.786:2444): avc: denied { write } for pid=8972 comm="syz-executor.2" path="socket:[45741]" dev="sockfs" ino=45741 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 413.364347][ T578] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 413.373202][ T578] bridge0: port 1(bridge_slave_0) entered blocking state [ 413.380090][ T578] bridge0: port 1(bridge_slave_0) entered forwarding state [ 413.387621][ T578] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 413.396125][ T578] bridge0: port 2(bridge_slave_1) entered blocking state [ 413.403011][ T578] bridge0: port 2(bridge_slave_1) entered forwarding state [ 413.410457][ T578] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 413.428726][ T578] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 413.458618][ T6812] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 413.470260][ T6812] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 413.487187][ T6812] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 413.494447][ T6812] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 413.512228][ T8947] device veth0_vlan entered promiscuous mode [ 413.527283][ T6812] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 413.535276][ T6812] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 413.545958][ T8947] device veth1_macvtap entered promiscuous mode [ 413.558191][ T6812] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 413.566088][ T6812] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 413.581888][ T8988] loop4: detected capacity change from 0 to 1024 [ 413.582476][ T6812] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 413.610487][ T578] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 413.618764][ T578] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 413.632803][ T8988] EXT4-fs (loop4): Ignoring removed orlov option [ 413.640194][ T8988] EXT4-fs (loop4): Ignoring removed oldalloc option [ 413.664777][ T8988] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 413.705205][ T8988] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (12914!=20869) [ 413.717704][ T346] device bridge_slave_1 left promiscuous mode [ 413.747789][ T346] bridge0: port 2(bridge_slave_1) entered disabled state [ 413.755168][ T8988] EXT4-fs (loop4): invalid journal inode [ 413.769207][ T346] device bridge_slave_0 left promiscuous mode [ 413.769271][ T8988] EXT4-fs (loop4): can't get journal size [ 413.775533][ T346] bridge0: port 1(bridge_slave_0) entered disabled state [ 413.802073][ T346] device veth1_macvtap left promiscuous mode [ 413.808629][ T346] device veth0_vlan left promiscuous mode [ 413.835519][ T8988] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpjquota=,norecovery,orlov,oldalloc,,errors=continue. Quota mode: writeback. [ 413.934400][ T9015] loop0: detected capacity change from 0 to 1024 [ 414.042506][ T9015] EXT4-fs (loop0): Ignoring removed orlov option [ 414.190864][ T9015] EXT4-fs (loop0): Ignoring removed oldalloc option [ 414.218787][ T9015] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 414.229868][ T9015] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (12914!=20869) [ 414.242677][ T9015] EXT4-fs (loop0): invalid journal inode [ 414.248462][ T9015] EXT4-fs (loop0): can't get journal size [ 414.255247][ T9015] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpjquota=,norecovery,orlov,oldalloc,,errors=continue. Quota mode: writeback. [ 414.446909][ T9016] netlink: 'syz-executor.1': attribute type 16 has an invalid length. [ 414.466493][ T30] kauditd_printk_skb: 4 callbacks suppressed [ 414.466510][ T30] audit: type=1326 audit(1716890785.946:2449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9035 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcb8da8ee9 code=0x7ffc0000 [ 414.500003][ T30] audit: type=1326 audit(1716890785.946:2450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9035 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcb8da8ee9 code=0x7ffc0000 [ 414.531362][ T30] audit: type=1326 audit(1716890785.956:2451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9035 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efcb8da8ee9 code=0x7ffc0000 [ 414.562629][ T30] audit: type=1326 audit(1716890785.956:2452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9035 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcb8da8ee9 code=0x7ffc0000 [ 414.563192][ T9040] loop0: detected capacity change from 0 to 512 [ 414.604511][ T9046] device pim6reg1 entered promiscuous mode [ 414.614731][ T30] audit: type=1326 audit(1716890785.956:2453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9035 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcb8da8ee9 code=0x7ffc0000 [ 414.639366][ T30] audit: type=1326 audit(1716890785.956:2454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9035 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efcb8da8ee9 code=0x7ffc0000 [ 414.655185][ T9048] loop3: detected capacity change from 0 to 16 [ 414.663741][ T30] audit: type=1326 audit(1716890785.956:2455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9035 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcb8da8ee9 code=0x7ffc0000 [ 414.676767][ T9040] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 414.700511][ T9048] erofs: (device loop3): mounted with root inode @ nid 36. [ 414.708163][ T30] audit: type=1326 audit(1716890785.956:2456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9035 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efcb8da8ee9 code=0x7ffc0000 [ 414.737351][ T9040] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 414.751526][ T9040] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 414.753111][ T30] audit: type=1326 audit(1716890785.956:2457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9035 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcb8da8ee9 code=0x7ffc0000 [ 414.765114][ T9040] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 414.799997][ T30] audit: type=1326 audit(1716890785.956:2458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9035 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efcb8da8ee9 code=0x7ffc0000 [ 414.800202][ T9050] loop1: detected capacity change from 0 to 256 [ 414.831814][ T6812] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 414.882760][ T9040] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 214 vs 220 free clusters [ 414.885689][ T9050] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 414.897435][ T9040] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2809: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 414.924040][ T9040] EXT4-fs (loop0): 1 truncate cleaned up [ 414.929969][ T9040] EXT4-fs (loop0): mounted filesystem without journal. Opts: noload,mblk_io_submit,debug_want_extra_isize=0x000000000000002e,auto_da_alloc,dioread_nolock,nobarrier,,errors=continue. Quota mode: none. [ 414.932924][ T9054] loop4: detected capacity change from 0 to 8192 [ 415.059821][ T9071] loop3: detected capacity change from 0 to 256 [ 415.123286][ T6812] usb 3-1: Using ep0 maxpacket: 16 [ 415.140843][ T9077] loop1: detected capacity change from 0 to 16 [ 415.168210][ T9077] erofs: (device loop1): mounted with root inode @ nid 36. [ 415.237798][ T9079] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 415.263534][ T9071] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 415.274912][ T6812] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 415.354240][ T6812] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 415.385877][ T6812] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 415.422115][ T6812] usb 3-1: New USB device found, idVendor=1e7d, idProduct=31ce, bcdDevice= 0.00 [ 415.435622][ T6812] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 415.450513][ T6812] usb 3-1: config 0 descriptor?? [ 415.536102][ T9087] loop3: detected capacity change from 0 to 256 [ 415.600882][ T9087] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 415.695107][ T9092] loop1: detected capacity change from 0 to 1024 [ 415.783661][ T9092] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 415.812287][ T9103] loop3: detected capacity change from 0 to 16 [ 415.824497][ T9102] device pim6reg1 entered promiscuous mode [ 415.854645][ T9103] erofs: (device loop3): mounted with root inode @ nid 36. [ 415.892063][ T9111] loop1: detected capacity change from 0 to 256 [ 415.927099][ T6812] ryos 0003:1E7D:31CE.0083: unknown main item tag 0x0 [ 415.933740][ T6812] ryos 0003:1E7D:31CE.0083: bogus close delimiter [ 415.964150][ T6812] ryos 0003:1E7D:31CE.0083: item 0 2 2 10 parsing failed [ 415.973859][ T9111] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 416.005317][ T6812] ryos 0003:1E7D:31CE.0083: parse failed [ 416.020214][ T6812] ryos: probe of 0003:1E7D:31CE.0083 failed with error -22 [ 416.115532][ T9137] loop4: detected capacity change from 0 to 16 [ 416.130512][ T6812] usb 3-1: USB disconnect, device number 49 [ 416.152517][ T9137] erofs: (device loop4): mounted with root inode @ nid 36. [ 416.208739][ T9146] loop4: detected capacity change from 0 to 2048 [ 416.236904][ T9146] loop4: p1 < > p4 [ 416.241179][ T9146] loop4: p4 size 8388608 extends beyond EOD, truncated [ 416.348724][ T331] udevd[331]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory [ 416.374522][ T9148] loop4: detected capacity change from 0 to 2048 [ 416.396811][ T331] loop4: p1 < > p4 [ 416.401089][ T331] loop4: p4 size 8388608 extends beyond EOD, truncated [ 416.409886][ T9148] loop4: p1 < > p4 [ 416.414083][ T9148] loop4: p4 size 8388608 extends beyond EOD, truncated [ 416.446269][ T3555] usb 2-1: new high-speed USB device number 45 using dummy_hcd [ 416.486830][ T9148] __loop_clr_fd: partition scan of loop4 failed (rc=-16) [ 416.489903][ T356] blk_update_request: I/O error, dev loop4, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 416.501202][ T331] blk_update_request: I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 416.505265][ T356] blk_update_request: I/O error, dev loop4, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 416.516581][ T331] blk_update_request: I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 416.526858][ T356] Buffer I/O error on dev loop4p4, logical block 1, async page read [ 416.537609][ T331] Buffer I/O error on dev loop4p1, logical block 0, async page read [ 416.552695][ T9148] blk_update_request: I/O error, dev loop4, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 416.553697][ T331] blk_update_request: I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 416.564002][ T9148] Buffer I/O error on dev loop4p4, logical block 0, lost async page write [ 416.574964][ T331] Buffer I/O error on dev loop4p1, logical block 0, async page read [ 416.583082][ T9148] blk_update_request: I/O error, dev loop4, sector 8 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 416.590908][ T43] blk_update_request: I/O error, dev loop4, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 416.601907][ T9148] Buffer I/O error on dev loop4p4, logical block 1, lost async page write [ 416.613040][ T43] Buffer I/O error on dev loop4p4, logical block 0, lost async page write [ 416.622256][ T331] blk_update_request: I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 416.629744][ T9148] blk_update_request: I/O error, dev loop4, sector 16 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 416.640799][ T331] Buffer I/O error on dev loop4p1, logical block 0, async page read [ 416.658999][ T9148] Buffer I/O error on dev loop4p4, logical block 2, lost async page write [ 416.667633][ T331] Buffer I/O error on dev loop4p1, logical block 0, async page read [ 416.671247][ T9148] Buffer I/O error on dev loop4p4, logical block 3, lost async page write [ 416.696230][ T3555] usb 2-1: Using ep0 maxpacket: 16 [ 416.761913][ T9161] loop4: detected capacity change from 0 to 256 [ 416.790806][ T9167] loop3: detected capacity change from 0 to 16 [ 416.798832][ T9161] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 416.836293][ T3555] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 416.847114][ T3555] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 416.856703][ T3555] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 416.869278][ T3555] usb 2-1: New USB device found, idVendor=1e7d, idProduct=31ce, bcdDevice= 0.00 [ 416.878214][ T3555] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 416.880114][ T9167] erofs: (device loop3): mounted with root inode @ nid 36. [ 416.886758][ T3555] usb 2-1: config 0 descriptor?? [ 416.968194][ T9180] loop0: detected capacity change from 0 to 2048 [ 416.976682][ T9180] loop0: p1 < > p4 [ 416.981066][ T9180] loop0: p4 size 8388608 extends beyond EOD, truncated [ 417.027495][ T99] loop0: p1 < > p4 [ 417.031595][ T99] loop0: p4 size 8388608 extends beyond EOD, truncated [ 417.066727][ T9180] __loop_clr_fd: partition scan of loop0 failed (rc=-16) [ 417.103348][ T331] udevd[331]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 417.186645][ T9194] loop0: detected capacity change from 0 to 16 [ 417.216215][ T6812] usb 5-1: new high-speed USB device number 47 using dummy_hcd [ 417.246642][ T9194] erofs: (device loop0): mounted with root inode @ nid 36. [ 417.367158][ T3555] ryos 0003:1E7D:31CE.0084: unknown main item tag 0x0 [ 417.373799][ T3555] ryos 0003:1E7D:31CE.0084: bogus close delimiter [ 417.380041][ T3555] ryos 0003:1E7D:31CE.0084: item 0 2 2 10 parsing failed [ 417.387286][ T3555] ryos 0003:1E7D:31CE.0084: parse failed [ 417.392851][ T3555] ryos: probe of 0003:1E7D:31CE.0084 failed with error -22 [ 417.476264][ T6812] usb 5-1: Using ep0 maxpacket: 16 [ 417.575261][ T2366] usb 2-1: USB disconnect, device number 45 [ 417.607041][ T6812] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 417.617837][ T6812] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 417.627429][ T6812] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 417.646573][ T6812] usb 5-1: New USB device found, idVendor=1e7d, idProduct=31ce, bcdDevice= 0.00 [ 417.662234][ T6812] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 417.671866][ T6812] usb 5-1: config 0 descriptor?? [ 417.729123][ T9230] device pim6reg1 entered promiscuous mode [ 417.887656][ T9252] device syzkaller0 entered promiscuous mode [ 418.123340][ T9263] loop1: detected capacity change from 0 to 2048 [ 418.137103][ T6812] ryos 0003:1E7D:31CE.0085: unknown main item tag 0x0 [ 418.143887][ T6812] ryos 0003:1E7D:31CE.0085: bogus close delimiter [ 418.150946][ T6812] ryos 0003:1E7D:31CE.0085: item 0 2 2 10 parsing failed [ 418.158159][ T6812] ryos 0003:1E7D:31CE.0085: parse failed [ 418.158303][ T9263] loop1: p1 < > p4 [ 418.163636][ T6812] ryos: probe of 0003:1E7D:31CE.0085 failed with error -22 [ 418.175760][ T9263] loop1: p4 size 8388608 extends beyond EOD, truncated [ 418.226320][ T2366] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 418.272637][ T331] udevd[331]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 418.281290][ T356] udevd[356]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 418.340630][ T309] usb 5-1: USB disconnect, device number 47 [ 418.349050][ T9275] device syzkaller0 entered promiscuous mode [ 418.596373][ T2366] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 418.605320][ T2366] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 418.614098][ T2366] usb 3-1: config 0 descriptor?? [ 418.651972][ T9291] loop0: detected capacity change from 0 to 1024 [ 418.693764][ T9291] EXT4-fs (loop0): Ignoring removed orlov option [ 418.700052][ T4752] usb 2-1: new high-speed USB device number 46 using dummy_hcd [ 418.706216][ T9291] EXT4-fs (loop0): Ignoring removed oldalloc option [ 418.707636][ T9298] device pim6reg1 entered promiscuous mode [ 418.720956][ T9291] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 418.731869][ T9291] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (12914!=20869) [ 418.742183][ T9291] EXT4-fs (loop0): invalid journal inode [ 418.747935][ T9291] EXT4-fs (loop0): can't get journal size [ 418.754576][ T9291] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpjquota=,norecovery,orlov,oldalloc,,errors=continue. Quota mode: writeback. [ 418.829511][ T9303] device syzkaller0 entered promiscuous mode [ 418.956820][ T4752] usb 2-1: Using ep0 maxpacket: 16 [ 418.995641][ T9326] loop4: detected capacity change from 0 to 1024 [ 419.062476][ T9326] EXT4-fs (loop4): Ignoring removed orlov option [ 419.069091][ T9326] EXT4-fs (loop4): Ignoring removed oldalloc option [ 419.075715][ T9326] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 419.076581][ T4752] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 419.087382][ T9326] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (12914!=20869) [ 419.097566][ T4752] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 419.110101][ T9326] EXT4-fs (loop4): invalid journal inode [ 419.116257][ T4752] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 419.121826][ T9326] EXT4-fs (loop4): can't get journal size [ 419.134596][ T4752] usb 2-1: New USB device found, idVendor=1e7d, idProduct=31ce, bcdDevice= 0.00 [ 419.141669][ T9326] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpjquota=,norecovery,orlov,oldalloc,,errors=continue. Quota mode: writeback. [ 419.148972][ T4752] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 419.176021][ T4752] usb 2-1: config 0 descriptor?? [ 419.737448][ T4752] ryos 0003:1E7D:31CE.0086: unknown main item tag 0x0 [ 419.744059][ T4752] ryos 0003:1E7D:31CE.0086: bogus close delimiter [ 419.750775][ T4752] ryos 0003:1E7D:31CE.0086: item 0 2 2 10 parsing failed [ 419.757853][ T4752] ryos 0003:1E7D:31CE.0086: parse failed [ 419.763297][ T4752] ryos: probe of 0003:1E7D:31CE.0086 failed with error -22 [ 419.944207][ T4752] usb 2-1: USB disconnect, device number 46 [ 420.935906][ T9417] loop0: detected capacity change from 0 to 16 [ 420.957121][ T4752] usb 3-1: USB disconnect, device number 50 [ 420.968181][ T9417] erofs: Unknown parameter 'ÿÿÿÿ01777777777777777777777ÿÿÿÿÿÿ0x000000000000000301777777777777777777777ÿ' [ 420.996606][ T9422] device pim6reg1 entered promiscuous mode [ 421.205326][ T9437] bridge0: port 1(bridge_slave_0) entered blocking state [ 421.216447][ T9437] bridge0: port 1(bridge_slave_0) entered disabled state [ 421.223801][ T9437] device bridge_slave_0 entered promiscuous mode [ 421.231316][ T9437] bridge0: port 2(bridge_slave_1) entered blocking state [ 421.238516][ T9437] bridge0: port 2(bridge_slave_1) entered disabled state [ 421.245906][ T9437] device bridge_slave_1 entered promiscuous mode [ 421.347029][ T9456] loop4: detected capacity change from 0 to 16 [ 421.354891][ T9437] bridge0: port 2(bridge_slave_1) entered blocking state [ 421.361769][ T9437] bridge0: port 2(bridge_slave_1) entered forwarding state [ 421.368877][ T9437] bridge0: port 1(bridge_slave_0) entered blocking state [ 421.375616][ T9437] bridge0: port 1(bridge_slave_0) entered forwarding state [ 421.406814][ T9456] erofs: Unknown parameter 'ÿÿÿÿ01777777777777777777777ÿÿÿÿÿÿ0x000000000000000301777777777777777777777ÿ' [ 421.427898][ T1635] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 421.435945][ T1635] bridge0: port 1(bridge_slave_0) entered disabled state [ 421.448921][ T1635] bridge0: port 2(bridge_slave_1) entered disabled state [ 421.474551][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 421.490714][ T328] bridge0: port 1(bridge_slave_0) entered blocking state [ 421.497873][ T328] bridge0: port 1(bridge_slave_0) entered forwarding state [ 421.513621][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 421.521962][ T328] bridge0: port 2(bridge_slave_1) entered blocking state [ 421.529010][ T328] bridge0: port 2(bridge_slave_1) entered forwarding state [ 421.577122][ T2366] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 421.587454][ T2366] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 421.603028][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 421.624865][ T1635] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 421.644397][ T9437] device veth0_vlan entered promiscuous mode [ 421.675378][ T1635] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 421.690659][ T1635] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 421.784598][ T1635] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 421.836106][ T9437] device veth1_macvtap entered promiscuous mode [ 421.850834][ T9484] loop3: detected capacity change from 0 to 1024 [ 421.857882][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 421.874708][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 421.887984][ T9484] EXT4-fs (loop3): Ignoring removed orlov option [ 421.896236][ T9484] EXT4-fs (loop3): Ignoring removed oldalloc option [ 421.906043][ T2366] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 421.919878][ T2366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 421.931302][ T9484] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 421.942154][ T30] kauditd_printk_skb: 14 callbacks suppressed [ 421.942168][ T30] audit: type=1400 audit(1716890793.416:2473): avc: denied { ioctl } for pid=9485 comm="syz-executor.0" path="socket:[48383]" dev="sockfs" ino=48383 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 421.948752][ T9486] netlink: 'syz-executor.0': attribute type 11 has an invalid length. [ 421.981994][ T9484] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (12914!=20869) [ 422.004410][ T9484] EXT4-fs (loop3): invalid journal inode [ 422.010253][ T9484] EXT4-fs (loop3): can't get journal size [ 422.017778][ T9484] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpjquota=,norecovery,orlov,oldalloc,,errors=continue. Quota mode: writeback. [ 422.047836][ T9492] 9pnet: Insufficient options for proto=fd [ 422.070654][ T9495] loop2: detected capacity change from 0 to 16 [ 422.157372][ T9495] erofs: Unknown parameter 'ÿÿÿÿ01777777777777777777777ÿÿÿÿÿÿ0x000000000000000301777777777777777777777ÿ' [ 422.166787][ T9482] loop4: detected capacity change from 0 to 40427 [ 422.245920][ T9482] F2FS-fs (loop4): Found nat_bits in checkpoint [ 422.315334][ T9482] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 422.340486][ T30] audit: type=1400 audit(1716890793.826:2474): avc: denied { create } for pid=9479 comm="syz-executor.4" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 422.376118][ T9499] loop3: detected capacity change from 0 to 40427 [ 422.384687][ T9482] overlayfs: missing 'lowerdir' [ 422.389449][ T30] audit: type=1400 audit(1716890793.866:2475): avc: denied { mounton } for pid=9479 comm="syz-executor.4" path="/root/syzkaller-testdir634214187/syzkaller.aI5Un5/289/file0/file0" dev="loop4" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 422.427989][ T5049] attempt to access beyond end of device [ 422.427989][ T5049] loop4: rw=2049, want=45120, limit=40427 [ 422.461317][ T9499] F2FS-fs (loop3): Found nat_bits in checkpoint [ 422.580288][ T9499] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 422.599270][ T9533] device syzkaller0 entered promiscuous mode [ 422.620140][ T305] attempt to access beyond end of device [ 422.620140][ T305] loop3: rw=2049, want=45104, limit=40427 [ 422.820384][ T9543] netlink: 'syz-executor.1': attribute type 16 has an invalid length. [ 423.111255][ T9545] loop4: detected capacity change from 0 to 40427 [ 423.211567][ T9545] F2FS-fs (loop4): Found nat_bits in checkpoint [ 423.238958][ T9545] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 423.260077][ T9545] overlayfs: missing 'lowerdir' [ 423.269863][ T5049] attempt to access beyond end of device [ 423.269863][ T5049] loop4: rw=2049, want=45120, limit=40427 [ 423.414978][ T9559] loop2: detected capacity change from 0 to 1024 [ 423.448077][ T9559] EXT4-fs (loop2): Ignoring removed orlov option [ 423.454413][ T9559] EXT4-fs (loop2): Ignoring removed oldalloc option [ 423.461700][ T9559] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 423.474586][ T9559] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (12914!=20869) [ 423.490972][ T9559] EXT4-fs (loop2): invalid journal inode [ 423.499035][ T9559] EXT4-fs (loop2): can't get journal size [ 423.523143][ T9570] device syzkaller0 entered promiscuous mode [ 423.553779][ T9559] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpjquota=,norecovery,orlov,oldalloc,,errors=continue. Quota mode: writeback. [ 423.648366][ T9589] loop4: detected capacity change from 0 to 16 [ 423.686778][ T9589] erofs: (device loop4): mounted with root inode @ nid 36. [ 423.752265][ T9603] device syzkaller0 entered promiscuous mode [ 423.763454][ T9609] loop0: detected capacity change from 0 to 1024 [ 423.808300][ T9606] netlink: 'syz-executor.4': attribute type 11 has an invalid length. [ 423.832316][ T9609] EXT4-fs (loop0): Ignoring removed orlov option [ 423.838734][ T9609] EXT4-fs (loop0): Ignoring removed oldalloc option [ 423.845653][ T9609] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 423.857749][ T9609] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (12914!=20869) [ 423.867531][ T9609] EXT4-fs (loop0): invalid journal inode [ 423.873334][ T9609] EXT4-fs (loop0): can't get journal size [ 423.881966][ T9609] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpjquota=,norecovery,orlov,oldalloc,,errors=continue. Quota mode: writeback. [ 423.988065][ T9630] loop0: detected capacity change from 0 to 16 [ 424.032419][ T9630] erofs: (device loop0): mounted with root inode @ nid 36. [ 424.142365][ T9641] device pim6reg1 entered promiscuous mode [ 424.563117][ T9668] loop4: detected capacity change from 0 to 16 [ 424.594174][ T9668] erofs: (device loop4): mounted with root inode @ nid 36. [ 424.680372][ T9675] device pim6reg1 entered promiscuous mode [ 424.704296][ T9670] netlink: 'syz-executor.3': attribute type 11 has an invalid length. [ 424.887883][ T9687] 9pnet: Insufficient options for proto=fd [ 424.983126][ T9693] loop2: detected capacity change from 0 to 16 [ 425.033121][ T9693] erofs: (device loop2): mounted with root inode @ nid 36. [ 425.108008][ T9677] loop4: detected capacity change from 0 to 40427 [ 425.117562][ T334] device bridge_slave_1 left promiscuous mode [ 425.135475][ T334] bridge0: port 2(bridge_slave_1) entered disabled state [ 425.143895][ T334] device bridge_slave_0 left promiscuous mode [ 425.161242][ T334] bridge0: port 1(bridge_slave_0) entered disabled state [ 425.194276][ T334] device veth1_macvtap left promiscuous mode [ 525.196189][ C1] rcu: INFO: rcu_preempt self-detected stall on CPU [ 525.202619][ C1] rcu: 1-...!: (10000 ticks this GP) idle=b2d/1/0x4000000000000000 softirq=52952/52952 fqs=0 last_accelerate: 3092/57ab dyntick_enabled: 1 [ 525.216677][ C1] (t=10002 jiffies g=61769 q=354) [ 525.221614][ C1] rcu: rcu_preempt kthread timer wakeup didn't happen for 10001 jiffies! g61769 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 [ 525.233855][ C1] rcu: Possible timer handling issue on cpu=1 timer-softirq=18344 [ 525.241575][ C1] rcu: rcu_preempt kthread starved for 10004 jiffies! g61769 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1 [ 525.252772][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 525.262582][ C1] rcu: RCU grace-period kthread stack dump: [ 525.268312][ C1] task:rcu_preempt state:I stack:28288 pid: 14 ppid: 2 flags:0x00004000 [ 525.277343][ C1] Call Trace: [ 525.280458][ C1] [ 525.283238][ C1] __schedule+0xccc/0x1590 [ 525.287494][ C1] ? __sched_text_start+0x8/0x8 [ 525.292172][ C1] ? __kasan_check_write+0x14/0x20 [ 525.297126][ C1] schedule+0x11f/0x1e0 [ 525.301113][ C1] schedule_timeout+0x18c/0x370 [ 525.305800][ C1] ? _raw_spin_unlock_irq+0x4e/0x70 [ 525.310832][ C1] ? console_conditional_schedule+0x30/0x30 [ 525.316561][ C1] ? update_process_times+0x200/0x200 [ 525.321769][ C1] ? prepare_to_swait_event+0x308/0x320 [ 525.327150][ C1] rcu_gp_fqs_loop+0x2af/0xf80 [ 525.331749][ C1] ? debug_smp_processor_id+0x17/0x20 [ 525.336958][ C1] ? __note_gp_changes+0x4ab/0x920 [ 525.341904][ C1] ? rcu_gp_init+0xc30/0xc30 [ 525.346331][ C1] ? _raw_spin_unlock_irq+0x4e/0x70 [ 525.351386][ C1] ? rcu_gp_init+0x9cf/0xc30 [ 525.355791][ C1] rcu_gp_kthread+0xa4/0x350 [ 525.360218][ C1] ? _raw_spin_lock+0x1b0/0x1b0 [ 525.364905][ C1] ? wake_nocb_gp+0x1e0/0x1e0 [ 525.369418][ C1] ? __kasan_check_read+0x11/0x20 [ 525.374278][ C1] ? __kthread_parkme+0xb2/0x200 [ 525.379055][ C1] kthread+0x421/0x510 [ 525.382956][ C1] ? wake_nocb_gp+0x1e0/0x1e0 [ 525.387471][ C1] ? kthread_blkcg+0xd0/0xd0 [ 525.391896][ C1] ret_from_fork+0x1f/0x30 [ 525.396153][ C1] [ 525.399013][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 525.405189][ C1] NMI backtrace for cpu 1 [ 525.409349][ C1] CPU: 1 PID: 9720 Comm: syz-executor.0 Not tainted 5.15.149-syzkaller-00055-g424f92bcbe8f #0 [ 525.419505][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 525.429400][ C1] Call Trace: [ 525.432524][ C1] [ 525.435302][ C1] dump_stack_lvl+0x151/0x1b7 [ 525.439813][ C1] ? io_uring_drop_tctx_refs+0x190/0x190 [ 525.445283][ C1] dump_stack+0x15/0x17 [ 525.449273][ C1] nmi_cpu_backtrace+0x2f7/0x300 [ 525.454073][ C1] ? nmi_trigger_cpumask_backtrace+0x270/0x270 [ 525.460036][ C1] ? panic+0x751/0x751 [ 525.463941][ C1] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 525.469843][ C1] nmi_trigger_cpumask_backtrace+0x15d/0x270 [ 525.475746][ C1] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 525.481648][ C1] arch_trigger_cpumask_backtrace+0x10/0x20 [ 525.487375][ C1] rcu_check_gp_kthread_starvation+0x1e3/0x250 [ 525.493362][ C1] ? rcu_check_gp_kthread_expired_fqs_timer+0x18e/0x230 [ 525.500135][ C1] print_cpu_stall+0x310/0x5f0 [ 525.504733][ C1] rcu_sched_clock_irq+0x989/0x12f0 [ 525.509769][ C1] ? rcu_boost_kthread_setaffinity+0x340/0x340 [ 525.515755][ C1] ? hrtimer_run_queues+0x15f/0x440 [ 525.520792][ C1] update_process_times+0x198/0x200 [ 525.525825][ C1] tick_sched_timer+0x188/0x240 [ 525.530600][ C1] ? tick_setup_sched_timer+0x480/0x480 [ 525.535980][ C1] __hrtimer_run_queues+0x41a/0xad0 [ 525.541014][ C1] ? hrtimer_interrupt+0xaa0/0xaa0 [ 525.545959][ C1] ? clockevents_program_event+0x22f/0x300 [ 525.551600][ C1] ? ktime_get_update_offsets_now+0x2ba/0x2d0 [ 525.557504][ C1] hrtimer_interrupt+0x40c/0xaa0 [ 525.562278][ C1] __sysvec_apic_timer_interrupt+0xfd/0x3c0 [ 525.568005][ C1] sysvec_apic_timer_interrupt+0x95/0xc0 [ 525.573473][ C1] [ 525.576254][ C1] [ 525.579026][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 525.584850][ C1] RIP: 0010:kvm_wait+0x147/0x180 [ 525.589617][ C1] Code: 4c 89 e8 48 c1 e8 03 42 0f b6 04 20 84 c0 44 8b 74 24 1c 75 34 41 0f b6 45 00 44 38 f0 75 10 66 90 0f 00 2d 5b 03 f3 03 fb f4 24 ff ff ff fb e9 1e ff ff ff 44 89 e9 80 e1 07 38 c1 7c a3 4c [ 525.609057][ C1] RSP: 0018:ffffc90000c37440 EFLAGS: 00000246 [ 525.614959][ C1] RAX: 0000000000000003 RBX: 1ffff92000186e8c RCX: ffffffff8154fa7f [ 525.622771][ C1] RDX: dffffc0000000000 RSI: 0000000000000003 RDI: ffff888129794f88 [ 525.630580][ C1] RBP: ffffc90000c374f0 R08: dffffc0000000000 R09: ffffed10252f29f2 [ 525.638392][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 525.646203][ C1] R13: ffff888129794f88 R14: 0000000000000003 R15: 1ffff92000186e90 [ 525.654020][ C1] ? __pv_queued_spin_lock_slowpath+0x65f/0xc40 [ 525.660092][ C1] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 525.666078][ C1] ? kvm_arch_para_hints+0x30/0x30 [ 525.671026][ C1] ? __pv_queued_spin_lock_slowpath+0x65f/0xc40 [ 525.677102][ C1] __pv_queued_spin_lock_slowpath+0x6bc/0xc40 [ 525.683003][ C1] ? __pv_queued_spin_unlock_slowpath+0x310/0x310 [ 525.689252][ C1] ? __find_get_block+0xd38/0x1180 [ 525.694200][ C1] ? ext4_inode_block_valid+0x2e1/0x3f0 [ 525.699582][ C1] _raw_spin_lock_bh+0x139/0x1b0 [ 525.704363][ C1] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 525.709388][ C1] ? sock_hash_bucket_hash+0x36d/0x7e0 [ 525.714682][ C1] sock_hash_delete_elem+0xb1/0x2f0 [ 525.719716][ C1] ? sock_map_unref+0x352/0x4d0 [ 525.724403][ C1] bpf_prog_2c29ac5cdc6b1842+0x3a/0x884 [ 525.729784][ C1] bpf_trace_run2+0xec/0x210 [ 525.734299][ C1] ? bpf_trace_run1+0x1c0/0x1c0 [ 525.738983][ C1] ? sock_map_unref+0x352/0x4d0 [ 525.743672][ C1] ? ext4_match+0x1e0/0x720 [ 525.748011][ C1] ? sock_map_unref+0x352/0x4d0 [ 525.752698][ C1] __bpf_trace_kfree+0x6f/0x90 [ 525.757297][ C1] ? sock_map_unref+0x352/0x4d0 [ 525.761987][ C1] kfree+0x1f3/0x220 [ 525.765714][ C1] sock_map_unref+0x352/0x4d0 [ 525.770244][ C1] sock_hash_delete_elem+0x274/0x2f0 [ 525.775355][ C1] ? ext4_lookup+0x3f3/0xaa0 [ 525.779782][ C1] bpf_prog_2c29ac5cdc6b1842+0x3a/0x884 [ 525.785157][ C1] bpf_trace_run2+0xec/0x210 [ 525.789586][ C1] ? ext4_ci_compare+0x660/0x660 [ 525.794358][ C1] ? bpf_trace_run1+0x1c0/0x1c0 [ 525.799045][ C1] ? ext4_lookup+0x3f3/0xaa0 [ 525.803471][ C1] ? ext4_lookup+0x3f3/0xaa0 [ 525.807896][ C1] __bpf_trace_kfree+0x6f/0x90 [ 525.812496][ C1] ? ext4_lookup+0x3f3/0xaa0 [ 525.816924][ C1] kfree+0x1f3/0x220 [ 525.820655][ C1] ext4_lookup+0x3f3/0xaa0 [ 525.824916][ C1] ? ext4_add_entry+0x12b0/0x12b0 [ 525.829768][ C1] ? slab_post_alloc_hook+0x72/0x2c0 [ 525.834887][ C1] ? __kasan_check_write+0x14/0x20 [ 525.839836][ C1] ? _raw_spin_lock+0xa4/0x1b0 [ 525.844436][ C1] ? __d_alloc+0x4dd/0x6c0 [ 525.848688][ C1] ? _raw_spin_unlock+0x4d/0x70 [ 525.853374][ C1] ? d_alloc+0x199/0x1d0 [ 525.857454][ C1] lookup_one_qstr_excl+0x143/0x290 [ 525.862490][ C1] filename_create+0x28e/0x530 [ 525.867087][ C1] ? kern_path_create+0x1a0/0x1a0 [ 525.871949][ C1] do_mknodat+0x1a4/0x5c0 [ 525.876113][ C1] ? __check_object_size+0x2ec/0x3d0 [ 525.881236][ C1] ? may_open+0x440/0x440 [ 525.885401][ C1] ? getname_flags+0x1fd/0x520 [ 525.890002][ C1] __x64_sys_mknodat+0xa9/0xc0 [ 525.894601][ C1] do_syscall_64+0x3d/0xb0 [ 525.898854][ C1] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 525.904581][ C1] RIP: 0033:0x7f5f373d4ee9 [ 525.908839][ C1] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 525.928274][ C1] RSP: 002b:00007f5f361490c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000103 [ 525.936522][ C1] RAX: ffffffffffffffda RBX: 00007f5f3750bf80 RCX: 00007f5f373d4ee9 [ 525.944330][ C1] RDX: 0000000000000000 RSI: 0000000020000000 RDI: ffffffffffffff9c [ 525.952144][ C1] RBP: 00007f5f3742147f R08: 0000000000000000 R09: 0000000000000000 [ 525.959956][ C1] R10: 0000000000000701 R11: 0000000000000246 R12: 0000000000000000 [ 525.967767][ C1] R13: 000000000000000b R14: 00007f5f3750bf80 R15: 00007fff0ca27168 [ 525.975579][ C1] [ 525.978461][ C1] Sending NMI from CPU 1 to CPUs 0: [ 525.983504][ C0] NMI backtrace for cpu 0 [ 525.983513][ C0] CPU: 0 PID: 9704 Comm: syz-executor.3 Not tainted 5.15.149-syzkaller-00055-g424f92bcbe8f #0 [ 525.983529][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 525.983538][ C0] RIP: 0010:kvm_wait+0x147/0x180 [ 525.983557][ C0] Code: 4c 89 e8 48 c1 e8 03 42 0f b6 04 20 84 c0 44 8b 74 24 1c 75 34 41 0f b6 45 00 44 38 f0 75 10 66 90 0f 00 2d 5b 03 f3 03 fb f4 24 ff ff ff fb e9 1e ff ff ff 44 89 e9 80 e1 07 38 c1 7c a3 4c [ 525.983570][ C0] RSP: 0018:ffffc90000d873e0 EFLAGS: 00000246 [ 525.983585][ C0] RAX: 0000000000000001 RBX: 1ffff920001b0e80 RCX: 1ffffffff0d1aa9c [ 525.983596][ C0] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffff8881f7037ed4 [ 525.983606][ C0] RBP: ffffc90000d87490 R08: dffffc0000000000 R09: ffffed103ee06fdb [ 525.983618][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 525.983629][ C0] R13: ffff8881f7037ed4 R14: 0000000000000001 R15: 1ffff920001b0e84 [ 525.983640][ C0] FS: 00007efcb7b1d6c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 525.983654][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 525.983665][ C0] CR2: 0000000020529000 CR3: 000000010c6e9000 CR4: 00000000003506b0 [ 525.983680][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 525.983689][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 525.983700][ C0] Call Trace: [ 525.983705][ C0] [ 525.983711][ C0] ? show_regs+0x58/0x60 [ 525.983727][ C0] ? nmi_cpu_backtrace+0x29f/0x300 [ 525.983746][ C0] ? nmi_trigger_cpumask_backtrace+0x270/0x270 [ 525.983764][ C0] ? kvm_wait+0x147/0x180 [ 525.983778][ C0] ? kvm_wait+0x147/0x180 [ 525.983791][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 525.983809][ C0] ? nmi_handle+0xa8/0x280 [ 525.983824][ C0] ? kvm_wait+0x147/0x180 [ 525.983838][ C0] ? default_do_nmi+0x69/0x160 [ 525.983854][ C0] ? exc_nmi+0xaf/0x120 [ 525.983868][ C0] ? end_repeat_nmi+0x16/0x31 [ 525.983885][ C0] ? kvm_wait+0x147/0x180 [ 525.983898][ C0] ? kvm_wait+0x147/0x180 [ 525.983912][ C0] ? kvm_wait+0x147/0x180 [ 525.983925][ C0] [ 525.983930][ C0] [ 525.983935][ C0] ? asm_common_interrupt+0x27/0x40 [ 525.983949][ C0] ? kvm_arch_para_hints+0x30/0x30 [ 525.983965][ C0] __pv_queued_spin_lock_slowpath+0x41b/0xc40 [ 525.983986][ C0] ? __pv_queued_spin_unlock_slowpath+0x310/0x310 [ 525.984005][ C0] _raw_spin_lock_bh+0x139/0x1b0 [ 525.984022][ C0] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 525.984038][ C0] ? sock_hash_bucket_hash+0x36d/0x7e0 [ 525.984057][ C0] sock_hash_delete_elem+0xb1/0x2f0 [ 525.984073][ C0] ? skb_release_data+0x8a9/0xa80 [ 525.984088][ C0] bpf_prog_2c29ac5cdc6b1842+0x3a/0x884 [ 525.984101][ C0] bpf_trace_run2+0xec/0x210 [ 525.984118][ C0] ? bpf_trace_run1+0x1c0/0x1c0 [ 525.984134][ C0] ? skb_release_data+0x8a9/0xa80 [ 525.984148][ C0] ? iov_iter_init+0x190/0x190 [ 525.984164][ C0] ? skb_release_data+0x8a9/0xa80 [ 525.984179][ C0] __bpf_trace_kfree+0x6f/0x90 [ 525.984194][ C0] ? skb_release_data+0x8a9/0xa80 [ 525.984208][ C0] kfree+0x1f3/0x220 [ 525.984224][ C0] ? __check_object_size+0x2ec/0x3d0 [ 525.984241][ C0] skb_release_data+0x8a9/0xa80 [ 525.984257][ C0] ? tsk_advance_rx_queue+0x10a/0x260 [ 525.984272][ C0] kfree_skb+0xba/0x360 [ 525.984286][ C0] tsk_advance_rx_queue+0x10a/0x260 [ 525.984301][ C0] tipc_recvstream+0x807/0xf70 [ 525.984318][ C0] ? tipc_sendstream+0x70/0x70 [ 525.984332][ C0] ? security_socket_recvmsg+0x87/0xb0 [ 525.984347][ C0] ? tipc_sendstream+0x70/0x70 [ 525.984361][ C0] ____sys_recvmsg+0x286/0x530 [ 525.984378][ C0] ? __sys_recvmsg_sock+0x50/0x50 [ 525.984394][ C0] ? import_iovec+0xe5/0x120 [ 525.984411][ C0] ___sys_recvmsg+0x1ec/0x690 [ 525.984426][ C0] ? __sys_recvmsg+0x260/0x260 [ 525.984440][ C0] ? alloc_file+0x3e5/0x4e0 [ 525.984456][ C0] ? alloc_file_pseudo+0x280/0x2f0 [ 525.984483][ C0] ? __fdget+0x1bc/0x240 [ 525.984497][ C0] __x64_sys_recvmsg+0x1dc/0x2b0 [ 525.984511][ C0] ? __kasan_check_write+0x14/0x20 [ 525.984527][ C0] ? ___sys_recvmsg+0x690/0x690 [ 525.984544][ C0] ? exit_to_user_mode_prepare+0x7e/0xa0 [ 525.984560][ C0] do_syscall_64+0x3d/0xb0 [ 525.984574][ C0] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 525.984588][ C0] RIP: 0033:0x7efcb8da8ee9 [ 525.984602][ C0] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 525.984614][ C0] RSP: 002b:00007efcb7b1d0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 525.984629][ C0] RAX: ffffffffffffffda RBX: 00007efcb8edff80 RCX: 00007efcb8da8ee9 [ 525.984640][ C0] RDX: 0000000000001f00 RSI: 0000000020000500 RDI: 0000000000000003 [ 525.984650][ C0] RBP: 00007efcb8df547f R08: 0000000000000000 R09: 0000000000000000 [ 525.984659][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 525.984669][ C0] R13: 000000000000000b R14: 00007efcb8edff80 R15: 00007fff6d8eb078 [ 525.984682][ C0] [ 525.985487][ C1] NMI backtrace for cpu 1 [ 526.468178][ C1] CPU: 1 PID: 9720 Comm: syz-executor.0 Not tainted 5.15.149-syzkaller-00055-g424f92bcbe8f #0 [ 526.478237][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 526.488131][ C1] Call Trace: [ 526.491255][ C1] [ 526.493947][ C1] dump_stack_lvl+0x151/0x1b7 [ 526.498459][ C1] ? io_uring_drop_tctx_refs+0x190/0x190 [ 526.503928][ C1] ? cpumask_next+0x8a/0xb0 [ 526.508268][ C1] dump_stack+0x15/0x17 [ 526.512257][ C1] nmi_cpu_backtrace+0x2f7/0x300 [ 526.517032][ C1] ? init_x2apic_ldr+0x10/0x10 [ 526.521633][ C1] ? nmi_trigger_cpumask_backtrace+0x270/0x270 [ 526.527706][ C1] ? irq_work_queue+0xd4/0x160 [ 526.532308][ C1] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 526.538211][ C1] nmi_trigger_cpumask_backtrace+0x15d/0x270 [ 526.544024][ C1] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 526.549926][ C1] arch_trigger_cpumask_backtrace+0x10/0x20 [ 526.555653][ C1] rcu_dump_cpu_stacks+0x1d8/0x330 [ 526.560602][ C1] print_cpu_stall+0x315/0x5f0 [ 526.565203][ C1] rcu_sched_clock_irq+0x989/0x12f0 [ 526.570237][ C1] ? rcu_boost_kthread_setaffinity+0x340/0x340 [ 526.576225][ C1] ? hrtimer_run_queues+0x15f/0x440 [ 526.581258][ C1] update_process_times+0x198/0x200 [ 526.586299][ C1] tick_sched_timer+0x188/0x240 [ 526.590984][ C1] ? tick_setup_sched_timer+0x480/0x480 [ 526.596361][ C1] __hrtimer_run_queues+0x41a/0xad0 [ 526.601396][ C1] ? hrtimer_interrupt+0xaa0/0xaa0 [ 526.606340][ C1] ? clockevents_program_event+0x22f/0x300 [ 526.611980][ C1] ? ktime_get_update_offsets_now+0x2ba/0x2d0 [ 526.617885][ C1] hrtimer_interrupt+0x40c/0xaa0 [ 526.622659][ C1] __sysvec_apic_timer_interrupt+0xfd/0x3c0 [ 526.628388][ C1] sysvec_apic_timer_interrupt+0x95/0xc0 [ 526.633854][ C1] [ 526.636645][ C1] [ 526.639494][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 526.645310][ C1] RIP: 0010:kvm_wait+0x147/0x180 [ 526.650084][ C1] Code: 4c 89 e8 48 c1 e8 03 42 0f b6 04 20 84 c0 44 8b 74 24 1c 75 34 41 0f b6 45 00 44 38 f0 75 10 66 90 0f 00 2d 5b 03 f3 03 fb f4 24 ff ff ff fb e9 1e ff ff ff 44 89 e9 80 e1 07 38 c1 7c a3 4c [ 526.669525][ C1] RSP: 0018:ffffc90000c37440 EFLAGS: 00000246 [ 526.675426][ C1] RAX: 0000000000000003 RBX: 1ffff92000186e8c RCX: ffffffff8154fa7f [ 526.683244][ C1] RDX: dffffc0000000000 RSI: 0000000000000003 RDI: ffff888129794f88 [ 526.691049][ C1] RBP: ffffc90000c374f0 R08: dffffc0000000000 R09: ffffed10252f29f2 [ 526.698947][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 526.706758][ C1] R13: ffff888129794f88 R14: 0000000000000003 R15: 1ffff92000186e90 [ 526.714569][ C1] ? __pv_queued_spin_lock_slowpath+0x65f/0xc40 [ 526.720647][ C1] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 526.726633][ C1] ? kvm_arch_para_hints+0x30/0x30 [ 526.731580][ C1] ? __pv_queued_spin_lock_slowpath+0x65f/0xc40 [ 526.737655][ C1] __pv_queued_spin_lock_slowpath+0x6bc/0xc40 [ 526.743558][ C1] ? __pv_queued_spin_unlock_slowpath+0x310/0x310 [ 526.749808][ C1] ? __find_get_block+0xd38/0x1180 [ 526.754753][ C1] ? ext4_inode_block_valid+0x2e1/0x3f0 [ 526.760135][ C1] _raw_spin_lock_bh+0x139/0x1b0 [ 526.764909][ C1] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 526.769942][ C1] ? sock_hash_bucket_hash+0x36d/0x7e0 [ 526.775238][ C1] sock_hash_delete_elem+0xb1/0x2f0 [ 526.780275][ C1] ? sock_map_unref+0x352/0x4d0 [ 526.784957][ C1] bpf_prog_2c29ac5cdc6b1842+0x3a/0x884 [ 526.790338][ C1] bpf_trace_run2+0xec/0x210 [ 526.794763][ C1] ? bpf_trace_run1+0x1c0/0x1c0 [ 526.799452][ C1] ? sock_map_unref+0x352/0x4d0 [ 526.804142][ C1] ? ext4_match+0x1e0/0x720 [ 526.808480][ C1] ? sock_map_unref+0x352/0x4d0 [ 526.813165][ C1] __bpf_trace_kfree+0x6f/0x90 [ 526.817764][ C1] ? sock_map_unref+0x352/0x4d0 [ 526.822449][ C1] kfree+0x1f3/0x220 [ 526.826183][ C1] sock_map_unref+0x352/0x4d0 [ 526.830697][ C1] sock_hash_delete_elem+0x274/0x2f0 [ 526.835818][ C1] ? ext4_lookup+0x3f3/0xaa0 [ 526.840244][ C1] bpf_prog_2c29ac5cdc6b1842+0x3a/0x884 [ 526.845623][ C1] bpf_trace_run2+0xec/0x210 [ 526.850050][ C1] ? ext4_ci_compare+0x660/0x660 [ 526.854825][ C1] ? bpf_trace_run1+0x1c0/0x1c0 [ 526.859510][ C1] ? ext4_lookup+0x3f3/0xaa0 [ 526.863937][ C1] ? ext4_lookup+0x3f3/0xaa0 [ 526.868362][ C1] __bpf_trace_kfree+0x6f/0x90 [ 526.872965][ C1] ? ext4_lookup+0x3f3/0xaa0 [ 526.877390][ C1] kfree+0x1f3/0x220 [ 526.881122][ C1] ext4_lookup+0x3f3/0xaa0 [ 526.885375][ C1] ? ext4_add_entry+0x12b0/0x12b0 [ 526.890235][ C1] ? slab_post_alloc_hook+0x72/0x2c0 [ 526.895355][ C1] ? __kasan_check_write+0x14/0x20 [ 526.900306][ C1] ? _raw_spin_lock+0xa4/0x1b0 [ 526.904910][ C1] ? __d_alloc+0x4dd/0x6c0 [ 526.909156][ C1] ? _raw_spin_unlock+0x4d/0x70 [ 526.913842][ C1] ? d_alloc+0x199/0x1d0 [ 526.917922][ C1] lookup_one_qstr_excl+0x143/0x290 [ 526.922956][ C1] filename_create+0x28e/0x530 [ 526.927556][ C1] ? kern_path_create+0x1a0/0x1a0 [ 526.932416][ C1] do_mknodat+0x1a4/0x5c0 [ 526.936586][ C1] ? __check_object_size+0x2ec/0x3d0 [ 526.941703][ C1] ? may_open+0x440/0x440 [ 526.945867][ C1] ? getname_flags+0x1fd/0x520 [ 526.950471][ C1] __x64_sys_mknodat+0xa9/0xc0 [ 526.955068][ C1] do_syscall_64+0x3d/0xb0 [ 526.959322][ C1] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 526.965049][ C1] RIP: 0033:0x7f5f373d4ee9 [ 526.969306][ C1] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 526.988743][ C1] RSP: 002b:00007f5f361490c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000103 [ 526.996989][ C1] RAX: ffffffffffffffda RBX: 00007f5f3750bf80 RCX: 00007f5f373d4ee9 [ 527.004800][ C1] RDX: 0000000000000000 RSI: 0000000020000000 RDI: ffffffffffffff9c [ 527.012612][ C1] RBP: 00007f5f3742147f R08: 0000000000000000 R09: 0000000000000000 [ 527.020421][ C1] R10: 0000000000000701 R11: 0000000000000246 R12: 0000000000000000 [ 527.028233][ C1] R13: 000000000000000b R14: 00007f5f3750bf80 R15: 00007fff0ca27168 [ 527.036048][ C1] [ 661.035477][ C1] watchdog: BUG: soft lockup - CPU#1 stuck for 225s! [syz-executor.0:9720] [ 661.043890][ C1] Modules linked in: [ 661.047622][ C1] CPU: 1 PID: 9720 Comm: syz-executor.0 Not tainted 5.15.149-syzkaller-00055-g424f92bcbe8f #0 [ 661.057775][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 661.067670][ C1] RIP: 0010:kvm_wait+0x147/0x180 [ 661.072443][ C1] Code: 4c 89 e8 48 c1 e8 03 42 0f b6 04 20 84 c0 44 8b 74 24 1c 75 34 41 0f b6 45 00 44 38 f0 75 10 66 90 0f 00 2d 5b 03 f3 03 fb f4 24 ff ff ff fb e9 1e ff ff ff 44 89 e9 80 e1 07 38 c1 7c a3 4c [ 661.092404][ C1] RSP: 0018:ffffc90000c37440 EFLAGS: 00000246 [ 661.098305][ C1] RAX: 0000000000000003 RBX: 1ffff92000186e8c RCX: ffffffff8154fa7f [ 661.106115][ C1] RDX: dffffc0000000000 RSI: 0000000000000003 RDI: ffff888129794f88 [ 661.114043][ C1] RBP: ffffc90000c374f0 R08: dffffc0000000000 R09: ffffed10252f29f2 [ 661.121854][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 661.129664][ C1] R13: ffff888129794f88 R14: 0000000000000003 R15: 1ffff92000186e90 [ 661.137478][ C1] FS: 00007f5f361496c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 661.146241][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 661.152664][ C1] CR2: 00007ffc05c72b78 CR3: 000000011c137000 CR4: 00000000003506a0 [ 661.160480][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 661.168290][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 661.176098][ C1] Call Trace: [ 661.179225][ C1] [ 661.181918][ C1] ? show_regs+0x58/0x60 [ 661.185995][ C1] ? watchdog_timer_fn+0x4b1/0x5f0 [ 661.190941][ C1] ? proc_watchdog_cpumask+0xd0/0xd0 [ 661.196068][ C1] ? __hrtimer_run_queues+0x41a/0xad0 [ 661.201270][ C1] ? hrtimer_interrupt+0xaa0/0xaa0 [ 661.206216][ C1] ? clockevents_program_event+0x22f/0x300 [ 661.211860][ C1] ? ktime_get_update_offsets_now+0x2ba/0x2d0 [ 661.217875][ C1] ? hrtimer_interrupt+0x40c/0xaa0 [ 661.222844][ C1] ? __sysvec_apic_timer_interrupt+0xfd/0x3c0 [ 661.228730][ C1] ? sysvec_apic_timer_interrupt+0x95/0xc0 [ 661.234367][ C1] [ 661.237145][ C1] [ 661.240007][ C1] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 661.246001][ C1] ? __pv_queued_spin_lock_slowpath+0x65f/0xc40 [ 661.252073][ C1] ? kvm_wait+0x147/0x180 [ 661.256237][ C1] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 661.262225][ C1] ? kvm_arch_para_hints+0x30/0x30 [ 661.267176][ C1] ? __pv_queued_spin_lock_slowpath+0x65f/0xc40 [ 661.273252][ C1] __pv_queued_spin_lock_slowpath+0x6bc/0xc40 [ 661.279154][ C1] ? __pv_queued_spin_unlock_slowpath+0x310/0x310 [ 661.285404][ C1] ? __find_get_block+0xd38/0x1180 [ 661.290435][ C1] ? ext4_inode_block_valid+0x2e1/0x3f0 [ 661.295907][ C1] _raw_spin_lock_bh+0x139/0x1b0 [ 661.300691][ C1] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 661.305709][ C1] ? sock_hash_bucket_hash+0x36d/0x7e0 [ 661.311004][ C1] sock_hash_delete_elem+0xb1/0x2f0 [ 661.316037][ C1] ? sock_map_unref+0x352/0x4d0 [ 661.320724][ C1] bpf_prog_2c29ac5cdc6b1842+0x3a/0x884 [ 661.326106][ C1] bpf_trace_run2+0xec/0x210 [ 661.330533][ C1] ? bpf_trace_run1+0x1c0/0x1c0 [ 661.335218][ C1] ? sock_map_unref+0x352/0x4d0 [ 661.339906][ C1] ? ext4_match+0x1e0/0x720 [ 661.344245][ C1] ? sock_map_unref+0x352/0x4d0 [ 661.348932][ C1] __bpf_trace_kfree+0x6f/0x90 [ 661.353533][ C1] ? sock_map_unref+0x352/0x4d0 [ 661.358218][ C1] kfree+0x1f3/0x220 [ 661.361950][ C1] sock_map_unref+0x352/0x4d0 [ 661.366466][ C1] sock_hash_delete_elem+0x274/0x2f0 [ 661.371583][ C1] ? ext4_lookup+0x3f3/0xaa0 [ 661.376017][ C1] bpf_prog_2c29ac5cdc6b1842+0x3a/0x884 [ 661.381391][ C1] bpf_trace_run2+0xec/0x210 [ 661.385817][ C1] ? ext4_ci_compare+0x660/0x660 [ 661.390601][ C1] ? bpf_trace_run1+0x1c0/0x1c0 [ 661.395276][ C1] ? ext4_lookup+0x3f3/0xaa0 [ 661.399707][ C1] ? ext4_lookup+0x3f3/0xaa0 [ 661.404133][ C1] __bpf_trace_kfree+0x6f/0x90 [ 661.409023][ C1] ? ext4_lookup+0x3f3/0xaa0 [ 661.413418][ C1] kfree+0x1f3/0x220 [ 661.417177][ C1] ext4_lookup+0x3f3/0xaa0 [ 661.421403][ C1] ? ext4_add_entry+0x12b0/0x12b0 [ 661.426262][ C1] ? slab_post_alloc_hook+0x72/0x2c0 [ 661.431382][ C1] ? __kasan_check_write+0x14/0x20 [ 661.436329][ C1] ? _raw_spin_lock+0xa4/0x1b0 [ 661.440929][ C1] ? __d_alloc+0x4dd/0x6c0 [ 661.445193][ C1] ? _raw_spin_unlock+0x4d/0x70 [ 661.449869][ C1] ? d_alloc+0x199/0x1d0 [ 661.453950][ C1] lookup_one_qstr_excl+0x143/0x290 [ 661.458984][ C1] filename_create+0x28e/0x530 [ 661.463584][ C1] ? kern_path_create+0x1a0/0x1a0 [ 661.468445][ C1] do_mknodat+0x1a4/0x5c0 [ 661.472610][ C1] ? __check_object_size+0x2ec/0x3d0 [ 661.477732][ C1] ? may_open+0x440/0x440 [ 661.481895][ C1] ? getname_flags+0x1fd/0x520 [ 661.486584][ C1] __x64_sys_mknodat+0xa9/0xc0 [ 661.491184][ C1] do_syscall_64+0x3d/0xb0 [ 661.495441][ C1] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 661.501164][ C1] RIP: 0033:0x7f5f373d4ee9 [ 661.505419][ C1] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 661.525127][ C1] RSP: 002b:00007f5f361490c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000103 [ 661.533371][ C1] RAX: ffffffffffffffda RBX: 00007f5f3750bf80 RCX: 00007f5f373d4ee9 [ 661.541181][ C1] RDX: 0000000000000000 RSI: 0000000020000000 RDI: ffffffffffffff9c [ 661.548992][ C1] RBP: 00007f5f3742147f R08: 0000000000000000 R09: 0000000000000000 [ 661.556806][ C1] R10: 0000000000000701 R11: 0000000000000246 R12: 0000000000000000 [ 661.564618][ C1] R13: 000000000000000b R14: 00007f5f3750bf80 R15: 00007fff0ca27168 [ 661.572430][ C1] [ 661.575292][ C1] Sending NMI from CPU 1 to CPUs 0: [ 661.580345][ C0] NMI backtrace for cpu 0 [ 661.580354][ C0] CPU: 0 PID: 9704 Comm: syz-executor.3 Not tainted 5.15.149-syzkaller-00055-g424f92bcbe8f #0 [ 661.580371][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 661.580379][ C0] RIP: 0010:kvm_wait+0x147/0x180 [ 661.580399][ C0] Code: 4c 89 e8 48 c1 e8 03 42 0f b6 04 20 84 c0 44 8b 74 24 1c 75 34 41 0f b6 45 00 44 38 f0 75 10 66 90 0f 00 2d 5b 03 f3 03 fb f4 24 ff ff ff fb e9 1e ff ff ff 44 89 e9 80 e1 07 38 c1 7c a3 4c [ 661.580411][ C0] RSP: 0018:ffffc90000d873e0 EFLAGS: 00000246 [ 661.580425][ C0] RAX: 0000000000000001 RBX: 1ffff920001b0e80 RCX: 1ffffffff0d1aa9c [ 661.580437][ C0] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffff8881f7037ed4 [ 661.580447][ C0] RBP: ffffc90000d87490 R08: dffffc0000000000 R09: ffffed103ee06fdb [ 661.580459][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 661.580470][ C0] R13: ffff8881f7037ed4 R14: 0000000000000001 R15: 1ffff920001b0e84 [ 661.580481][ C0] FS: 00007efcb7b1d6c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 661.580495][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 661.580506][ C0] CR2: 0000000020529000 CR3: 000000010c6e9000 CR4: 00000000003506b0 [ 661.580520][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 661.580530][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 661.580539][ C0] Call Trace: [ 661.580545][ C0] [ 661.580551][ C0] ? show_regs+0x58/0x60 [ 661.580567][ C0] ? nmi_cpu_backtrace+0x29f/0x300 [ 661.580585][ C0] ? nmi_trigger_cpumask_backtrace+0x270/0x270 [ 661.580603][ C0] ? kvm_wait+0x147/0x180 [ 661.580617][ C0] ? kvm_wait+0x147/0x180 [ 661.580630][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 661.580647][ C0] ? nmi_handle+0xa8/0x280 [ 661.580662][ C0] ? kvm_wait+0x147/0x180 [ 661.580676][ C0] ? kvm_wait+0x147/0x180 [ 661.580689][ C0] ? default_do_nmi+0x69/0x160 [ 661.580706][ C0] ? exc_nmi+0xaf/0x120 [ 661.580720][ C0] ? end_repeat_nmi+0x16/0x31 [ 661.580737][ C0] ? kvm_wait+0x147/0x180 [ 661.580751][ C0] ? kvm_wait+0x147/0x180 [ 661.580764][ C0] ? kvm_wait+0x147/0x180 [ 661.580778][ C0] [ 661.580782][ C0] [ 661.580787][ C0] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 661.580803][ C0] ? kvm_arch_para_hints+0x30/0x30 [ 661.580819][ C0] __pv_queued_spin_lock_slowpath+0x41b/0xc40 [ 661.580839][ C0] ? __pv_queued_spin_unlock_slowpath+0x310/0x310 [ 661.580857][ C0] _raw_spin_lock_bh+0x139/0x1b0 [ 661.580874][ C0] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 661.580891][ C0] ? sock_hash_bucket_hash+0x36d/0x7e0 [ 661.580910][ C0] sock_hash_delete_elem+0xb1/0x2f0 [ 661.580926][ C0] ? skb_release_data+0x8a9/0xa80 [ 661.580950][ C0] bpf_prog_2c29ac5cdc6b1842+0x3a/0x884 [ 661.580963][ C0] bpf_trace_run2+0xec/0x210 [ 661.580980][ C0] ? bpf_trace_run1+0x1c0/0x1c0 [ 661.580996][ C0] ? skb_release_data+0x8a9/0xa80 [ 661.581010][ C0] ? iov_iter_init+0x190/0x190 [ 661.581026][ C0] ? skb_release_data+0x8a9/0xa80 [ 661.581041][ C0] __bpf_trace_kfree+0x6f/0x90 [ 661.581056][ C0] ? skb_release_data+0x8a9/0xa80 [ 661.581070][ C0] kfree+0x1f3/0x220 [ 661.581085][ C0] ? __check_object_size+0x2ec/0x3d0 [ 661.581104][ C0] skb_release_data+0x8a9/0xa80 [ 661.581119][ C0] ? tsk_advance_rx_queue+0x10a/0x260 [ 661.581134][ C0] kfree_skb+0xba/0x360 [ 661.581147][ C0] tsk_advance_rx_queue+0x10a/0x260 [ 661.581162][ C0] tipc_recvstream+0x807/0xf70 [ 661.581179][ C0] ? tipc_sendstream+0x70/0x70 [ 661.581193][ C0] ? security_socket_recvmsg+0x87/0xb0 [ 661.581209][ C0] ? tipc_sendstream+0x70/0x70 [ 661.581223][ C0] ____sys_recvmsg+0x286/0x530 [ 661.581239][ C0] ? __sys_recvmsg_sock+0x50/0x50 [ 661.581257][ C0] ? import_iovec+0xe5/0x120 [ 661.581273][ C0] ___sys_recvmsg+0x1ec/0x690 [ 661.581289][ C0] ? __sys_recvmsg+0x260/0x260 [ 661.581303][ C0] ? alloc_file+0x3e5/0x4e0 [ 661.581319][ C0] ? alloc_file_pseudo+0x280/0x2f0 [ 661.581337][ C0] ? __fdget+0x1bc/0x240 [ 661.581351][ C0] __x64_sys_recvmsg+0x1dc/0x2b0 [ 661.581366][ C0] ? __kasan_check_write+0x14/0x20 [ 661.581381][ C0] ? ___sys_recvmsg+0x690/0x690 [ 661.581398][ C0] ? exit_to_user_mode_prepare+0x7e/0xa0 [ 661.581415][ C0] do_syscall_64+0x3d/0xb0 [ 661.581430][ C0] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 661.581444][ C0] RIP: 0033:0x7efcb8da8ee9 [ 661.581458][ C0] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 661.581471][ C0] RSP: 002b:00007efcb7b1d0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 661.581486][ C0] RAX: ffffffffffffffda RBX: 00007efcb8edff80 RCX: 00007efcb8da8ee9 [ 661.581497][ C0] RDX: 0000000000001f00 RSI: 0000000020000500 RDI: 0000000000000003 [ 661.581507][ C0] RBP: 00007efcb8df547f R08: 0000000000000000 R09: 0000000000000000 [ 661.581517][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 661.581527][ C0] R13: 000000000000000b R14: 00007efcb8edff80 R15: 00007fff6d8eb078 [ 661.581540][ C0]