last executing test programs: 1.180853173s ago: executing program 1 (id=381): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_mount_image$f2fs(&(0x7f00000000c0), &(0x7f0000000040)='./file0\x00', 0x8, &(0x7f00000003c0)=ANY=[], 0x1, 0x5512, &(0x7f0000005a80)="$eJzs3M1rI2UYAPAn/dhv1yIevO3AIrSwCU0/Fr1V3cUP7FJWPXjSNElDdpNMadK09uTBo3jwPxEFTx79Gzx49iYeFG/CSmamuvUDhabNdvv7weSZ982bZ543LAvPTEkA59Zc8uvPpbgelyNiOiKuRWTnpeLIrOXhhYi4ERFTjx2lYv6PiQsRcSUiro+S5zlLxVuf3xreXP3prV+++e7izNUvvv5+crsGJu3FiOhu5+d73TymrTw+KOZrw3YWuyvDIuZvdB8W4zSPe83NLMNe7XBdLYvLrXx9ur3bH8WtTq0+iq32Vja/3csv2B+2DvNkH3hQ28nGjeZmFtv9NIutg7yu/YP8/7aD/iDP0yjyfZSlj8HgMObzzf1mvp/th1ms9wbFfJ43bTT3R3FYxOJyUU87jayOzeN800+2t9u93f1k2Nzpt9NeslqpvlSp3i5Xd9JGc9BcKde6jdsryXyrM1pWHjRr3bVWmrY6zUo97S4k8616vVytJvN3mpvtWi+pVivLlcXy6kJxdit5/d57SaeRzI/iq+3e7qDd6Sdb6U6Sf2IhWaosv7yQ3Kwm76xvJBv3795d33j3gzvv33tl/c3XikV/KyuZX1pcWipXF8tL1YVztP9PiqLHuH84ltKkCwA4e/T/wCScXP+/cz/i5Pv/0P+PxZnqf897/38C+4dj0f8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJxbP8x++UZ2MpePrxbzzxRTzxXjUkRMRcSjfzAdF47knC7yzP7L+tm/1PBtKbIMo2tcLI4rEbFWHL89e9LfAgAAADy9vvr4xmd5t56/zE26IE5TftNm6tqHY8pXiojZuR/HlG1q9PL8mJJl/75nYn9M2bIbWJfGlCy/5TYzrmz/y/SRcOmxUMrD1KmWAwAAnIqjncDpdiEAAACcpk8nXQCTUYrDR5mHz4Kzv7z/84Hg5SMjAAAA4AwqTboAAAAA4Hge/feSrP/3+38AAADwdMt//w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOB3du7nNnEgigPws8EL+0+LVnvfVvYGZWwJe9xjRAFpggJyIC2kAWogt5QQQYTHIRBxiOSxrUTfJzmTscyPNwgOMyMNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXbqv1ovbq9/XbXN2+3byjAYAAAC4ZFutF/U/s9T/2tz/3tz62fSLiCgj4tLcfRSfzjJHTU718vzN6fPVqxruIuqEw3tMmutLRPxprscfXX8KAAAA8HFtlqt5mq2nP7OhC6JPadGm/PY3U14REdXsIVNaecj7lSms/n6P43+mtHoBa5opLC25jXOlvUn9cz+u2k1PmiI15cWXHYvMNnYAAKBHo7Om31kIAAAAffo3dAEMo4jnrczjVuAkNc323uezHgAAAPAOFUMXAAAAAHSunv/3dP7f3vl/AAAAMIx0/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABd2lbrxWa5mrfN2e3byTMaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAJ/bnHQVCIAzCYO/6zmTuf1hp0NTUpAqEj78xGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDe/+8v/ialxJpl7bSw9jyRrp8bWqbF3bhz9YXz9GgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC42J+XFAiBIIiCOeN/J33/w0qCnkGECGh4VFGLBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgi373y/+JqXEmmTttLB2PJGtXja2rxt6DxtGD8fZvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC42Ll/3zaqOADg7+58Li0gTEAeghBIDLBQ1y0t3RADKGLgT0CKUqeYuvxoM7RVhcjChjJ3QTAihAQKW3bGDkyt1KVsHTwUiRl0v5JrG6mG0Dsn+Xykd+/r08Xv+85SpO+9ZwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACV6bs7cZIdekUcl+du3b++kvW3H+ozWxt3FrOWxVGTSe8PL9dfRP32EgEAAODwSKr6PoRwN91cyvq4l9f/aXVNVvN/92wRV/X8w3V/1Ve1f9Z+/eXei9sD9YpxsjddHU9GJx5NpfPkZjnfnnvsFZ38zufPXpL8A4k/WH9hmub3M/rm5s33unl4pIlsAYD/4njVl8Hq71eKYDwZDVvLCoDDpFMrvKv6P+m1mxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAE6br4ekqjkIIi52dOHP7/vWV3fqtjTuLVTtz48ZG+Co7m+Z/0ymj1fFkdKLxGc2vy1evXVieTEaXmg9eCSG0Nfo75fQvfDTDxSG0cn8E/1MQlx/2vOSzP4IW/ykBAHAgpWXL6vq76eZSdi5aCOHv7x+s/1+vxWHG+v/ex2du1ceq1//DxmY4/wZrFz8fXL567c3xxeXzo/OjT986OXx7eOrs6dNnB/mzkoEnJgAAAOxNt2z1+j9eeHT9/1gtDjPW/198O/yyPlai/t/VzqJf25kAAAAcbs+/+tef0S7no243XFleW7s0LI7br08WxxZS/deOlK1e/ycLbWcFAAAANGG6Hj2w/n+uFocZ1/+f+eGln+rvmYQQjpbr/8dXPpuca246c+3x3wfe+m2vXydue44AAAC062jZ6uv/ab7/P97e8hCHEN54rYjLnwGcqf5P3v/6x/pY9f3/p5qb4lyK+8X9yPt+CJ1+2xkBAABwkD1VtqzY/yPdXPrk52Mfdu3/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGjaPwEAAP//m6w/ug==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143041, 0x0) pwritev2(r0, &(0x7f0000000080)=[{&(0x7f0000000740)="8297066c1a2d3079ad7aaceb76d8e8a951a6dba2f5f3244ca6de9ebf8694527c91e5e74490700a445c2cd14da67b16d6d9e5100842f3a449f659b7100283df78d0c3521adeda8e6e67d8f28bf8cdfe2f4787f25ebe1530d021c459f3138f9c31494ab57373028041ba233e9b77051e4e0e75281ba5d7ea2c922a126bf3d0a2089f6db5830c5ae7f8ff0d468cc9768ff5f5f3dbeebcc2960766f00149e93f6c4a479ee3290fd416ffdc2a3217ee14dc6d92bd9d2a3595a5525938ccd67b038de8cd20ed0af77ae7906cb4de048cf24effcdbe63d9be8e3cfa54967ca281562c5769abe19d3918749c3239c08dc4076ffa1a390e63652ceb5b2872ca40cbd8e77c94ecd4ca769cca83a1103240b61376e4cc663fd812a66af7da28b44f65b6023fe5a927efb11f32b1c23779b0b5a568d91a4d5c209db167376be7b83bd5025c7da4815ad08005aaa4a8a4c101b52494f346f16e07e2821bcf1bfcda7a5dad78b8cb5436494dbae68f885df120701f1d892a752e0707c4cb01b6b5375815866dd2a60940daeb8f124c289c2719156af5de600605ce8536f56e94c04a1accd000d1293244fa7c4df1d3436b1b23758f561cb741b3da355fa26cf80d9e8fc199bd37801a447cb8d9fc841f49ee2ba11ba3346282eb3d784864bae5840a95cdec94b5fb45c701f55f1971dd16dda6936d012c19552aa960b2593d5a8eb5c011100aef216c2746b852de39c7bbb07a2709be6240b97b530a1fa2e49f3374d1be968ef8fb001d98ae9662f27aef886568c07379b87b51c933f6015f17102fb2cdff909300f8c0aef4ad5ed9079445ef7756c57179cec4d9bca117e645df23fb5ee9f9178b4d5d893512fbc849c7e751534657ca5ea7f72c3c71078c6e271d78b5c39caf6f12b9bf781208272d8702ded32b5c46b7b71182ce8fd908a5e0ad2a9cf4e3c6a2b321e3a913a55d47864c42e8cbff47581b900210ad1d13979c5f2eb311c1a0666db426ddb5a15c8f37a91694e0e7ccada936ea53a3068faf31b5e1fb432442a11705f898604163c82b11d40c5de28aa9d63383c38b677f61df5fc6e600b749cafc7e3a7e77b236688da5a4d5ee7d9cacbe975ddc5ea4377194922c7eb4f18b832ec472cef2b00e987d3800c30d965cb75fd9dc26ea91b689f7910abb9517dc249a198ae2a7933498d79df3b93cfaaacd0f5c26dbe009874bd2d511c75fd3595d4e983a768724b8f6781fda0ed5cdc57dcb256f309f0ad6f0fe174d0755863c738696a84c6f23c9c4e7d8d21d1e9db6fdcb325770df4a730ee6c2d7e030a801c811879188783482ac67e2624e31e829b711bb0366c4e3c1592101a9f06183cb9b8f65ddbdf73ca67088bdcf4dd19aec159574bbeaa8b65711c78fbe9c01b28ed6ed83217a66ef2f2bd74bca4cf1218448a7e68b2f8eced5231246dea40c2e0bbc", 0x401}], 0x1, 0x7bc8, 0x0, 0x8) 824.944618ms ago: executing program 1 (id=393): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x21, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, &(0x7f0000000100)="66ba2000b052b9820000c0b800000000ba000000800f30660f38813bb83e69bef10f23d00e312735000000010f23f8b99b0b0000b842166fe5ae2000e4000f308fe978d6b857648e2ade87014876aa0f210ab9bd0200000f32660f6e4c8fee362636ec", 0x63}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 707.42857ms ago: executing program 2 (id=397): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000200850000008200000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='block_plug\x00', r1}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 695.57621ms ago: executing program 0 (id=398): unshare(0x26020400) r0 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f0000001100)='pids.current\x00', 0x5000000, 0x0) readv(r2, &(0x7f0000000000)=[{&(0x7f0000000100)=""/4080, 0xff0}], 0x1) 683.61207ms ago: executing program 4 (id=399): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2500000000040000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000040000008500000006000000850000005000000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r1}, 0x10) bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000140)=@base={0x6, 0x4, 0x1ff, 0x5c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xfffffffe}, 0x48) 674.14027ms ago: executing program 0 (id=400): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x2041, 0x0) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x4, 0x0, 0x14, "0062ba7d820000a75e0000000000fcff00"}) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000000)=0x44) 642.993571ms ago: executing program 4 (id=401): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x16, 0x0, 0x4, 0x1}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x18) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0) truncate(&(0x7f0000000040)='./file0\x00', 0x0) 613.816961ms ago: executing program 4 (id=403): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000900)=@base={0x16, 0x0, 0x4, 0x1}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r1}, 0x10) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000180)=ANY=[@ANYBLOB="70000000100003"], 0x70}}, 0x0) 547.305422ms ago: executing program 4 (id=405): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000001811000000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="09000000070000000080000001"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r0, 0xffffffffffffffff}, &(0x7f0000000180), &(0x7f0000000280)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000d0039000000000000b4a518110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r2}, 0xc) 522.936913ms ago: executing program 4 (id=406): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000006c0)={[{@dioread_nolock}, {@noauto_da_alloc}, {@inlinecrypt}, {@i_version}, {@data_err_ignore}, {@barrier_val={'barrier', 0x3d, 0x9}}, {@data_err_ignore}, {@grpquota}, {@noblock_validity}, {@user_xattr}, {@resuid}, {@quota}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x0) write$P9_RREADLINK(r0, &(0x7f0000000000)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0xfffffdab) r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x441, 0x20) fallocate(r1, 0x8, 0x4000, 0x4000) setxattr$trusted_overlay_upper(&(0x7f0000000000)='./file1\x00', &(0x7f00000001c0), &(0x7f0000000200)=ANY=[], 0x841, 0x0) 456.636474ms ago: executing program 3 (id=407): mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x200000b, 0x204031, 0xffffffffffffffff, 0xffffd000) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) wait4(r0, 0x0, 0x40000000, 0x0) ptrace$poke(0x4, r0, &(0x7f0000000040), 0x6) 456.035403ms ago: executing program 2 (id=417): ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x4048aec9, &(0x7f0000000080)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x2}, {}, {0x200000, 0xa, 0x20}], 0x1}) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="020a040007000000b6f1ffff0000854105001a"], 0x38}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="020100090e000000030000000000000405000600000000000a0000000000000400000000000000000000002100000000000100000000000002000100010000000000010200fd000005000500000000000a"], 0x70}}, 0x0) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) 423.103854ms ago: executing program 2 (id=408): bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x10) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = dup2(r1, r1) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r2, 0x0, 0x60, &(0x7f0000000680)={'filter\x00', 0x4, [{}, {0x0, 0x100000000000000}]}, 0x68) 373.143215ms ago: executing program 0 (id=409): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x801, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000800)={0x0, {0xfffffff9, 0x0, 0x8, 0x3, 0x3, 0xbb}}) write$uinput_user_dev(r0, &(0x7f0000000240)={'syz0\x00', {0x9, 0x1, 0x2, 0x3}, 0x2, [0x5, 0x5, 0x81, 0x8, 0x4, 0x1000, 0x50000, 0x1, 0x10001, 0xffffa103, 0x3, 0x6, 0x6, 0x6, 0x7, 0x3, 0x6, 0x0, 0x40, 0x5, 0x1cac, 0x3eb, 0xb8f, 0x3, 0x400, 0x40, 0x6, 0x0, 0xfffffffa, 0xdc, 0xffffffff, 0xa1bc, 0x200, 0x7, 0x6, 0x5, 0x3, 0x1, 0x0, 0x0, 0x2, 0x400, 0x7a08, 0x200, 0x3, 0x6, 0x7ff, 0x7f, 0x1c, 0x7, 0xe, 0x9, 0x5, 0xa, 0x3, 0x2, 0xf7, 0xfff, 0x71, 0x5, 0x1ac0, 0x4f, 0x6, 0x8], [0x5, 0x3ff, 0x6, 0xea, 0x3, 0x0, 0xca, 0x1c5936c5, 0x9, 0xfffffff8, 0x4, 0x1, 0x7, 0x6, 0xa, 0x4, 0x2, 0x4, 0x5, 0x2, 0x0, 0x6, 0x9, 0x1, 0x9, 0x6, 0x5e5893ee, 0xfffffff7, 0x9, 0x10000, 0x3, 0x8001, 0x2e6d, 0x7ff, 0x1, 0x1000, 0x877, 0x9, 0x8, 0x8, 0x80000000, 0xfff, 0x5, 0x7, 0x8, 0x5, 0x75da, 0x2, 0x5, 0xe8, 0x3, 0x9, 0x5, 0x7, 0xb99c, 0x2, 0x1, 0x4, 0x4, 0x1, 0x1, 0x9, 0x2, 0xc406], [0x80000001, 0x2, 0x9, 0x9, 0x0, 0xb9, 0x897, 0x5, 0x3, 0x4, 0x2, 0x5, 0x3, 0x9, 0x9, 0x7, 0x9, 0x61, 0x9, 0x5, 0x9, 0x8, 0x2, 0x6, 0x8001, 0x4, 0xc, 0x80000000, 0x7fffffff, 0x1, 0x1, 0x6, 0x8, 0x3, 0x2, 0x5, 0x3, 0x2, 0x1, 0x24, 0x9, 0x2000000, 0x4, 0xff, 0x7, 0x3eef6cc9, 0x1, 0x7, 0x7, 0x8bd, 0x9, 0xfffffff9, 0x80000001, 0x5, 0xffffff1d, 0x6, 0x0, 0xa, 0xfff, 0xfff, 0x1, 0x1, 0x19ee, 0xfffffff9], [0x0, 0x10, 0x101, 0x2, 0x4, 0x9c500, 0xef, 0x8, 0xc61, 0x7, 0xd, 0x358, 0xd567, 0x1d5, 0xc8b, 0x658, 0xcbfd, 0x101, 0x6, 0x5, 0xb, 0x5, 0x6, 0x3, 0x75d6, 0xb26, 0x3ff, 0x6, 0x9, 0x0, 0x1, 0xf412, 0x2, 0x2, 0x2, 0x3, 0x3, 0x9, 0x3, 0x5, 0x3, 0x3, 0xfffffff3, 0x8000, 0x6, 0x6, 0xffff, 0x80, 0xf, 0xfff, 0xfff, 0xffff, 0xfffffffe, 0x80, 0xb975, 0x5, 0x5e1, 0xa, 0xffff58ee, 0x2, 0x2530, 0x4, 0x26da282, 0xc]}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) write$uinput_user_dev(r0, &(0x7f0000000d80)={'syz0\x00', {0xb, 0x3, 0x4, 0x9}, 0x3, [0xfffff47e, 0x0, 0x0, 0x3, 0xf, 0x0, 0x7ff, 0xa, 0x5, 0x3, 0x5, 0x40, 0x1, 0x1, 0x100, 0x6, 0x0, 0x7, 0x1, 0xdef, 0x5, 0x7, 0x1ff, 0x5, 0x73c, 0x5, 0x4, 0x7f, 0x1, 0x6, 0xfffffff9, 0x8, 0x6, 0x4, 0x7, 0x7, 0x1939, 0x8, 0x7, 0x2, 0xe12c, 0x8162, 0x8, 0x3, 0x1, 0x41, 0x7, 0x10000, 0x101, 0x8, 0xc000, 0x6, 0x4, 0x4, 0x5, 0x6, 0xfff, 0x0, 0x104, 0xf8ac, 0x2, 0x3, 0x7fffdfff], [0xfffffff8, 0xff, 0x4, 0x8, 0x1e0f, 0xfffffff7, 0x5, 0x7, 0xffffffff, 0x0, 0x6, 0x100, 0x8, 0xe63, 0x1, 0xa3a5, 0x2, 0x2, 0xb9, 0x6, 0x3, 0x43d, 0x6, 0xe, 0x4, 0x3, 0x6, 0x9, 0x1, 0x11, 0x5, 0x4, 0x8, 0x30000, 0x81, 0xfffffe00, 0x0, 0x10001, 0x7ff, 0x9, 0x200008, 0xffffa467, 0x5, 0xfffffffb, 0x0, 0xff, 0x9, 0x6aac, 0x0, 0x3, 0x4, 0xfff, 0x200, 0xc1a, 0xe456, 0x100, 0x2, 0x0, 0x1c00000, 0x6, 0x3, 0xfffffff6, 0xffff1068, 0xffff9241], [0x9, 0x611, 0x6, 0xff, 0x101, 0x5, 0x0, 0x2, 0x80000001, 0x96, 0x7, 0x1, 0xfffffffa, 0x1, 0x4, 0xfb, 0x10001, 0x8, 0x8, 0x3, 0x1, 0x100001, 0x1, 0x7, 0x3, 0x40000000, 0x8, 0x3, 0x5, 0x3, 0xb89, 0xf, 0x0, 0x9, 0x3, 0xff, 0x0, 0x2, 0x1ff, 0x4501, 0x9, 0x0, 0x9, 0x7, 0x966, 0x6, 0x10000, 0xf, 0xffffffff, 0x9, 0xe2, 0x1, 0x8, 0x1, 0x8, 0x3ff, 0x5, 0xfffeffff, 0x3, 0x0, 0x80, 0x6, 0x7, 0x9], [0x5, 0x7f, 0x7, 0x0, 0x2, 0x6, 0x45c, 0x5, 0xab73, 0x5, 0x7, 0x0, 0x5, 0xed5a, 0x9, 0x4, 0x9, 0x8, 0x8, 0x3, 0xeb, 0x6, 0x5, 0xff, 0xffffffff, 0x7fff, 0x4, 0xcb7, 0xa3, 0xffff, 0x8, 0x80000000, 0x3, 0x1ff, 0xfffff26e, 0xf81e, 0x6, 0x9, 0x3, 0x8, 0x5, 0xe5, 0x2, 0x4, 0x4, 0x3, 0x0, 0xfffffff9, 0x7, 0x1ff, 0x204000, 0x5, 0x80, 0x9, 0x7, 0x5078, 0xd, 0x8001, 0x8000, 0x3000000, 0x200, 0x45, 0x0, 0x3]}, 0x45c) 358.195515ms ago: executing program 3 (id=410): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200001400ffd9b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$TIPC_CMD_GET_NODES(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)={0x1c, r3, 0x1, 0x0, 0x0, {{}, {0x0, 0x6}}}, 0x1c}}, 0x0) 350.866875ms ago: executing program 2 (id=411): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x1e00, 0x0, '\x00', 0x0, @fallback=0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r0}, 0x10) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000000440)={'filter\x00', 0x6001, 0x4, 0x3c8, 0x0, 0x1f8, 0x0, 0x2e0, 0x2e0, 0x2e0, 0x4, 0x0, {[{{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0x1f8}}, {{@arp={@dev, @remote, 0x0, 0x0, 0x0, 0x8, {@empty, {[0x0, 0x0, 0xff]}}, {@empty, {[0x0, 0x0, 0x0, 0xff, 0x0, 0xff]}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth1_vlan\x00', 'team_slave_0\x00', {}, {}, 0x0, 0xe2}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @mac=@broadcast, @multicast2, @private, 0xf}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@NFQUEUE2={0x28}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x418) 289.810286ms ago: executing program 3 (id=412): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000400)={{r0}, &(0x7f0000000380), &(0x7f00000003c0)='%pK \x00'}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 262.702506ms ago: executing program 1 (id=413): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000c00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10) setns(r1, 0x24020000) 232.791057ms ago: executing program 3 (id=414): syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) syz_emit_ethernet(0x4e, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) readahead(0xffffffffffffffff, 0x0, 0x101) 198.881827ms ago: executing program 0 (id=415): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0}, &(0x7f0000000380), &(0x7f00000003c0)=r1}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r2}, 0x18) setregid(0x0, 0x0) 191.392797ms ago: executing program 2 (id=416): socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0xb, &(0x7f0000000880)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000000000007b1af8ff00000000bf"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000}, 0x94) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000005c0)=ANY=[@ANYBLOB="fdffffffffcf3b316b9cffffffffffff7f"]) 145.998428ms ago: executing program 2 (id=418): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r0 = io_uring_setup(0x3eae, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x1a1}) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000440)=""/26, 0x1a}], 0x1) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil) syz_clone(0x44208400, 0x0, 0x0, 0x0, 0x0, 0x0) 131.683978ms ago: executing program 1 (id=419): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=@base={0x1, 0x4, 0x17fe2, 0x1}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) fcntl$setlease(0xffffffffffffffff, 0x400, 0x2) timer_getoverrun(0x0) 131.518538ms ago: executing program 3 (id=420): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000400)={r0, 0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000240)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108) 88.060159ms ago: executing program 0 (id=421): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000740)='scsi_dispatch_cmd_start\x00', r1}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 68.366459ms ago: executing program 1 (id=422): r0 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x41}, 0x10) bind$tipc(r0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x30, r2, 0x1, 0x0, 0x100000, {{}, {}, {0x14, 0x19, {0x2, 0x1, 0x0, 0x8}}}}, 0x30}, 0x1, 0x0, 0x0, 0x4008000}, 0x9004) 43.11655ms ago: executing program 3 (id=423): bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x1}, 0x50) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0) close(r0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x110e22fff7) ioctl$TUNGETVNETLE(r0, 0x40047451, &(0x7f0000000180)) 10.1198ms ago: executing program 0 (id=424): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000000)=0x9, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r0, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000440)={0x900, 0x0, &(0x7f0000000400)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020afc090700000026bd7002fedbdf2505001a00fe8000000000000000000000000000aa64010100000c"], 0x38}}, 0x40408c0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 1.528491ms ago: executing program 1 (id=425): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000001300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r0, 0x18000000000002a0, 0xe40, 0x0, &(0x7f00000002c0)="d2ff03076003008cb89e08f088a8", 0x0, 0xd5b1, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 0s ago: executing program 4 (id=426): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) request_key(&(0x7f0000000200)='asymmetric\x00', &(0x7f0000000240)={'syz', 0x2}, &(0x7f0000000400)='\x00', 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.27' (ED25519) to the list of known hosts. [ 26.690452][ T30] audit: type=1400 audit(1753768680.627:64): avc: denied { mounton } for pid=273 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 26.691359][ T273] cgroup: Unknown subsys name 'net' [ 26.713558][ T30] audit: type=1400 audit(1753768680.627:65): avc: denied { mount } for pid=273 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 26.741166][ T30] audit: type=1400 audit(1753768680.667:66): avc: denied { unmount } for pid=273 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 26.741328][ T273] cgroup: Unknown subsys name 'devices' [ 26.884219][ T273] cgroup: Unknown subsys name 'hugetlb' [ 26.889815][ T273] cgroup: Unknown subsys name 'rlimit' [ 27.054425][ T30] audit: type=1400 audit(1753768680.997:67): avc: denied { setattr } for pid=273 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 27.078077][ T30] audit: type=1400 audit(1753768680.997:68): avc: denied { mounton } for pid=273 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 27.084081][ T275] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 27.103447][ T30] audit: type=1400 audit(1753768680.997:69): avc: denied { mount } for pid=273 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 27.135905][ T30] audit: type=1400 audit(1753768681.057:70): avc: denied { relabelto } for pid=275 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 27.161732][ T30] audit: type=1400 audit(1753768681.057:71): avc: denied { write } for pid=275 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 27.190511][ T30] audit: type=1400 audit(1753768681.137:72): avc: denied { read } for pid=273 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 27.190953][ T273] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 27.216287][ T30] audit: type=1400 audit(1753768681.137:73): avc: denied { open } for pid=273 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 27.675915][ T281] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.683053][ T281] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.690454][ T281] device bridge_slave_0 entered promiscuous mode [ 27.697847][ T281] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.705011][ T281] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.712348][ T281] device bridge_slave_1 entered promiscuous mode [ 27.792011][ T282] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.799138][ T282] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.806645][ T282] device bridge_slave_0 entered promiscuous mode [ 27.813540][ T282] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.820569][ T282] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.828049][ T282] device bridge_slave_1 entered promiscuous mode [ 27.863862][ T283] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.870922][ T283] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.878478][ T283] device bridge_slave_0 entered promiscuous mode [ 27.896790][ T283] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.903881][ T283] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.911098][ T283] device bridge_slave_1 entered promiscuous mode [ 27.955983][ T284] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.963185][ T284] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.971195][ T284] device bridge_slave_0 entered promiscuous mode [ 27.985946][ T284] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.993027][ T284] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.000271][ T284] device bridge_slave_1 entered promiscuous mode [ 28.038005][ T281] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.045540][ T281] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.052931][ T281] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.060031][ T281] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.070815][ T285] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.078027][ T285] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.085374][ T285] device bridge_slave_0 entered promiscuous mode [ 28.103104][ T285] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.110584][ T285] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.118577][ T285] device bridge_slave_1 entered promiscuous mode [ 28.207998][ T283] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.215174][ T283] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.222803][ T283] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.229922][ T283] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.262956][ T282] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.270022][ T282] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.277334][ T282] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.284386][ T282] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.303519][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.310840][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.318215][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.325581][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.332849][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.340125][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.348795][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 28.356391][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 28.376501][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 28.384746][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.391761][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.399363][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 28.407634][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.414744][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.445963][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 28.453580][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 28.461527][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 28.469906][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 28.478234][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.485606][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.493533][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 28.502066][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.509664][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.537682][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 28.545860][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 28.555796][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 28.564442][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.572262][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.598267][ T281] device veth0_vlan entered promiscuous mode [ 28.605326][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 28.614005][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 28.622081][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 28.630183][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 28.638408][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 28.646655][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 28.654885][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 28.662336][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 28.670676][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.677737][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.685214][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 28.693920][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.700986][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.708517][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 28.716814][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.724010][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.731349][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 28.739883][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.746942][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.754308][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 28.762532][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.769564][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.778578][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 28.786429][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 28.815578][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 28.824165][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 28.832261][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 28.840934][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 28.849201][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 28.857567][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 28.865703][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 28.873964][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 28.881905][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 28.890172][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 28.898580][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 28.907103][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 28.916813][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 28.925222][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 28.945302][ T282] device veth0_vlan entered promiscuous mode [ 28.953396][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 28.961501][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 28.969601][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 28.978249][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 28.986684][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 28.994740][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 29.002816][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 29.011195][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 29.019748][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 29.027707][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 29.035759][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 29.043466][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 29.050851][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 29.058447][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 29.068176][ T283] device veth0_vlan entered promiscuous mode [ 29.075649][ T281] device veth1_macvtap entered promiscuous mode [ 29.090658][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 29.098610][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 29.106638][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 29.115106][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 29.124047][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 29.132646][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 29.140214][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 29.148650][ T284] device veth0_vlan entered promiscuous mode [ 29.157187][ T285] device veth0_vlan entered promiscuous mode [ 29.166398][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 29.174503][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 29.182832][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 29.190253][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 29.202270][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 29.210793][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 29.224707][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 29.233142][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 29.241853][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 29.250324][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 29.263926][ T284] device veth1_macvtap entered promiscuous mode [ 29.273545][ T282] device veth1_macvtap entered promiscuous mode [ 29.280291][ T285] device veth1_macvtap entered promiscuous mode [ 29.287255][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 29.295062][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 29.302843][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 29.311298][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 29.319815][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 29.327971][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 29.336152][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 29.343796][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 29.352110][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 29.362021][ T283] device veth1_macvtap entered promiscuous mode [ 29.380232][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 29.388198][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 29.396812][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 29.405311][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 29.413832][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 29.422138][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 29.430697][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 29.439158][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 29.447490][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 29.455725][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 29.464012][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 29.482583][ T281] request_module fs-gadgetfs succeeded, but still no fs? [ 29.494122][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 29.505171][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 29.513681][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 29.521991][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 29.530397][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 29.538962][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 29.583708][ T337] loop1: detected capacity change from 0 to 128 [ 29.636688][ T346] loop3: detected capacity change from 0 to 512 [ 29.649876][ T337] EXT4-fs (loop1): Ignoring removed nobh option [ 29.693686][ T337] EXT4-fs (loop1): mounted filesystem without journal. Opts: nobh,usrjquota=,,errors=continue. Quota mode: none. [ 29.723824][ T337] ext4 filesystem being mounted at /0/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 29.740583][ T337] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 29.757722][ T346] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 30.023157][ T367] loop3: detected capacity change from 0 to 1024 [ 30.045965][ T367] ======================================================= [ 30.045965][ T367] WARNING: The mand mount option has been deprecated and [ 30.045965][ T367] and is ignored by this kernel. Remove the mand [ 30.045965][ T367] option from the mount to silence this warning. [ 30.045965][ T367] ======================================================= [ 30.146328][ T367] EXT4-fs (loop3): Ignoring removed bh option [ 30.167039][ T367] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 30.231642][ T367] EXT4-fs (loop3): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000001,dioread_lock,nouid32,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,sysvgroups,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback. [ 30.318057][ T390] SELinux: security policydb version 18 (MLS) not backwards compatible [ 30.334763][ T390] SELinux: failed to load policy [ 30.492131][ T404] syz.0.26[404] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 30.492226][ T404] syz.0.26[404] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 30.796196][ T444] loop4: detected capacity change from 0 to 2048 [ 30.885048][ T444] EXT4-fs (loop4): Mount option "noacl" will be removed by 3.5 [ 30.885048][ T444] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 30.885048][ T444] [ 30.909182][ T421] loop2: detected capacity change from 0 to 40427 [ 30.934487][ T444] EXT4-fs (loop4): mounted filesystem without journal. Opts: noacl,,errors=continue. Quota mode: none. [ 30.948395][ T421] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 30.956294][ T421] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 30.966269][ T421] F2FS-fs (loop2): invalid crc value [ 30.973932][ T421] F2FS-fs (loop2): Found nat_bits in checkpoint [ 31.027666][ T421] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 31.036184][ T421] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 31.096171][ T421] attempt to access beyond end of device [ 31.096171][ T421] loop2: rw=2049, want=45104, limit=40427 [ 31.113496][ T469] loop1: detected capacity change from 0 to 1024 [ 31.126080][ T421] syz.2.34 (421) used greatest stack depth: 22592 bytes left [ 31.136998][ T469] EXT4-fs (loop1): Ignoring removed bh option [ 31.143337][ T469] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 31.169120][ T469] EXT4-fs (loop1): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000001,dioread_lock,nouid32,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,sysvgroups,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback. [ 31.201306][ T469] netlink: 12 bytes leftover after parsing attributes in process `syz.1.52'. [ 31.572468][ T20] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 31.592446][ T26] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 31.772742][ T498] loop0: detected capacity change from 0 to 40427 [ 31.818264][ T498] F2FS-fs (loop0): Found nat_bits in checkpoint [ 31.842172][ T498] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 31.860131][ T30] kauditd_printk_skb: 120 callbacks suppressed [ 31.860147][ T30] audit: type=1400 audit(1753768685.797:194): avc: denied { create } for pid=497 comm="syz.0.63" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 31.860899][ T8] attempt to access beyond end of device [ 31.860899][ T8] loop0: rw=2049, want=45104, limit=40427 [ 31.866479][ T30] audit: type=1400 audit(1753768685.797:195): avc: denied { remount } for pid=497 comm="syz.0.63" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 31.962519][ T26] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 31.974521][ T26] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 31.992578][ T20] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 32.003862][ T20] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 32.015231][ T20] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64 [ 32.026706][ T20] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 512, setting to 64 [ 32.062498][ T26] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 32.071778][ T26] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67 [ 32.079914][ T26] usb 3-1: SerialNumber: syz [ 32.192509][ T20] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 32.201609][ T20] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 32.209719][ T20] usb 4-1: Product: syz [ 32.214021][ T20] usb 4-1: Manufacturer: syz [ 32.218598][ T20] usb 4-1: SerialNumber: syz [ 32.242517][ T488] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 32.262984][ T20] cdc_mbim 4-1:1.0: skipping garbage [ 32.312464][ T58] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 32.353040][ T26] usb 3-1: 0:2 : does not exist [ 32.382468][ T336] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 32.393974][ T26] usb 3-1: USB disconnect, device number 2 [ 32.464147][ T488] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 32.471141][ T488] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 32.603364][ T340] udevd[340]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 32.622550][ T336] usb 2-1: Using ep0 maxpacket: 32 [ 32.682819][ T58] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 32.694091][ T58] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 32.703922][ T58] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 32.716840][ T58] usb 1-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 32.726104][ T58] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 32.734540][ T58] usb 1-1: config 0 descriptor?? [ 32.742491][ T336] usb 2-1: config 0 has an invalid interface number: 184 but max is 0 [ 32.750673][ T336] usb 2-1: config 0 has no interface number 0 [ 32.756805][ T336] usb 2-1: config 0 interface 184 has no altsetting 0 [ 32.922502][ T336] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 32.931691][ T336] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 32.940151][ T336] usb 2-1: Product: syz [ 32.944407][ T336] usb 2-1: Manufacturer: syz [ 32.948990][ T336] usb 2-1: SerialNumber: syz [ 32.954153][ T336] usb 2-1: config 0 descriptor?? [ 32.992834][ T336] smsc75xx v1.0.0 [ 33.132971][ T488] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 33.140111][ T488] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 33.172480][ T20] cdc_mbim 4-1:1.0: setting tx_max = 60 [ 33.180697][ T20] cdc_mbim 4-1:1.0: cdc-wdm0: USB WDM device [ 33.187989][ T20] cdc_mbim 4-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.3-1, CDC MBIM, 3e:02:b2:39:27:f5 [ 33.203812][ T58] acrux 0003:1A34:0802.0001: unknown main item tag 0x0 [ 33.211061][ T58] acrux 0003:1A34:0802.0001: unknown main item tag 0x0 [ 33.218108][ T58] acrux 0003:1A34:0802.0001: unknown main item tag 0x0 [ 33.225230][ T58] acrux 0003:1A34:0802.0001: unknown main item tag 0x0 [ 33.232345][ T58] acrux 0003:1A34:0802.0001: unknown main item tag 0x0 [ 33.239822][ T58] acrux 0003:1A34:0802.0001: hidraw0: USB HID v0.00 Device [HID 1a34:0802] on usb-dummy_hcd.0-1/input0 [ 33.251077][ T58] acrux 0003:1A34:0802.0001: no inputs found [ 33.257347][ T58] acrux 0003:1A34:0802.0001: Failed to enable force feedback support, error: -19 [ 33.276743][ T30] audit: type=1400 audit(1753768687.217:196): avc: denied { read } for pid=140 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 33.298151][ T30] audit: type=1400 audit(1753768687.217:197): avc: denied { read } for pid=140 comm="dhcpcd" name="n15" dev="tmpfs" ino=956 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 33.320223][ T30] audit: type=1400 audit(1753768687.217:198): avc: denied { open } for pid=140 comm="dhcpcd" path="/run/udev/data/n15" dev="tmpfs" ino=956 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 33.345430][ T30] audit: type=1400 audit(1753768687.217:199): avc: denied { getattr } for pid=140 comm="dhcpcd" path="/run/udev/data/n15" dev="tmpfs" ino=956 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 33.368919][ T30] audit: type=1400 audit(1753768687.297:200): avc: denied { create } for pid=526 comm="dhcpcd-run-hook" name="resolv.conf.wwan0.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 33.383007][ T140] 8021q: adding VLAN 0 to HW filter on device wwan0 [ 33.401967][ T30] audit: type=1400 audit(1753768687.297:201): avc: denied { write } for pid=526 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf.wwan0.link" dev="tmpfs" ino=959 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 33.419409][ T307] usb 1-1: USB disconnect, device number 2 [ 33.431885][ T30] audit: type=1400 audit(1753768687.297:202): avc: denied { append } for pid=526 comm="dhcpcd-run-hook" name="resolv.conf.wwan0.link" dev="tmpfs" ino=959 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 33.446408][ T333] usb 4-1: USB disconnect, device number 2 [ 33.461826][ T30] audit: type=1400 audit(1753768687.317:203): avc: denied { unlink } for pid=537 comm="rm" name="resolv.conf.wwan0.link" dev="tmpfs" ino=959 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 33.468837][ T333] cdc_mbim 4-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.3-1, CDC MBIM [ 33.537766][ T540] fido_id[540]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 33.888363][ T573] loop2: detected capacity change from 0 to 1024 [ 33.927197][ T573] EXT4-fs (loop2): Ignoring removed orlov option [ 33.935977][ T573] EXT4-fs (loop2): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 34.231970][ T8] Bluetooth: hci1: Frame reassembly failed (-84) [ 34.322489][ T336] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000044: -71 [ 34.334056][ T336] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_DATA [ 34.363068][ T336] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 34.375771][ T336] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 34.386606][ T336] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset [ 34.397713][ T336] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 34.408043][ T336] smsc75xx: probe of 2-1:0.184 failed with error -71 [ 34.417624][ T336] usb 2-1: USB disconnect, device number 2 [ 34.849339][ T576] syz.2.75 (576) used greatest stack depth: 22528 bytes left [ 34.892762][ T584] syz.3.79 (584) used greatest stack depth: 21536 bytes left [ 34.913964][ T600] loop2: detected capacity change from 0 to 1024 [ 34.934196][ T600] EXT4-fs (loop2): Ignoring removed oldalloc option [ 34.941161][ T600] EXT4-fs (loop2): Ignoring removed bh option [ 34.947810][ T600] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 34.963643][ T600] EXT4-fs (loop2): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,usrquota,data_err=ignore,abort,oldalloc,grpquota,noload,nobarrier,bh,dioread_nolock,,errors=continue. Quota mode: writeback. [ 34.997226][ T600] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3876: comm syz.2.87: Allocating blocks 497-513 which overlap fs metadata [ 35.011991][ T600] EXT4-fs (loop2): pa ffff888111d632a0: logic 128, phys. 385, len 8 [ 35.021242][ T600] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4893: group 0, free 0, pa_free 1 [ 35.038638][ T600] EXT4-fs error (device loop2): mb_free_blocks:1865: group 0, inode 15: block 369:freeing already freed block (bit 23); block bitmap corrupt. [ 35.102601][ T39] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 35.342459][ T39] usb 2-1: Using ep0 maxpacket: 16 [ 35.412466][ T307] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 35.472485][ T39] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 35.480579][ T39] usb 2-1: config 0 has no interface number 0 [ 35.487009][ T39] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 35.497948][ T39] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 35.507793][ T39] usb 2-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 35.517295][ T39] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 35.526052][ T39] usb 2-1: config 0 descriptor?? [ 35.782751][ T307] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 35.796327][ T307] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 35.806586][ T307] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 35.820226][ T307] usb 3-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 35.829730][ T307] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 35.847143][ T307] usb 3-1: config 0 descriptor?? [ 35.890961][ T628] netlink: 4 bytes leftover after parsing attributes in process `syz.3.98'. [ 36.003558][ T630] syz.3.99 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 36.202483][ T39] uclogic 0003:28BD:0071.0002: pen parameters not found [ 36.206591][ T645] input: syz1 as /devices/virtual/input/input4 [ 36.210472][ T39] uclogic 0003:28BD:0071.0002: interface is invalid, ignoring [ 36.251726][ T647] loop3: detected capacity change from 0 to 512 [ 36.282576][ T39] Bluetooth: hci1: command 0x1003 tx timeout [ 36.288738][ T478] Bluetooth: hci1: sending frame failed (-49) [ 36.296681][ T647] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 36.310056][ T647] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 36.320966][ T647] EXT4-fs (loop3): 1 truncate cleaned up [ 36.326726][ T647] EXT4-fs (loop3): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000006,quota,init_itable,,errors=continue. Quota mode: writeback. [ 36.357295][ T307] acrux 0003:1A34:0802.0003: unknown main item tag 0x0 [ 36.365494][ T307] acrux 0003:1A34:0802.0003: unknown main item tag 0x0 [ 36.373297][ T307] acrux 0003:1A34:0802.0003: unknown main item tag 0x0 [ 36.380247][ T307] acrux 0003:1A34:0802.0003: unknown main item tag 0x0 [ 36.387412][ T307] acrux 0003:1A34:0802.0003: unknown main item tag 0x0 [ 36.399693][ T307] acrux 0003:1A34:0802.0003: hidraw0: USB HID v0.00 Device [HID 1a34:0802] on usb-dummy_hcd.2-1/input0 [ 36.421163][ T307] acrux 0003:1A34:0802.0003: no inputs found [ 36.431259][ T307] acrux 0003:1A34:0802.0003: Failed to enable force feedback support, error: -19 [ 36.446019][ T6] usb 2-1: USB disconnect, device number 3 [ 36.517079][ T657] loop3: detected capacity change from 0 to 1024 [ 36.540296][ T657] EXT4-fs (loop3): Ignoring removed oldalloc option [ 36.547392][ T657] EXT4-fs (loop3): Ignoring removed bh option [ 36.553878][ T657] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 36.572532][ T39] usb 3-1: USB disconnect, device number 3 [ 36.574922][ T657] EXT4-fs (loop3): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,usrquota,data_err=ignore,abort,oldalloc,grpquota,noload,nobarrier,bh,dioread_nolock,,errors=continue. Quota mode: writeback. [ 36.616300][ T657] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3876: comm syz.3.110: Allocating blocks 497-513 which overlap fs metadata [ 36.630389][ T657] EXT4-fs (loop3): pa ffff888111d63540: logic 128, phys. 385, len 8 [ 36.638492][ T657] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:4893: group 0, free 0, pa_free 1 [ 36.655465][ T657] EXT4-fs error (device loop3): mb_free_blocks:1865: group 0, inode 15: block 369:freeing already freed block (bit 23); block bitmap corrupt. [ 37.002490][ T6] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 37.024849][ T675] loop1: detected capacity change from 0 to 1024 [ 37.056199][ T675] EXT4-fs (loop1): Ignoring removed orlov option [ 37.064434][ T675] EXT4-fs (loop1): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 37.085794][ T30] kauditd_printk_skb: 86 callbacks suppressed [ 37.085810][ T30] audit: type=1400 audit(1753768691.027:290): avc: denied { read open } for pid=674 comm="syz.1.117" path="/16/bus/bus" dev="loop1" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 37.115731][ T30] audit: type=1400 audit(1753768691.027:291): avc: denied { write } for pid=674 comm="syz.1.117" name="bus" dev="loop1" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 37.289577][ T30] audit: type=1400 audit(1753768691.227:292): avc: denied { create } for pid=678 comm="syz.2.118" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 37.331572][ T30] audit: type=1400 audit(1753768691.247:293): avc: denied { connect } for pid=678 comm="syz.2.118" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 37.356314][ T30] audit: type=1400 audit(1753768691.257:294): avc: denied { write } for pid=678 comm="syz.2.118" laddr=fe80::14 lport=2 faddr=fe80::3d fport=20004 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 37.392485][ T6] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 37.402912][ T6] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 37.482517][ T6] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 37.491811][ T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67 [ 37.500229][ T6] usb 4-1: SerialNumber: syz [ 37.782952][ T6] usb 4-1: 0:2 : does not exist [ 37.822428][ T20] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 37.836756][ T6] usb 4-1: USB disconnect, device number 3 [ 38.051399][ T689] loop1: detected capacity change from 0 to 256 [ 38.062457][ T20] usb 3-1: Using ep0 maxpacket: 16 [ 38.143378][ T30] audit: type=1400 audit(1753768692.087:295): avc: denied { mount } for pid=688 comm="syz.1.123" name="/" dev="loop1" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 38.170213][ T30] audit: type=1326 audit(1753768692.117:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=688 comm="syz.1.123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f997e7d69a9 code=0x7ffc0000 [ 38.193953][ T20] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 192, changing to 11 [ 38.205696][ T30] audit: type=1326 audit(1753768692.117:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=688 comm="syz.1.123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f997e7d69a9 code=0x7ffc0000 [ 38.230553][ T20] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 38.240890][ T20] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 12336, setting to 1024 [ 38.241670][ T30] audit: type=1326 audit(1753768692.117:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=688 comm="syz.1.123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=82 compat=0 ip=0x7f997e7d69a9 code=0x7ffc0000 [ 38.252896][ T20] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024 [ 38.252923][ T20] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 18 [ 38.301540][ T30] audit: type=1326 audit(1753768692.117:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=688 comm="syz.1.123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f997e7d69a9 code=0x7ffc0000 [ 38.332538][ T20] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 38.355512][ T20] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 38.368128][ T20] usb 3-1: SerialNumber: syz [ 38.376082][ T307] Bluetooth: hci1: command 0x1001 tx timeout [ 38.382428][ T478] Bluetooth: hci1: sending frame failed (-49) [ 38.402494][ T681] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 38.409574][ T681] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 38.487890][ T699] loop3: detected capacity change from 0 to 40427 [ 38.542955][ T699] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 38.559099][ T699] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 38.575086][ T699] F2FS-fs (loop3): invalid crc value [ 38.584581][ T699] F2FS-fs (loop3): Found nat_bits in checkpoint [ 38.622324][ T699] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 38.629769][ T699] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 38.644696][ T681] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 38.659018][ T681] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 38.681948][ T699] attempt to access beyond end of device [ 38.681948][ T699] loop3: rw=2049, want=45104, limit=40427 [ 38.705660][ T717] kvm [716]: vcpu2, guest rIP: 0x9136 disabled perfctr wrmsr: 0xc1 data 0x7f7f [ 38.714921][ T717] kvm [716]: vcpu2, guest rIP: 0x9136 disabled perfctr wrmsr: 0xc2 data 0x7f7f [ 38.727851][ T717] kvm [716]: vcpu2, guest rIP: 0x9136 ignored wrmsr: 0x11e data 0xbe707f7f [ 38.739850][ T717] kvm [716]: vcpu2, guest rIP: 0x9136 disabled perfctr wrmsr: 0x186 data 0x7f7f [ 38.749785][ T717] kvm [716]: vcpu2, guest rIP: 0x9136 disabled perfctr wrmsr: 0x187 data 0x7f7f [ 38.782589][ T20] cdc_ether: probe of 3-1:1.0 failed with error -22 [ 38.783195][ T717] kvm [716]: vcpu2, guest rIP: 0x9136 vmx_set_msr: BTF|LBR in IA32_DEBUGCTLMSR 0x7f7f, nop [ 38.790467][ T20] usb 3-1: USB disconnect, device number 4 [ 39.101133][ T748] loop1: detected capacity change from 0 to 1024 [ 39.108705][ T748] EXT4-fs (loop1): Quota format mount options ignored when QUOTA feature is enabled [ 39.119081][ T748] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 39.127725][ T748] EXT4-fs (loop1): orphan cleanup on readonly fs [ 39.134974][ T748] EXT4-fs error (device loop1): ext4_free_blocks:6223: comm syz.1.147: Freeing blocks not in datazone - block = 0, count = 4096 [ 39.149364][ T748] EXT4-fs (loop1): Remounting filesystem read-only [ 39.156587][ T748] EXT4-fs (loop1): 1 orphan inode deleted [ 39.162577][ T748] EXT4-fs (loop1): mounted filesystem without journal. Opts: errors=remount-ro,barrier=0x0000000000000004,barrier=0x0000000000000009,noinit_itable,jqfmt=vfsv0,. Quota mode: writeback. [ 39.189689][ T748] EXT4-fs error (device loop1): ext4_lookup:1858: inode #15: comm syz.1.147: iget: bad i_size value: 1970324836974602 [ 39.205174][ T748] EXT4-fs error (device loop1): ext4_readdir:263: inode #2: block 16: comm syz.1.147: path /36/file1: bad entry in directory: inode out of bounds - offset=44, inode=40, rec_len=16, size=1024 fake=0 [ 39.226025][ T748] EXT4-fs error (device loop1): ext4_readdir:263: inode #2: block 17: comm syz.1.147: path /36/file1: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 39.248186][ T748] EXT4-fs error (device loop1): ext4_readdir:263: inode #2: block 18: comm syz.1.147: path /36/file1: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 39.269477][ T748] EXT4-fs error (device loop1): ext4_readdir:263: inode #2: block 19: comm syz.1.147: path /36/file1: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 39.290953][ T748] EXT4-fs error (device loop1): ext4_readdir:263: inode #2: block 20: comm syz.1.147: path /36/file1: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 39.313397][ T748] EXT4-fs error (device loop1): ext4_readdir:263: inode #2: block 21: comm syz.1.147: path /36/file1: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 39.334256][ T748] EXT4-fs error (device loop1): ext4_readdir:263: inode #2: block 22: comm syz.1.147: path /36/file1: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 39.355056][ T748] EXT4-fs error (device loop1): ext4_readdir:263: inode #2: block 23: comm syz.1.147: path /36/file1: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 39.413869][ T759] netlink: 24 bytes leftover after parsing attributes in process `syz.2.152'. [ 39.447630][ T763] netlink: 44 bytes leftover after parsing attributes in process `syz.1.150'. [ 39.527097][ T773] loop1: detected capacity change from 0 to 512 [ 39.538600][ T773] EXT4-fs (loop1): Ignoring removed nobh option [ 39.554698][ T773] EXT4-fs (loop1): mounted filesystem without journal. Opts: usrquota,bsddf,nobh,grpjquota=,dioread_nolock,,errors=continue. Quota mode: writeback. [ 40.058167][ T803] loop1: detected capacity change from 0 to 4096 [ 40.112873][ T803] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 40.452480][ T6] Bluetooth: hci1: command 0x1009 tx timeout [ 40.607024][ T828] loop1: detected capacity change from 0 to 40427 [ 40.689084][ T828] F2FS-fs (loop1): invalid crc value [ 40.722836][ T828] F2FS-fs (loop1): Found nat_bits in checkpoint [ 40.811516][ T828] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 40.886890][ T281] attempt to access beyond end of device [ 40.886890][ T281] loop1: rw=2049, want=45104, limit=40427 [ 40.900591][ T858] sch_tbf: burst 3298 is lower than device lo mtu (65550) ! [ 40.914260][ T860] loop2: detected capacity change from 0 to 512 [ 40.965637][ T860] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 40.981217][ T860] ext4 filesystem being mounted at /52/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 41.010347][ T868] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 41.019077][ T868] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 41.113086][ T879] loop2: detected capacity change from 0 to 512 [ 41.114996][ T881] netlink: 128 bytes leftover after parsing attributes in process `syz.3.202'. [ 41.145444][ T879] EXT4-fs (loop2): mounted filesystem without journal. Opts: lazytime,mb_optimize_scan=0x0000000000000000,stripe=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 41.153690][ T885] loop3: detected capacity change from 0 to 2048 [ 41.166719][ T879] ext4 filesystem being mounted at /54/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 41.207946][ T885] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsv0,errors=remount-ro,. Quota mode: none. [ 41.227957][ T885] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 41.244961][ T885] EXT4-fs (loop3): Remounting filesystem read-only [ 41.352400][ T39] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 41.392873][ T889] loop2: detected capacity change from 0 to 40427 [ 41.512681][ T889] F2FS-fs (loop2): invalid crc value [ 41.530392][ T889] F2FS-fs (loop2): Found nat_bits in checkpoint [ 41.579621][ T889] F2FS-fs (loop2): Start checkpoint disabled! [ 41.602453][ T39] usb 2-1: Using ep0 maxpacket: 16 [ 41.612650][ T889] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 41.670687][ T920] loop3: detected capacity change from 0 to 1024 [ 42.323690][ T39] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 42.324374][ T45] attempt to access beyond end of device [ 42.324374][ T45] loop2: rw=2049, want=45104, limit=40427 [ 42.334155][ T39] usb 2-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 42.354575][ T39] usb 2-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0 [ 42.365439][ T39] usb 2-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0 [ 42.375580][ T39] usb 2-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0 [ 42.386268][ T920] EXT4-fs (loop3): Ignoring removed orlov option [ 42.392761][ T39] usb 2-1: config 1 interface 0 has no altsetting 0 [ 42.400661][ T39] usb 2-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 42.411057][ T39] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 42.426180][ T920] EXT4-fs (loop3): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 42.469994][ T30] kauditd_printk_skb: 298 callbacks suppressed [ 42.470010][ T30] audit: type=1400 audit(1753768696.407:598): avc: denied { ioctl } for pid=925 comm="syz.4.220" path="socket:[18095]" dev="sockfs" ino=18095 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 42.502189][ T39] ums-sddr09 2-1:1.0: USB Mass Storage device detected [ 42.512022][ T926] device wireguard0 entered promiscuous mode [ 42.584933][ T926] syz.4.220 (926) used greatest stack depth: 21472 bytes left [ 42.615509][ T45] Bluetooth: hci0: Frame reassembly failed (-84) [ 42.729048][ T39] scsi host1: usb-storage 2-1:1.0 [ 42.820196][ T30] audit: type=1326 audit(1753768696.757:599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=954 comm="syz.3.223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f721317b9a9 code=0x7ffc0000 [ 42.846839][ T30] audit: type=1326 audit(1753768696.757:600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=954 comm="syz.3.223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f721317b9a9 code=0x7ffc0000 [ 42.873093][ T30] audit: type=1326 audit(1753768696.757:601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=954 comm="syz.3.223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f721317b9a9 code=0x7ffc0000 [ 42.897610][ T30] audit: type=1326 audit(1753768696.757:602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=954 comm="syz.3.223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f721317b9a9 code=0x7ffc0000 [ 42.921401][ T30] audit: type=1326 audit(1753768696.757:603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=954 comm="syz.3.223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f721317b9a9 code=0x7ffc0000 [ 42.951631][ T30] audit: type=1326 audit(1753768696.757:604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=954 comm="syz.3.223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f721317b9a9 code=0x7ffc0000 [ 42.970233][ T39] usb 2-1: USB disconnect, device number 4 [ 42.982140][ T30] audit: type=1326 audit(1753768696.757:605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=954 comm="syz.3.223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f721317b9a9 code=0x7ffc0000 [ 43.005901][ T30] audit: type=1326 audit(1753768696.757:606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=954 comm="syz.3.223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f721317b9a9 code=0x7ffc0000 [ 43.029414][ T30] audit: type=1326 audit(1753768696.757:607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=954 comm="syz.3.223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f721317b9a9 code=0x7ffc0000 [ 43.273078][ T968] loop2: detected capacity change from 0 to 40427 [ 43.286099][ T968] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 43.294366][ T968] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 43.305459][ T968] F2FS-fs (loop2): Found nat_bits in checkpoint [ 43.328819][ T968] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 43.336147][ T968] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 44.682712][ T6] Bluetooth: hci0: command 0x1003 tx timeout [ 44.689704][ T479] Bluetooth: hci0: sending frame failed (-49) [ 44.703779][ T985] loop0: detected capacity change from 0 to 1024 [ 44.722055][ T985] EXT4-fs (loop0): Ignoring removed orlov option [ 44.770165][ T1001] loop3: detected capacity change from 0 to 512 [ 44.781487][ T985] EXT4-fs (loop0): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 44.863901][ T1005] SELinux: failed to load policy [ 44.867678][ T1001] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 44.891150][ T1001] ext4 filesystem being mounted at /89/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 44.921911][ T1015] tipc: Enabling not permitted [ 44.955575][ T1015] tipc: Enabling of bearer rejected, failed to enable media [ 45.053283][ T1024] x_tables: duplicate underflow at hook 4 [ 45.295859][ T1050] loop2: detected capacity change from 0 to 512 [ 45.380015][ T1050] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 45.400591][ T1050] EXT4-fs (loop2): 1 truncate cleaned up [ 45.410420][ T1050] EXT4-fs (loop2): mounted filesystem without journal. Opts: nolazytime,lazytime,journal_path=./bus,bsdgroups,lazytime,noload,,errors=continue. Quota mode: none. [ 45.509411][ T1047] loop3: detected capacity change from 0 to 40427 [ 45.540437][ T1047] F2FS-fs (loop3): Wrong SSA boundary, start(3584) end(4096) blocks(0) [ 45.549022][ T1047] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 45.557559][ T1047] F2FS-fs (loop3): fault_type options not supported [ 45.574285][ T1047] F2FS-fs (loop3): invalid crc value [ 45.597731][ T1047] F2FS-fs (loop3): Found nat_bits in checkpoint [ 45.658666][ T1047] F2FS-fs (loop3): Start checkpoint disabled! [ 45.686094][ T1047] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 45.694549][ T1047] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 45.756061][ T8] attempt to access beyond end of device [ 45.756061][ T8] loop3: rw=2049, want=40984, limit=40427 [ 45.920844][ T1085] loop3: detected capacity change from 0 to 512 [ 45.997422][ T1085] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 46.017669][ T1085] ext4 filesystem being mounted at /95/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 46.113508][ T336] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 46.122025][ T336] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 46.148022][ T336] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 46.163437][ T336] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 46.179679][ T336] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 46.195185][ T336] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 46.205725][ T336] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 46.213583][ T336] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 46.221143][ T336] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 46.229175][ T336] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 46.237128][ T336] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 46.245039][ T336] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 46.252757][ T336] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 46.260436][ T336] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 46.268226][ T336] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 46.276008][ T336] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 46.283679][ T336] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 46.291260][ T336] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 46.298959][ T336] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 46.306642][ T336] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 46.314820][ T336] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 46.322794][ T336] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 46.330379][ T336] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 46.338200][ T336] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 46.346227][ T336] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 46.353939][ T336] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 46.362256][ T336] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 46.370024][ T336] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 46.378155][ T336] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 46.386418][ T336] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 46.394286][ T336] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 46.401953][ T336] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 46.409807][ T336] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 46.417597][ T336] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 46.425520][ T336] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 46.433449][ T336] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 46.441067][ T336] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 46.449005][ T336] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 46.457000][ T336] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 46.464700][ T336] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 46.472697][ T336] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 46.486926][ T336] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 46.512762][ T336] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 46.536844][ T336] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz0] on syz1 [ 46.601638][ T1106] fido_id[1106]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 46.688398][ T1124] loop1: detected capacity change from 0 to 512 [ 46.762435][ T39] Bluetooth: hci0: command 0x1001 tx timeout [ 46.768889][ T479] Bluetooth: hci0: sending frame failed (-49) [ 46.796900][ T1124] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,,errors=continue. Quota mode: writeback. [ 46.834006][ T1124] ext4 filesystem being mounted at /73/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 46.868719][ T1124] EXT4-fs error (device loop1): ext4_lookup:1858: inode #12: comm syz.1.293: iget: bad i_size value: 2533274857506816 [ 46.885179][ T1124] EXT4-fs error (device loop1): ext4_lookup:1858: inode #12: comm syz.1.293: iget: bad i_size value: 2533274857506816 [ 46.930787][ T1124] EXT4-fs error (device loop1): ext4_lookup:1858: inode #12: comm syz.1.293: iget: bad i_size value: 2533274857506816 [ 46.993420][ T1153] EXT4-fs error (device loop1): ext4_lookup:1858: inode #12: comm syz.1.293: iget: bad i_size value: 2533274857506816 [ 47.001687][ T1135] loop3: detected capacity change from 0 to 40427 [ 47.019001][ T1135] F2FS-fs (loop3): Unrecognized mount option "967295 R8_r=invP65488 R10=fp0 [ 47.019001][ T1135] parent didn't have regs=100 stack=0 marks [ 47.019001][ T1135] last_idx 3 first_idx 3 [ 47.019001][ T1135] regs=100 stack=0 before 3: (18) r0 = 0xffffffff [ 47.019001][ T1135] R0=inv(id=0) R8_r=invP65488 R10=fp0 [ 47.019001][ T1135] parent didn't have regs=100 stack=0 marks [ 47.019001][ T1135] la" or missing value [ 48.842483][ T58] Bluetooth: hci0: command 0x1009 tx timeout [ 53.033089][ T1160] loop4: detected capacity change from 0 to 1024 [ 53.039610][ T30] kauditd_printk_skb: 128 callbacks suppressed [ 53.039626][ T30] audit: type=1326 audit(1753768706.977:736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1156 comm="syz.0.316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff020d3f9a9 code=0x7ffc0000 [ 53.084865][ T30] audit: type=1326 audit(1753768706.977:737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1156 comm="syz.0.316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff020d3f9a9 code=0x7ffc0000 [ 53.116528][ T1171] process 'syz.0.310' launched '/dev/fd/3' with NULL argv: empty string added [ 53.128137][ T30] audit: type=1326 audit(1753768706.977:738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1156 comm="syz.0.316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7ff020d3f9a9 code=0x7ffc0000 [ 53.164084][ T30] audit: type=1326 audit(1753768706.977:739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1156 comm="syz.0.316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff020d3f9a9 code=0x7ffc0000 [ 53.193875][ T1160] EXT4-fs (loop4): Ignoring removed orlov option [ 53.207138][ T30] audit: type=1326 audit(1753768706.977:740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1156 comm="syz.0.316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff020d3f9a9 code=0x7ffc0000 [ 53.243534][ T30] audit: type=1326 audit(1753768706.977:741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1156 comm="syz.0.316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=129 compat=0 ip=0x7ff020d3f9a9 code=0x7ffc0000 [ 53.263947][ T1160] EXT4-fs (loop4): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 53.278676][ T30] audit: type=1326 audit(1753768706.977:742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1156 comm="syz.0.316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7ff020d36967 code=0x7ffc0000 [ 53.312467][ T30] audit: type=1326 audit(1753768706.977:743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1156 comm="syz.0.316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff020cdbb89 code=0x7ffc0000 [ 53.340913][ T30] audit: type=1326 audit(1753768706.977:744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1156 comm="syz.0.316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff020d3f9a9 code=0x7ffc0000 [ 53.367357][ T30] audit: type=1326 audit(1753768706.977:745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1156 comm="syz.0.316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff020d3f9a9 code=0x7ffc0000 [ 53.532096][ T1209] loop1: detected capacity change from 0 to 512 [ 53.568462][ T1209] EXT4-fs (loop1): 1 orphan inode deleted [ 53.574839][ T1209] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 53.588216][ T1209] ext4 filesystem being mounted at /79/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 53.772439][ T6] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 54.022490][ T6] usb 1-1: Using ep0 maxpacket: 16 [ 54.030486][ T1234] loop2: detected capacity change from 0 to 512 [ 54.052922][ T1234] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 54.100008][ T1234] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2825: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 54.141565][ T1234] EXT4-fs (loop2): 1 truncate cleaned up [ 54.148547][ T1234] EXT4-fs (loop2): mounted filesystem without journal. Opts: init_itable=0x0000000000000000,jqfmt=vfsold,debug_want_extra_isize=0x000000000000006a,jqfmt=vfsold,minixdf,quota,,errors=continue. Quota mode: writeback. [ 54.182557][ T6] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 54.188596][ T1242] sch_fq: defrate 0 ignored. [ 54.198649][ T6] usb 1-1: config 0 interface 0 has no altsetting 0 [ 54.212002][ T6] usb 1-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 54.224104][ T6] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 54.253232][ T6] usb 1-1: config 0 descriptor?? [ 54.261431][ T1247] loop3: detected capacity change from 0 to 2048 [ 54.337975][ T1252] SELinux: failed to load policy [ 54.373811][ T1247] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 54.495780][ T1249] loop2: detected capacity change from 0 to 32768 [ 54.553732][ T1249] loop2: p1 p3 < > [ 54.602624][ T6] usbhid 1-1:0.0: can't add hid device: -71 [ 54.609638][ T1271] loop4: detected capacity change from 0 to 512 [ 54.628789][ T6] usbhid: probe of 1-1:0.0 failed with error -71 [ 54.646582][ T6] usb 1-1: USB disconnect, device number 3 [ 54.669466][ T1271] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 54.691380][ T1154] udevd[1154]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 54.693603][ T1180] udevd[1180]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 54.744432][ T1271] EXT4-fs (loop4): 1 truncate cleaned up [ 54.779032][ T1271] EXT4-fs (loop4): mounted filesystem without journal. Opts: debug_want_extra_isize=0x000000000000002e,min_batch_time=0x0000000000000fff,inode_readahead_blks=0x0000000000000040,stripe=0x0000000000004000,errors=remount-ro,minixdf,. Quota mode: none. [ 54.827634][ T1271] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2228: inode #15: comm syz.4.351: corrupted in-inode xattr [ 54.914710][ T1271] EXT4-fs (loop4): Remounting filesystem read-only [ 54.929674][ T1271] EXT4-fs warning (device loop4): ext4_xattr_set_entry:1760: inode #15: comm syz.4.351: unable to update i_inline_off [ 54.946514][ T1271] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2228: inode #15: comm syz.4.351: corrupted in-inode xattr [ 54.964220][ T1271] EXT4-fs (loop4): Remounting filesystem read-only [ 55.112489][ T1314] input: syz0 as /devices/virtual/input/input5 [ 55.118739][ T1316] loop1: detected capacity change from 0 to 256 [ 55.168819][ T1324] loop2: detected capacity change from 0 to 512 [ 55.202338][ T1328] binder: 1325:1328 ioctl c018620c 200000000180 returned -22 [ 55.222007][ T1316] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 55.238385][ T1327] xt_NFQUEUE: number of total queues is 0 [ 55.241996][ T1332] loop0: detected capacity change from 0 to 16 [ 55.265714][ T1324] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 55.286078][ T1324] ext4 filesystem being mounted at /99/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 55.307780][ T1332] erofs: (device loop0): mounted with root inode @ nid 36. [ 55.342024][ T1332] erofs: (device loop0): erofs_fill_dentries: bogus dirent @ nid 36 [ 55.366760][ T1339] SELinux: failed to load policy [ 55.539506][ T1345] loop1: detected capacity change from 0 to 40427 [ 55.604442][ T1345] F2FS-fs (loop1): invalid crc value [ 55.640782][ T1345] F2FS-fs (loop1): Found nat_bits in checkpoint [ 55.686065][ T1345] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 55.767027][ T281] attempt to access beyond end of device [ 55.767027][ T281] loop1: rw=2049, want=45104, limit=40427 [ 55.984530][ T1391] netlink: 80 bytes leftover after parsing attributes in process `syz.4.403'. [ 56.068789][ T1397] loop4: detected capacity change from 0 to 1024 [ 56.166106][ T1397] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 56.230073][ T1411] input: syz0 as /devices/virtual/input/input6 [ 56.239178][ T1397] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_nolock,noauto_da_alloc,inlinecrypt,i_version,data_err=ignore,barrier=0x0000000000000009,data_err=ignore,grpquota,noblock_validity,user_xattr,resuid=0x0000000000000000,quota,,errors=continue. Quota mode: writeback. [ 56.290755][ T1416] xt_NFQUEUE: number of total queues is 0 [ 56.353426][ T1397] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3876: comm syz.4.406: Allocating blocks 497-513 which overlap fs metadata [ 56.378074][ T1397] EXT4-fs (loop4): pa ffff888111d63540: logic 128, phys. 385, len 8 [ 56.388886][ T1397] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:4893: group 0, free 0, pa_free 1 [ 56.581339][ T10] ================================================================== [ 56.591901][ T10] BUG: KASAN: slab-out-of-bounds in ext4_find_extent+0xbeb/0xe20 [ 56.600663][ T10] Read of size 4 at addr ffff88811d27f018 by task kworker/u4:1/10 [ 56.612086][ T10] [ 56.615789][ T10] CPU: 0 PID: 10 Comm: kworker/u4:1 Not tainted 5.15.189-syzkaller-00079-ga71626bd56a5 #0 [ 56.633006][ T10] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 56.651918][ T10] Workqueue: writeback wb_workfn (flush-7:4) [ 56.661290][ T10] Call Trace: [ 56.668236][ T10] [ 56.671978][ T10] __dump_stack+0x21/0x30 [ 56.677735][ T10] dump_stack_lvl+0xee/0x150 [ 56.685126][ T10] ? show_regs_print_info+0x20/0x20 [ 56.692208][ T10] ? load_image+0x3a0/0x3a0 [ 56.698676][ T10] print_address_description+0x7f/0x2c0 [ 56.707107][ T10] ? ext4_find_extent+0xbeb/0xe20 [ 56.718869][ T10] kasan_report+0xf1/0x140 [ 56.725176][ T10] ? __read_extent_tree_block+0x1e8/0x790 [ 56.733764][ T10] ? ext4_find_extent+0xbeb/0xe20 [ 56.740802][ T10] __asan_report_load4_noabort+0x14/0x20 [ 56.748487][ T10] ext4_find_extent+0xbeb/0xe20 [ 56.754446][ T10] ext4_ext_map_blocks+0x1de/0x6280 [ 56.762937][ T10] ? __stack_depot_save+0x34/0x480 [ 56.770754][ T10] ? __mem_cgroup_uncharge_list+0x39/0xc0 [ 56.778529][ T10] ? __kasan_slab_alloc+0xcf/0xf0 [ 56.785207][ T10] ? __kasan_slab_alloc+0xbd/0xf0 [ 56.792693][ T10] ? slab_post_alloc_hook+0x4f/0x2b0 [ 56.801432][ T10] ? kmem_cache_alloc+0xf7/0x260 [ 56.810685][ T10] ? ext4_alloc_io_end_vec+0x2a/0x160 [ 56.818611][ T10] ? ext4_writepages+0xec8/0x2f90 [ 56.826890][ T10] ? do_writepages+0x48a/0x6c0 [ 56.833958][ T10] ? wb_workfn+0x38f/0xe20 [ 56.840172][ T10] ? process_one_work+0x6be/0xba0 [ 56.846743][ T10] ? worker_thread+0xa59/0x1200 [ 56.853754][ T10] ? ext4_ext_release+0x10/0x10 [ 56.861896][ T10] ? ext4_es_lookup_extent+0x32d/0x8c0 [ 56.871526][ T10] ext4_map_blocks+0x97b/0x1b20 [ 56.878293][ T10] ? slab_post_alloc_hook+0x6d/0x2b0 [ 56.886043][ T10] ? should_failslab+0x9/0x20 [ 56.892749][ T10] ? ext4_issue_zeroout+0x250/0x250 [ 56.898903][ T10] ? ext4_inode_journal_mode+0x19a/0x480 [ 56.905432][ T10] ext4_writepages+0x11e7/0x2f90 [ 56.911121][ T10] ? __kasan_check_read+0x11/0x20 [ 56.917172][ T10] ? mark_page_accessed+0x3b6/0x8d0 [ 56.923929][ T10] ? __activate_page+0xd40/0xd40 [ 56.930491][ T10] ? ext4_readpage+0x220/0x220 [ 56.938503][ T10] ? stack_trace_save+0x98/0xe0 [ 56.944880][ T10] ? __stack_depot_save+0x34/0x480 [ 56.950593][ T10] ? memcpy+0x56/0x70 [ 56.955540][ T10] ? copy_page_from_iter_atomic+0x784/0x1350 [ 56.962880][ T10] ? __update_load_avg_cfs_rq+0xaf/0x2f0 [ 56.969830][ T10] ? ext4_readpage+0x220/0x220 [ 56.976645][ T10] do_writepages+0x48a/0x6c0 [ 56.985873][ T10] ? update_load_avg+0x410/0x1110 [ 56.993407][ T10] ? update_curr+0x2f3/0x5b0 [ 57.005134][ T10] ? __writepage+0x130/0x130 [ 57.012154][ T10] ? __update_load_avg_cfs_rq+0xaf/0x2f0 [ 57.020783][ T10] ? __kasan_check_write+0x14/0x20 [ 57.028261][ T10] ? _raw_spin_lock+0x8e/0xe0 [ 57.035040][ T10] __writeback_single_inode+0xd5/0x9c0 [ 57.043895][ T10] ? wbc_attach_and_unlock_inode+0x194/0x5f0 [ 57.054172][ T10] writeback_sb_inodes+0x9c0/0x1590 [ 57.062075][ T10] ? update_load_avg+0x410/0x1110 [ 57.068022][ T10] ? queue_io+0x4c0/0x4c0 [ 57.073985][ T10] ? __kasan_check_read+0x11/0x20 [ 57.080582][ T10] ? queue_io+0x382/0x4c0 [ 57.087095][ T10] wb_writeback+0x3f1/0x980 [ 57.092758][ T10] ? inode_cgwb_move_to_attached+0x3e0/0x3e0 [ 57.100626][ T10] ? set_worker_desc+0x155/0x1c0 [ 57.105948][ T10] ? __kasan_check_write+0x14/0x20 [ 57.112496][ T10] wb_workfn+0x38f/0xe20 [ 57.117650][ T10] ? inode_wait_for_writeback+0x200/0x200 [ 57.123518][ T10] ? compat_start_thread+0x20/0x20 [ 57.129179][ T10] ? _raw_spin_unlock+0x4d/0x70 [ 57.134395][ T10] ? finish_task_switch+0x16b/0x780 [ 57.140707][ T10] ? __switch_to_asm+0x3a/0x60 [ 57.147743][ T10] ? __schedule+0xb76/0x14c0 [ 57.153311][ T10] process_one_work+0x6be/0xba0 [ 57.160851][ T10] worker_thread+0xa59/0x1200 [ 57.167759][ T10] kthread+0x411/0x500 [ 57.174660][ T10] ? worker_clr_flags+0x190/0x190 [ 57.181192][ T10] ? kthread_blkcg+0xd0/0xd0 [ 57.186239][ T10] ret_from_fork+0x1f/0x30 [ 57.191556][ T10] [ 57.195363][ T10] [ 57.197805][ T10] Allocated by task 101: [ 57.203725][ T10] __kasan_kmalloc+0xda/0x110 [ 57.210156][ T10] __kmalloc+0x13d/0x2c0 [ 57.215526][ T10] kvmalloc_node+0x242/0x330 [ 57.221431][ T10] seq_read_iter+0x1fc/0xd30 [ 57.227573][ T10] kernfs_fop_read_iter+0x147/0x470 [ 57.233889][ T10] vfs_read+0x68b/0xbe0 [ 57.238436][ T10] ksys_read+0x140/0x240 [ 57.242697][ T10] __x64_sys_read+0x7b/0x90 [ 57.247927][ T10] x64_sys_call+0x96d/0x9a0 [ 57.252756][ T10] do_syscall_64+0x4c/0xa0 [ 57.257917][ T10] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 57.265024][ T10] [ 57.267630][ T10] Freed by task 101: [ 57.271724][ T10] kasan_set_track+0x4a/0x70 [ 57.276904][ T10] kasan_set_free_info+0x23/0x40 [ 57.283860][ T10] ____kasan_slab_free+0x125/0x160 [ 57.288999][ T10] __kasan_slab_free+0x11/0x20 [ 57.294028][ T10] slab_free_freelist_hook+0xc2/0x190 [ 57.299768][ T10] kfree+0xc4/0x270 [ 57.303769][ T10] kvfree+0x35/0x40 [ 57.308814][ T10] seq_release+0x57/0x70 [ 57.313360][ T10] kernfs_fop_release+0x1af/0x250 [ 57.318661][ T10] __fput+0x20b/0x8b0 [ 57.322773][ T10] ____fput+0x15/0x20 [ 57.326992][ T10] task_work_run+0x127/0x190 [ 57.331798][ T10] exit_to_user_mode_loop+0xd0/0xe0 [ 57.337278][ T10] exit_to_user_mode_prepare+0x5a/0xa0 [ 57.343125][ T10] syscall_exit_to_user_mode+0x1a/0x30 [ 57.349252][ T10] do_syscall_64+0x58/0xa0 [ 57.354332][ T10] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 57.360624][ T10] [ 57.363221][ T10] The buggy address belongs to the object at ffff88811d27e000 [ 57.363221][ T10] which belongs to the cache kmalloc-4k of size 4096 [ 57.383633][ T10] The buggy address is located 24 bytes to the right of [ 57.383633][ T10] 4096-byte region [ffff88811d27e000, ffff88811d27f000) [ 57.403505][ T10] The buggy address belongs to the page: [ 57.410402][ T10] page:ffffea0004749e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11d278 [ 57.421531][ T10] head:ffffea0004749e00 order:3 compound_mapcount:0 compound_pincount:0 [ 57.430544][ T10] flags: 0x4000000000010200(slab|head|zone=1) [ 57.437277][ T10] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100043380 [ 57.447016][ T10] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 57.458233][ T10] page dumped because: kasan: bad access detected [ 57.466628][ T10] page_owner tracks the page as allocated [ 57.475613][ T10] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 101, ts 54249988283, free_ts 53846187885 [ 57.502973][ T10] post_alloc_hook+0x192/0x1b0 [ 57.511192][ T10] prep_new_page+0x1c/0x110 [ 57.516423][ T10] get_page_from_freelist+0x2cc5/0x2d50 [ 57.523322][ T10] __alloc_pages+0x18f/0x440 [ 57.530031][ T10] new_slab+0xa1/0x4d0 [ 57.535507][ T10] ___slab_alloc+0x381/0x810 [ 57.541431][ T10] __slab_alloc+0x49/0x90 [ 57.547442][ T10] __kmalloc+0x16a/0x2c0 [ 57.554244][ T10] kvmalloc_node+0x242/0x330 [ 57.561898][ T10] seq_read_iter+0x1fc/0xd30 [ 57.568008][ T10] kernfs_fop_read_iter+0x147/0x470 [ 57.573950][ T10] vfs_read+0x68b/0xbe0 [ 57.580780][ T10] ksys_read+0x140/0x240 [ 57.586664][ T10] __x64_sys_read+0x7b/0x90 [ 57.592833][ T10] x64_sys_call+0x96d/0x9a0 [ 57.599565][ T10] do_syscall_64+0x4c/0xa0 [ 57.604577][ T10] page last free stack trace: [ 57.611363][ T10] free_unref_page_prepare+0x542/0x550 [ 57.620362][ T10] free_unref_page+0xa2/0x550 [ 57.626707][ T10] __free_pages+0x6c/0x100 [ 57.633134][ T10] __free_slab+0xe8/0x1e0 [ 57.638858][ T10] __unfreeze_partials+0x160/0x190 [ 57.646367][ T10] put_cpu_partial+0xc6/0x120 [ 57.651862][ T10] __slab_free+0x1d4/0x290 [ 57.657384][ T10] ___cache_free+0x104/0x120 [ 57.664960][ T10] qlink_free+0x4d/0x90 [ 57.671693][ T10] qlist_free_all+0x5f/0xb0 [ 57.678990][ T10] kasan_quarantine_reduce+0x14a/0x170 [ 57.686305][ T10] __kasan_slab_alloc+0x2f/0xf0 [ 57.692262][ T10] slab_post_alloc_hook+0x4f/0x2b0 [ 57.701402][ T10] __kmalloc+0x120/0x2c0 [ 57.706896][ T10] iter_file_splice_write+0x17c/0xc30 [ 57.712812][ T10] direct_splice_actor+0xe9/0x120 [ 57.719091][ T10] [ 57.721965][ T10] Memory state around the buggy address: [ 57.728044][ T10] ffff88811d27ef00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 57.736486][ T10] ffff88811d27ef80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 57.746088][ T10] >ffff88811d27f000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.754784][ T10] ^ [ 57.760091][ T10] ffff88811d27f080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.769987][ T10] ffff88811d27f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 57.778923][ T10] ================================================================== [ 57.791321][ T10] Disabling lock debugging due to kernel taint [ 57.812870][ T10] ------------[ cut here ]------------ [ 57.820607][ T10] kernel BUG at fs/ext4/inode.c:2433! [ 57.856560][ T10] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 57.864187][ T10] CPU: 0 PID: 10 Comm: kworker/u4:1 Tainted: G B 5.15.189-syzkaller-00079-ga71626bd56a5 #0 [ 57.878751][ T10] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 57.891492][ T10] Workqueue: writeback wb_workfn (flush-7:4) [ 57.899032][ T10] RIP: 0010:ext4_writepages+0x2eed/0x2f90 [ 57.905759][ T10] Code: 00 74 08 48 89 df e8 22 01 ce ff 48 8b 3b 48 8b 74 24 28 48 8b 54 24 30 44 89 e9 45 89 f0 e8 6a 9b 07 00 eb 51 e8 a3 88 8f ff <0f> 0b e8 9c 88 8f ff eb 2f e8 95 88 8f ff eb 5f e8 8e 88 8f ff 31 [ 57.929694][ T10] RSP: 0018:ffffc900000a7100 EFLAGS: 00010293 [ 57.936247][ T10] RAX: ffffffff81d9272d RBX: ffff888128df6a88 RCX: ffff8881002713c0 [ 57.946679][ T10] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 57.957529][ T10] RBP: ffffc900000a7470 R08: dffffc0000000000 R09: ffffed10251bed4a [ 57.966552][ T10] R10: ffffed10251bed4a R11: 1ffff110251bed49 R12: dffffc0000000000 [ 57.980637][ T10] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 57.990795][ T10] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 58.003924][ T10] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 58.013138][ T10] CR2: 00007f7213370178 CR3: 00000001266c3000 CR4: 00000000003506b0 [ 58.023153][ T10] DR0: 000000000000b2d1 DR1: 0010000000000000 DR2: 0001000000000004 [ 58.034173][ T10] DR3: 0000000000000002 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 58.045020][ T10] Call Trace: [ 58.048844][ T10] [ 58.051786][ T10] ? __kasan_check_read+0x11/0x20 [ 58.058785][ T10] ? mark_page_accessed+0x3b6/0x8d0 [ 58.064391][ T10] ? __activate_page+0xd40/0xd40 [ 58.072314][ T10] ? ext4_readpage+0x220/0x220 [ 58.078640][ T10] ? stack_trace_save+0x98/0xe0 [ 58.085879][ T10] ? __stack_depot_save+0x34/0x480 [ 58.092280][ T10] ? memcpy+0x56/0x70 [ 58.098070][ T10] ? copy_page_from_iter_atomic+0x784/0x1350 [ 58.105462][ T10] ? __update_load_avg_cfs_rq+0xaf/0x2f0 [ 58.112978][ T10] ? ext4_readpage+0x220/0x220 [ 58.118557][ T10] do_writepages+0x48a/0x6c0 [ 58.123540][ T10] ? update_load_avg+0x410/0x1110 [ 58.129720][ T10] ? update_curr+0x2f3/0x5b0 [ 58.135545][ T10] ? __writepage+0x130/0x130 [ 58.142022][ T10] ? __update_load_avg_cfs_rq+0xaf/0x2f0 [ 58.148518][ T10] ? __kasan_check_write+0x14/0x20 [ 58.154768][ T10] ? _raw_spin_lock+0x8e/0xe0 [ 58.161529][ T10] __writeback_single_inode+0xd5/0x9c0 [ 58.168211][ T10] ? wbc_attach_and_unlock_inode+0x194/0x5f0 [ 58.176176][ T10] writeback_sb_inodes+0x9c0/0x1590 [ 58.185960][ T10] ? update_load_avg+0x410/0x1110 [ 58.193102][ T10] ? queue_io+0x4c0/0x4c0 [ 58.198985][ T10] ? __kasan_check_read+0x11/0x20 [ 58.207175][ T10] ? queue_io+0x382/0x4c0 [ 58.212532][ T10] wb_writeback+0x3f1/0x980 [ 58.219015][ T10] ? inode_cgwb_move_to_attached+0x3e0/0x3e0 [ 58.226006][ T10] ? set_worker_desc+0x155/0x1c0 [ 58.234262][ T10] ? __kasan_check_write+0x14/0x20 [ 58.241369][ T10] wb_workfn+0x38f/0xe20 [ 58.247308][ T10] ? inode_wait_for_writeback+0x200/0x200 [ 58.256569][ T10] ? compat_start_thread+0x20/0x20 [ 58.265333][ T10] ? _raw_spin_unlock+0x4d/0x70 [ 58.271917][ T10] ? finish_task_switch+0x16b/0x780 [ 58.277902][ T10] ? __switch_to_asm+0x3a/0x60 [ 58.283322][ T10] ? __schedule+0xb76/0x14c0 [ 58.288657][ T10] process_one_work+0x6be/0xba0 [ 58.293974][ T10] worker_thread+0xa59/0x1200 [ 58.299120][ T10] kthread+0x411/0x500 [ 58.303923][ T10] ? worker_clr_flags+0x190/0x190 [ 58.309155][ T10] ? kthread_blkcg+0xd0/0xd0 [ 58.313849][ T10] ret_from_fork+0x1f/0x30 [ 58.318995][ T10] [ 58.322285][ T10] Modules linked in: [ 58.337092][ T10] ---[ end trace fe5a6cbe439990f0 ]--- [ 58.345475][ T10] RIP: 0010:ext4_writepages+0x2eed/0x2f90 [ 58.356109][ T10] Code: 00 74 08 48 89 df e8 22 01 ce ff 48 8b 3b 48 8b 74 24 28 48 8b 54 24 30 44 89 e9 45 89 f0 e8 6a 9b 07 00 eb 51 e8 a3 88 8f ff <0f> 0b e8 9c 88 8f ff eb 2f e8 95 88 8f ff eb 5f e8 8e 88 8f ff 31 [ 58.385927][ T10] RSP: 0018:ffffc900000a7100 EFLAGS: 00010293 [ 58.393893][ T10] RAX: ffffffff81d9272d RBX: ffff888128df6a88 RCX: ffff8881002713c0 [ 58.402088][ T10] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 58.410663][ T10] RBP: ffffc900000a7470 R08: dffffc0000000000 R09: ffffed10251bed4a [ 58.419483][ T10] R10: ffffed10251bed4a R11: 1ffff110251bed49 R12: dffffc0000000000 [ 58.427910][ T10] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 58.436752][ T10] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 58.446983][ T10] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 58.456365][ T10] CR2: 00007f5aa0de8ab8 CR3: 00000001188d8000 CR4: 00000000003506a0 [ 58.467892][ T10] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 58.479137][ T10] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 58.489544][ T10] Kernel panic - not syncing: Fatal exception [ 58.499148][ T10] Kernel Offset: disabled [ 58.505135][ T10] Rebooting in 86400 seconds..