last executing test programs: 4.979978631s ago: executing program 1: syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000480)={[{@nodiscard}, {}, {@acl}, {@alloc_mode_reuse}, {@inline_xattr}, {@disable_roll_forward}, {@background_gc_on}, {@nobarrier}, {@noflush_merge}, {@user_xattr}, {@fsync_mode_strict}, {@adaptive_mode}, {@jqfmt_vfsold}, {@noinline_dentry}]}, 0x1, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S") bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x2d) write$9p(r0, &(0x7f0000001400), 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000c00)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000710000001811", @ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r7}, 0x10) syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @random="50a245d5cde0", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x32, 0x0, @empty, @broadcast}, @timestamp_reply={0x11}}}}}, 0x0) sendfile(r0, r1, 0x0, 0xe065) readv(0xffffffffffffffff, &(0x7f00000001c0)=[{0x0}, {0x0}, {&(0x7f0000000580)=""/137, 0x89}], 0x3) open(&(0x7f0000000240)='./file0\x00', 0x340, 0x0) 4.705140614s ago: executing program 3: syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @broadcast}, @timestamp_reply={0x11, 0xe0, 0x0, 0x0, 0x0, 0x10002}}}}}, 0x0) 4.316462844s ago: executing program 3: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000080)={0x2, 0x1, 0x0, 0x3, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote}}, @sadb_address={0x3, 0x5}, @sadb_spirange={0x2, 0x10, 0x2}]}, 0x50}, 0x1, 0x7}, 0x0) 3.95248496s ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x4, 0xc}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = getpid() r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x1b, 0x800000000004, @tid=r2}, &(0x7f00000002c0)=0x0) clock_gettime(0x0, &(0x7f0000000340)={0x0, 0x0}) timer_settime(r4, 0x0, &(0x7f0000000280)={{r5, r6+60000000}, {0x77359400}}, 0x0) readv(r3, &(0x7f0000001380)=[{&(0x7f0000000080)=""/47, 0x2f}], 0x1) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@ipv6_delroute={0x2c, 0x19, 0x1, 0x0, 0x0, {}, [@RTA_OIF={0x8, 0x1e}, @RTA_OIF={0x8}]}, 0x2c}}, 0x0) clock_gettime(0x0, &(0x7f0000000400)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r7}, 0x10) process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x2, 0x0, &(0x7f0000000140)={0x0, 0x0}) write(r9, &(0x7f0000000000)="fa", 0xfffffdef) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='mm_page_alloc\x00', r1}, 0x10) 3.216194214s ago: executing program 1: openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r0}, 0x10) rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8) socket$packet(0x11, 0x0, 0x300) unshare(0x6040400) r1 = socket$unix(0x1, 0x2, 0x0) bind$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = socket$unix(0x1, 0x2, 0x0) connect$unix(r2, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) ppoll(&(0x7f0000000040)=[{}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f00000001c0), 0x1, 0x76a, &(0x7f0000000fc0)="$eJzs3d9rW1UcAPDvTdt17aatIOh8KghaGEvtrJuCDxMfRHAw0Ge3kGZlNm1Gk461FNwQwRdBxQdBX/bsj/nmqz9e9b/wQTamdsOJD1K5adJla9KlW5MI+XzgNOfce9Nzvjn3nnuSe0kC6FsT6Z9MxKGI+CiJGKstTyJiqJobjDixud3t9bV8mpLY2Hjzj6S6za31tXw0PCd1oFZ4MiJ+fD/icGZ7veWV1flcsVhYqpWnKgvnp8orq0fOLeTmCnOFxWPTMzNHj79w/NjexfrXL6sHr3/82rPfnPjnvSeufvhTEifiYG1dYxx7ZSImaq/JUPoS3uXVva6sx5JeN4AHkh6aA5tHeRyKsRio5loY6WbLAIBOeTciNgCAPpM4/wNAn6l/DnBrfS1fT739RKK7brwSEfs3469f39xcM1i7Zre/eh109FZy15WRJCLG96D+iYj44ru3v0pTdOg6JEAzly5HxJnxie3jf7LtnoXdeq6NbSbuKRv/oHu+T+c/Lzab/2W25j/RZP4z3OTYfRD3P/4z1/agmpbS+d/LDfe23W6Iv2Z8oFZ6pDrnG0rOnisW0rHt0YiYjKHhtDy9Qx2TN/+92Wpd4/zvz0/e+TKtP328s0Xm2uDw3c+ZzVVyDxNzoxuXI54abBZ/stX/SYv576k263j9pQ8+b7UujT+Nt562x99ZG1cinmna/3fuaEt2vD9xqro7TNV3iia+/fWz0Vb1N/Z/mtL66+8FuiHt/9Gd4x9PGu/XLO++jp+vjP3Qat3942++/+9L3qrm99WWXcxVKkvTEfuSN7YvP3rnufVyffs0/smnmx//O+3/6XvCM23GP3j9968fPP7OSuOf3VX/7z5z9fb8QKv62+v/mWpusraknfGv3QY+zGsHAAAAAAAAAAAAAAAAAAAAAAAAAO3KRMTBSDLZrXwmk81u/ob34zGaKZbKlcNnS8uLs1H9rezxGMrUv+pyrOH7UKdr34dfLx+9p/x8RDwWEZ8Oj1TL2XypONvr4AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg5kCL3/9P/Tbc69YBAB2zv9cNAAC6zvkfAPrP7s7/Ix1rBwDQPd7/A0D/cf4HgP7j/A8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECHnTp5Mk0bf6+v5dPy7IWV5fnShSOzhfJ8dmE5n82Xls5n50qluWIhmy8ttPxHlzYfiqXS+ZlYXL44VSmUK1PlldXTC6Xlxcrpcwu5ucLpwlDXIgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA9pVXVudzxWJhSUZGRmYr0zhKjPRugAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4n/svAAD//9EyKso=") r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000020240), 0x10010) ioctl$FS_IOC_GETFSMAP(r4, 0x40305839, &(0x7f0000000000)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000002"]) r5 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x3, 0x4, &(0x7f00000024c0)=ANY=[@ANYBLOB="850000002f000000350000000000000085000000070000009500000000000000f4670880271e3503200ffa95a2c8c037c5a142dfa8ba6287066c5197fabd5f7010e81ae0b737126ea6f7dc39cd340101000000000000e22ff5dde54704d25c79949c23e2eb15d756a2350ea7c09cc28de19ca30009a20994f44800000000b0d3712c7e93363af3c075ff1e23166304d95433b3b30514b1ccbaa2bb755af3d576090c4867a7b6393e366c6386d5ec7209d031f40f3003006b6e51a7f550afc852003bad0742c62f7846c744ae6af3c04143cca8d95c2c505d5e37102124d85cec074c6949e1d76d067a97000247fe5f17fdab800f4104dbaba46aac3abe6c4d7f47ef6d7eb6baaa4a9779f8555eaea75d24f2c221c110ef050000000ee282ab76f578e0a7946ebc4e29277c04b8c5064812696a62d992a4f8dc8dcba00b1b2d2547c45b0c52087b5efaa98496b9a95166bd008ea02a7b56c0ebfb19a3426833280be1f844ce328c10752a42dca52fb98c0152b651ebf942f7147f7b2744419a2f238f173d0cd46dafc6e955a073ea53b4ff3000f53e5309ec91d83cf4fbd775d9c07d59101949f8982b6c403a08606d6a2fd1fdfce2b91a8665b1e629b3b20000000000000045ea38ca3d4dd562b71ff23c9443f11afd6575ad0f0e30175cf89f66380367e653af5fd72c5335000079d3a397dbbde8892bb31ffcc553924e8771cbeb001f8be25b9ef6dc614b9e2fcd41b7a41b65543ee061391b799b65afbc2bcd7e02e62150bdac993e7d231a007f33aa008a338c0749ad12000000000000000e89c1366cbfc83a77eccce87e52715e4273dfb9b5c1056e9695bebef074d28cfbc0d0fbec0d1fb028dfdde3761e593a1d33049d3c947fd932577e2bf3fad53cd50000000000e0202636e18798a2b94e79898fe08a441eb4c1de5cb17bc9c5d079348f1b8b760e9f2439ad6e2397340d91bfd96230a7659189b08556ee67e8c018ad6e22d717ec8ab61aa300049c6990c672f28964eee6598e905f5b4f26f5fbf716f5d83d342cf7d3e070186cae6af0d3731b56588d11a2b8904b49c645f816c2f65641e041449fe7f8137f6391bdd894c5f301219b8415ba3d73fdcdbbf5719454f84547516733d3149844f8179f6b8e98504aa48f09947b9d9622233355a3280dc50d42d08d81ae81027329345b059df253c8e422f2f6c45a0ff50266c34a5750cf7eb4dec04f5a9f36d73266499801e46cb23a12fc18b3da0c855fadf639"], &(0x7f0000000140)='GPL\x00', 0x0, 0xe0, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffc1a}, 0x15) r6 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$SO_TIMESTAMP(r6, 0x1, 0x23, &(0x7f0000000080)=0x7f, 0x4) getsockopt$SO_TIMESTAMP(r6, 0x1, 0x1d, 0x0, &(0x7f0000000040)) syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), r6) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r5, 0xfffff000, 0xe, 0x0, &(0x7f00000000c0)='\x00'/14, 0x0, 0x255}, 0x50) r7 = syz_open_dev$tty1(0xc, 0x4, 0x1) r8 = dup(r7) ioctl$TIOCL_SETSEL(r8, 0x541c, &(0x7f0000001900)={0x2, {0xc, 0x0, 0x0, 0x0, 0x300}}) pidfd_getfd(r8, r7, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x0) ioctl$KDSKBENT(r3, 0x4b52, &(0x7f0000000080)={0x0, 0x0, 0xfff}) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) 3.016495255s ago: executing program 2: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000007c0)='syzkaller\x00'}, 0xf2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x400c012, r1, 0x0) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)={0x0}) 2.588479621s ago: executing program 0: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000400)='track_foreign_dirty\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000400)='track_foreign_dirty\x00', r2}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_freezer_state(r3, &(0x7f0000000240)='THAWED\x00', 0x7) 2.356979566s ago: executing program 2: epoll_create1(0x0) io_uring_setup(0x0, &(0x7f0000000400)={0x0, 0x0, 0x800}) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_SCRNMAP(r0, 0x4b46, &(0x7f0000002080)) openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r2, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r4, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00090008000000", @ANYRES32=r4, @ANYBLOB="14000500fe800099"], 0x3c}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r6) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000200)=@delchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r7}}, 0x24}}, 0x0) 2.230293756s ago: executing program 0: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000400)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b00)={&(0x7f0000000040)='mm_lru_insertion\x00', r0}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f60000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000700)='mm_lru_insertion\x00', r2}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r3, &(0x7f0000000180), 0x2000) 1.692601329s ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0xc}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000004850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0xa) sendmsg$nl_route_sched(r2, &(0x7f0000006280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x6a00}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x3, r4}}]}, {0x4, 0xa}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0) 1.664241963s ago: executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000400)=@ipv6_delrule={0x24, 0x21, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0xff}, [@FIB_RULE_POLICY=@FRA_PRIORITY={0x8, 0x6, 0x4}]}, 0x24}}, 0x0) 1.658674994s ago: executing program 1: ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x32, 0x4, 0x0, 0x0, 0xc8, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x9, [0x401, 0x5, 0x0, 0x0, 0x0]}, @timestamp_prespec={0x44, 0x3c, 0xc0, 0x3, 0x0, [{@private=0xa010100}, {@multicast1}, {@remote, 0x8}, {@dev={0xac, 0x14, 0x14, 0x32}, 0x659}, {@broadcast}, {@multicast1, 0xffd200}, {@private=0xa010100, 0x7}]}, @timestamp_prespec={0x44, 0x34, 0x0, 0x3, 0x8, [{@dev}, {@remote}, {@multicast2, 0x7}, {@private=0xa010101}, {@rand_addr=0x64010101}, {@broadcast, 0x52b1}]}, @noop, @noop, @noop, @lsrr={0x83, 0xf, 0xdc, [@private=0xa010102, @rand_addr=0x64010102, @multicast1]}, @rr={0x7, 0x17, 0x0, [@dev, @remote, @multicast1, @private=0xa010102, @remote]}]}}}}}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0) r3 = dup(r1) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) 1.652541155s ago: executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000700000095"], &(0x7f000000d9c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000004c0)=@newtaction={0x48, 0x26, 0xffff, 0x0, 0x0, {}, [{0x34, 0x1, [@m_police={0x30, 0x0, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x48}}, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='mm_page_alloc\x00', r2}, 0x10) setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000040)=@req3={0x8000, 0x200, 0x80, 0x20000}, 0x1c) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001280), 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000dc0)={0x6, 0x6, &(0x7f0000000640)=@framed={{}, [@map_fd={0x18, 0x0, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x2}, @ldst={0x3, 0x0, 0x3, 0x0, 0x0, 0x2}]}, &(0x7f0000000d40)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x5}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket$tipc(0x1e, 0x2, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x1c, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r5, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) sendmsg$tipc(0xffffffffffffffff, &(0x7f00000012c0)={&(0x7f0000001340)=@name={0x1e, 0x2, 0x0, {{0x43, 0x2}}}, 0x10, 0x0}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='ext4_unlink_exit\x00', r4}, 0x10) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000040)='gre0\x00', 0x10) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) socket$nl_netfilter(0x10, 0x3, 0xc) 1.512164497s ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000740)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10) sysinfo(&(0x7f00000003c0)=""/184) 1.440434158s ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0x8, 0x42, 0x40, 0xc0, 0x1}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0x0, 0x0, 0x4}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000000080), 0x1003, r0}, 0x38) bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500), 0x0, 0x2, r0}, 0x38) 1.405996603s ago: executing program 2: bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xffd, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r0}, &(0x7f00000006c0), &(0x7f0000000700)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000580)='jbd2_handle_stats\x00', r1}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) 1.386216106s ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x3, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fsetxattr$system_posix_acl(r2, &(0x7f0000000000)='system.posix_acl_default\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="02"], 0xfe44, 0x0) 1.270316834s ago: executing program 3: mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180500001c000000000000000000000c850000006d00000095"], &(0x7f0000001800)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) mkdir(&(0x7f0000000400)='./file1/file0\x00', 0x0) setxattr$security_selinux(&(0x7f00000003c0)='./file1/file0\x00', &(0x7f00000004c0), &(0x7f0000000500)='system_u:object_r:systemd_notify_exec_t:s0\x00', 0x2b, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000005c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1/file0'}}]}) 1.16741827s ago: executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.idle_time\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x5, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000022"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000001c00)='ext4_es_insert_delayed_block\x00', r2}, 0x10) write$cgroup_subtree(r0, &(0x7f00000009c0)=ANY=[], 0xda00) 1.147173713s ago: executing program 0: r0 = socket$unix(0x1, 0x5, 0x0) bind$unix(r0, &(0x7f0000000200)=@file={0x1, './file0\x00'}, 0x6e) listen(r0, 0x0) r1 = dup(r0) fcntl$setstatus(r1, 0x4, 0x42000) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 1.110322169s ago: executing program 4: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000400)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b00)={&(0x7f0000000040)='mm_lru_insertion\x00', r0}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f60000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000700)='mm_lru_insertion\x00', r2}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r3, &(0x7f0000000180), 0x2000) 1.072272595s ago: executing program 1: epoll_create1(0x0) io_uring_setup(0x0, &(0x7f0000000400)={0x0, 0x0, 0x800}) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_SCRNMAP(r0, 0x4b46, &(0x7f0000002080)) openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x218}}, 0x0) getsockname$packet(r2, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040020000010000000", @ANYRES32=r4, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000a00000000000000000000000c00090008000000", @ANYRES32=r4, @ANYBLOB="14000500fe800099"], 0x3c}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r6) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000200)=@delchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r7}}, 0x24}}, 0x0) 883.814114ms ago: executing program 2: openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r0}, 0x10) rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8) socket$packet(0x11, 0x0, 0x300) unshare(0x6040400) r1 = socket$unix(0x1, 0x2, 0x0) bind$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = socket$unix(0x1, 0x2, 0x0) connect$unix(r2, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) ppoll(&(0x7f0000000040)=[{}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f00000001c0), 0x1, 0x76a, &(0x7f0000000fc0)="$eJzs3d9rW1UcAPDvTdt17aatIOh8KghaGEvtrJuCDxMfRHAw0Ge3kGZlNm1Gk461FNwQwRdBxQdBX/bsj/nmqz9e9b/wQTamdsOJD1K5adJla9KlW5MI+XzgNOfce9Nzvjn3nnuSe0kC6FsT6Z9MxKGI+CiJGKstTyJiqJobjDixud3t9bV8mpLY2Hjzj6S6za31tXw0PCd1oFZ4MiJ+fD/icGZ7veWV1flcsVhYqpWnKgvnp8orq0fOLeTmCnOFxWPTMzNHj79w/NjexfrXL6sHr3/82rPfnPjnvSeufvhTEifiYG1dYxx7ZSImaq/JUPoS3uXVva6sx5JeN4AHkh6aA5tHeRyKsRio5loY6WbLAIBOeTciNgCAPpM4/wNAn6l/DnBrfS1fT739RKK7brwSEfs3469f39xcM1i7Zre/eh109FZy15WRJCLG96D+iYj44ru3v0pTdOg6JEAzly5HxJnxie3jf7LtnoXdeq6NbSbuKRv/oHu+T+c/Lzab/2W25j/RZP4z3OTYfRD3P/4z1/agmpbS+d/LDfe23W6Iv2Z8oFZ6pDrnG0rOnisW0rHt0YiYjKHhtDy9Qx2TN/+92Wpd4/zvz0/e+TKtP328s0Xm2uDw3c+ZzVVyDxNzoxuXI54abBZ/stX/SYv576k263j9pQ8+b7UujT+Nt562x99ZG1cinmna/3fuaEt2vD9xqro7TNV3iia+/fWz0Vb1N/Z/mtL66+8FuiHt/9Gd4x9PGu/XLO++jp+vjP3Qat3942++/+9L3qrm99WWXcxVKkvTEfuSN7YvP3rnufVyffs0/smnmx//O+3/6XvCM23GP3j9968fPP7OSuOf3VX/7z5z9fb8QKv62+v/mWpusraknfGv3QY+zGsHAAAAAAAAAAAAAAAAAAAAAAAAAO3KRMTBSDLZrXwmk81u/ob34zGaKZbKlcNnS8uLs1H9rezxGMrUv+pyrOH7UKdr34dfLx+9p/x8RDwWEZ8Oj1TL2XypONvr4AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg5kCL3/9P/Tbc69YBAB2zv9cNAAC6zvkfAPrP7s7/Ix1rBwDQPd7/A0D/cf4HgP7j/A8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECHnTp5Mk0bf6+v5dPy7IWV5fnShSOzhfJ8dmE5n82Xls5n50qluWIhmy8ttPxHlzYfiqXS+ZlYXL44VSmUK1PlldXTC6Xlxcrpcwu5ucLpwlDXIgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA9pVXVudzxWJhSUZGRmYr0zhKjPRugAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4n/svAAD//9EyKso=") r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000020240), 0x10010) ioctl$FS_IOC_GETFSMAP(r4, 0x40305839, &(0x7f0000000000)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000002"]) r5 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x3, 0x4, &(0x7f00000024c0)=ANY=[@ANYBLOB="850000002f000000350000000000000085000000070000009500000000000000f4670880271e3503200ffa95a2c8c037c5a142dfa8ba6287066c5197fabd5f7010e81ae0b737126ea6f7dc39cd340101000000000000e22ff5dde54704d25c79949c23e2eb15d756a2350ea7c09cc28de19ca30009a20994f44800000000b0d3712c7e93363af3c075ff1e23166304d95433b3b30514b1ccbaa2bb755af3d576090c4867a7b6393e366c6386d5ec7209d031f40f3003006b6e51a7f550afc852003bad0742c62f7846c744ae6af3c04143cca8d95c2c505d5e37102124d85cec074c6949e1d76d067a97000247fe5f17fdab800f4104dbaba46aac3abe6c4d7f47ef6d7eb6baaa4a9779f8555eaea75d24f2c221c110ef050000000ee282ab76f578e0a7946ebc4e29277c04b8c5064812696a62d992a4f8dc8dcba00b1b2d2547c45b0c52087b5efaa98496b9a95166bd008ea02a7b56c0ebfb19a3426833280be1f844ce328c10752a42dca52fb98c0152b651ebf942f7147f7b2744419a2f238f173d0cd46dafc6e955a073ea53b4ff3000f53e5309ec91d83cf4fbd775d9c07d59101949f8982b6c403a08606d6a2fd1fdfce2b91a8665b1e629b3b20000000000000045ea38ca3d4dd562b71ff23c9443f11afd6575ad0f0e30175cf89f66380367e653af5fd72c5335000079d3a397dbbde8892bb31ffcc553924e8771cbeb001f8be25b9ef6dc614b9e2fcd41b7a41b65543ee061391b799b65afbc2bcd7e02e62150bdac993e7d231a007f33aa008a338c0749ad12000000000000000e89c1366cbfc83a77eccce87e52715e4273dfb9b5c1056e9695bebef074d28cfbc0d0fbec0d1fb028dfdde3761e593a1d33049d3c947fd932577e2bf3fad53cd50000000000e0202636e18798a2b94e79898fe08a441eb4c1de5cb17bc9c5d079348f1b8b760e9f2439ad6e2397340d91bfd96230a7659189b08556ee67e8c018ad6e22d717ec8ab61aa300049c6990c672f28964eee6598e905f5b4f26f5fbf716f5d83d342cf7d3e070186cae6af0d3731b56588d11a2b8904b49c645f816c2f65641e041449fe7f8137f6391bdd894c5f301219b8415ba3d73fdcdbbf5719454f84547516733d3149844f8179f6b8e98504aa48f09947b9d9622233355a3280dc50d42d08d81ae81027329345b059df253c8e422f2f6c45a0ff50266c34a5750cf7eb4dec04f5a9f36d73266499801e46cb23a12fc18b3da0c855fadf639"], &(0x7f0000000140)='GPL\x00', 0x0, 0xe0, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffc1a}, 0x15) r6 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$SO_TIMESTAMP(r6, 0x1, 0x23, &(0x7f0000000080)=0x7f, 0x4) getsockopt$SO_TIMESTAMP(r6, 0x1, 0x1d, 0x0, &(0x7f0000000040)) syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), r6) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r5, 0xfffff000, 0xe, 0x0, &(0x7f00000000c0)='\x00'/14, 0x0, 0x255}, 0x50) r7 = syz_open_dev$tty1(0xc, 0x4, 0x1) r8 = dup(r7) ioctl$TIOCL_SETSEL(r8, 0x541c, &(0x7f0000001900)={0x2, {0xc, 0x0, 0x0, 0x0, 0x300}}) pidfd_getfd(r8, r7, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x0) ioctl$KDSKBENT(r3, 0x4b52, &(0x7f0000000080)={0x0, 0x0, 0xfff}) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) 814.232985ms ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_SURVEY(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="a90300000000000000003200000008004001"], 0x1c}}, 0x0) 782.885989ms ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x4, 0xc}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = getpid() r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x1b, 0x800000000004, @tid=r2}, &(0x7f00000002c0)=0x0) clock_gettime(0x0, &(0x7f0000000340)={0x0, 0x0}) timer_settime(r4, 0x0, &(0x7f0000000280)={{r5, r6+60000000}, {0x77359400}}, 0x0) readv(r3, &(0x7f0000001380)=[{&(0x7f0000000080)=""/47, 0x2f}], 0x1) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@ipv6_delroute={0x2c, 0x19, 0x1, 0x0, 0x0, {}, [@RTA_OIF={0x8, 0x1e}, @RTA_OIF={0x8}]}, 0x2c}}, 0x0) clock_gettime(0x0, &(0x7f0000000400)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r7}, 0x10) process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x2, 0x0, &(0x7f0000000140)={0x0, 0x0}) write(r9, &(0x7f0000000000)="fa", 0xfffffdef) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='mm_page_alloc\x00', r1}, 0x10) 571.255092ms ago: executing program 1: r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f000000ec00)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000240)='sys_enter\x00', r1}, 0x10) geteuid() 396.163229ms ago: executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000400)=@ipv6_delrule={0x24, 0x21, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0xff}, [@FIB_RULE_POLICY=@FRA_PRIORITY={0x8, 0x6, 0x4}]}, 0x24}}, 0x0) 162.407075ms ago: executing program 1: r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000200), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}}) connect$unix(r1, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 72.637809ms ago: executing program 4: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x71}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffee0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x11, 0x4, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000ff00000000000000000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000000c0)='ext4_es_find_extent_range_exit\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_es_find_extent_range_exit\x00', r1}, 0x10) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) 0s ago: executing program 0: bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xffd, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r0}, &(0x7f00000006c0), &(0x7f0000000700)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000580)='jbd2_handle_stats\x00', r1}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) kernel console output (not intermixed with test programs): orwarding state [ 198.230243][ T757] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 198.240305][ T757] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 198.283309][ T757] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 198.300799][ T757] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 198.339121][ T757] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 198.360401][ T757] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 198.394477][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 198.408938][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 198.425175][ T3961] device veth0_vlan entered promiscuous mode [ 198.435178][ T757] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 198.461706][ T757] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 198.514308][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 198.525939][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 198.540373][ T3961] device veth1_macvtap entered promiscuous mode [ 198.582773][ T757] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 198.591444][ T757] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 198.602411][ T757] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 198.647716][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 198.657081][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 200.510167][ T4027] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 201.334784][ T4078] usb usb2: usbfs: process 4078 (syz-executor.1) did not claim interface 0 before use [ 202.309930][ T4083] loop4: detected capacity change from 0 to 40427 [ 202.373858][ T4083] F2FS-fs (loop4): Found nat_bits in checkpoint [ 202.630059][ T28] kauditd_printk_skb: 59 callbacks suppressed [ 202.630124][ T28] audit: type=1326 audit(1718549713.893:9129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4118 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb55767cea9 code=0x0 [ 202.667358][ T4083] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 202.756227][ T28] audit: type=1400 audit(1718549714.013:9130): avc: denied { ioctl } for pid=4123 comm="syz-executor.3" path="/dev/ptp0" dev="devtmpfs" ino=172 ioctlcmd=0x3d0f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 202.844598][ T1626] syz-executor.4: attempt to access beyond end of device [ 202.844598][ T1626] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 202.868982][ T28] audit: type=1400 audit(1718549714.133:9131): avc: denied { connect } for pid=4127 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 203.383903][ T4134] overlayfs: missing 'lowerdir' [ 203.488413][ T8] device bridge_slave_1 left promiscuous mode [ 203.497765][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.523373][ T8] device bridge_slave_0 left promiscuous mode [ 203.546961][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.573063][ T8] device veth1_macvtap left promiscuous mode [ 203.589388][ T8] device veth0_vlan left promiscuous mode [ 204.129332][ T28] audit: type=1326 audit(1718549715.394:9132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4146 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2f75e7cea9 code=0x0 [ 204.210138][ T4090] loop2: detected capacity change from 0 to 131072 [ 204.233093][ T4090] F2FS-fs (loop2): Test dummy encryption mode enabled [ 204.239863][ T28] audit: type=1400 audit(1718549715.494:9133): avc: denied { mount } for pid=4148 comm="syz-executor.0" name="/" dev="configfs" ino=5746 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 204.275329][ T4090] F2FS-fs (loop2): invalid crc value [ 204.285327][ T28] audit: type=1326 audit(1718549715.504:9134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4148 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2f75e7cea9 code=0x0 [ 204.330320][ T4090] F2FS-fs (loop2): Found nat_bits in checkpoint [ 204.401194][ T28] audit: type=1326 audit(1718549715.664:9135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4159 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddbce7cea9 code=0x7ffc0000 [ 204.428432][ T4141] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.439278][ T4141] bridge0: port 1(bridge_slave_0) entered disabled state [ 204.445618][ T28] audit: type=1326 audit(1718549715.694:9136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4159 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fddbce7cea9 code=0x7ffc0000 [ 204.458245][ T4141] device bridge_slave_0 entered promiscuous mode [ 204.484706][ T28] audit: type=1326 audit(1718549715.694:9137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4159 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fddbce7cee3 code=0x7ffc0000 [ 204.488538][ T4141] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.516339][ T28] audit: type=1326 audit(1718549715.694:9138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4159 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fddbce7bbef code=0x7ffc0000 [ 204.532381][ T4141] bridge0: port 2(bridge_slave_1) entered disabled state [ 204.563049][ T4141] device bridge_slave_1 entered promiscuous mode [ 204.999691][ T4141] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.006673][ T4141] bridge0: port 2(bridge_slave_1) entered forwarding state [ 205.013852][ T4141] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.020805][ T4141] bridge0: port 1(bridge_slave_0) entered forwarding state [ 205.088477][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 205.103598][ T41] bridge0: port 1(bridge_slave_0) entered disabled state [ 205.116720][ T41] bridge0: port 2(bridge_slave_1) entered disabled state [ 205.150703][ T4170] device pim6reg1 entered promiscuous mode [ 205.178130][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 205.196155][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 205.204709][ T335] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.211656][ T335] bridge0: port 1(bridge_slave_0) entered forwarding state [ 205.215976][ T2716] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 205.222584][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 205.244142][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 205.254709][ T335] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.261991][ T335] bridge0: port 2(bridge_slave_1) entered forwarding state [ 205.291192][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 205.300396][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 205.326420][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 205.334881][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 205.376060][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 205.384787][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 205.427643][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 205.436229][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 205.445458][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 205.460221][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 205.475276][ T4141] device veth0_vlan entered promiscuous mode [ 205.482983][ T4174] usb usb2: usbfs: process 4174 (syz-executor.1) did not claim interface 0 before use [ 205.509591][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 205.518922][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 205.539715][ T4141] device veth1_macvtap entered promiscuous mode [ 205.564681][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 205.576529][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 205.595863][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 205.629046][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 205.644405][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 205.655927][ T2716] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 205.667071][ T2716] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 205.681305][ T2716] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 205.696119][ T2716] usb 5-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 205.712874][ T2716] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 205.744123][ T2716] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 205.808054][ T2716] usb 5-1: invalid MIDI out EP 0 [ 205.837016][ T2716] snd-usb-audio: probe of 5-1:27.0 failed with error -22 [ 205.876664][ T4192] netlink: 80 bytes leftover after parsing attributes in process `syz-executor.1'. [ 205.980158][ T4194] tipc: Failed to remove unknown binding: 66,1,1/0:3159106093/3159106095 [ 205.995570][ T4194] tipc: Failed to remove unknown binding: 66,1,1/0:3159106093/3159106095 [ 206.026886][ T757] usb 5-1: USB disconnect, device number 11 [ 206.436835][ T37] device bridge_slave_1 left promiscuous mode [ 206.453219][ T37] bridge0: port 2(bridge_slave_1) entered disabled state [ 206.483954][ T37] device bridge_slave_0 left promiscuous mode [ 206.490372][ T37] bridge0: port 1(bridge_slave_0) entered disabled state [ 206.525463][ T37] device veth1_macvtap left promiscuous mode [ 206.536404][ T37] device veth0_vlan left promiscuous mode [ 206.889105][ T4217] loop4: detected capacity change from 0 to 256 [ 207.970433][ T28] kauditd_printk_skb: 1021 callbacks suppressed [ 207.970472][ T28] audit: type=1326 audit(1718549719.216:10160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4222 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddbce7cea9 code=0x7ffc0000 [ 208.018491][ T28] audit: type=1326 audit(1718549719.266:10161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4222 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7fddbce7cea9 code=0x7ffc0000 [ 208.043498][ T28] audit: type=1326 audit(1718549719.266:10162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4222 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddbce7cea9 code=0x7ffc0000 [ 208.095859][ T28] audit: type=1326 audit(1718549719.266:10163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4222 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddbce7cea9 code=0x7ffc0000 [ 208.145922][ T4224] overlayfs: missing 'lowerdir' [ 208.175760][ T28] audit: type=1326 audit(1718549719.266:10164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4222 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=311 compat=0 ip=0x7fddbce7cea9 code=0x7ffc0000 [ 208.242843][ T28] audit: type=1326 audit(1718549719.266:10165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4222 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddbce7cea9 code=0x7ffc0000 [ 208.296177][ T4206] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.304059][ T4206] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.312679][ T4206] device bridge_slave_0 entered promiscuous mode [ 208.320790][ T4206] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.328260][ T4206] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.336961][ T4206] device bridge_slave_1 entered promiscuous mode [ 208.395674][ T28] audit: type=1326 audit(1718549719.266:10166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4222 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=78 compat=0 ip=0x7fddbce7cea9 code=0x7ffc0000 [ 208.484389][ T28] audit: type=1326 audit(1718549719.306:10167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4222 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddbce7cea9 code=0x7ffc0000 [ 208.557571][ T28] audit: type=1326 audit(1718549719.306:10168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4222 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fddbce7cea9 code=0x7ffc0000 [ 208.634333][ T28] audit: type=1326 audit(1718549719.306:10169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4222 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddbce7cea9 code=0x7ffc0000 [ 208.838943][ T4206] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.846089][ T4206] bridge0: port 2(bridge_slave_1) entered forwarding state [ 208.853703][ T4206] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.863861][ T4206] bridge0: port 1(bridge_slave_0) entered forwarding state [ 208.965014][ T2716] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.980603][ T2716] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.091583][ T19] kernel write not supported for file /cpu/0/msr (pid: 19 comm: kworker/0:1) [ 209.134650][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 209.154664][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 209.194896][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 209.207072][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 209.226960][ T2716] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.235503][ T2716] bridge0: port 1(bridge_slave_0) entered forwarding state [ 209.263758][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 209.285561][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 209.295495][ T2716] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.303507][ T2716] bridge0: port 2(bridge_slave_1) entered forwarding state [ 209.327872][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 209.340260][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 209.354940][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 209.365234][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 209.430773][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 209.441119][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 209.467148][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 209.477273][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 209.489263][ T4206] device veth0_vlan entered promiscuous mode [ 209.500194][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 209.510865][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 209.543382][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 209.553903][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 209.576632][ T4206] device veth1_macvtap entered promiscuous mode [ 209.615836][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 209.627874][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 209.647250][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 209.668067][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 209.677587][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 209.924545][ T335] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 209.963826][ T318] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 210.175526][ T4280] loop3: detected capacity change from 0 to 256 [ 210.217476][ T4280] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x17691978, utbl_chksum : 0xe619d30d) [ 210.300194][ T335] usb 2-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 210.322664][ T335] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 210.344974][ T318] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 210.345029][ T335] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 210.373407][ T318] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 210.383107][ T318] usb 5-1: New USB device found, idVendor=046d, idProduct=c71b, bcdDevice= 0.00 [ 210.398056][ T335] usb 2-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 210.421575][ T335] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 210.425587][ T318] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 210.438809][ T335] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 210.474149][ T318] usb 5-1: config 0 descriptor?? [ 210.495799][ T335] usb 2-1: invalid MIDI out EP 0 [ 210.513625][ T335] snd-usb-audio: probe of 2-1:27.0 failed with error -22 [ 210.706017][ T335] usb 2-1: USB disconnect, device number 9 [ 210.826213][ T4288] device pim6reg1 entered promiscuous mode [ 210.956743][ T318] logitech-djreceiver 0003:046D:C71B.0012: item fetching failed at offset 5/7 [ 210.973744][ T318] logitech-djreceiver 0003:046D:C71B.0012: logi_dj_probe: parse failed [ 210.993121][ T318] logitech-djreceiver: probe of 0003:046D:C71B.0012 failed with error -22 [ 211.213681][ T19] usb 5-1: USB disconnect, device number 12 [ 211.559536][ T4311] device pim6reg1 entered promiscuous mode [ 212.272482][ T318] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 212.652379][ T318] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 212.672633][ T318] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 212.702232][ T318] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 212.713323][ T318] usb 5-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 212.727067][ T318] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 212.736239][ T318] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 212.784066][ T318] usb 5-1: invalid MIDI out EP 0 [ 212.794453][ T318] snd-usb-audio: probe of 5-1:27.0 failed with error -22 [ 212.986803][ T318] usb 5-1: USB disconnect, device number 13 [ 213.213326][ T28] kauditd_printk_skb: 955 callbacks suppressed [ 213.213364][ T28] audit: type=1326 audit(1718549724.478:11125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4353 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48e087cea9 code=0x7ffc0000 [ 213.251381][ T4354] loop2: detected capacity change from 0 to 256 [ 213.254224][ T28] audit: type=1326 audit(1718549724.508:11126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4353 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f48e087cea9 code=0x7ffc0000 [ 213.271291][ T4354] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x17691978, utbl_chksum : 0xe619d30d) [ 213.283757][ T28] audit: type=1326 audit(1718549724.508:11127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4353 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f48e087cee3 code=0x7ffc0000 [ 213.323129][ T28] audit: type=1326 audit(1718549724.508:11128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4353 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f48e087bbef code=0x7ffc0000 [ 213.382213][ T28] audit: type=1326 audit(1718549724.508:11129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4353 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f48e087cf37 code=0x7ffc0000 [ 213.416310][ T28] audit: type=1326 audit(1718549724.508:11130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4353 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f48e087baa0 code=0x7ffc0000 [ 213.441512][ T28] audit: type=1326 audit(1718549724.508:11131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4353 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f48e087cc0b code=0x7ffc0000 [ 213.442501][ T41] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 213.467325][ T28] audit: type=1326 audit(1718549724.528:11132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4353 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f48e087bd9a code=0x7ffc0000 [ 213.503958][ T28] audit: type=1326 audit(1718549724.528:11133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4353 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f48e087bd9a code=0x7ffc0000 [ 213.529461][ T28] audit: type=1326 audit(1718549724.528:11134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4353 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f48e087b9a7 code=0x7ffc0000 [ 213.851886][ T41] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 213.873990][ T41] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 213.900995][ T41] usb 1-1: New USB device found, idVendor=046d, idProduct=c71b, bcdDevice= 0.00 [ 213.905586][ T4373] cgroup: fork rejected by pids controller in /syz3 [ 213.924972][ T41] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 213.953943][ T41] usb 1-1: config 0 descriptor?? [ 214.444471][ T41] logitech-djreceiver 0003:046D:C71B.0013: item fetching failed at offset 5/7 [ 214.471834][ T41] logitech-djreceiver 0003:046D:C71B.0013: logi_dj_probe: parse failed [ 214.487140][ T41] logitech-djreceiver: probe of 0003:046D:C71B.0013 failed with error -22 [ 214.632861][ T37] device bridge_slave_1 left promiscuous mode [ 214.652223][ T37] bridge0: port 2(bridge_slave_1) entered disabled state [ 214.692368][ T37] device bridge_slave_0 left promiscuous mode [ 214.722335][ T37] bridge0: port 1(bridge_slave_0) entered disabled state [ 214.732983][ T37] device veth1_macvtap left promiscuous mode [ 214.742620][ T318] usb 1-1: USB disconnect, device number 11 [ 214.751575][ T37] device veth0_vlan left promiscuous mode [ 215.091044][ T41] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 215.432618][ T4390] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.450026][ T4390] bridge0: port 1(bridge_slave_0) entered disabled state [ 215.461064][ T41] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 215.469678][ T4390] device bridge_slave_0 entered promiscuous mode [ 215.479528][ T4390] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.482582][ T41] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 215.511579][ T4390] bridge0: port 2(bridge_slave_1) entered disabled state [ 215.518786][ T41] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 215.518863][ T41] usb 3-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 215.518964][ T41] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 215.519033][ T41] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 215.563073][ T41] usb 3-1: invalid MIDI out EP 0 [ 215.576756][ T41] snd-usb-audio: probe of 3-1:27.0 failed with error -22 [ 215.602057][ T4390] device bridge_slave_1 entered promiscuous mode [ 215.648710][ T4405] cgroup: fork rejected by pids controller in /syz4 [ 215.806038][ T318] usb 3-1: USB disconnect, device number 9 [ 216.010162][ T4390] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.017330][ T4390] bridge0: port 2(bridge_slave_1) entered forwarding state [ 216.020624][ T19] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 216.024548][ T4390] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.038549][ T4390] bridge0: port 1(bridge_slave_0) entered forwarding state [ 216.165416][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 216.182277][ T335] bridge0: port 1(bridge_slave_0) entered disabled state [ 216.200863][ T335] bridge0: port 2(bridge_slave_1) entered disabled state [ 216.250597][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 216.259230][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 216.276816][ T335] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.283800][ T335] bridge0: port 1(bridge_slave_0) entered forwarding state [ 216.311926][ T597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 216.330857][ T597] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 216.339368][ T597] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.346320][ T597] bridge0: port 2(bridge_slave_1) entered forwarding state [ 216.400521][ T19] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 216.421353][ T19] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 216.450367][ T19] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 216.469010][ T19] usb 1-1: config 0 descriptor?? [ 216.500502][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 216.508921][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 216.523938][ T4421] loop2: detected capacity change from 0 to 256 [ 216.531712][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 216.540826][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 216.588688][ T4421] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 216.617214][ T597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 216.633116][ T597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 216.653020][ T8] device bridge_slave_1 left promiscuous mode [ 216.659190][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 216.675067][ T8] device bridge_slave_0 left promiscuous mode [ 216.682805][ T4421] exFAT-fs (loop2): error, exfat_alloc_cluster: invalid used clusters(t:15,u:4294930442) [ 216.682805][ T4421] [ 216.684211][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 216.705254][ T4421] exFAT-fs (loop2): Filesystem has been set read-only [ 216.712958][ T4421] exFAT-fs (loop2): error, failed to bmap (inode : ffff888138cbaa10 iblock : 0, err : -5) [ 216.714178][ T8] device veth1_macvtap left promiscuous mode [ 216.733163][ T8] device veth0_vlan left promiscuous mode [ 216.972495][ T19] keytouch 0003:0926:3333.0014: fixing up Keytouch IEC report descriptor [ 216.988128][ T19] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.0014/input/input10 [ 217.089227][ T19] keytouch 0003:0926:3333.0014: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0 [ 217.145145][ T4438] cgroup: fork rejected by pids controller in /syz1 [ 217.178304][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 217.187990][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 217.206674][ T4390] device veth0_vlan entered promiscuous mode [ 217.240408][ T597] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 217.248270][ T597] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 217.291149][ T597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 217.301216][ T597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 217.346089][ T4390] device veth1_macvtap entered promiscuous mode [ 217.387108][ T4417] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.394549][ T4417] bridge0: port 1(bridge_slave_0) entered disabled state [ 217.403217][ T4417] device bridge_slave_0 entered promiscuous mode [ 217.420753][ T597] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 217.429397][ T597] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 217.454358][ T597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 217.464022][ T597] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 217.474533][ T597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 217.483682][ T4417] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.493044][ T4417] bridge0: port 2(bridge_slave_1) entered disabled state [ 217.503652][ T4417] device bridge_slave_1 entered promiscuous mode [ 217.813027][ T19] usb 1-1: USB disconnect, device number 12 [ 217.964670][ T4417] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.971720][ T4417] bridge0: port 2(bridge_slave_1) entered forwarding state [ 217.978949][ T4417] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.985980][ T4417] bridge0: port 1(bridge_slave_0) entered forwarding state [ 218.269685][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 218.281949][ T41] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.290296][ T41] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.399975][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 218.409178][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 218.457386][ T2716] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.464582][ T2716] bridge0: port 1(bridge_slave_0) entered forwarding state [ 218.487941][ T4462] loop2: detected capacity change from 0 to 256 [ 218.498189][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 218.517381][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 218.547570][ T4462] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 218.549583][ T2716] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.566609][ T2716] bridge0: port 2(bridge_slave_1) entered forwarding state [ 218.615692][ T8] device bridge_slave_1 left promiscuous mode [ 218.626996][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.641539][ T4462] exFAT-fs (loop2): error, exfat_alloc_cluster: invalid used clusters(t:15,u:4294930442) [ 218.641539][ T4462] [ 218.654556][ T4462] exFAT-fs (loop2): Filesystem has been set read-only [ 218.654797][ T8] device bridge_slave_0 left promiscuous mode [ 218.667399][ T4462] exFAT-fs (loop2): error, failed to bmap (inode : ffff88810b851150 iblock : 0, err : -5) [ 218.679616][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.704044][ T8] device veth1_macvtap left promiscuous mode [ 218.719632][ T8] device veth0_vlan left promiscuous mode [ 218.991454][ T4476] loop2: detected capacity change from 0 to 512 [ 219.013614][ T4476] EXT4-fs error (device loop2): ext4_orphan_get:1396: inode #15: comm syz-executor.2: casefold flag without casefold feature [ 219.032736][ T4476] EXT4-fs error (device loop2): __ext4_iget:5046: inode #12: block 2: comm syz-executor.2: invalid block [ 219.053219][ T4476] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor.2: error while reading EA inode 12 err=-117 [ 219.069443][ T4476] EXT4-fs (loop2): 1 orphan inode deleted [ 219.075249][ T4476] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 219.126501][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 219.149316][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 219.149514][ T41] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 219.159266][ T4476] loop2: detected capacity change from 512 to 0 [ 219.191343][ T4454] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.198523][ T4454] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.206241][ C1] I/O error, dev loop2, sector 18 op 0x0:(READ) flags 0x3000 phys_seg 1 prio class 2 [ 219.212513][ T4454] device bridge_slave_0 entered promiscuous mode [ 219.215949][ C1] I/O error, dev loop2, sector 26 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 219.231720][ C1] I/O error, dev loop2, sector 24 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 219.241685][ C1] I/O error, dev loop2, sector 22 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 219.251607][ C1] I/O error, dev loop2, sector 20 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 219.262092][ C1] I/O error, dev loop2, sector 16 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 219.272825][ C1] I/O error, dev loop2, sector 14 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 219.277703][ T4417] device veth0_vlan entered promiscuous mode [ 219.282420][ C1] I/O error, dev loop2, sector 12 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 219.297823][ C1] I/O error, dev loop2, sector 10 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 219.310679][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 219.319365][ T4474] EXT4-fs error (device loop2): ext4_get_inode_loc:4635: inode #19: block 9: comm syz-executor.2: unable to read itable block [ 219.320074][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 219.332934][ T345] loop: Write error at byte offset 9223372036854776831, length 1024. [ 219.348123][ C1] I/O error, dev loop2, sector 2 op 0x1:(WRITE) flags 0x3800 phys_seg 1 prio class 2 [ 219.358073][ C1] Buffer I/O error on dev loop2, logical block 1, lost sync page write [ 219.359821][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 219.366440][ T4474] EXT4-fs (loop2): I/O error while writing superblock [ 219.382016][ T4474] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5870: IO failure [ 219.391000][ T345] loop: Write error at byte offset 9223372036854776831, length 1024. [ 219.395400][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 219.399185][ C1] Buffer I/O error on dev loop2, logical block 1, lost sync page write [ 219.415278][ T4474] EXT4-fs (loop2): I/O error while writing superblock [ 219.418428][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 219.422097][ T4474] EXT4-fs error (device loop2): ext4_dirty_inode:6074: inode #19: comm syz-executor.2: mark_inode_dirty error [ 219.442727][ T345] loop: Write error at byte offset 9223372036854776831, length 1024. [ 219.444854][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 219.452105][ C1] Buffer I/O error on dev loop2, logical block 1, lost sync page write [ 219.468649][ T4474] EXT4-fs (loop2): I/O error while writing superblock [ 219.476784][ T4474] EXT4-fs error (device loop2): ext4_get_inode_loc:4635: inode #19: block 9: comm syz-executor.2: unable to read itable block [ 219.480555][ T4454] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.490263][ T345] loop: Write error at byte offset 9223372036854776831, length 1024. [ 219.504986][ C1] Buffer I/O error on dev loop2, logical block 1, lost sync page write [ 219.506883][ T4454] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.513305][ T4474] EXT4-fs (loop2): I/O error while writing superblock [ 219.513350][ T4474] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5870: IO failure [ 219.513518][ T345] loop: Write error at byte offset 9223372036854776831, length 1024. [ 219.540096][ T4454] device bridge_slave_1 entered promiscuous mode [ 219.544586][ C1] Buffer I/O error on dev loop2, logical block 1, lost sync page write [ 219.561519][ T4474] EXT4-fs (loop2): I/O error while writing superblock [ 219.568305][ T4474] EXT4-fs error (device loop2): ext4_dirty_inode:6074: inode #19: comm syz-executor.2: mark_inode_dirty error [ 219.583598][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 219.589380][ T345] loop: Write error at byte offset 9223372036854776831, length 1024. [ 219.591994][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 219.603212][ C1] Buffer I/O error on dev loop2, logical block 1, lost sync page write [ 219.614395][ T4474] EXT4-fs (loop2): I/O error while writing superblock [ 219.623536][ T4474] EXT4-fs error (device loop2): ext4_check_bdev_write_error:218: comm syz-executor.2: Error while async write back metadata [ 219.657939][ T4417] device veth1_macvtap entered promiscuous mode [ 219.666397][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 219.676135][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 219.679435][ T41] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 219.685552][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 219.695167][ T345] loop: Write error at byte offset 9223372036854776831, length 1024. [ 219.695293][ C1] Buffer I/O error on dev loop2, logical block 1, lost sync page write [ 219.705441][ T41] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 219.711189][ T4474] EXT4-fs (loop2): I/O error while writing superblock [ 219.735499][ T4474] EXT4-fs error (device loop2): ext4_check_bdev_write_error:218: comm syz-executor.2: Error while async write back metadata [ 219.738754][ T41] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 219.775709][ T345] loop: Write error at byte offset 9223372036854776831, length 1024. [ 219.785121][ C1] Buffer I/O error on dev loop2, logical block 1, lost sync page write [ 219.793996][ T4474] EXT4-fs (loop2): I/O error while writing superblock [ 219.805378][ T41] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 219.814234][ T4474] EXT4-fs error (device loop2): ext4_get_inode_loc:4635: inode #19: block 9: comm syz-executor.2: unable to read itable block [ 219.817052][ T41] usb 4-1: config 0 descriptor?? [ 219.838940][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 219.848874][ T345] loop: Write error at byte offset 9223372036854776831, length 1024. [ 219.858325][ C1] Buffer I/O error on dev loop2, logical block 1, lost sync page write [ 219.859485][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 219.866681][ T4474] EXT4-fs (loop2): I/O error while writing superblock [ 219.882148][ T4474] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5870: IO failure [ 219.889456][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 219.894425][ T345] loop: Write error at byte offset 9223372036854776831, length 1024. [ 219.908156][ C1] Buffer I/O error on dev loop2, logical block 1, lost sync page write [ 219.909410][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 220.004058][ T4482] loop4: detected capacity change from 0 to 256 [ 220.197362][ C0] EXT4-fs warning (device loop2): ext4_end_bio:347: I/O error 10 writing to inode 19 starting block 65) [ 220.208914][ C0] Buffer I/O error on device loop2, logical block 65 [ 220.215814][ C0] Buffer I/O error on device loop2, logical block 66 [ 220.223492][ C0] Buffer I/O error on device loop2, logical block 67 [ 220.230712][ C0] Buffer I/O error on device loop2, logical block 68 [ 220.237289][ C0] Buffer I/O error on device loop2, logical block 69 [ 220.243824][ C0] Buffer I/O error on device loop2, logical block 70 [ 220.250425][ C0] Buffer I/O error on device loop2, logical block 71 [ 220.257027][ C0] Buffer I/O error on device loop2, logical block 72 [ 220.361695][ T41] hid (null): bogus close delimiter [ 221.288092][ T41] usb 4-1: string descriptor 0 read error: -71 [ 221.328555][ T41] uclogic 0003:256C:006D.0015: failed retrieving string descriptor #200: -71 [ 221.339806][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 221.359019][ T41] uclogic 0003:256C:006D.0015: failed retrieving pen parameters: -71 [ 221.367337][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 221.407931][ T41] uclogic 0003:256C:006D.0015: failed probing pen v2 parameters: -71 [ 221.439360][ T41] uclogic 0003:256C:006D.0015: failed probing parameters: -71 [ 221.466020][ T41] uclogic: probe of 0003:256C:006D.0015 failed with error -71 [ 221.508843][ T41] usb 4-1: USB disconnect, device number 11 [ 221.537407][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 221.546281][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 221.555879][ T335] bridge0: port 1(bridge_slave_0) entered blocking state [ 221.563170][ T335] bridge0: port 1(bridge_slave_0) entered forwarding state [ 221.572850][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 221.598953][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 221.617797][ T335] bridge0: port 2(bridge_slave_1) entered blocking state [ 221.624828][ T335] bridge0: port 2(bridge_slave_1) entered forwarding state [ 221.642719][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 221.654626][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 221.663068][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 221.671461][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 221.701465][ T886] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 221.709742][ T886] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 221.719219][ T886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 221.757676][ T19] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 221.765999][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 221.774475][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 221.797124][ T4454] device veth0_vlan entered promiscuous mode [ 221.805676][ T886] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 221.814777][ T886] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 221.827791][ T28] kauditd_printk_skb: 468 callbacks suppressed [ 221.827824][ T28] audit: type=1400 audit(1718549733.093:11603): avc: denied { ioctl } for pid=4479 comm="syz-executor.0" path="socket:[36240]" dev="sockfs" ino=36240 ioctlcmd=0xf510 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 221.937727][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 221.953558][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 221.965410][ T4454] device veth1_macvtap entered promiscuous mode [ 222.018391][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 222.026982][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 222.036130][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 222.048578][ T8] device bridge_slave_1 left promiscuous mode [ 222.054606][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 222.063045][ T8] device bridge_slave_0 left promiscuous mode [ 222.069293][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 222.079249][ T8] device veth1_macvtap left promiscuous mode [ 222.085178][ T8] device veth0_vlan left promiscuous mode [ 222.137844][ T19] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 222.158461][ T19] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 222.177499][ T19] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 222.187165][ T19] usb 5-1: config 0 descriptor?? [ 222.310961][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 222.320329][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 222.442933][ T4514] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 222.453442][ T4514] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 222.496701][ T4489] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.504239][ T4489] bridge0: port 1(bridge_slave_0) entered disabled state [ 222.512911][ T4489] device bridge_slave_0 entered promiscuous mode [ 222.521133][ T4489] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.528467][ T4489] bridge0: port 2(bridge_slave_1) entered disabled state [ 222.536744][ T4489] device bridge_slave_1 entered promiscuous mode [ 222.597330][ T2716] usb 4-1: new low-speed USB device number 12 using dummy_hcd [ 222.658865][ T19] keytouch 0003:0926:3333.0016: fixing up Keytouch IEC report descriptor [ 222.686600][ T19] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.0016/input/input11 [ 222.782857][ T19] keytouch 0003:0926:3333.0016: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0 [ 222.883854][ T4489] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.891780][ T4489] bridge0: port 2(bridge_slave_1) entered forwarding state [ 222.899114][ T4489] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.906119][ T4489] bridge0: port 1(bridge_slave_0) entered forwarding state [ 222.998504][ T19] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 223.027319][ T757] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 223.036062][ T757] bridge0: port 1(bridge_slave_0) entered disabled state [ 223.046141][ T757] bridge0: port 2(bridge_slave_1) entered disabled state [ 223.079052][ T757] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 223.087686][ T757] bridge0: port 1(bridge_slave_0) entered blocking state [ 223.094604][ T757] bridge0: port 1(bridge_slave_0) entered forwarding state [ 223.102291][ T2716] usb 4-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 223.113417][ T757] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 223.123085][ T2716] usb 4-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 223.133667][ T757] bridge0: port 2(bridge_slave_1) entered blocking state [ 223.140608][ T757] bridge0: port 2(bridge_slave_1) entered forwarding state [ 223.149149][ T2716] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 223.182751][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 223.193138][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 223.239493][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 223.262372][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 223.272697][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 223.280904][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 223.291391][ T4489] device veth0_vlan entered promiscuous mode [ 223.317943][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 223.331567][ T4489] device veth1_macvtap entered promiscuous mode [ 223.353578][ T757] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 223.374483][ T19] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 223.392531][ T19] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 223.402883][ T2716] usb 4-1: string descriptor 0 read error: -22 [ 223.415871][ T2716] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 223.425594][ T19] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 223.435001][ T2716] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 223.444473][ T19] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 223.454666][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 223.455889][ T41] usb 5-1: USB disconnect, device number 14 [ 223.463307][ T19] usb 1-1: config 0 descriptor?? [ 223.474428][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 223.498908][ T2716] usb 4-1: 0:2 : does not exist [ 223.625400][ T4533] loop2: detected capacity change from 0 to 512 [ 223.637271][ T4533] EXT4-fs error (device loop2): ext4_orphan_get:1396: inode #15: comm syz-executor.2: casefold flag without casefold feature [ 223.650721][ T4533] EXT4-fs error (device loop2): __ext4_iget:5046: inode #12: block 2: comm syz-executor.2: invalid block [ 223.662558][ T4533] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor.2: error while reading EA inode 12 err=-117 [ 223.675714][ T4533] EXT4-fs (loop2): 1 orphan inode deleted [ 223.682621][ T4533] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 223.758779][ T4533] loop2: detected capacity change from 512 to 0 [ 223.766582][ T4531] EXT4-fs error (device loop2): ext4_get_inode_loc:4635: inode #19: block 9: comm syz-executor.2: unable to read itable block [ 223.780536][ T4531] EXT4-fs (loop2): I/O error while writing superblock [ 223.787463][ T4531] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5870: IO failure [ 223.797329][ T4531] EXT4-fs (loop2): I/O error while writing superblock [ 223.804103][ T4531] EXT4-fs error (device loop2): ext4_dirty_inode:6074: inode #19: comm syz-executor.2: mark_inode_dirty error [ 223.818452][ T4531] EXT4-fs (loop2): I/O error while writing superblock [ 223.826552][ T4531] EXT4-fs error (device loop2): ext4_get_inode_loc:4635: inode #19: block 9: comm syz-executor.2: unable to read itable block [ 223.842047][ T4531] EXT4-fs (loop2): I/O error while writing superblock [ 223.850635][ T4531] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5870: IO failure [ 223.871919][ T4531] EXT4-fs (loop2): I/O error while writing superblock [ 223.878975][ T4531] EXT4-fs error (device loop2): ext4_dirty_inode:6074: inode #19: comm syz-executor.2: mark_inode_dirty error [ 223.891243][ T4531] EXT4-fs (loop2): I/O error while writing superblock [ 223.898879][ T4531] EXT4-fs error (device loop2): ext4_check_bdev_write_error:218: comm syz-executor.2: Error while async write back metadata [ 223.912214][ T4531] EXT4-fs (loop2): I/O error while writing superblock [ 223.919793][ T4531] EXT4-fs error (device loop2): ext4_check_bdev_write_error:218: comm syz-executor.2: Error while async write back metadata [ 223.936230][ T4531] EXT4-fs (loop2): I/O error while writing superblock [ 223.949364][ T4531] EXT4-fs error (device loop2): ext4_get_inode_loc:4635: inode #19: block 9: comm syz-executor.2: unable to read itable block [ 223.964338][ T4531] EXT4-fs (loop2): I/O error while writing superblock [ 224.288593][ T4531] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5870: IO failure [ 224.336781][ T8] lo_write_bvec: 125 callbacks suppressed [ 224.336903][ T8] loop: Write error at byte offset 9223372036854776831, length 1024. [ 224.381998][ C1] blk_print_req_error: 441 callbacks suppressed [ 224.382035][ C1] I/O error, dev loop2, sector 2 op 0x1:(WRITE) flags 0x3800 phys_seg 1 prio class 2 [ 224.398018][ C1] buffer_io_error: 124 callbacks suppressed [ 224.398052][ C1] Buffer I/O error on dev loop2, logical block 1, lost sync page write [ 224.417945][ T8] loop: Write error at byte offset 9223372036854776831, length 1024. [ 224.455139][ C1] I/O error, dev loop2, sector 2 op 0x1:(WRITE) flags 0x3800 phys_seg 1 prio class 2 [ 224.464647][ C1] Buffer I/O error on dev loop2, logical block 1, lost sync page write [ 224.474963][ T8] loop: Write error at byte offset 9223372036854776831, length 1024. [ 224.672361][ T19] hid (null): bogus close delimiter [ 224.695484][ C0] I/O error, dev loop2, sector 2 op 0x1:(WRITE) flags 0x3800 phys_seg 1 prio class 2 [ 224.704889][ C0] Buffer I/O error on dev loop2, logical block 1, lost sync page write [ 224.717573][ T345] loop: Write error at byte offset 9223372036854776831, length 1024. [ 224.757453][ T4541] loop4: detected capacity change from 0 to 512 [ 224.768691][ C1] I/O error, dev loop2, sector 2 op 0x1:(WRITE) flags 0x3800 phys_seg 1 prio class 2 [ 224.778417][ C1] Buffer I/O error on dev loop2, logical block 1, lost sync page write [ 224.788202][ C1] I/O error, dev loop2, sector 18 op 0x0:(READ) flags 0x3000 phys_seg 1 prio class 2 [ 224.797684][ C1] I/O error, dev loop2, sector 26 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 224.807165][ C1] I/O error, dev loop2, sector 24 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 224.816656][ C1] I/O error, dev loop2, sector 22 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 224.826158][ C1] I/O error, dev loop2, sector 20 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 224.835623][ C1] I/O error, dev loop2, sector 16 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 224.845104][ T345] loop: Write error at byte offset 9223372036854776831, length 1024. [ 224.854476][ C1] Buffer I/O error on dev loop2, logical block 1, lost sync page write [ 224.861007][ T4541] EXT4-fs (loop4): 1 orphan inode deleted [ 224.863745][ T345] loop: Write error at byte offset 9223372036854776831, length 1024. [ 224.869584][ T4541] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 224.880980][ C1] Buffer I/O error on dev loop2, logical block 1, lost sync page write [ 224.891184][ T4541] ext4 filesystem being mounted at /root/syzkaller-testdir3200962269/syzkaller.KF7X8l/2/file1 supports timestamps until 2038 (0x7fffffff) [ 224.893939][ T345] loop: Write error at byte offset 9223372036854776831, length 1024. [ 224.916256][ C1] Buffer I/O error on dev loop2, logical block 1, lost sync page write [ 224.925556][ T345] loop: Write error at byte offset 9223372036854776831, length 1024. [ 224.933722][ C1] Buffer I/O error on dev loop2, logical block 1, lost sync page write [ 224.942409][ T345] loop: Write error at byte offset 9223372036854776831, length 1024. [ 224.950720][ C1] Buffer I/O error on dev loop2, logical block 1, lost sync page write [ 224.962569][ T345] loop: Write error at byte offset 9223372036854776831, length 1024. [ 224.971703][ C0] Buffer I/O error on dev loop2, logical block 1, lost sync page write [ 225.116408][ T19] usb 1-1: string descriptor 0 read error: -71 [ 225.143431][ T19] uclogic 0003:256C:006D.0017: failed retrieving string descriptor #200: -71 [ 225.160161][ T19] uclogic 0003:256C:006D.0017: failed retrieving pen parameters: -71 [ 225.193051][ T19] uclogic 0003:256C:006D.0017: failed probing pen v2 parameters: -71 [ 225.202538][ T19] uclogic 0003:256C:006D.0017: failed probing parameters: -71 [ 225.226486][ T19] uclogic: probe of 0003:256C:006D.0017 failed with error -71 [ 225.239958][ C1] EXT4-fs warning (device loop2): ext4_end_bio:347: I/O error 10 writing to inode 19 starting block 65) [ 225.242161][ T19] usb 1-1: USB disconnect, device number 13 [ 225.251369][ C1] Buffer I/O error on device loop2, logical block 65 [ 225.261110][ T2716] usb 4-1: USB disconnect, device number 12 [ 225.263581][ C1] Buffer I/O error on device loop2, logical block 66 [ 225.275821][ C1] Buffer I/O error on device loop2, logical block 67 [ 225.282327][ C1] Buffer I/O error on device loop2, logical block 68 [ 225.288928][ C1] Buffer I/O error on device loop2, logical block 69 [ 225.295483][ C1] Buffer I/O error on device loop2, logical block 70 [ 225.302159][ C1] Buffer I/O error on device loop2, logical block 71 [ 225.308664][ C1] Buffer I/O error on device loop2, logical block 72 [ 225.431364][ T4560] syz-executor.4[4560] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 225.431549][ T4560] syz-executor.4[4560] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 228.196181][ T2336] device bridge_slave_1 left promiscuous mode [ 228.228100][ T2336] bridge0: port 2(bridge_slave_1) entered disabled state [ 228.250477][ T2336] device bridge_slave_0 left promiscuous mode [ 228.272515][ T2336] bridge0: port 1(bridge_slave_0) entered disabled state [ 228.291941][ T2336] device veth1_macvtap left promiscuous mode [ 228.304456][ T2336] device veth0_vlan left promiscuous mode [ 228.612072][ T4417] EXT4-fs (loop4): unmounting filesystem. [ 228.798206][ T4598] loop3: detected capacity change from 0 to 512 [ 228.814252][ T19] usb 1-1: new low-speed USB device number 14 using dummy_hcd [ 228.826357][ T4598] EXT4-fs error (device loop3): ext4_orphan_get:1396: inode #15: comm syz-executor.3: casefold flag without casefold feature [ 228.840071][ T4598] EXT4-fs error (device loop3): __ext4_iget:5046: inode #12: block 2: comm syz-executor.3: invalid block [ 228.852232][ T4598] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz-executor.3: error while reading EA inode 12 err=-117 [ 228.865571][ T4598] EXT4-fs (loop3): 1 orphan inode deleted [ 228.871196][ T4598] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 228.902757][ T4579] bridge0: port 1(bridge_slave_0) entered blocking state [ 228.909846][ T4579] bridge0: port 1(bridge_slave_0) entered disabled state [ 228.918131][ T4579] device bridge_slave_0 entered promiscuous mode [ 228.926181][ T4579] bridge0: port 2(bridge_slave_1) entered blocking state [ 228.933248][ T4579] bridge0: port 2(bridge_slave_1) entered disabled state [ 228.942828][ T4598] loop3: detected capacity change from 512 to 0 [ 228.952322][ T4579] device bridge_slave_1 entered promiscuous mode [ 228.958696][ T4594] EXT4-fs error (device loop3): ext4_get_inode_loc:4635: inode #19: block 9: comm syz-executor.3: unable to read itable block [ 228.992966][ T4594] EXT4-fs (loop3): I/O error while writing superblock [ 229.012085][ T4594] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: IO failure [ 229.024097][ T41] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 229.024682][ T4594] EXT4-fs (loop3): I/O error while writing superblock [ 229.058653][ T4594] EXT4-fs error (device loop3): ext4_dirty_inode:6074: inode #19: comm syz-executor.3: mark_inode_dirty error [ 229.083799][ T4594] EXT4-fs (loop3): I/O error while writing superblock [ 229.091880][ T4594] EXT4-fs error (device loop3): ext4_get_inode_loc:4635: inode #19: block 9: comm syz-executor.3: unable to read itable block [ 229.105554][ T4594] EXT4-fs (loop3): I/O error while writing superblock [ 229.112276][ T4594] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: IO failure [ 229.121575][ T4594] EXT4-fs (loop3): I/O error while writing superblock [ 229.128407][ T4594] EXT4-fs error (device loop3): ext4_dirty_inode:6074: inode #19: comm syz-executor.3: mark_inode_dirty error [ 229.140255][ T4594] EXT4-fs (loop3): I/O error while writing superblock [ 229.147281][ T4594] EXT4-fs error (device loop3): ext4_check_bdev_write_error:218: comm syz-executor.3: Error while async write back metadata [ 229.160389][ T4594] EXT4-fs (loop3): I/O error while writing superblock [ 229.167191][ T4594] EXT4-fs error (device loop3): ext4_check_bdev_write_error:218: comm syz-executor.3: Error while async write back metadata [ 229.180262][ T4594] EXT4-fs (loop3): I/O error while writing superblock [ 229.188150][ T4594] EXT4-fs error (device loop3): ext4_get_inode_loc:4635: inode #19: block 9: comm syz-executor.3: unable to read itable block [ 229.201453][ T4594] EXT4-fs (loop3): I/O error while writing superblock [ 229.209639][ T4594] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: IO failure [ 229.284022][ T19] usb 1-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 229.296300][ T19] usb 1-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 229.311650][ T4579] bridge0: port 2(bridge_slave_1) entered blocking state [ 229.318627][ T4579] bridge0: port 2(bridge_slave_1) entered forwarding state [ 229.325939][ T4579] bridge0: port 1(bridge_slave_0) entered blocking state [ 229.332851][ T4579] bridge0: port 1(bridge_slave_0) entered forwarding state [ 229.340433][ T19] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 229.393973][ T41] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 229.409236][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 229.413896][ T41] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 229.426221][ T2716] bridge0: port 1(bridge_slave_0) entered disabled state [ 229.433415][ T41] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 229.442999][ T2716] bridge0: port 2(bridge_slave_1) entered disabled state [ 229.448176][ T41] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 229.464814][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 229.469037][ T41] usb 5-1: config 0 descriptor?? [ 229.473472][ T319] bridge0: port 1(bridge_slave_0) entered blocking state [ 229.484857][ T319] bridge0: port 1(bridge_slave_0) entered forwarding state [ 229.505936][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 229.514995][ T2716] bridge0: port 2(bridge_slave_1) entered blocking state [ 229.521911][ T2716] bridge0: port 2(bridge_slave_1) entered forwarding state [ 229.540988][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 229.570207][ T597] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 229.575470][ T8] lo_write_bvec: 233 callbacks suppressed [ 229.575513][ T8] loop: Write error at byte offset 9223372036854776831, length 1024. [ 229.592020][ C0] blk_print_req_error: 774 callbacks suppressed [ 229.592052][ C0] I/O error, dev loop3, sector 2 op 0x1:(WRITE) flags 0x3800 phys_seg 1 prio class 2 [ 229.607699][ C0] buffer_io_error: 232 callbacks suppressed [ 229.607732][ C0] Buffer I/O error on dev loop3, logical block 1, lost sync page write [ 229.622252][ C0] I/O error, dev loop3, sector 72 op 0x0:(READ) flags 0x3000 phys_seg 1 prio class 2 [ 229.629107][ T597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 229.639942][ T19] usb 1-1: string descriptor 0 read error: -22 [ 229.646736][ C0] I/O error, dev loop3, sector 10 op 0x0:(READ) flags 0x3000 phys_seg 1 prio class 2 [ 229.656376][ C0] I/O error, dev loop3, sector 26 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 229.665856][ C0] I/O error, dev loop3, sector 24 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 229.675330][ C0] I/O error, dev loop3, sector 22 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 229.684926][ C0] I/O error, dev loop3, sector 20 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 229.694506][ C0] I/O error, dev loop3, sector 18 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 229.704093][ C0] I/O error, dev loop3, sector 16 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 229.704263][ T2336] loop: Write error at byte offset 9223372036854776831, length 1024. [ 229.713562][ C0] I/O error, dev loop3, sector 14 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 229.731805][ T19] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 229.741077][ T19] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 229.752837][ C0] Buffer I/O error on dev loop3, logical block 1, lost sync page write [ 229.761086][ T886] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 229.768986][ T2336] loop: Write error at byte offset 9223372036854776831, length 1024. [ 229.770486][ T886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 229.783745][ C0] Buffer I/O error on dev loop3, logical block 1, lost sync page write [ 229.789255][ T4579] device veth0_vlan entered promiscuous mode [ 229.796848][ T19] usb 1-1: 0:2 : does not exist [ 229.805095][ T2336] loop: Write error at byte offset 9223372036854776831, length 1024. [ 229.813301][ C0] Buffer I/O error on dev loop3, logical block 1, lost sync page write [ 229.824314][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 229.839053][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 229.847647][ T8] loop: Write error at byte offset 9223372036854776831, length 1024. [ 229.856110][ C0] Buffer I/O error on dev loop3, logical block 1, lost sync page write [ 229.864828][ T8] loop: Write error at byte offset 9223372036854842367, length 4096. [ 229.872973][ C0] EXT4-fs warning (device loop3): ext4_end_bio:347: I/O error 10 writing to inode 19 starting block 65) [ 229.884022][ C0] Buffer I/O error on device loop3, logical block 65 [ 229.888169][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 229.890477][ C0] Buffer I/O error on device loop3, logical block 66 [ 229.904599][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 229.905831][ T8] loop: Write error at byte offset 9223372036854776831, length 1024. [ 229.920504][ C0] Buffer I/O error on dev loop3, logical block 1, lost sync page write [ 229.927434][ T4579] device veth1_macvtap entered promiscuous mode [ 229.929432][ T8] loop: Write error at byte offset 9223372036854776831, length 1024. [ 229.942657][ C0] Buffer I/O error on dev loop3, logical block 1, lost sync page write [ 229.959292][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 229.961275][ T8] loop: Write error at byte offset 9223372036854776831, length 1024. [ 229.967611][ T41] hid (null): bogus close delimiter [ 229.981511][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 229.983612][ C0] Buffer I/O error on dev loop3, logical block 1, lost sync page write [ 229.993108][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 230.047474][ T886] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 230.056761][ T886] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 230.434009][ T19] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 230.463488][ T41] usb 5-1: string descriptor 0 read error: -71 [ 230.483427][ T41] uclogic 0003:256C:006D.0018: failed retrieving string descriptor #200: -71 [ 230.492136][ T41] uclogic 0003:256C:006D.0018: failed retrieving pen parameters: -71 [ 230.500396][ T41] uclogic 0003:256C:006D.0018: failed probing pen v2 parameters: -71 [ 230.508460][ T41] uclogic 0003:256C:006D.0018: failed probing parameters: -71 [ 230.518025][ T41] uclogic: probe of 0003:256C:006D.0018 failed with error -71 [ 230.528844][ T41] usb 5-1: USB disconnect, device number 15 [ 231.393619][ T2336] device bridge_slave_1 left promiscuous mode [ 231.397868][ T335] usb 1-1: USB disconnect, device number 14 [ 231.399923][ T2336] bridge0: port 2(bridge_slave_1) entered disabled state [ 231.421411][ T2336] device bridge_slave_0 left promiscuous mode [ 231.427669][ T2336] bridge0: port 1(bridge_slave_0) entered disabled state [ 231.437728][ T2336] device veth1_macvtap left promiscuous mode [ 231.444430][ T2336] device veth0_vlan left promiscuous mode [ 231.512974][ T19] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 231.524028][ T19] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 231.533169][ T19] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 231.545076][ T19] usb 3-1: config 0 descriptor?? [ 231.765949][ T4629] loop4: detected capacity change from 0 to 256 [ 232.025463][ T4612] bridge0: port 1(bridge_slave_0) entered blocking state [ 232.034744][ T19] keytouch 0003:0926:3333.0019: fixing up Keytouch IEC report descriptor [ 233.625865][ T19] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.0019/input/input12 [ 233.642697][ T4612] bridge0: port 1(bridge_slave_0) entered disabled state [ 233.653365][ T4612] device bridge_slave_0 entered promiscuous mode [ 233.663211][ T4612] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.670299][ T4612] bridge0: port 2(bridge_slave_1) entered disabled state [ 233.907667][ T4612] device bridge_slave_1 entered promiscuous mode [ 234.594876][ T4648] syz-executor.0[4648] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 234.595037][ T4648] syz-executor.0[4648] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 234.675630][ T19] keytouch 0003:0926:3333.0019: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0 [ 234.706442][ T19] usb 3-1: USB disconnect, device number 10 [ 235.880920][ T4650] usb 2-1: new low-speed USB device number 10 using dummy_hcd [ 236.096043][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 236.105011][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 236.134710][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 236.144282][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 236.161097][ T41] bridge0: port 1(bridge_slave_0) entered blocking state [ 236.168147][ T41] bridge0: port 1(bridge_slave_0) entered forwarding state [ 236.185871][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 236.195158][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 236.211043][ T41] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.218169][ T41] bridge0: port 2(bridge_slave_1) entered forwarding state [ 236.230575][ T757] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 236.246535][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 236.261663][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 236.271109][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 236.279462][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 236.288276][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 236.327164][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 236.360741][ T4650] usb 2-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 236.365255][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 236.378875][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 236.380924][ T4650] usb 2-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 236.388031][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 236.416434][ T4612] device veth0_vlan entered promiscuous mode [ 236.416469][ T4650] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 236.452245][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 236.476769][ T4612] device veth1_macvtap entered promiscuous mode [ 236.497991][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 236.507679][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 236.526935][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 236.536988][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 236.630492][ T757] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 236.645905][ T757] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 236.667219][ T757] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 236.682035][ T757] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 236.698207][ T757] usb 5-1: config 0 descriptor?? [ 236.720639][ T4650] usb 2-1: string descriptor 0 read error: -22 [ 236.727244][ T4650] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 236.739686][ T4650] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 236.792429][ T4650] usb 2-1: 0:2 : does not exist [ 236.962010][ T4682] loop2: detected capacity change from 0 to 512 [ 236.970207][ T4682] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 236.982414][ T4682] EXT4-fs error (device loop2): ext4_orphan_get:1396: inode #15: comm syz-executor.2: iget: bad i_size value: -67835469387268086 [ 237.006527][ T4682] EXT4-fs error (device loop2): ext4_orphan_get:1401: comm syz-executor.2: couldn't read orphan inode 15 (err -117) [ 237.020556][ T4682] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 237.032414][ T4682] ext2 filesystem being mounted at /root/syzkaller-testdir3718986121/syzkaller.yjyFSj/6/file0 supports timestamps until 2038 (0x7fffffff) [ 237.170568][ T757] hid (null): bogus close delimiter [ 237.329935][ T2716] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 237.589947][ T2716] usb 3-1: Using ep0 maxpacket: 16 [ 237.635764][ T28] audit: type=1326 audit(1718549748.911:11604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4697 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f75e7cea9 code=0x7ffc0000 [ 237.669723][ T28] audit: type=1326 audit(1718549748.911:11605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4697 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f75e7cea9 code=0x7ffc0000 [ 237.703685][ T28] audit: type=1326 audit(1718549748.911:11606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4697 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=117 compat=0 ip=0x7f2f75e7cea9 code=0x7ffc0000 [ 237.728171][ T757] usb 5-1: string descriptor 0 read error: -71 [ 237.728190][ T28] audit: type=1326 audit(1718549748.911:11607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4697 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f75e7cea9 code=0x7ffc0000 [ 237.758687][ T28] audit: type=1326 audit(1718549748.911:11608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4697 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f75e7cea9 code=0x7ffc0000 [ 237.784798][ T2716] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 237.794008][ T757] uclogic 0003:256C:006D.001A: failed retrieving string descriptor #200: -71 [ 237.803864][ T28] audit: type=1326 audit(1718549748.911:11609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4697 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=103 compat=0 ip=0x7f2f75e7cea9 code=0x7ffc0000 [ 237.828765][ T757] uclogic 0003:256C:006D.001A: failed retrieving pen parameters: -71 [ 237.836711][ T28] audit: type=1326 audit(1718549748.911:11610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4697 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f75e7cea9 code=0x7ffc0000 [ 237.836801][ T28] audit: type=1326 audit(1718549748.911:11611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4697 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f75e7cea9 code=0x7ffc0000 [ 237.861095][ T757] uclogic 0003:256C:006D.001A: failed probing pen v2 parameters: -71 [ 237.892932][ T757] uclogic 0003:256C:006D.001A: failed probing parameters: -71 [ 237.900367][ T757] uclogic: probe of 0003:256C:006D.001A failed with error -71 [ 237.910516][ T757] usb 5-1: USB disconnect, device number 16 [ 238.053664][ T4650] usb 2-1: USB disconnect, device number 10 [ 238.064634][ T2716] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 238.078790][ T2716] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 238.086914][ T2716] usb 3-1: Product: syz [ 238.091111][ T2716] usb 3-1: Manufacturer: syz [ 238.095764][ T2716] usb 3-1: SerialNumber: syz [ 238.935603][ T2716] usb 3-1: config 0 descriptor?? [ 238.983821][ T28] audit: type=1326 audit(1718549750.261:11612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4723 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda4a27cea9 code=0x7ffc0000 [ 239.010487][ T2716] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 239.022893][ T2716] usb 3-1: Detected FT232R [ 239.028646][ T28] audit: type=1326 audit(1718549750.301:11613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4723 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda4a27cea9 code=0x7ffc0000 [ 240.138323][ T2716] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 240.158789][ T2716] ftdi_sio 3-1:0.0: GPIO initialisation failed: -71 [ 240.286107][ T2716] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 240.305636][ T2716] usb 3-1: USB disconnect, device number 11 [ 240.313351][ T2716] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 240.322878][ T2716] ftdi_sio 3-1:0.0: device disconnected [ 240.441445][ T4753] loop3: detected capacity change from 0 to 512 [ 240.637046][ T4579] EXT4-fs (loop2): unmounting filesystem. [ 240.680063][ T4753] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 240.710949][ T4753] ext4 filesystem being mounted at /root/syzkaller-testdir195666602/syzkaller.1mEm3a/11/bus supports timestamps until 2038 (0x7fffffff) [ 241.723851][ T4612] EXT4-fs (loop3): unmounting filesystem. [ 241.926848][ T4793] loop2: detected capacity change from 0 to 512 [ 241.935566][ T4793] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 241.948735][ T4793] EXT4-fs error (device loop2): ext4_orphan_get:1396: inode #15: comm syz-executor.2: iget: bad i_size value: -67835469387268086 [ 241.964612][ T4793] EXT4-fs error (device loop2): ext4_orphan_get:1401: comm syz-executor.2: couldn't read orphan inode 15 (err -117) [ 242.019365][ T4793] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 242.251809][ T4793] ext2 filesystem being mounted at /root/syzkaller-testdir3718986121/syzkaller.yjyFSj/10/file0 supports timestamps until 2038 (0x7fffffff) [ 242.975595][ T4811] loop3: detected capacity change from 0 to 512 [ 243.023066][ T4811] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 243.037103][ T19] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 243.045539][ T4811] ext4 filesystem being mounted at /root/syzkaller-testdir195666602/syzkaller.1mEm3a/16/bus supports timestamps until 2038 (0x7fffffff) [ 244.060686][ T4612] EXT4-fs (loop3): unmounting filesystem. [ 244.136818][ T19] usb 3-1: Using ep0 maxpacket: 16 [ 244.286548][ T19] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 245.839477][ T4579] EXT4-fs (loop2): unmounting filesystem. [ 246.005669][ T19] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 246.016495][ T19] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 246.024585][ T19] usb 3-1: Product: syz [ 246.033818][ T19] usb 3-1: config 0 descriptor?? [ 246.085714][ T19] usb 3-1: can't set config #0, error -71 [ 246.096901][ T19] usb 3-1: USB disconnect, device number 12 [ 247.356131][ T2716] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 247.427075][ T28] kauditd_printk_skb: 7 callbacks suppressed [ 247.427114][ T28] audit: type=1400 audit(1718549758.706:11621): avc: denied { setopt } for pid=4906 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 247.798274][ T4915] loop3: detected capacity change from 0 to 256 [ 247.811364][ T4915] exfat: Deprecated parameter 'utf8' [ 247.817074][ T4915] exfat: Deprecated parameter 'namecase' [ 247.824165][ T4915] exfat: Deprecated parameter 'namecase' [ 247.830308][ T4915] exfat: Deprecated parameter 'utf8' [ 247.835626][ T4915] exfat: Deprecated parameter 'utf8' [ 247.877332][ T4915] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xdc42f586, utbl_chksum : 0xe619d30d) [ 248.456975][ T2716] usb 2-1: Using ep0 maxpacket: 16 [ 248.594400][ T2716] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 248.687735][ T4884] loop4: detected capacity change from 0 to 40427 [ 248.699437][ T4884] F2FS-fs (loop4): invalid crc value [ 248.742815][ T4884] F2FS-fs (loop4): Found nat_bits in checkpoint [ 248.774453][ T2716] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 248.793681][ T2716] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 248.816649][ T2716] usb 2-1: Product: syz [ 248.820977][ T2716] usb 2-1: Manufacturer: syz [ 248.831946][ T2716] usb 2-1: SerialNumber: syz [ 248.855844][ T2716] usb 2-1: config 0 descriptor?? [ 248.888125][ T4938] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 248.906181][ T2716] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 248.914124][ T4938] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 248.931570][ T2716] usb 2-1: Detected FT232R [ 248.945628][ T4884] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 248.966038][ T4927] f2fs_ckpt-7:4: attempt to access beyond end of device [ 248.966038][ T4927] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 249.324083][ T2716] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 249.344108][ T2716] ftdi_sio 2-1:0.0: GPIO initialisation failed: -71 [ 249.354290][ T2716] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 249.375208][ T2716] usb 2-1: USB disconnect, device number 11 [ 249.388717][ T2716] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 249.405960][ T2716] ftdi_sio 2-1:0.0: device disconnected [ 250.130547][ T4992] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 250.181507][ T4992] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 250.294358][ T5000] loop2: detected capacity change from 0 to 512 [ 250.301808][ T5000] EXT4-fs: Ignoring removed nobh option [ 250.308460][ T5000] EXT4-fs (loop2): couldn't mount as ext2 due to feature incompatibilities [ 250.660959][ T4974] loop4: detected capacity change from 0 to 40427 [ 250.679826][ T4974] F2FS-fs (loop4): invalid crc value [ 251.083026][ T4974] F2FS-fs (loop4): Found nat_bits in checkpoint [ 251.543336][ T28] audit: type=1400 audit(1718549762.808:11622): avc: denied { getopt } for pid=5019 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 251.775147][ T4974] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 251.811227][ T28] audit: type=1400 audit(1718549763.088:11623): avc: denied { append } for pid=5037 comm="syz-executor.2" name="hwrng" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1 [ 251.867540][ T28] audit: type=1400 audit(1718549763.148:11624): avc: denied { shutdown } for pid=5037 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 251.898664][ T5015] f2fs_ckpt-7:4: attempt to access beyond end of device [ 251.898664][ T5015] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 252.207675][ T5057] loop3: detected capacity change from 0 to 128 [ 252.250715][ T5057] syz-executor.3: attempt to access beyond end of device [ 252.250715][ T5057] loop3: rw=2049, sector=145, nr_sectors = 896 limit=128 [ 254.460735][ T5102] overlayfs: failed to create directory ./file0/work (errno: 126); mounting read-only [ 254.521624][ T5102] overlayfs: NFS export requires an index dir, falling back to nfs_export=off. [ 254.554968][ T2336] tipc: Subscription rejected, illegal request [ 255.024670][ T2336] tipc: Subscription rejected, illegal request [ 255.059580][ T5145] overlayfs: failed to create directory ./file0/work (errno: 126); mounting read-only [ 255.100079][ T5145] overlayfs: NFS export requires an index dir, falling back to nfs_export=off. [ 256.494026][ T5178] overlayfs: failed to create directory ./file0/work (errno: 126); mounting read-only [ 256.581798][ T5178] overlayfs: NFS export requires an index dir, falling back to nfs_export=off. [ 257.717966][ T5194] syz-executor.0[5194] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 257.718141][ T5194] syz-executor.0[5194] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 258.526145][ T5216] overlayfs: failed to create directory ./file0/work (errno: 126); mounting read-only [ 258.763816][ T5216] overlayfs: NFS export requires an index dir, falling back to nfs_export=off. [ 258.905559][ T28] audit: type=1326 audit(1718549770.191:11625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5226 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11b507cea9 code=0x50000 [ 258.994405][ T28] audit: type=1326 audit(1718549770.191:11626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5226 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11b507cea9 code=0x50000 [ 259.066128][ T28] audit: type=1326 audit(1718549770.191:11627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5226 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11b507cea9 code=0x50000 [ 259.090383][ T28] audit: type=1326 audit(1718549770.191:11628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5226 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11b507cea9 code=0x50000 [ 259.117933][ T28] audit: type=1326 audit(1718549770.191:11629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5226 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11b507cea9 code=0x50000 [ 259.157309][ T28] audit: type=1326 audit(1718549770.191:11630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5226 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11b507cea9 code=0x50000 [ 259.184853][ T28] audit: type=1326 audit(1718549770.191:11631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5226 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11b507cea9 code=0x50000 [ 259.209949][ T28] audit: type=1326 audit(1718549770.191:11632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5226 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11b507cea9 code=0x50000 [ 259.249083][ T28] audit: type=1326 audit(1718549770.191:11633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5226 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11b507cea9 code=0x50000 [ 259.284133][ T28] audit: type=1326 audit(1718549770.191:11634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5226 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11b507cea9 code=0x50000 [ 259.556667][ T5225] loop4: detected capacity change from 0 to 40427 [ 259.566302][ T5225] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 259.574056][ T5225] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 259.590446][ T5225] F2FS-fs (loop4): invalid crc value [ 259.628114][ T5225] F2FS-fs (loop4): Found nat_bits in checkpoint [ 259.789226][ T5225] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 259.792353][ T5267] overlayfs: failed to create directory ./file0/work (errno: 126); mounting read-only [ 259.800524][ T5225] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 259.844069][ T5267] overlayfs: NFS export requires an index dir, falling back to nfs_export=off. [ 260.460665][ T5274] syz-executor.4: attempt to access beyond end of device [ 260.460665][ T5274] loop4: rw=2049, sector=77824, nr_sectors = 544 limit=40427 [ 261.181540][ T2336] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 261.195757][ T2336] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 262.306886][ T5290] loop3: detected capacity change from 0 to 1024 [ 262.403032][ T5290] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 262.426616][ T5290] EXT4-fs (loop3): barriers disabled [ 262.442985][ T5290] JBD2: no valid journal superblock found [ 262.454605][ T5290] EXT4-fs (loop3): error loading journal [ 262.601313][ T5299] syz-executor.0[5299] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 262.601476][ T5299] syz-executor.0[5299] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 262.604122][ T5290] loop3: detected capacity change from 0 to 512 [ 262.709144][ T5290] EXT4-fs (sda1): re-mounted. Quota mode: writeback. [ 262.773403][ T5301] kvm: vcpu 0: requested 88 ns lapic timer period limited to 200000 ns [ 262.800688][ T5301] kvm: pic: non byte write [ 263.907188][ T28] kauditd_printk_skb: 2871 callbacks suppressed [ 263.907225][ T28] audit: type=1326 audit(1852767503.196:14506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5322 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0f267cea9 code=0x50000 [ 263.952611][ T28] audit: type=1326 audit(1852767503.226:14507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5322 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0f267cea9 code=0x50000 [ 263.977678][ T28] audit: type=1326 audit(1852767503.226:14508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5322 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0f267cea9 code=0x50000 [ 264.004753][ T28] audit: type=1326 audit(1852767503.226:14509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5322 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0f267cea9 code=0x50000 [ 264.030224][ T28] audit: type=1326 audit(1852767503.226:14510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5322 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0f267cea9 code=0x50000 [ 264.055009][ T28] audit: type=1326 audit(1852767503.226:14511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5322 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0f267cea9 code=0x50000 [ 264.088848][ T28] audit: type=1326 audit(1852767503.226:14512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5322 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0f267cea9 code=0x50000 [ 264.114832][ T28] audit: type=1326 audit(1852767503.226:14513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5322 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0f267cea9 code=0x50000 [ 264.139910][ T28] audit: type=1326 audit(1852767503.226:14514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5322 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0f267cea9 code=0x50000 [ 264.166508][ T28] audit: type=1326 audit(1852767503.226:14515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5322 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0f267cea9 code=0x50000 [ 264.676542][ T5336] overlayfs: failed to resolve './file0': -2 [ 265.018493][ T5343] syz-executor.3[5343] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 265.026873][ T5343] syz-executor.3[5343] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 267.585648][ T5394] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.1'. [ 267.611653][ T5396] loop3: detected capacity change from 0 to 256 [ 267.637678][ T5396] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 267.800150][ T5400] syz-executor.2[5400] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 267.800325][ T5400] syz-executor.2[5400] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 268.089563][ T5409] loop4: detected capacity change from 0 to 1024 [ 268.125320][ T5409] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 268.137812][ T5409] EXT4-fs (loop4): barriers disabled [ 268.143131][ T5409] JBD2: no valid journal superblock found [ 268.149838][ T5409] EXT4-fs (loop4): error loading journal [ 268.218199][ T5409] loop4: detected capacity change from 0 to 512 [ 268.226676][ T5409] EXT4-fs (sda1): re-mounted. Quota mode: writeback. [ 269.369088][ T5422] netlink: 'syz-executor.1': attribute type 4 has an invalid length. [ 269.384238][ T5422] netlink: 'syz-executor.1': attribute type 4 has an invalid length. [ 269.600562][ T5428] kvm: vcpu 0: requested 88 ns lapic timer period limited to 200000 ns [ 269.616934][ T5428] kvm: pic: non byte write [ 269.648034][ T5431] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.3'. [ 270.273980][ T5438] syz-executor.4[5438] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 270.274167][ T5438] syz-executor.4[5438] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 270.847054][ T5452] syz-executor.3 (5452): /proc/5451/oom_adj is deprecated, please use /proc/5451/oom_score_adj instead. [ 271.452462][ T28] kauditd_printk_skb: 5438 callbacks suppressed [ 271.452498][ T28] audit: type=1400 audit(1852767510.740:19954): avc: denied { bind } for pid=5461 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 271.503440][ T28] audit: type=1400 audit(1852767510.740:19955): avc: denied { node_bind } for pid=5461 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1 [ 271.732465][ T5452] loop3: detected capacity change from 0 to 40427 [ 271.758668][ T5452] F2FS-fs (loop3): Unrecognized mount option "" or missing value [ 276.986981][ T5520] loop2: detected capacity change from 0 to 256 [ 277.030964][ T5520] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 277.054959][ T28] audit: type=1326 audit(1852767516.353:19956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5517 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11b507cea9 code=0x7ffc0000 [ 277.081448][ T28] audit: type=1326 audit(1852767516.353:19957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5517 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f11b507cea9 code=0x7ffc0000 [ 277.107091][ T28] audit: type=1326 audit(1852767516.353:19958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5517 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11b507cea9 code=0x7ffc0000 [ 277.132265][ T28] audit: type=1326 audit(1852767516.353:19959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5517 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=328 compat=0 ip=0x7f11b507cea9 code=0x7ffc0000 [ 277.156949][ T28] audit: type=1326 audit(1852767516.353:19960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5517 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11b507cea9 code=0x7ffc0000 [ 277.274195][ T5518] loop3: detected capacity change from 0 to 40427 [ 277.304454][ T5518] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 277.312390][ T5518] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 277.322525][ T5518] F2FS-fs (loop3): invalid crc value [ 277.331844][ T5518] F2FS-fs (loop3): Found nat_bits in checkpoint [ 277.428913][ T5518] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 277.436352][ T5518] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 277.981291][ T5531] syz-executor.3: attempt to access beyond end of device [ 277.981291][ T5531] loop3: rw=2049, sector=77824, nr_sectors = 544 limit=40427 [ 278.640996][ T2336] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 278.651954][ T2336] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 278.744956][ T5537] serio: Serial port pts0 [ 278.793539][ T5529] overlayfs: failed to resolve './file0': -2 [ 279.170507][ T5548] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'. [ 280.261681][ T5566] loop4: detected capacity change from 0 to 40427 [ 280.295953][ T5566] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 280.303952][ T5566] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 280.313676][ T5572] serio: Serial port pts0 [ 280.315337][ T5566] F2FS-fs (loop4): invalid crc value [ 280.327569][ T5566] F2FS-fs (loop4): Found nat_bits in checkpoint [ 280.437068][ T5566] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 280.444495][ T5566] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 283.311757][ T5596] netlink: 'syz-executor.2': attribute type 4 has an invalid length. [ 283.328900][ T5596] netlink: 'syz-executor.2': attribute type 4 has an invalid length. [ 283.474746][ T2336] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 283.484806][ T2336] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 283.767792][ T5603] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 284.798812][ T5625] loop4: detected capacity change from 0 to 1024 [ 284.840121][ T5625] EXT4-fs (loop4): Test dummy encryption mode enabled [ 284.854068][ T5625] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 286.828020][ T4417] EXT4-fs (loop4): unmounting filesystem. [ 287.969357][ T5649] netlink: 'syz-executor.4': attribute type 2 has an invalid length. [ 291.304174][ T5681] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 292.321323][ T5687] serio: Serial port pts0 [ 292.517382][ T5692] device ip6_vti0 entered promiscuous mode [ 292.523713][ T5692] device vlan2 entered promiscuous mode [ 292.531082][ T5692] device ip6_vti0 left promiscuous mode [ 293.774564][ T5706] serio: Serial port pts0 [ 295.045660][ T5722] loop2: detected capacity change from 0 to 1024 [ 295.103506][ T5722] EXT4-fs: Ignoring removed nomblk_io_submit option [ 295.325597][ T5722] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 295.764705][ T28] audit: type=1400 audit(1852767535.072:19961): avc: denied { setattr } for pid=5720 comm="syz-executor.2" name="file0" dev="loop2" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 298.383424][ T5738] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 298.669776][ T5722] loop2: detected capacity change from 1024 to 64 [ 299.164011][ T4579] EXT4-fs warning (device loop2): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.2: error -12 reading directory block [ 299.200361][ T4579] EXT4-fs warning (device loop2): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.2: error -12 reading directory block [ 299.234929][ T4579] EXT4-fs warning (device loop2): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.2: error -12 reading directory block [ 299.266110][ T4579] EXT4-fs warning (device loop2): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.2: error -12 reading directory block [ 299.299683][ T4579] EXT4-fs warning (device loop2): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.2: error -12 reading directory block [ 299.353411][ T4579] EXT4-fs warning (device loop2): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.2: error -12 reading directory block [ 299.377721][ T4579] EXT4-fs warning (device loop2): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.2: error -12 reading directory block [ 299.409538][ T4579] EXT4-fs warning (device loop2): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.2: error -12 reading directory block [ 299.429402][ T4579] EXT4-fs warning (device loop2): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.2: error -12 reading directory block [ 299.443714][ T4579] EXT4-fs warning (device loop2): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.2: error -12 reading directory block [ 299.596591][ T4579] EXT4-fs (loop2): unmounting filesystem. [ 300.342218][ T5723] kmmpd-loop2: attempt to access beyond end of device [ 300.342218][ T5723] loop2: rw=14337, sector=128, nr_sectors = 2 limit=64 [ 300.376896][ T5723] Buffer I/O error on dev loop2, logical block 64, lost sync page write [ 300.393069][ T5723] EXT4-fs error (device loop2): kmmpd:186: comm kmmpd-loop2: Error writing to MMP block [ 300.403909][ T5723] kmmpd-loop2: attempt to access beyond end of device [ 300.403909][ T5723] loop2: rw=14337, sector=128, nr_sectors = 2 limit=64 [ 300.418063][ T5723] Buffer I/O error on dev loop2, logical block 64, lost sync page write [ 300.609697][ T10] device bridge_slave_1 left promiscuous mode [ 300.615748][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 300.624248][ T10] device bridge_slave_0 left promiscuous mode [ 300.630625][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 300.640137][ T10] device veth1_macvtap left promiscuous mode [ 300.646277][ T10] device veth0_vlan left promiscuous mode [ 300.994621][ T5768] syz-executor.1 uses obsolete (PF_INET,SOCK_PACKET) [ 301.050999][ T5770] EXT4-fs warning (device sda1): ext4_group_extend:1869: can't shrink FS - resize aborted [ 301.119338][ T5767] bridge0: port 1(bridge_slave_0) entered blocking state [ 301.126348][ T5767] bridge0: port 1(bridge_slave_0) entered disabled state [ 301.134477][ T5767] device bridge_slave_0 entered promiscuous mode [ 301.142463][ T5767] bridge0: port 2(bridge_slave_1) entered blocking state [ 301.149522][ T5767] bridge0: port 2(bridge_slave_1) entered disabled state [ 301.157478][ T5767] device bridge_slave_1 entered promiscuous mode [ 301.299374][ T5767] bridge0: port 2(bridge_slave_1) entered blocking state [ 301.306425][ T5767] bridge0: port 2(bridge_slave_1) entered forwarding state [ 301.313675][ T5767] bridge0: port 1(bridge_slave_0) entered blocking state [ 301.320603][ T5767] bridge0: port 1(bridge_slave_0) entered forwarding state [ 301.375350][ T757] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 301.384505][ T757] bridge0: port 1(bridge_slave_0) entered disabled state [ 301.392278][ T757] bridge0: port 2(bridge_slave_1) entered disabled state [ 301.420653][ T757] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 301.429752][ T757] bridge0: port 1(bridge_slave_0) entered blocking state [ 301.436750][ T757] bridge0: port 1(bridge_slave_0) entered forwarding state [ 301.444570][ T757] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 301.452905][ T757] bridge0: port 2(bridge_slave_1) entered blocking state [ 301.459938][ T757] bridge0: port 2(bridge_slave_1) entered forwarding state [ 301.477905][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 301.486284][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 301.516568][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 301.537575][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 301.547058][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 301.556850][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 301.565159][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 301.574520][ T5767] device veth0_vlan entered promiscuous mode [ 301.593062][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 301.601699][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 301.614783][ T5767] device veth1_macvtap entered promiscuous mode [ 301.631472][ T757] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 301.641775][ T757] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 301.650772][ T757] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 301.668924][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 301.677545][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 303.716495][ T5796] syz-executor.0[5796] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 303.716675][ T5796] syz-executor.0[5796] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 303.988420][ T5804] xt_TCPMSS: Only works on TCP SYN packets [ 305.249812][ T5809] xt_hashlimit: overflow, try lower: 0/0 [ 305.565982][ T335] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 305.805713][ T335] usb 3-1: Using ep0 maxpacket: 8 [ 305.925726][ T335] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 305.936675][ T335] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 305.946466][ T335] usb 3-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00 [ 305.955446][ T335] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 305.964709][ T335] usb 3-1: config 0 descriptor?? [ 307.174089][ T335] hid-picolcd 0003:04D8:F002.001B: unknown main item tag 0x0 [ 307.650148][ T335] hid-picolcd 0003:04D8:F002.001B: No report with id 0xf3 found [ 307.661932][ T5833] syz-executor.1[5833] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 307.662100][ T5833] syz-executor.1[5833] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 307.675361][ T335] hid-picolcd 0003:04D8:F002.001B: No report with id 0xf4 found [ 307.704243][ T5833] syz-executor.1[5833] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 307.704398][ T5833] syz-executor.1[5833] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 307.719322][ T335] usb 3-1: USB disconnect, device number 13 [ 308.197328][ T5838] ICMPv6: NA: fd:f9:a6:84:a5:1b advertised our address fe80::aa on syz_tun! [ 308.358632][ T5842] syz-executor.3[5842] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 308.358815][ T5842] syz-executor.3[5842] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 308.368146][ T5843] loop4: detected capacity change from 0 to 1024 [ 308.421525][ T5843] EXT4-fs: Ignoring removed nomblk_io_submit option [ 308.438605][ T5843] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 308.494475][ T5843] loop4: detected capacity change from 1024 to 64 [ 308.654382][ T4417] EXT4-fs warning (device loop4): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.4: error -12 reading directory block [ 308.668440][ T4417] EXT4-fs warning (device loop4): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.4: error -12 reading directory block [ 308.705647][ T4417] EXT4-fs warning (device loop4): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.4: error -12 reading directory block [ 308.722613][ T4417] EXT4-fs warning (device loop4): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.4: error -12 reading directory block [ 308.736885][ T4417] EXT4-fs warning (device loop4): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.4: error -12 reading directory block [ 308.751051][ T4417] EXT4-fs warning (device loop4): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.4: error -12 reading directory block [ 308.765459][ T4417] EXT4-fs warning (device loop4): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.4: error -12 reading directory block [ 308.779528][ T4417] EXT4-fs warning (device loop4): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.4: error -12 reading directory block [ 308.793576][ T4417] EXT4-fs warning (device loop4): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.4: error -12 reading directory block [ 308.807608][ T4417] EXT4-fs warning (device loop4): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.4: error -12 reading directory block [ 308.880425][ T4417] EXT4-fs (loop4): unmounting filesystem. [ 308.888735][ T5844] kmmpd-loop4: attempt to access beyond end of device [ 308.888735][ T5844] loop4: rw=14337, sector=128, nr_sectors = 2 limit=64 [ 308.903720][ T5844] Buffer I/O error on dev loop4, logical block 64, lost sync page write [ 310.225715][ T37] device bridge_slave_1 left promiscuous mode [ 310.231785][ T37] bridge0: port 2(bridge_slave_1) entered disabled state [ 310.240569][ T37] device bridge_slave_0 left promiscuous mode [ 310.246882][ T37] bridge0: port 1(bridge_slave_0) entered disabled state [ 310.256674][ T37] device veth1_macvtap left promiscuous mode [ 310.262648][ T37] device veth0_vlan left promiscuous mode [ 311.013559][ T5869] syz-executor.2[5869] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 311.013729][ T5869] syz-executor.2[5869] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 311.030468][ T5870] syz-executor.2[5870] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 311.111960][ T5870] syz-executor.2[5870] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 311.202640][ T5875] ICMPv6: NA: fd:f9:a6:84:a5:1b advertised our address fe80::aa on syz_tun! [ 311.412220][ T5873] bridge0: port 1(bridge_slave_0) entered blocking state [ 311.419364][ T5873] bridge0: port 1(bridge_slave_0) entered disabled state [ 311.427658][ T5873] device bridge_slave_0 entered promiscuous mode [ 311.435515][ T5873] bridge0: port 2(bridge_slave_1) entered blocking state [ 311.442423][ T5873] bridge0: port 2(bridge_slave_1) entered disabled state [ 311.451858][ T5873] device bridge_slave_1 entered promiscuous mode [ 311.538390][ T5883] syz-executor.3[5883] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 311.538545][ T5883] syz-executor.3[5883] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 311.690494][ T5873] bridge0: port 2(bridge_slave_1) entered blocking state [ 311.708943][ T5873] bridge0: port 2(bridge_slave_1) entered forwarding state [ 311.716271][ T5873] bridge0: port 1(bridge_slave_0) entered blocking state [ 311.723213][ T5873] bridge0: port 1(bridge_slave_0) entered forwarding state [ 311.794788][ T757] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 311.808664][ T757] bridge0: port 1(bridge_slave_0) entered disabled state [ 311.816414][ T757] bridge0: port 2(bridge_slave_1) entered disabled state [ 311.837685][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 311.849317][ T337] bridge0: port 1(bridge_slave_0) entered blocking state [ 311.856610][ T337] bridge0: port 1(bridge_slave_0) entered forwarding state [ 311.872794][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 311.884011][ T337] bridge0: port 2(bridge_slave_1) entered blocking state [ 311.891122][ T337] bridge0: port 2(bridge_slave_1) entered forwarding state [ 311.917954][ T976] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 311.926556][ T5889] xt_TCPMSS: Only works on TCP SYN packets [ 311.934344][ T976] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 311.970788][ T976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 312.014636][ T976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 312.025376][ T976] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 312.042873][ T976] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 312.053996][ T5873] device veth0_vlan entered promiscuous mode [ 312.080971][ T976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 312.103469][ T5873] device veth1_macvtap entered promiscuous mode [ 312.134278][ T976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 312.160812][ T976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 312.523218][ T5903] loop2: detected capacity change from 0 to 512 [ 312.554965][ T5903] EXT4-fs (loop2): couldn't mount as ext3 due to feature incompatibilities [ 313.862453][ T5922] A link change request failed with some changes committed already. Interface xfrm0 may have been left with an inconsistent configuration, please check. [ 314.443891][ T28] audit: type=1400 audit(1852767553.762:19962): avc: denied { write } for pid=5935 comm="syz-executor.0" name="random" dev="devtmpfs" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1 [ 314.576859][ T5942] loop3: detected capacity change from 0 to 512 [ 314.599567][ T5942] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 314.837935][ T5947] loop4: detected capacity change from 0 to 4096 [ 314.974531][ T5947] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 314.992323][ T28] audit: type=1400 audit(1852767554.312:19963): avc: denied { execute } for pid=5945 comm="syz-executor.4" path="/root/syzkaller-testdir431756089/syzkaller.gsW5Ni/4/file0/bus" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 315.873908][ T5873] EXT4-fs (loop4): unmounting filesystem. [ 316.354663][ T28] audit: type=1400 audit(1852767555.673:19964): avc: denied { listen } for pid=5964 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 322.009802][ T28] audit: type=1400 audit(1852767561.286:19965): avc: denied { nlmsg_write } for pid=6029 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 322.692590][ T6046] ICMPv6: NA: fd:f9:a6:84:a5:1b advertised our address fe80::aa on syz_tun! [ 323.421111][ T6070] loop3: detected capacity change from 0 to 128 [ 325.390408][ T6104] loop4: detected capacity change from 0 to 512 [ 325.622928][ T6115] loop2: detected capacity change from 0 to 256 [ 325.663698][ T6115] FAT-fs (loop2): Directory bread(block 64) failed [ 325.672877][ T6115] FAT-fs (loop2): Directory bread(block 65) failed [ 325.684416][ T6115] FAT-fs (loop2): Directory bread(block 66) failed [ 325.691989][ T6115] FAT-fs (loop2): Directory bread(block 67) failed [ 325.698817][ T6115] FAT-fs (loop2): Directory bread(block 68) failed [ 325.705328][ T6115] FAT-fs (loop2): Directory bread(block 69) failed [ 325.713220][ T6115] FAT-fs (loop2): Directory bread(block 70) failed [ 325.719910][ T6115] FAT-fs (loop2): Directory bread(block 71) failed [ 325.726442][ T6115] FAT-fs (loop2): Directory bread(block 72) failed [ 325.732927][ T6115] FAT-fs (loop2): Directory bread(block 73) failed [ 326.781299][ T6120] ICMPv6: NA: fd:f9:a6:84:a5:1b advertised our address fe80::aa on syz_tun! [ 327.294587][ T6131] loop2: detected capacity change from 0 to 1024 [ 327.325785][ T6131] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22 [ 327.984060][ T6152] ICMPv6: NA: fd:f9:a6:84:a5:1b advertised our address fe80::aa on syz_tun! [ 328.020047][ T6154] loop4: detected capacity change from 0 to 512 [ 328.436753][ T6161] syz-executor.0[6161] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 328.437482][ T6161] syz-executor.0[6161] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 328.557577][ T6162] binder: 6156:6162 ioctl c0306201 20000300 returned -22 [ 331.562803][ T886] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 331.728488][ T6185] loop3: detected capacity change from 0 to 256 [ 331.763947][ T6185] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xbe9e488b, utbl_chksum : 0xe619d30d) [ 331.777836][ T6185] exFAT-fs (loop3): error, invalid access to FAT bad cluster (entry 0x00000005) [ 331.786925][ T6185] exFAT-fs (loop3): Filesystem has been set read-only [ 331.794004][ T6185] exFAT-fs (loop3): failed to initialize root inode [ 331.802692][ T886] usb 1-1: Using ep0 maxpacket: 8 [ 331.922742][ T886] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 331.933047][ T886] usb 1-1: New USB device found, idVendor=0e8d, idProduct=2000, bcdDevice=21.c6 [ 331.942096][ T886] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 331.951446][ T886] usb 1-1: config 0 descriptor?? [ 332.197262][ T886] usb 1-1: USB disconnect, device number 15 [ 332.441520][ T6198] loop4: detected capacity change from 0 to 256 [ 332.488943][ T6198] FAT-fs (loop4): Directory bread(block 64) failed [ 332.495751][ T6198] FAT-fs (loop4): Directory bread(block 65) failed [ 332.502403][ T6198] FAT-fs (loop4): Directory bread(block 66) failed [ 332.508794][ T6198] FAT-fs (loop4): Directory bread(block 67) failed [ 332.515797][ T6198] FAT-fs (loop4): Directory bread(block 68) failed [ 332.522376][ T6198] FAT-fs (loop4): Directory bread(block 69) failed [ 332.528966][ T6198] FAT-fs (loop4): Directory bread(block 70) failed [ 332.535745][ T6198] FAT-fs (loop4): Directory bread(block 71) failed [ 332.542317][ T6198] FAT-fs (loop4): Directory bread(block 72) failed [ 332.548761][ T6198] FAT-fs (loop4): Directory bread(block 73) failed [ 333.082547][ T6204] syz-executor.2[6204] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 333.082714][ T6204] syz-executor.2[6204] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 333.432272][ T6205] binder: 6199:6205 ioctl c0306201 20000300 returned -22 [ 334.237422][ T6214] syz-executor.3[6214] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 334.237576][ T6214] syz-executor.3[6214] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 335.642318][ T6238] loop3: detected capacity change from 0 to 256 [ 335.694608][ T6238] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xbe9e488b, utbl_chksum : 0xe619d30d) [ 335.707937][ T6238] exFAT-fs (loop3): error, invalid access to FAT bad cluster (entry 0x00000005) [ 335.717030][ T6238] exFAT-fs (loop3): Filesystem has been set read-only [ 335.723921][ T6238] exFAT-fs (loop3): failed to initialize root inode [ 337.168811][ T6250] syz-executor.1[6250] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 337.170115][ T6250] syz-executor.1[6250] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 337.358511][ T6250] binder: 6242:6250 ioctl c0306201 20000300 returned -22 [ 338.437363][ T6259] hub 6-0:1.0: USB hub found [ 338.442312][ T6259] hub 6-0:1.0: 1 port detected [ 341.440045][ T6298] syz-executor.1[6298] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 341.441201][ T6298] syz-executor.1[6298] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 341.621703][ T6298] binder: 6290:6298 ioctl c0306201 20000300 returned -22 [ 345.847731][ T6341] syz-executor.2[6341] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 345.848749][ T6341] syz-executor.2[6341] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 346.013305][ T6341] binder: 6330:6341 ioctl c0306201 20000300 returned -22 [ 349.367557][ T28] audit: type=1400 audit(1852767588.699:19966): avc: denied { ioctl } for pid=6373 comm="syz-executor.1" path="socket:[44039]" dev="sockfs" ino=44039 ioctlcmd=0x8922 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 349.873507][ T6388] syz-executor.1[6388] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 349.874596][ T6388] syz-executor.1[6388] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 350.055985][ T6388] binder: 6380:6388 ioctl c0306201 20000300 returned -22 [ 352.224005][ T6434] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 352.572876][ T28] audit: type=1400 audit(1852767591.911:19967): avc: denied { unmount } for pid=5873 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 353.225054][ T6464] netlink: 'syz-executor.2': attribute type 4 has an invalid length. [ 354.044948][ T6469] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 355.819301][ T6494] syz-executor.4[6494] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 355.819475][ T6494] syz-executor.4[6494] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 355.831366][ T28] audit: type=1400 audit(1852767595.152:19968): avc: denied { map } for pid=6492 comm="syz-executor.2" path="/dev/ashmem" dev="devtmpfs" ino=177 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 355.868958][ T6494] syz-executor.4[6494] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 355.869124][ T6494] syz-executor.4[6494] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 356.272004][ T6502] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 356.301287][ T6502] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 356.308387][ T6502] IPv6: NLM_F_CREATE should be set when creating new route [ 356.316593][ T6502] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=6502 comm=syz-executor.0 [ 356.329912][ T28] audit: type=1400 audit(1852767595.663:19969): avc: denied { read } for pid=6500 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 356.333119][ T6502] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 356.739130][ T28] audit: type=1400 audit(1852767596.073:19970): avc: denied { setopt } for pid=6503 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 359.758567][ T6558] SELinux: Context system_u:object_r:systemd_notify_exec_t:s0 is not valid (left unmapped). [ 359.829155][ T28] audit: type=1400 audit(1852767599.164:19971): avc: denied { relabelto } for pid=6550 comm="syz-executor.4" name="file0" dev="sda1" ino=1962 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:systemd_notify_exec_t:s0" [ 360.355459][ T6565] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 360.371790][ T28] audit: type=1400 audit(1852767599.705:19972): avc: denied { rmdir } for pid=5873 comm="syz-executor.4" name="file0" dev="sda1" ino=1962 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:systemd_notify_exec_t:s0" [ 360.506779][ T6569] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=6569 comm=syz-executor.2 [ 360.768586][ T6567] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 360.775697][ T6567] IPv6: NLM_F_CREATE should be set when creating new route [ 360.846778][ T6574] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 361.122317][ T6580] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 361.779182][ T6602] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 361.798821][ T6602] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 361.805963][ T6602] IPv6: NLM_F_CREATE should be set when creating new route [ 361.814220][ T6602] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=6602 comm=syz-executor.1 [ 361.828260][ T6602] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 362.272402][ T6607] loop2: detected capacity change from 0 to 2048 [ 362.448712][ T6607] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 362.629318][ T6607] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 362.646290][ T886] ================================================================== [ 362.654390][ T886] BUG: KASAN: use-after-free in enqueue_timer+0xa6/0x480 [ 362.661347][ T886] Write of size 8 at addr ffff88811ced44c0 by task kworker/1:6/886 [ 362.669062][ T886] [ 362.671235][ T886] CPU: 1 PID: 886 Comm: kworker/1:6 Not tainted 6.1.78-syzkaller-00009-g25216be1ac5e #0 [ 362.680785][ T886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 362.690688][ T886] Workqueue: events flush_stashed_error_work [ 362.696595][ T886] Call Trace: [ 362.699718][ T886] [ 362.702502][ T886] dump_stack_lvl+0x151/0x1b7 [ 362.707020][ T886] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 362.712304][ T886] ? _printk+0xd1/0x111 [ 362.716306][ T886] ? __virt_addr_valid+0x242/0x2f0 [ 362.721256][ T886] print_report+0x158/0x4e0 [ 362.725586][ T886] ? __virt_addr_valid+0x242/0x2f0 [ 362.730534][ T886] ? kasan_complete_mode_report_info+0x90/0x1b0 [ 362.736616][ T886] ? enqueue_timer+0xa6/0x480 [ 362.741123][ T886] kasan_report+0x13c/0x170 [ 362.745482][ T886] ? enqueue_timer+0xa6/0x480 [ 362.749984][ T886] ? __kasan_check_write+0x14/0x20 [ 362.754951][ T886] __asan_report_store8_noabort+0x17/0x20 [ 362.760597][ T886] enqueue_timer+0xa6/0x480 [ 362.765390][ T886] __mod_timer+0x8d3/0xcf0 [ 362.769753][ T886] ? mod_timer_pending+0x30/0x30 [ 362.774516][ T886] ? __kasan_check_write+0x14/0x20 [ 362.779464][ T886] ? _raw_spin_lock+0xa4/0x1b0 [ 362.784168][ T886] ? _raw_spin_trylock_bh+0x190/0x190 [ 362.789470][ T886] ? __percpu_counter_sum+0x1e7/0x200 [ 362.794791][ T886] mod_timer+0x1f/0x30 [ 362.798677][ T886] ext4_update_super+0xa41/0xe50 [ 362.803459][ T886] ext4_commit_super+0xe3/0x4b0 [ 362.808577][ T886] flush_stashed_error_work+0x2ef/0x320 [ 362.813993][ T886] process_one_work+0x73d/0xcb0 [ 362.818775][ T886] worker_thread+0xa60/0x1260 [ 362.823297][ T886] kthread+0x26d/0x300 [ 362.827177][ T886] ? worker_clr_flags+0x1a0/0x1a0 [ 362.832045][ T886] ? kthread_blkcg+0xd0/0xd0 [ 362.836470][ T886] ret_from_fork+0x1f/0x30 [ 362.840734][ T886] [ 362.843590][ T886] [ 362.845759][ T886] Allocated by task 5722: [ 362.849978][ T886] kasan_set_track+0x4b/0x70 [ 362.854493][ T886] kasan_save_alloc_info+0x1f/0x30 [ 362.859529][ T886] __kasan_kmalloc+0x9c/0xb0 [ 362.863964][ T886] kmalloc_trace+0x44/0xa0 [ 362.868245][ T886] ext4_fill_super+0x102/0x8460 [ 362.872898][ T886] get_tree_bdev+0x440/0x680 [ 362.877438][ T886] ext4_get_tree+0x1c/0x20 [ 362.881694][ T886] vfs_get_tree+0x88/0x290 [ 362.885944][ T886] do_new_mount+0x2ba/0xb30 [ 362.890279][ T886] path_mount+0x671/0x1070 [ 362.894532][ T886] __se_sys_mount+0x2c4/0x3b0 [ 362.899144][ T886] __x64_sys_mount+0xbf/0xd0 [ 362.903648][ T886] do_syscall_64+0x3d/0xb0 [ 362.907946][ T886] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 362.913631][ T886] [ 362.915797][ T886] Freed by task 4579: [ 362.919619][ T886] kasan_set_track+0x4b/0x70 [ 362.924048][ T886] kasan_save_free_info+0x2b/0x40 [ 362.928910][ T886] ____kasan_slab_free+0x131/0x180 [ 362.933860][ T886] __kasan_slab_free+0x11/0x20 [ 362.938455][ T886] __kmem_cache_free+0x218/0x3b0 [ 362.943227][ T886] kfree+0x7a/0xf0 [ 362.946793][ T886] ext4_put_super+0x9e5/0xd60 [ 362.951302][ T886] generic_shutdown_super+0x14f/0x370 [ 362.956510][ T886] kill_block_super+0x7e/0xe0 [ 362.961026][ T886] deactivate_locked_super+0xad/0x110 [ 362.966230][ T886] deactivate_super+0xbe/0xf0 [ 362.970753][ T886] cleanup_mnt+0x485/0x510 [ 362.975000][ T886] __cleanup_mnt+0x19/0x20 [ 362.979336][ T886] task_work_run+0x24d/0x2e0 [ 362.983862][ T886] do_exit+0xbd5/0x2b80 [ 362.987846][ T886] do_group_exit+0x21a/0x2d0 [ 362.992291][ T886] __x64_sys_exit_group+0x3f/0x40 [ 362.997128][ T886] do_syscall_64+0x3d/0xb0 [ 363.001391][ T886] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 363.007114][ T886] [ 363.009286][ T886] The buggy address belongs to the object at ffff88811ced4000 [ 363.009286][ T886] which belongs to the cache kmalloc-4k of size 4096 [ 363.023299][ T886] The buggy address is located 1216 bytes inside of [ 363.023299][ T886] 4096-byte region [ffff88811ced4000, ffff88811ced5000) [ 363.036581][ T886] [ 363.038745][ T886] The buggy address belongs to the physical page: [ 363.045020][ T886] page:ffffea000473b400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11ced0 [ 363.055063][ T886] head:ffffea000473b400 order:3 compound_mapcount:0 compound_pincount:0 [ 363.063223][ T886] flags: 0x4000000000010200(slab|head|zone=1) [ 363.069155][ T886] raw: 4000000000010200 ffffea0004716200 dead000000000002 ffff888100043380 [ 363.077579][ T886] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 363.085966][ T886] page dumped because: kasan: bad access detected [ 363.092238][ T886] page_owner tracks the page as allocated [ 363.097766][ T886] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 2950, tgid 2950 (syz-executor.0), ts 152753264498, free_ts 152736917534 [ 363.120799][ T886] post_alloc_hook+0x213/0x220 [ 363.125400][ T886] prep_new_page+0x1b/0x110 [ 363.129736][ T886] get_page_from_freelist+0x27ea/0x2870 [ 363.135120][ T886] __alloc_pages+0x3a1/0x780 [ 363.139540][ T886] alloc_slab_page+0x6c/0xf0 [ 363.143969][ T886] new_slab+0x90/0x3e0 [ 363.147876][ T886] ___slab_alloc+0x6f9/0xb80 [ 363.152320][ T886] __slab_alloc+0x5d/0xa0 [ 363.156472][ T886] __kmem_cache_alloc_node+0x1af/0x250 [ 363.161775][ T886] kmalloc_trace+0x2a/0xa0 [ 363.166021][ T886] kvm_uevent_notify_change+0x22b/0x3c0 [ 363.171415][ T886] kvm_put_kvm+0x99/0x1340 [ 363.175652][ T886] kvm_vm_release+0x46/0x50 [ 363.180005][ T886] __fput+0x3ab/0x870 [ 363.183811][ T886] ____fput+0x15/0x20 [ 363.187635][ T886] task_work_run+0x24d/0x2e0 [ 363.192207][ T886] page last free stack trace: [ 363.196712][ T886] free_unref_page_prepare+0x83d/0x850 [ 363.202010][ T886] free_unref_page+0xb2/0x5c0 [ 363.206527][ T886] free_compound_page+0x9d/0xd0 [ 363.211211][ T886] destroy_large_folio+0x56/0x90 [ 363.215989][ T886] __folio_put+0xcf/0xe0 [ 363.220067][ T886] page_to_skb+0x75d/0xba0 [ 363.224318][ T886] receive_buf+0x4fc/0x4ef0 [ 363.228662][ T886] virtnet_poll+0x6d3/0x1470 [ 363.233092][ T886] __napi_poll+0xbe/0x5c0 [ 363.237253][ T886] net_rx_action+0x595/0xdd0 [ 363.241673][ T886] __do_softirq+0x1d8/0x661 [ 363.246018][ T886] [ 363.248189][ T886] Memory state around the buggy address: [ 363.253665][ T886] ffff88811ced4380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 363.261672][ T886] ffff88811ced4400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 363.269736][ T886] >ffff88811ced4480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb 2028/09/17 01:40:02 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 363.277622][ T886] ^ [ 363.283616][ T886] ffff88811ced4500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 363.291524][ T886] ffff88811ced4580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 363.299406][ T886] ================================================================== [ 363.307296][ T886] Disabling lock debugging due to kernel taint [ 363.779108][ T6626] EXT4-fs (loop2): unmounting filesystem.